[Music] so I'll start um good morning everybody uh our original classroom was uh KD 101 but the uh number of uh registrations were touching 100 so I thought that uh 101 will not have enough space But as soon as I sent the uh syllabus I got seven drops and I'm hoping uh a few more drops uh I think the last uh time I taught this course I did not have any exam and that was the reason why there were so many uh requests but in the new syllabus I have put in exams and as soon as I did that that I saw quite a few of uh students have dropped but anyway so those who uh those of you who are here for learning practical cyber security for cyber practitioners many of you have probably not taken a cyber security course before and therefore uh I do not know how much you will get from this course so as we go you still have time for dropping so uh there is uh some time so today I I would like to clarify what is it in this course and uh after that uh you can make your decisions uh uh but uh the course is quite uh quite much of work so so you have to accordingly uh decide so so cyber security is uh is a is a very uh big buzz word today every day if you read the technology news you will see somebody or the other is getting ransomware attacked or uh somebody's data breach is happening we had a large scale data breach from uh icmr on the uh the data that was uh collected during the covid vaccination very large scale data uh leakage had happened some uh years ago around 2020 21 there were data leakage from Domino data leakage from uh big basket so data leakage ransomware attacks are very common uh we also get uh attacked uh continuously in thousands uh per minute even IIT can put systems right so many of the attacks are uh not very effective so we do not see a whole lot of uh problem but you might have received an email from the uh de of infrastruct digital infrastructure to change your password for pingla your password for your uh uh CC login uh because uh we found a data leak uh that was 2 years old uh the data that was leaked were 2 years old but we we found that many of your uh passwords were the same for last 2 years and therefore uh from the leaked uh password uh anybody could Lo log to your account so so that's why we ask uh that everybody uh changes their passwords uh immediately and we are uh working towards uh instituting uh two- Factor authentication uh for all logins in The Institute but that might take some time some some time but in any case uh so cyber security is a big problem today now the question is that uh what is it that we need to learn so we have courses uh that uh teach you how to find vulnerabilities in web applications with with uh Standalone applications in operating systems in networks uh DNS uh routing protocols and so on that course is uh CS 628 in that you'll learn how to find vulnerabilities and how to exploit vulnerabilities and that's the hacking uh you know 101 type of course we also have courses on uh malware analysis where you actually uh take malware and analyze them uh with various tools then you actually build your own Mal detection tools using machine learning uh you also uh learn how to detect from the network activities inside your uh OWN Network maybe home network or or organizational Network how to uh find intution that some un um you know un uh um unwanted activities are happening inside your network and that course is CS 658 that that's a malware analysis and uh intrustion detection course we have a course on uh how to uh protect cyber uh from cyber attacks in uh critical infrastructure such as power uh power plants uh uh water treatment plants uh oil and gas uh pipelines and so on so that's CS 631 and then we have courses uh related to crypto photography uh CS 641 there is a new course CS 670 that is about privacy and cryptography and then there are courses on Hardware security uh I believe CS uh I forgot the number but uh it's a Hardware security for iot devices so so there are there is a there are plenty of courses which teach you the technology behind cyber security how different tools are developed both for attacking the uh applications the networks uh the organizational uh it systems the uh OT systems the operational technology systems uh in Plants uh manufacturing plants or power system and so on uh we also have uh uh courses where you learn how to develop uh tools for uh doing uh detection how to detect that your system is under attack or our system has been attacked right so that's the malware analysis intrustion detection uh site Channel analysis those kind of courses we also have courses where you actually uh learn about a very uh specific domain in cyber security which is critical infrastructure security so power power grid security and and Manufacturing Systems security and so on we also have courses where you learn Integrity of cryptography like what is the uh algorith what are the algorithms used in for example https SSL TLS right what are the algorithms that are used for encryption of uh inside your disk for file encryption and what are the weaknesses that can be exploited by attackers and how better algorithms are being developed so that's in crypto modern cryptology Course and there are there are implementation uh of cryptography which may be problematic and this implementation of cryptography problems uh manifest as side channel uh side channels so side Channel analysis courses are there post Quantum cryptography as Quantum Computing is becoming uh more likely in probably by 2030 there should be it is expected that