Principles of Cybersecurity

CYSN02
Chapter 2: Threats, Vulnerabilities,
and Attacks
‫ محمد عبداللطيف الشرجبي‬.‫د‬
‫م‬2022 – 12 – 25
 Content
Revision

What is Cybersecurity Threats, Vulnerabilities, and Attacks ?

Cybersecurity Vulnerabilities

Cybersecurity Attacks

Cybersecurity Threats

Cybersecurity Main Tools

 Revision of Chapter 1
Cybersecurity Importance

What is Cybersecurity?

Key Security Concepts

Security protecting assets

Things That Cause And Affect Cybersecurity

 Content
Revision

What is Cybersecurity Threats, Vulnerabilities, and Attacks ?

Cybersecurity Vulnerabilities

Cybersecurity Attacks

Cybersecurity Threats

Cybersecurity Main Tools

 Vulnerabilities, Threats, and Controls
• Understanding Vulnerabilities, Threats, and Controls
• Vulnerability = a weakness in a security system
• Threat = circumstances that have a potential to cause harm
• Controls = means and ways to block a threat, which tries to exploit
one or more vulnerabilities
• Most of the class discusses various controls and their effectiveness
[Pfleeger & Pfleeger]

• Example - New Orleans disaster (Hurricane Katrina)

• Q: What were city vulnerabilities, threats, and controls?
• A: Vulnerabilities: location below water level, geographical location in
hurricane area, …
Threats: hurricane, dam damage, terrorist attack, …
Controls: dams and other civil infrastructures, emergency
response
plan, …
• Attack (materialization of a vulnerability/threat combination)
• = exploitation of one or more vulnerabilities by a threat; tries to defeat
controls
• Attack may be:
• Successful (a.k.a. an exploit)
• resulting in a breach of security, a system penetration, etc.
• Unsuccessful
• when controls block a threat trying to exploit a vulnerability
[Pfleeger & Pfleeger]
 Things That Cause And Affect
Cybersecurity
• Vulnerability = a weakness in a security system
• Threat = circumstances that have a potential to cause harm
• Controls = means and ways to block a threat, which tries to
exploit one or more vulnerabilities
• Attack (materialization of a vulnerability/threat
combination) = exploitation of one or more vulnerabilities by
a threat; tries to defeat controls
 Content
Revision

What is Cybersecurity Threats, Vulnerabilities, and Attacks ?

Cybersecurity Vulnerabilities

Cybersecurity Attacks

Cybersecurity Threats

Cybersecurity Main Tools

 Kinds of Threats
▪ Kinds of threats:
▪ Interception
• an unauthorized party (human or not) gains access to an asset
▪ Interruption
• an asset becomes lost, unavailable, or unusable
▪ Modification
• an unauthorized party changes the state of an asset
▪ Fabrication
• an unauthorized party counterfeits an asset
 Levels of Vulnerabilities / Threats

(reversed order to illustrate interdependencies)

▪ D) for other assets (resources)

• including. people using data, s/w, h/w

▪ C) for data
• „on top” of s/w, since used by s/w

▪ B) for software
• „on top” of h/w, since run on h/w

▪ A) for hardware

[Pfleeger & Pfleeger]

A) Hardware Level of Vulnerabilities / Threats
▪ Add / remove a h/w device
• Ex: Snooping, wiretapping
Snoop = to look around a place secretly in order to discover things about it or
the people connected with it. [Cambridge Dictionary of American English]
• Ex: Modification, alteration of a system
• ...

▪ Physical attacks on h/w => need physical security: locks and guards
• Accidental (dropped PC box) or voluntary (bombing a computer
room)
• Theft / destruction
• Damage the machine (spilled coffe, mice, real bugs)
• Steal the machine
• „Machinicide:” Axe / hammer the machine
• ...
 Example of Snooping:
Wardriving / Warwalking, Warchalking,
▪ Wardriving/warwalking -- driving/walking around with
a wireless-enabled notebook looking for unsecured
wireless LANs

▪ Warchalking -- using chalk markings to show the

presence and vulnerabilities of wireless networks
nearby
• E.g., a circled "W” -- indicates a WLAN protected by Wired
Equivalent Privacy (WEP) encryption

[Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]

B) Software Level of Vulnerabilities / Threats

▪ Software Deletion
• Easy to delete needed software by mistake
• To prevent this: use configuration management software

▪ Software Modification
• Trojan Horses, , Viruses, Logic Bombs, Trapdoors, Information
Leaks (via covert channels), ...

▪ Software Theft
• Unauthorized copying
• via P2P, etc.
 C) Data Level of Vulnerabilities / Threats

▪ How valuable is your data?

• Credit card info vs. your home phone number
• Source code
• Visible data vs. context
• „2345” -> Phone extension or a part of SSN?

▪ Adequate protection
• Cryptography
• Good if intractable for a long time

▪ Threat of Identity Theft

D) Vulnerab./Threats at Other Exposure Points
▪ Network vulnerabilities / threats
• Networks multiply vulnerabilties and threats, due to:
• their complexity => easier to make design/implem./usage mistakes
• „bringing close” physically distant attackers
• Esp. wireless (sub)networks

▪ Access vulnerabilities / threats

• Stealing cycles, bandwidth
• Malicious physical access
• Denial of access to legitimate users

▪ People vulnerabilities / threats

• Crucial weak points in security
• too often, the weakest links in a security chain
• Honest insiders subjected to skillful social engineering
• Disgruntled employees
 Content
Revision

What is Cybersecurity Threats, Vulnerabilities, and Attacks ?

