Introduction to Cyber-Security

Introduction to

Cyber-Security

Think less about the

possibility of cyber-attack;

worry about when,

  and your own lack of preparation

Akinjide A. Akinola

&

Adeniyi A. Afonja

© 2022 SineliBooks

Publishing Division of Chudace.org

Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or any information storage or retrieval system, without written permission from the publishers ([email protected])

Published  in the United States of America

Preface

Digital information and data processing, storage and transmission are already at the core of most modern enterprises and most individuals have significant digital footprints. Computer-based information networks  operating in cyber-space (interconnected on the Internet) are at the core of modern businesses many of which operate across countries and continents. Government and human development enterprises (health, education, etc.) depend critically on  Internet-based operations. The traditional  systems of in-house applications and data storage are rapidly being replaced by shared or independent Cloud services. However, these highly beneficial developments in information technology also come with a variety of cyber-threats.  The risks may originate from personal cyber-habits, employees, clients and contractors, or external cyber-criminals; they may result from deliberate acts or human errors. Irrespective of the source or cause, the consequences can be devastating, ranging  valuable or sensitive data loss, or disruption of operations of sensitive infrastructure. Cyber-crime is  increasingly weaponized  to extract ransom payment or cripple sensitive infrastructure of enemy nation states. Cyber-security has emerged as a major technology discipline and, with the exponential rate of personal and corporate migration to cyber-space, incidents of cyber-crime are projected to grow at a similar rate. This introductory book presents a comprehensive overview of the digital cyber-space, evaluation of the extent of cyber-threats, the critical information technology practices and infrastructure that facilitate cyber-attacks, the main criminal actors and their strategies, and current status and trends in cyber-defense strategies for protecting the digital world. 

About the Authors

This introductory text is published by two professional engineers with extensive experience in engineering education and industrial operations. Dr. Akinjide A, Akinola is a Chemical Engineer and Professor Of Cyber-Security at the University of Maryland Global Campus, Adelphi, MD, U.S.A. Dr. Adeniyi A. Afonja is Emeritus Professor of Materials Science and Engineering and has published extensively on Materials, Energy and Environmental Engineering. His current interest is in cyber-security in complex engineering operations.

Acronyms

API            Application Programming Interface

APTs            Advanced Persistent Threats

ARPANET       Advanced Research Projects Agency Network

BEC            Business Email Compromise

BHO            Browser Helper Object

CANN            Corporation for Assigned Names and Numbers

CD            Compact Disc

CIA            Confidentiality, Integrity and Availability

CNES            Centre national d'études spatiales

CPU            Central Processing Unit

DDOS            Distributed Denial-of-Service

DOS            Denial Of Service

DVD            Digital Video Disc

EAC            Email Account Compromise

e-Business      Electronic Business

e-Health      Electronic Healthcare

GEOs            Geostationary Satellites

HTML            HyperText Markup Language

HTTP            HyperText Transfer Protocol

I&C            Instrumentation and Control

IANA            Internet Assigned Numbers Authority

ICANN            International Corporation for Assigned Names

                          and Numbers

ICT            Information and Communications Technology

IDS            Intrusion Detection Systems

IETF            Internet Engineering Task Force

IMs            Instant Messages

INFOCEC      Information Security

IPAS            Internet Protocol Address Space

Chapter 1

Information System

1.1.    INTRODUCTION

The term ‘information’ has many connotations and its meaning in the context of Cyber-Security needs to be clarified. Information may be defined as a statement of facts provided or learned about something or someone, communicated or recorded in some form that makes it available for use as a body of knowledge. However, information is not always a statement of facts: a lot of disinformation can be misconstrued as ‘facts’, especially in verbal communication and on social media. The administration, management, storage and transmission of information in the context of the above definition has emerged as the humble beginning of the modern discipline of Information and Communications Technology (ICT) and information protection is a critical component. ICT encompasses both analogue and digital information technologies but digital information systems involving computers, network systems, the Internet, World-Wide-Web, and wireless telecommunication systems present  the major information security challenges.

1.2.      INFORMATION, DATA AND

            KNOWLEDGE

The terms: ‘Data’ and ‘Information’ are often used interchangeably, but there are fundamental differences, especially in terms of management strategies. Also, there are three basic components of information management which require different strategies: data, information and knowledge (Figure 1.1).

1.2.1.          What is Data?

Data is the set of qualitative or quantitative variables used as a basis for calculation or reasoning, reference or analysis. Data may be in analogue or digital  form. They may comprise characters, figures, and symbols stored in human memory, on paper in cabinets or converted into electronic signals stored on CDs, DVDs, or computer hard disks. Data stored on paper is accessed and transmitted physically but can be converted into electronic signals for storage on magnetic or optical media (CD, DVD, computer hard disc, magnetic tape), or held in electronic systems. A lot of data is managed, accessed and transmitted physically but the trend is towards conversion into the digital or electronic form which can be more easily stored, accessed and transmitted over the telephone or the Internet. For example, paper information that fills several cabinets can be scanned and stored on just one compact disc (CD), in Cloud storage systems that can be accessed from anywhere in the world, or transmitted over the Internet to a recipient in the farthest corner of the world.

1.2.2.          What is Information?

A data set comprises statements represented by characters such as alphabets, digits, special characters, figures, illustrations, concepts, or instructions, but when organized, processed, interpreted, structured or presented in a logical manner that makes it meaningful, useful, and suitable for communication, it is called information. For example, January 1, 2021 is simply a set of data that refers to a day in a year, but becomes information when associated with an event that makes it relevant, like a public holiday. Data on blood sugar levels becomes useful information for medical diagnosis; data on air humidity becomes vital information for the weather forecast, etc.

1.2.3.          What is Knowledge?

Knowledge is the ability to manage, manipulate and interpret data and information irrespective of its form or existence in a contextual and meaningful manner, leading to ideas, concepts, events, processes, thoughts, facts, patterns, actions, etc. Proper application of knowledge requires wisdom and judgement much of which is unique and personal.

1.3.      BASIC INFORMATION

ARCHITECTURE

Information is collected, documented or stored in many different forms: oral, written, pictorial, video, digital, all of which present different security challenges. Developments in information technology in the past two decades have propelled digital information as standard because of the ease with which it can be created, manipulated, stored and transmitted. Furthermore, almost any other information format can be digitalized.

1.3.1.        Oral Information

Oral information forms the basis of oral world