Recognise the

need for cyber

security in an
Organisation

VU23217
Session-03 VU23217 1
Session Content

Equipment used to
Internet of Things vulnerabilities for Trends & emerging Hashing & protect
(IoT) devices IoT devices IOT threats encryption organisations from
cyber attack

Intrusion Unified Threat

Intrusion Detection Cloud based
Firewall Protection System Management
System (IDS) solutions
(IPS) (UTM)

Security Incident
Security
and Event
Software solutions Operations Centre
Management
(SOC)
(SIEM)

VU23217 2
IOT- Internet
Of Things

VU23217 3
IOT Devices
– Smart Lock

VU23217 4
Smart Lights

VU23217 5
Industrial
Robots

VU23217 6
 Smart
Electrical
meter

VU23217 7
Smart
Medical
watch

VU23217 8
 Weak, guessable, or hardcoded passwords

• Use of easily brute-forced, publicly available, or unchangeable credentials, including

backdoors in firmware or client software that grants unauthorized access to deployed
systems.

Insecure network services

• Unneeded or insecure network services running on the device itself, especially those
exposed to the internet, that compromise the confidentiality, integrity/authenticity, or

IoT availability of information or allow unauthorized remote control.

Lack of secure update mechanisms

vulnerabilities • Lack of ability to securely update the device. This includes lack of firmware validation
on device, lack of secure delivery (un-encrypted in transit), lack of anti-rollback
mechanisms, and lack of notifications of security changes due to updates.

Insecure data transfer and storage

• Lack of encryption or access control of sensitive data anywhere within the ecosystem,
including at rest, in transit, or during processing.

Lack of physical hardening

• Lack of physical hardening measures, allowing potential attackers to gain sensitive

information that can help in a future remote attack or take local control of the device.

VU23217 9
 Emerging IOT Threats

IoT botnets • Botnet orchestrators find IoT devices an attractive target because of weak security configurations and the quantity
of devices that can be consigned to a botnet used to target organizations.

• IoT device connections often rely on DNS, a 1980s decentralized naming system, which might not handle the scale of
DNS threats IoT deployments that can grow to thousands of devices. Hackers can use DNS vulnerabilities in DDoS attacks and
DNS tunneling to get data or introduce malware.

IoT ransomware • With network access through an IoT device, attackers can exfiltrate data to the cloud and threaten to keep, delete or
make the data public unless paid a ransom.

IoT physical security • Hackers can steal devices, open them up and access the inner circuits and ports to break into the network. IT
administrators must only deploy authenticated devices and only allow authorized and authenticated device access.

• Without visibility into shadow IoT devices, IT admins can't ensure the hardware and software have basic security

Shadow IoT functionalities or monitor the devices for malicious traffic. When hackers access these devices, they can use
privilege escalation to access sensitive information on the corporate network or co-opt the devices for a botnet or
DDoS attack.
VU23217 10
Hashing

VU23217 11
Hashing Process

One way Process

VU23217 12
MD5 Hashing Algorithm

VU23217 13
SHA (Secure Hash Algorithm)

VU23217 14
Encryption

VU23217 15
Types of
Encryption

VU23217 16
Encryption Algorithms -
AES (Advanced
Encryption Standard)
• AES (Advanced Encryption
Standard) AES is a symmetric
encryption algorithm, meaning
that the same key is used for
encryption and decryption.
Various AES bit lengths are
possible including AES-128, AES-
192 and AES256. More bits
equates to a longer and more
difficult to crack key. An issue
with symmetric algorithms is
that their needs to be a secure
method of sharing the key.

VU23217 17
RSA (Rivest, Shamir &
Adelman) Algorithm
• RSA (Rivest, Shamir & Adelman)
RSA is an asymmetric
encryption algorithm, meaning
that different keys are used for
encryption and decryption. RSA
keys are 1024 or 2048 bits. Due
to technology advancement, it is
estimated that by the year 2030,
RSA key lengths of 3072 bits will
be required for security.

VU23217 18
Hashing Vs
Encryption

VU23217 19
 • A firewall is a network security device that monitors
Firewall incoming and outgoing network traffic and decides
whether to allow or block specific traffic based on a
defined set of security rules.
• A firewall is essentially the barrier that sits between a
private internal network and the public Internet. A
firewall’s main purpose is to allow non-threatening traffic
in and to keep dangerous traffic out.
• A firewall can be hardware, software, or both.