Quantum Computing would be somewhat uh practical in fact uh probably uh in countries like China then some of our cryptography like RSA uh dman Etc will break and then there are efforts uh uh pretty Advanced efforts uh for developing cryptography that is not breakable by Quantum computing and there is there's course by for postquantum cryptography so so there are lots of courses so that's about technology but cyber security actually is not only technology it has uh three components people process and technology so so therefore it is very important that uh we understand how the other components of cyber security Works people and process technology is one part of it but it's not enough so we'll try to explain throughout this course that uh there are things in in organizational cyber security that are not necessarily uh doable by buying expensive tools or developing uh tools or uh using AI uh ml tools and that's uh where this course come in so what do you need to know that we do not teach in the other courses so suppose you are a chief information security officer or you are a member of his team so Chief Information Security Officer is in charge of organizing cyber security of any organization right and larger the organization in today's uh world all organizations it may be a news media organization it could be a manufacturing organization it could be a Power Systems operator it could be an oil and gas refinery or it could be a food product manufacturer everybody has Computing network data everything so every organization has ceso some organizations have multiple cesos for multiple verticals of their business and the C so usually have a team through which the cyber security activities will be uh uh will be organized and taken so CIS so uh so obviously you know right out of the college nobody's going to give you a ciso job that comes after many years of working in cyber security however you can be you can be hired as a team member of a ciso so if you're a team member of a ciso so you are going to be responsible for many things so cyber security governance so for example if you have a uh cyber security team can they do whatever they like can they reset your password whenever they like or can they overnight tell you that you cannot do this or you can do this or can they actually uh tomorrow create a such a strong firewall with strong rules that many important websites are no longer accessible or can they actually put an agent on each of the employees computer so that that agent collects data about what's happening on your computer and see that centrally right these are some of the things that aiso would like to do he wants to know what is happening if somebody has downloaded a malware by mistake or somebody has uh tried to enter a database that he's not supposed to and things like that so there are a lot of things that the ciso or his team can do but can they do it just like that there has to be some policy there has to be some processes by which that polic policy has to be developed stakeholders has to be consulted and those policies have to be actually approved by the highest Authority like the board of the company and so on and only then that in the policy the processes should be well defined and then these processes have to be followed so you cannot overnight say I going to do this or do that and that's a main governance activity so you cannot do uh arbitrary things just because you are charge of security because you have to consult stakeholders get approval and so on so that's the governance second thing that you may have to figure out every organization has a unique threat you know perception so an educational institute has different set of threat actors attacking it compared to let's say a power grid or compared to let's say a government uh website or compared to uh say Railway transport ation control system so the organizational threat model threat perception has to be developed based on many information including the organization's role in the entire scheme of things uh in the uh National economy uh also the organization's uh business goals uh also uh the geopolitics the what is happening right now uh in terms of geopolitics like last 15th August the Indonesian uh Army of cyber hackers they had uh pledged that they will attack all Indian government uh websites and they did uh quite a bit during the G20 Summit there was uh similar threats so so therefore the uh threats also change based on events based on various other perspectives so so you have to know how to model the threats how to understand the threats also there are uh threat Fe needs that can be obtained from commercial or trade uh intelligence organizations you have to also bring those in to do this uh suppose you want to do risk assessment right so not everything inside your organization is at risk so a a database containing the student grades is at a certainly at a higher risk than a database where you have the let's say menus of the uh Halls cants right so certainly they will have different risks similarly if you have a salary uh employee salary uh processing database and and servers they are probably at a higher risk than departmental procurement database right so so you have to do risk assessment based on what the role of the asset is what are the vulnerabilities of that asset and what kind of tra actors might be interested in getting a hand on that particular asset similarly uh organizations have to be cyber resilient that is in case an attack succeeds how do you actually bring back the