Cybersecurity Vulnerabilities

Cybersecurity Attacks

Cybersecurity Threats

Cybersecurity Main Tools

 Type of Attacks Classification 1
▪ Internal Attack :An internal attack occurs when an individual
or a group within an organization seeks to disrupt operations
or exploit organizational assets.
▪ External Attack :An internal attack occurs when an individual
or a group from out side the organization seeks to disrupt
operations or exploit organizational assets.
▪ Structured Attack :Come from hackers who are more highly
motivated and technically competent. These people know
system vulnerabilities and can understand and develop exploit
code and scripts.
▪ Unstructured Attack :Consists of mostly inexperienced
individuals using easily
available hacking tools such as shell scripts and password
crackers.
 Types of Attackers
▪ Types of Attackers - Classification 2
• Amateurs
• Opportunistic attackers (use a password they found)
• Script kiddies
• Hackers - nonmalicious
• In broad use beyond security community: also malicious
• Crackers – malicious
• Career criminals
• State-supported spies and information warriors

▪ Types of Attackers - Classification 3

• Recreational hackers / Institutional hackers
• Organized criminals / Industrial spies / Terrorists
• National intelligence gatherers / Info warriors
 Content
Revision

What is Cybersecurity Threats, Vulnerabilities, and Attacks ?

Cybersecurity Vulnerabilities

Cybersecurity Attacks

Cybersecurity Threats

Cybersecurity Main Tools

 Threats
▪ Denial-of-service : is an attempt to make a
machine or network resource unavailable to
its intended users
Identity Spoofing
 Eavesdropping

▪ Eavesdropping: Network Eavesdropping or network

sniffing is a network layer attack consisting of capturing
packets from the network transmitted by others'
computers and reading the data content in search of
sensitive information like passwords, session tokens, or
any kind of confidential information.
 Physical Infrastructure Attacks

▪ Physical Infrastructure Attacks: These physical

infrastructure attacks can be accomplished simply by
snipping a cable or network devices.
 Additional Threats

Viruses

Warms

Trojan Horses

Spyware
 Types of Malicious Code
Bacterium - A specialized form of virus which does not attach to a specific file. Usage obscure.
Logic bomb - Malicious [program] logic that activates when specified conditions are met.
Usually intended to cause denial of service or otherwise damage system resources.
Trapdoor - A hidden computer flaw known to an intruder, or a hidden computer mechanism
(usually software) installed by an intruder, who can activate the trap door to gain access to the
computer without being blocked by security services or mechanisms.
Trojan horse - A computer program that appears to have a useful function, but also has a
hidden and potentially malicious function that evades security mechanisms, sometimes by
exploiting legitimate authorizations of a system entity that invokes the program.
Virus - A hidden, self-replicating section of computer software, usually malicious logic, that
propagates by infecting (i.e., inserting a copy of itself into and becoming part of) another
program. A virus cannot run by itself; it requires that its host program be run to make the virus
active.
Worm - A computer program that can run independently, can propagate a complete working
version of itself onto other hosts on a network, and may consume computer resources
destructively.
 Content
Revision

What is Cybersecurity Threats, Vulnerabilities, and Attacks ?

Cybersecurity Vulnerabilities

Cybersecurity Attacks

Cybersecurity Threats

Cybersecurity Main Tools

 Network Security Devices
▪ Firewall :is a software or hardware-based network security
system that controls the incoming and outgoing network traffic by
analyzing the data packets and determining whether they should
be allowed through or not, based on a rule set.
• Intrusion Detection System: is a device or software application that
monitors network or system activities for malicious activities or policy
violations and produces reportsIntrusion Detection
to a management station. System

Warning
• Intrusion Prevention System: are network security appliances that monitor network
and/or system activities for malicious activity. The main functions of intrusion
Intrusion Prevention System
prevention systems are to identify malicious activity, log information about this
activity, attempt to block/stop it, and report it

IPS
• Due to the use of VPN; Data Encryption becomes a required.
Data Encryption
• Data Encryption :is the process of encoding messages (or information) in
such a way that hackers cannot read it, but that authorized parties can.

Mohammed => D3#e%M*M@aHo^%m

 Network Zones

▪ To protect and isolate your LAN from unauthorized access if you provide some
Internet services; you need to isolate your Internet services servers with
different zone.
▪ Demilitarized Zone (DMZ) is a physical or logical subnetwork that contains and
exposes an organization's external-facing services to a larger and untrusted
network, usually the Internet.
▪ The purpose of a DMZ is to add an additional layer of security to an
organization's local area network (LAN); an external attacker only has direct
access to equipment in the DMZ, rather than any other part of the network.
 Web
Server
 VLANs
▪ Grouping hosts with a common set of requirements regardless of their physical location
by VLAN can greatly simplify network design in increase the security.
▪ Virtual LAN partitioned the network to create multiple distinct broadcast domains,
which are mutually isolated so that packets can only pass between them via one or
more routers.
▪ A VLAN has the same attributes as a physical local area network (LAN), but it allows for
end stations to be grouped together more easily even if they are not on the same
network switch.
 Summary
What is Cybersecurity Threats, Vulnerabilities, and Attacks ?

Cybersecurity Vulnerabilities

Cybersecurity Attacks

Cybersecurity Threats

Cybersecurity Main Tools