VU23217 20
Firewalls

VU23217 21
Firewall

VU23217 22
 Packet Filters

Basic Types of Firewalls

• Packet Filter Firewall controls the network access by analyzing the outgoing and incoming
packets. It lets a packet pass or block its way by comparing it with pre-established criteria
like allowed IP addresses, packet type, port number, etc.
• Packet filtering technique is suitable for small networks but gets complex when
implemented to larger networks.
• It is to be noted that these types of firewalls cannot prevent all types of attacks. They can
neither tackle the attacks that use application layers vulnerabilities nor can fight against
spoofing attacks.

Stateful Inspection
• Stateful Packet Inspection (SPI), which is also sometimes called dynamic packet filtering, is
a powerful firewall architecture which examines traffic streams from end to end.
• These smart and fast firewalls use an intelligent way to ward off the unauthorized traffic by
analyzing the packet headers and inspecting the state of the packets along with providing
proxy services. These firewalls works at the network layer in the OSI model and are more
secured than the basic packet filtering firewalls.

Proxy Server Firewalls

• Also called the application level gateways, Proxy Server Firewalls are the most secured type
of firewalls that effectively protect the network resources by filtering messages at the
application layer.
• Proxy firewalls mask your IP address and limit traffic types. They provide a complete and
protocol-aware security analysis for the protocols they support. Proxy Servers offers the
best Internet experience and results in the network performance improvements.
VU23217 23
 Defined as a “deep-packet inspection
Next Generation firewall that moves beyond port/protocol
inspection and blocking to add application-
Firewalls level inspection, intrusion prevention, and
bringing intelligence from outside the
firewall.

VU23217 24
Intrusion Detection
Systems - IDS
• Intrusion Detection Systems (IDSs) were
implemented to passively monitor the traffic on a
network.

• An IDS-enabled device copies the traffic stream and

analyzes the copied traffic rather than the actual
forwarded packets.

• It compares the captured traffic stream with known

malicious signatures, similar to software that checks for
viruses.

• IDS works passively

• IDS device is physically positioned in the network

so that traffic must be mirrored in order to reach
it.

• Network traffic does not pass through the IDS

unless it is mirrored
• This offline IDS implementation is referred to as
promiscuous mode. VU23217 25
Intrusion Prevention
Systems -IPS
• An IPS device is implemented in inline mode.
This means that all ingress and egress traffic
must flow through it for processing.

• An IPS does not allow packets to enter the

trusted side of the network without first being
analyzed.

• It can detect and immediately address a

network problem.

• An IPS monitors Layer 3 and Layer 4 traffic.

• It analyzes the contents and the payload of
the packets for more sophisticated embedded
attacks that might include malicious data at
Layers 2 to 7.

• The advantage of operating in inline mode is

that the IPS can stop single-packet attacks from
reaching the target system VU23217 26
 • Unified threat management (UTM)
refers to when multiple security features or services are
combined into a single device within your network.

• Using UTM, your network’s users are protected with

several different features, including antivirus, content
Unified filtering, email and web filtering, anti-spam, and more.

Threat • UTM enables an organization to consolidate their IT

security services into one device, potentially
Management simplifying the protection of the network.

• As a result, your business can monitor all threats and

security-related activity through a single pane of glass.
In this way, you attain complete, simplified visibility into
all elements of your security or wireless architecture.

VU23217 27
Unified Threat Management

VU23217 28
UTM- Unified Threat Management

VU23217 29
 Antivirus A UTM comes with antivirus software that can monitor your network, then detect and
stop viruses from damaging your system or its connected devices. This is done by leveraging
the information in signature databases, which are storehouses containing the profiles of
viruses, to check if any are active within your system or are trying to gain access.

Features of Anti-
malware
Unified threat management protects your network against malware by detecting it and then
responding. A UTM can be preconfigured to detect known malware, filtering it out of your data
streams and blocking it from penetrating your system. UTM can also be configured to detect
novel malware threats using heuristic analysis, which involves rules that analyze the behavior
and characteristics of files. For example, if a program is designed to prevent the proper

a Unified
function of a computer’s camera, a heuristic approach can flag that program as malware .