system to life for example if this week pingala gets attacked and none of none of you can register or drop your courses what is the uh what is the mechanism by which you can be enable to do your dropping and adding courses right so that is what is resilience resilience is about withstanding an attack and recovering from the attack in the least amount of time that's the idea of uh resilience so how do you design the resilience of an organization and how do you measure the resilience of an organization suppose you have to do an audit you you are working for consultants and and you are sent to do an audit of a bank for cyber security so how do you go about what do you look for what is it that you are going to to Benchmark the that particular organization cyber security against so also when you actually have done the risk assessments and you figured out that the risks are uh higher on this assets and risks are lower on this assets and so on how do you go about designing the controls so do you segment the network do you actually uh uh put firewalls between Network segments do you do uh you know virtual networking or actual real physical seg physically segmented Network are you going to put uh what we call endpoint agents on every uh device that are critical how do you actually monitor the network on which the critical assets are there how do you actually decide whether to have two- Factor authentication and if you do what kind of two-factor authentication should be the suitable so all these things are about designing cyber security control controls so that is something that you have to also decide then if there is an incident cyber incident how do you respond what are the process do you do you panic and do things shut down things uh you know randomly and and uh keep calling for example computer Emergency Response Team in Delhi what do you do what is the playbook for your incident response what happens if the if the incident actually is a uh gives rise to a crisis your entire data gets ransomware encrypted and you your function has to stop nothing nothing is working in the in the organization how do you manage uh at that time and how do you recover and also to be prepared for this kind of incidents and this kind of Crisis you have to also do cyber drills like fire drill so how do you go about doing cyber drill or tabletop exercises and so on so these kind of things is what this course is about right so this course will not teach you hacking or malare analysis or you know how to uh design uh cyber security tools that kind of stuff so for those who are not uh very familiar with cyber security cyber security is has uh there are many ways to Define cyber security so one thing that uh I have put in here is based on the standard national uh Institute of standards and Technology nist uh nist uh standard called CSF cyber security framework and in cyber security framework in the recent version they had an earlier version until like uh 23 end of 23 and then now they have a recent version in this version they say that a cyber security of an organization should have uh six essential functions and here I have listed the six essential functions I will not explain this six essential functions right now because I have a lecture on nist framework later but just to tell you that identification of uh your assets what are the Cyber assets do you have what kind of servers you have what kind how many servers what operating system it is running what applications are running on the on those uh servers what desktops laptops uh mobiles are connected to your network all this information has to be in a asset inventory what kind of data you are possessing and what is the state of that data is it encrypted and all that stuff you also have to identify the vulnerabilities what are the bugs in the systems that you are actually currently having in your uh organization you have to also do risk assessment you have to identify what are your critically risky assets and how to uh you know how to identify them so all these things come in the identify then once you have identified the risks of all the assets you know which ones are your most risky assets and which ones are your least risky assets and whatever middle risk and so on then you have to decide what security level you are going to put not everything has to be secured in the same way because security is expensive so most critical assets have to be secured with a very strong security uh controls the least Leist risky assets may be given some leway so you have to do that uh firewalls uh antiviruses endpoint uh security all this stuff are part of the protect mechanism authentication authorization mechanisms U two Factor Etc uh also cryptography like encrypting data that is critical data all the time even when it is at rest that is it is on in store as well as when it is moving through the network then after identify and protect many time we think that okay I have firewall I have uh uh two Factor authentication I have encrypted data I have uh uh latest operating systems there is no old un uh you know un um uh unlicensed uh applications or uh uh operating system all the operating system are uh the latest one like Windows 11 and UB to uh 22 04 or something uh but uh attacks will happen so one thing that we have to all recognize even with all the best security attackers will find ways and even uh even attackers can fool the people in the organization for example they can send uh fishing emails or uh uh emails on uh or messages uh of mware laced uh