Advanced Cybersecurity Technologies
eBook - ePub

Advanced Cybersecurity Technologies

  1. 204 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Advanced Cybersecurity Technologies

About this book

Cybersecurity is an extremely important area which is rapidly evolving, necessarily, to meet current and future threats. Anyone who studies within this domain requires a particular skillset and way of thinking, balancing technical knowledge and human insight. It is vital to recognize both sides of this complex area and integrate the two. This book looks at the technical fields progressively, building up in layers before expanding into more advanced topics. Each area is looked at succinctly, describing the main elements and problems in each area and reinforcing these concepts with practical coding examples, questions and ideas for further research. The book builds on an overview of basic architecture of systems and networks, setting a context for how information is vulnerable.

Cryptography is explained in detail with examples, showing the steady progress in this area over time through to the possibilities of quantum encryption. Steganography is also explained, showing how this can be used in a modern-day context through multimedia and even Virtual Reality. A large section of the book is given to the technical side of hacking, how such attacks occur, how they can be avoided and what to do after there has been an intrusion of some description. Cyber countermeasures are explored, along with automated systems of defense, whether created by the programmer or through firewalls and suchlike.

The human aspect of cyber security is detailed along with the psychology and motivations for launching attacks. Social engineering is focused on and with the various techniques looked at – revealing how an informed individual, organization or workplace can protect themselves against incursions and breaches. Finally, there is a look the latest developments in the field, and how systems, such as the IoT are being protected. The book is intended for advanced undergraduate and postgraduate courses on cybersecurity but is also useful for those studying IT or Computer Science more generally.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Advanced Cybersecurity Technologies by Ralph Moseley in PDF and/or ePUB format, as well as other popular books in Computer Science & Cryptography. We have over one million books available in our catalogue for you to explore.

Information

Publisher
CRC Press
Year
2021
Print ISBN
9780367562274
eBook ISBN
9781000514605
Topic
Computer Science
Subtopic
Cryptography
Index
Computer Science

Chapter 1 Introduction

DOI: 10.1201/9781003096894-1
As network systems have become ever more complex, with increased speeds and capacities for storage expanded, the need for security to guard against intrusion or even accidental disclosure of private or sensitive information has increased. This growth in complexity of systems has been coupled with ever-more sophisticated attacks on systems. Threats have increased at various levels whether personal, commercial or military.
Systems are under threat from individuals, special interest groups or even nation-states, with armies of hackers. At each of these levels there is a substantial capability which arises from weaknesses in networks or computer operating systems and the ability to develop tools which attempt automated entry or denial of use.
This automation of attacks has seen the rise of script development that attempts known hacks, hijacks and probing for bugs in networked systems; the scripts themselves are easily available in the darker corners of the Internet. These require only the rudiments of knowledge to run if the attacker is motivated enough. At another level, there is the capability to build bots which have this knowledge and can roam freely, perhaps assessing systems, reporting back and even replicating themselves to wreak untold havoc on systems.
Technical capability and the automation of threats can also be leveraged with social engineering techniques, or intelligence work, to target individuals or groups. Background research, revealing a target’s interests and basic personal details, can often create an opening for more social contact, which brings about the ability for a much deeper attack, perhaps to steal financial information or to apply extortion.
Artificial Intelligence (AI), which has many positive uses, also has the capability to both defend systems against attack and to be the perpetrator itself. It may be that AI systems will be matched against each other.
Each of these instigators of attack can find many ways into systems through weaknesses in operating systems, firmware in devices, web browsers and emails.
This book will look at how information can be made secure, by exploring methods of attack (and by revealing this, how they can be thwarted) as well as emerging technologies in the field. While technology is obviously key, a large component and often the weakest link in the chain is often the human component, so this too will be at the forefront of this investigation.
Chapter 2 discusses the basics of network and web technology to set the context for the work that follows. This provides an outline of the topography, architecture and basic protocols used.
Chapter 3 discusses the basis of information security with a thorough exploration of cryptography and its allied subjects, such as steganography and digital watermarking. To provide ultimate security of information and to ensure it is seen by only those for who it is intended, cryptography is outlined from the more classical beginnings, through to the advanced techniques that are utilized today. Emerging technologies in this area are also detailed. This chapter gives examples and code and explores which cryptography techniques are suitable for programming projects. Often, programmers simply choose from libraries an encryption module without knowing its level of security or its suitability for the task in hand. For example, there can be a lot of difference between encryption for a stream of live data to one which hides a file. Therefore, a guide is provided for some special cases of encryption and hiding of messages such as steganography, as well as an exploration of future possibilities and mechanisms for development of systems.
Chapter 4 discusses the basics and background of hacking, outlining a brief general history, before moving into a detailed review of particular cases, then on to current practices, common weaknesses and types of attack. Here a wide review of hacking is given – from networks, Internet-connected devices, embedded systems, through to PCs, laptops and mobile phones.
The chapter discusses in detail the actual mechanisms used for an attack, referring to some of the systems mentioned in the overview chapter. Code is outlined to show how simple automated attacks occur and how more intelligent bots can be built, which replicate or recover from faults as they traverse the net, providing ever-more robust means to attack.
Chapter 5 the discusses in detail the tools used, along with penetration testing.
As detailed previously, one of the most important aspects of the challenge of security is social engineering – the vulnerability of a technological system via the human user. In Chapter 6, this is examined in detail, focusing on the psychology and ability of users to be manipulated into providing the necessary details for a more technical attack. It is shown here that prior to any engagement with the user, or their system, the primary work is one of intelligence research into the target by gaining insight through their social media, and interactions through the web or more covert means.
After detailed information about the attack on targets, the book moves on to Chapter 7, discussing countermeasures, that is, what can be done to protect. Of course, knowing the techniques used gives a user knowledge to defend but there are useful tools that can be deployed, which enable some degree of protection. As well as tools, a user can be trained to avoid particular behavior or to avoid systems which are in some sense compromised. Coding techniques are shown for common problems, whether it be spambots or more contrived attacks on servers.
It is often the case that a programmer or system developer is telephoned at some late hour to be told that their system is currently under attack – how to respond? Chapter 8 provides ways of dealing with such an event and maps out the protocols that should be followed, whether dealing with an ongoing assault or finding the result of one through to looking for possible evidence of covert surveillance or system manipulation from outside.
Once an attack has occurred and the scene or evidence secured, what should be checked? What is useful and again, what routines need to be followed to preserve and make use of logs and states of systems. Chapter 9 focuses on these issues.
Following this are a couple of special topics chapters based on cyber countersurveillance and cyber-physical IoT security. These chapters look at the cutting edge and bleeding edge of the developments which build on the previous practical work in the book.
Chapter 10 examines ways of decreasing an individual’s digital presence or utilizing techniques which can circumvent intrusion, or capturing of unnecessary data by unwanted organizations, businesses and suchlike.
Chapter 11 looks closely at embedded systems and the latest developments and capabilities for deploying hardware securely, particularly with reference to cloud and networked devices.
This book is written with a university course in cybersecurity in mind, though any trainee or interested individual will gain from it. The book is written in a progressive manner, building up knowledge of an area and providing an opportunity for practical exploration. This comes in the form of code or experimenting with the tools mentioned. Online resources are available, including code from the book, utilities and examples at https://simulacra.uk/act.zip