Firewall A firewall has the ability to scan incoming and outgoing traffic for viruses, malware, phishing

Threat
attacks, spam, attempts to intrude on the network, and other cybersecurity threats. Because
UTM firewalls examine both the data coming in and out of your network, they can also prevent
devices within your network from being used to spread malware to other networks that
connect to it.

Manager Intrusion
Prevention
A UTM s ys tem can provide a n organization with i ntrusion prevention capability, which detects then prevents
a tta cks. This functionality is often referred to as an intrusion detection s ystem (IDS) or i ntrusion prevention
s ys tem (IPS). To i dentify threats, an IPS analyzes packets of data, l ooking for patterns known to exist i n threats.
When one of these patterns is recognized, the IPS stops the a ttack.

In s ome cases, an IDS will merely detect the dangerous data packet, a nd a n IT team can then choose how they
wa nt to a ddress the threat. The s teps taken to stop the attack can be automated or performed manually. The
UTM wi ll a lso log the malicious event. These logs can then be analyzed and used to prevent other a ttacks in the
future.

A UTM’s web filtering feature ca n prevent users from seeing specific websites or Uniform Resource Locators
Web (URLs ). This is done by s topping users’ browsers from loading the pages from those sites onto their device. You
ca n configure web filters to ta rget certain sites a ccording to what your organization a ims to accomplish.
Filtering
For exa mple, i f you want to prevent employees from being distracted by certain s ocial media sites, you ca n stop
thos e sites from loading on their devi ces while they a re connected to your network.
VU23217 30
Cloud Security Challenges
• Increased Attack Surface
• The public cloud environment has become a large and highly attractive attack surface
for hackers who exploit poorly secured cloud ingress ports in order to access and
disrupt workloads and data in the cloud.
• Lack of Visibility and Tracking
• In the IaaS model, the cloud providers have full control over the infrastructure layer
and do not expose it to their customers. The lack of visibility and control is further
extended in the PaaS and SaaS cloud models.
• Ever-Changing Workloads
• Cloud assets are provisioned and decommissioned dynamically—at scale and at
velocity. Traditional security tools are simply incapable of enforcing protection
policies in such a flexible and dynamic environment with its ever-changing and
ephemeral workloads.

VU23217 31
 Cloud Security Challenges…Contd..
DevOps, DevSecOps • Organizations that have embraced the highly automated DevOps CI/CD culture must ensure that appropriate
security controls are identified and embedded in code and templates early in the development cycle.
and Automation

Granular Privilege and • Often cloud user roles are configured very loosely, granting extensive privileges beyond what is intended or
required. At the application level, improperly configured keys and privileges expose sessions to security risks.
Key Management

Complex • Managing security in a consistent way in the hybrid and multicloud environments favored by enterprises these days
requires methods and tools that work seamlessly across public cloud providers, private cloud providers, and on-

Environments premise deployments

Cloud Compliance and • All the leading cloud providers have aligned themselves with most of the well-known accreditation programs such as
PCI 3.2, NIST 800-53, HIPAA and GDPR. However, customers are responsible for ensuring that their workload and
data processes are compliant. Given the poor visibility as well as the dynamics of the cloud environment, the

Governance compliance audit process becomes close to mission impossible unless tools are used to achieve continuous
compliance checks and issue real-time alerts about misconfigurations.

VU23217 32
VU23217 33
 A security operations center (SOC) acts as the hub for an
organization’s security operations. Also called an
information security operations center (ISOC), a SOC is a
centralized location where information security
Security professionals use technologies to build and maintain the
security architecture that monitors, detects, analyzes
and responds to cybersecurity incidents, typically
Operations around the clock.

Centre A SOC must not only identify threats, but analyze them,
investigate the source, report on any vulnerabilities
(SOC) discovered and plan how to prevent similar occurrences
in the future. In other words, they’re dealing with
security problems in real time, while continually seeking
ways to improve the organization’s security posture.

VU23217 34
VU23217

Security Operations
Centre (SOC)

35
Security Incident and
Event Management (SIEM)

SIEM is a security solution that helps organizations

recognize potential security threats and vulnerabilities
before they have a chance to disrupt business
operations. It surfaces user behavior anomalies and
uses artificial intelligence to automate many of the
manual processes associated with threat detection
and incident response and has become a staple in
modern-day security operation centers (SOCs) for
security and compliance management use cases.

SIEM offers advanced user and entity behavior

analytics (UEBA) thanks to the power of AI and
machine learning.
VU23217 37
VU23217 38