pictures and stuff in messages and if you download them your your your computer will get infected by some malware and that malware may be a warm type of malware which can move from one machine to the other using weaknesses in various protocols like SMB protocol so therefore you cannot assume that since you have the best protection uh you cannot you cannot be attacked attack will happen all you have done by doing very good risk-driven protection is actually to reduce the possibility of the attack but you haven't made it zero so there will be attacks so then the next few things are based on the assumption that attacks may happen so detection is very important so you have to continuously have a monitoring of all the end points uh and all the network traffic and that is where the security Operation Center and security incident event management tools they come in right so you have to have a full 24x7 visibility of your network and endpoints and when you have the visibility then you can actually spot various things and you you can have AIML to help you to determine that what you are seeing because you will see a lot of data you cannot manually figure out what is happening so there are rule-based systems as well as there are um a IML driven systems that will tell you that what you what current ly is happening looks suspicious so they will generate alerts and you have to be able to respond to the alerts uh 247 so response is part of when you spot something is wrong what do you do right so that's the response part recover is when you actually have been through a crisis or been through an incident which uh maybe may have encrypted your discs or which may have WIP out your data or which might have exfiltrated your data or which might have damaged your systems what do you do for Recovery do you have standby systems do you have backup of the data uh and and and make sure that the data like people think that if I have my file system uh backed up in one drive or Google Drive I am fine but if you're logged into one drive or Google Drive uh all the time then when the ransomware will hit it will also find its way to the Google drive or uh or one drive and and encrypt them right so so you have to figure out better way to do your recovery and then govern is as I have discussed before governing is very important part of cyber security especially organizational cyber security so that's uh that's the nist framework now you might ask who are the attackers right so if I don't know the attackers and what they want I cannot really do a very good job in securing so usually we uh look at attar in multiple ways so script K kides are the Curious Kids and when I say kids you guys are also falling in that category so you might know how to exploit uh for example a web application uh say uh SQL injection or command injection and then you start trying on various places and uh so that can be an attack but uh that attack can be uh usually not very longlasting very P not very persistent and usually they cannot do too much harm although there has been cases there there were kids school kids who actually uh breached uh envidia uh last year and exfiltrated IP so so it's not like we should discount script kitties but they are not as resourceful necessarily as uh as for example nation state at ERS so there are activists who would attack for example uh the various uh organizations governments whose policies uh you do not like for example anonymous group activists actually also uh take position like there are pro- Russian activists and there are pro- Ukrainian activists and they do their things and they could be actually pretty effective like you know they can many of them actually did a very you know problematic things for organizations like National Security Agency in the US uh for example they leaked a lot of uh vulnerability and their exploits in 2016 which led to the first spit of ransomware attacks W to cry because there was a there was a bug in uh bug in bug called Eternal blue in the SMB protocol in Windows and it seems NSA was using that for long time to spy on other countries but that whole tool set was uh was made uh public by activists and then uh at Cyber criminals started creating the uh this ransomware that basically encrypted a lot of important things including ports and so on Cyber criminals they actually do it for money they try to extort You by attacking you and ransoming your uh encrypting your discs and say that you know unless you give us uh cryptocurrency uh to this wallet address we are not going to decrypt your data and things like that and once people started becoming clever and took good backups then nobody was paying their an someware so they started double extortion that is they also steal the data and encrypt the data and they say that if you don't pay fine we are going to uh leak your data in the dark web so that's a double exterion so those kind of things the Cyber criminals also there are organized criminal gangs mostly currently known criminal gangs doing into cyber security are mostly out of uh places like North Korea Russia uh and few other countries uh um uh that is uh common uh but the biggest threat that we have is the nation state attackers countries that are in involved in geopolitics and accordingly for example example Chinese thread groups they attack India quite a bit uh Pakistani thread groups uh there are Russian thread groups Who attack mostly uh us uh and other all you know us allies uh so they're Advanced thread groups but we'll talk a lot more about this uh