Chapter 2 Web and network basics

DOI: 10.1201/9781003096894-2
The Internet and networks in computing have undoubtedly been around a lot longer than we think; as soon as information is created and held in an electronic system, it will have been the desire of those around to store it at multiple points. This distribution of the information is great for those whose access is desired but not so much a good idea in terms of security, if there are those who can, perhaps, casually access it. This demonstrates the need for appropriate security mechanisms.
Electronic systems have particular physical attributes, architectures, topologies and protocols which can be under attack from an adversary or snooper. It is, therefore, important to have some idea of those qualities which exist in these systems first, before dwelling on particular techniques that hackers use or system developers utilize as defense.
An electronic system that stores information does so by holding that information in devices saving state in a memory medium, which in the past has been magnetic, as in a tape, drums, disks and suchlike, as well as optical or solid state. These information stores are connected by networks and processed by CPUs.
It should also be mentioned that as well as this storage and processing, there are methods of input, such as keyboard, mouse and voice, as well as output, which could be a screen or print out, for example.
Security weaknesses in the past have been found at each of these mentioned points.

Networks

Networks provide the main transit for information, and because of this, they are subject to scrutiny and attack. The basic model of network communication can be visualized as in Figure 2.1.
Figure 2.1 Network topology.
The usual way to conceptualize a network in computing and electronics engineering is through the Open Systems Interconnection (OSI) model (see Figure 2.2) [1].
Figure 2.2 OSI model.
This is characterized by several layers of abstraction.

Application layer

The function of this layer is high-level APIs, remote file sharing and resource sharing in general.

Presentation layer

This layer is concerned with the translation of data between a networking service and an application. This could be data compression, character encoding and encryption or decryption.

Session layer

The functionality of the session layer is concerned with managing communication sessions, such as the continuous exchange of information in the form of back-and-forth transmission between nodes.

Transport layer

This layer deals with the reliable transmission of data segments between points on a network, including segmentation, acknowledgement and multiplexing.

Network layer

The network layer functionality includes the structuring and managing of multi-node networks, including addressing, routing and traffic control.

Data link layer

Here the reliable transmission of data frames between two nodes connected by a physical layer is the main concern.

Physical layer

Finally, the physical layer is focused on the transmission and reception of raw bit streams over a physical medium.
Another model which is useful to compare with the above OSI here is the TCP/IP model.

How the OSI model works

The layers work together to form a mechanism of communication between systems at various levels of abstraction. How this works in practice can be understood by an example of its use and envisaging the movement of packets within a network. An email client, such as MS Outlook, has data which resides at Layer 7 – the application layer. When an email is written and send is pressed, the data works its way down the OSI layers one by one and through the ...

Table of contents

  1. Cover
  2. Half-Title
  3. Title
  4. Copyright
  5. Dedication
  6. Contents
  7. Biography
  8. Abbreviations and Acronyms
  9. 1 Introduction
  10. 2 Web and network basics
  11. 3 Cryptography
  12. 4 Hacking overview
  13. 5 Packet analysis and penetration testing
  14. 6 Social engineering
  15. 7 Cyber countermeasures
  16. 8 Incident response and mitigation
  17. 9 Digital forensics
  18. 10 Special topics: Countersurveillance in a cyber-intrusive world
  19. 11 Special topics: Securing the Internet of Things (IoT)
  20. Index