in the coming lectures so we can move on I already uh explained to you why do they attack when I was discussing the various uh types of attackers so I'm not going to uh uh go through this slide you know we already discussed what happens here now one thing that we have to remember that not all Targets are equal so for example not all organizations are uh under the um you know crossair of attackers uh equally right some organizations are more attacked and some are less attack and it has got to do with many things geopolitics is one of them business rivalry could be another and various uh other reasons that some organizations at a much more uh problematic uh situation with respect to cyber attackers than the others so similarly within an organization I already discussed that risk we have to do risk assessment because uh not every asset inside an organization are being used for critic functions some uh let's say in the reception the person sitting in the reception also has a computer connected to the network but her computer only sees uh room numbers and telephone numbers of employees when a guest comes her her laptop is not as critical an asset for example compared to the computer which is uh involved in uh payments or involved in uh keeping student uh registration data or great data right so so all assets are not equal and that's where the risk assessment comes in that without risk assessment you cannot really formally tell what are the uh different uh uh you know assets what their risks are and similarly not all individuals are equally uh equally uh targets so some individuals uh uh for example uh High Networth individuals has more possibility of uh uh being a target of a cyber crime than some uh person who is who doesn't have a whole lot of thing similarly politicians and stuff they might have a more uh uh you know they might be in the crosshairs more than uh common people so to as as I said that we have to also understand how to understand whether my organization the organization I am protecting what is its threats I have to understand the threats and uh in order to uh figure out the risks when threats are high uh then uh then we say that uh you know for example the US Department of Homeland Security they do use a what is called a traffic light protocol right so so they have like right now the threat perception is Amber or right now the threat perception is red or the red means it's the highest level of thre perception so right after 911 well many of you are probably not born in uh at the time but after 911 the threat perception everywhere like at the airports and everything was red for a long time during the Iraq War and everything it was Amber uh now probably it is orange or or probably it's in green I I'm not sure green probably that nobody will say because green means things are very good so similarly you know you have to have a threat perception for your organization so uh so that uh and geopolitics is important there uh we have seen lots of attacks based on geopolitical considerations to various countries and their critical uh infrastructure like the Iranian nuclear plant in uh by stocks net uh Ukrainian power system uh in 20156 as well as more recently during the current War uh 2020 solar wind uh attack we'll talk about this attacks uh later lot more uh Indian power system operators and ports in 2021 and as well as 22 uh in 23 a lot of this Indonesian activists they actually did a lot of defacing of Indian websites or dos attacks on airline companies and so on um based on some geopolitical consideration for example whether India is supporting Israel or Hamas uh or India is supporting Ukraine or Russia whether India is continuing to buy Iranian oil and all this kind of consideration so so if you are in charge of an organization like uh important organization uh in the country then you have to also be aware of the geopolitical considerations of Cyber attack so I have already described this I'll not you know dwell on this slide but you know what what to not expect from this class so I said said if you want to know basic hacking you have to take 628 if you want to know how to analyze malware you have to take 658 you to or or do intrustion detection how to protect critical infrastructure that would be 631 how to analyze cryptographic protocols and algorithms 641 how to check for side channel in cryptography implementation that will be 666 um 674 is postquantum cryptography and uh more a recent new course privacy and cryptography 670 so so do not expect to learn any of these things in this class right so if you want this to learn these things then you go to those class now what I want I have about uh I think 13 minutes or so so I want to do some play a game so get get your uh phone out and we'll do something okay so go to m.com with your phone if you have data and use this code 5973 0129 and we'll we'll see we'll do an interaction where you will be telling us things and I will be able to see what's happening uh what your Collective uh situation is so so are you all able to go there Mente do and use the code 5973 uh 0129 so once you uh okay so I got first response so you have to say which words come to your mind when you hear cyber security and we'll see a word cloud so I see hacking seems to be uh the most common idea that you're coming to your mind okay so we got a good number 78 79 almost 80 responses hacking seems to uh be in your mind protection data protection attacks uh privacy cryptography uh these are your uh top uh thinking then you are thinking encryption one vulnerability Russia malware okay ransomware and so on so so good so you have a very um you know uh cohesive set of ideas these are all relevant to cyber security now which words come to your mind when you hear cyber crime yeah so uh cyber crime is slightly different from Cyber attack right Cyber attack is usually when it happens to an organization uh cyber crime happen happens to mostly individuals and mostly for monetary reasons sometimes it happens for harassment sometimes it happens for U sextortion uh this kind of stuff but mostly related to money and this is usually the individuals uh who get affected by uh cyber crime so uh we'll uh leave it at that uh we have uh uh by the way Mr Robot is about cyber attacks not cyber crime right so Mr robot if you remember uh it's mostly on at the uh National and uh organizational level and and take over of the uh of the technology world and and things like that so it's uh uh it's probably not uh categorized as cyber crime okay so next question so in this one you have to basically push uh with your finger uh uh the ones that you think is the most critical and uh then which is the second most critical and which is the least critical okay so uh rightly so the exfiltration of confidential data from the organization uh obviously is the biggest problem among these three because we have the new uh Digital Data protection act right by the government which uh got passed in the parliament last year and the uh the it may actually lead to 250 crores fine on an organization if they lose uh customer data confidential uh privacy uh private data about customers the personally identifiable information uh the reason why uh ransomware encryption is second is because it depends whether you have backups or not see data data exfiltration once it is out and and it is being sold in the dark web uh you have no control right so that's why nowadays ransomware attacks also come with data exfiltration they do both but uh as such data exfiltration the organization is in big big trouble ransomware attack if it is just encryption they probably has the you know backup to recover from so they might actually be a slightly better position and then device compromising a device with a malware is bad but it depends whether the device can be quickly isolated or shut down and things like that so there are ways you have some control to uh to respond to that incident but if you get data exfiltrated then you are at the mercy of the ones who has the control on the data okay so which of the following is not a cyber defense tactic antivirus at the end points end points means the devices and then uh firewall between internal and external network second two- Factor authentication and don't connect to the internet yeah so uh don't connect to the internet is not a choice anymore right so you cannot say that this is I will not connect to the Internet so I am I am uh I am fine you can still get attacked right so Iranian nuclear PL nuclear enrichment PL was not connected to the internet so the attackers basically gave free USB to that Engineers who took that USB and connected to the machines in the internal Network which was not connected to the internet and still got attacked okay so uh let's see what's okay here again you have to rank them like by pushing with your finger what do you want to learn from this course okay so so far so good so it's the the top three things is what we learn the last thing we'll not learn in this course so so good that you don't want to learn from this course because you won't learn okay now something uh about you how often do you change uh your password every 3 months every year every 5 years and I'm talking about password of important accounts like not the some some random accounts like your social media account or Google account or your uh net banking account or your um uh um other CC account and so on so at least eight eight of you actually are pretty consensus uh you are uh changing password every 3 months so you have to use a password uh Vault program application to remember your password because if you change that frequently you won't remember your passwords right I think that what is concerning is this 69 of you don't change your password unless forced to right so so that's not good so we have to do something about that and soit here from CC he will make you force you to change password more often right I use the same password in net banking and social media oh my God we have 23 of you who are using the same password in social media and net banking that's pretty scary you need to think about it so let's go and see how many of you use uh antivirus on your devices and by devices I mean your laptop or your mobile this is also pretty scary neither laptop or mobile 40 uh like half 50% of the students okay okay that's pretty scary we'll have to to uh convince you uh better I update and Patch my OS and applications automated automatic update is pretty common I see now there are 10 who are uh have no idea that could be pretty scary also I think I have run out of time I'll just I'll just do this uh last one I have had malver infection in one of my devices in the past 3 years a lot of don't knows oh because you don't have antivirus on your devices anyway so how will you know okay so 11 of you at least know that it has happened uh 43 do do not know so we have to uh change your uh uh perspective on these things so we'll do that uh okay so uh we'll uh finish here I think I have run out of time stop here [Music] [Music] [Music]