Report on Master Training Program on Cyber Security (Sponsored CSR initiative of Microsoft Philanthropies)
Start Date – 03.08.2022
End Date – 12.08.2022
Timing – 9:30 AM to 03.30 PM
Attended by-
Dr. Astha Pareek
Dr. Deepshikha Bhatia
Dr. Navneet Sharma
Dr. Priyanka Verma
Day One
A Ten-day Master Training Program on Cyber Security under the “Cyber Security for Educators and Students “ a CSR initiative of Microsoft Philanthropies. The workshop was headed by Ms Velumani.
On day one, Velumani introduced the course curriculum in which she discussed about 8 modules which will be covered in the Cyber Security Blended Learning Course. She continued the session with a case study of Marriott International. She explained about the case study that breach took place sometime in 2014, but it wasn't discovered until 2018, when an internal security tool caught a suspicious attempt to access the internal guest reservation database for Marriott's Starwood brands.
In connection to this she also explained about data and information. She explained data, as an input, goes through a filtration process followed by a meaningful organisation to generate output or information. Example milk and cheese. Milk is data unprocessed form and cheese is information processed form. Session continued with types of information systems followed by few activities and polls. In the middle of the session 2 activities were given
· Activity-Fastest Finger First
· Knowledge Test
It was an interactive and great learning experience and the participants learnt the art of digital learning techniques. The session was beneficial and fruitful and acquainted us with various types of learning processes.
She explained about the installation of Kali Linux. Kali Linux is one of the best security packages of an ethical hacker, containing a set of tools divided by the categories. It is an open source and its official webpage is https://www.kali.org.
Generally, Kali Linux can be installed in a machine as an Operating System, as a virtual machine which we will discuss in the following section. Installing Kali Linux is a practical option as it provides more options to work and combine the tools. You can also create a live boot CD or USB. All this can be found in the following link: https://www.kali.org/downloads/.
Day Two
The second full day of the workshop focused on the challenges and opportunities regarding building cybersecurity education and workforce development programs. Cybersecurity began in the 1970s when researcher Bob Thomas created a computer programme called Creeper that could move across ARPANET’s network, leaving a breadcrumb trail wherever it went. Ray Tomlinson, the inventor of email, wrote the programme Reaper, which chased and deleted Creeper.
The Morris worm or Internet worm of November 2, 1988, was one of the oldest computer worms distributed via the Internet. The AIDS trojan was created by a biologist Joseph Popp who handed out 20,000 infected disks to attendees of the World Health Organization’s AIDS conference.ILOVEYOU, sometimes referred to as Love Bug or Love Letter for you, is a computer worm that infected over ten million Windows personal computers on and after 5 May 2000. It started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.TXT.vbsHacktivism happens when political or social activists use computer technology to make a statement supporting one of their causes. In most cases, hacktivism focuses on either government or corporate targets, but it can include any significant institution, such as religious groups, drug dealers, terrorists, or pedophiles. Hacking means breaking into someone’s computer.
The session was very informative. Specifically, the scope and importance of cyber security was very beneficial. At the end of the session each participant had an idea of types of cyber-crimes, its types and controls. An evening entertainment activity was also given to participants.
Day Three
The third day of workshop faculty covered the topics, Cyber Security Framework, the Framework Core and Attack Matrix. Under Cyber Security Framework, she taught the history of cyber security framework and discussed in detail the core component of cyber security framework i.e. Core, Tiers and Profile. Under the title the Framework Core, Velumani, explained the key attributes of the core framework, Identify, Protect, Detect, Respond, Recover. And also the benefits of framework core. Under Attack Matrix, she explained various attack models and tracked various techniques which attackers use throughout the different stages of cyber-attack to infiltrate the network and exfiltrate data. She also discusses different matrices and detailed descriptions of pentesting attaches teams i.e. red and blue teams. After break we have tried a few nmap commands on kali like port details, multiple ip scanning and protocol scanning.
Day Four
Fourth Day agenda to cover CIA Triad, Cyber security Control and discuss common Cyber threats and Attack. Cyber Security Controls are the countermeasures that companies implement to detect, prevent, reduce or counteract security risks. Presenter also explained 8 essential security Controls. These are Application Control, Patch Application, Configure Microsoft Office Macros, User Application Hardening, Restrict Admin Privilege, Patch Operating System, Multi Factor Authentication and Daily Backups. She also discussed the different Access Control Models and threat vectors. After lunch break she discussed common types of Cyber Attacks and explained the importance of the 3 way handshaking process. After that we practise nmap commands for scanning the active and non-active link of host, DNS Scan and null scan , SYN Scan, XMAS scan and RPC Scan.
Day Five
The second full day of the workshop focused on the types of cyber-attacks. She explained cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter computer code, logic or data and lead to cybercrimes, such as information and identity theft.
We are living in a digital era. Nowadays, most people use computers and the internet. Due to the dependency on digital things, the illegal computer activity is growing and changing like any type of crime. Common Types of cyber-attacks are malware, phishing, man-in-the-middle-attack etc.
Day Six
The third day of the program started with a discussion about cryptography. Ms. Velumani continued the session with describing the basics of cryptography which is an art and science of transforming messages so as to make them secure and immune to attacks.In Cryptography the techniques which are use to protect information are obtained from mathematical concepts and a set of rule based calculations known as algorithms to convert messages in ways that make it hard to decode it. These algorithms are used for cryptographic key generation, digital signing, verification to protect data privacy, web browsing on the internet and to protect confidential transactions such as credit card and debit card transactions. In this session all participants also learnt Cryptanalysis which is the process of attempting to discover X or K or both is known as cryptanalysis. The strategy used by the cryptanalysis depends on the nature of the encryption scheme and the information available to the cryptanalyst. It was an interactive and great learning experience for all the participants as all of them were acquainted with Basics of Cryptology including notion of security, Block chain Technology, Introduction to Elliptic Curve Cryptology, Proxy- reencryption, Cryptography from Channel Noise, Authentication Issues, Recent Strides in IT Security, Cryptography from Channel Noise and so on.
Day Seven
Objective of the Seventh day of the workshop was to aquent the users with cryptography and information security. In this session trainer explained us about the concept of cryptosystem, Information security and explained about how to secure digital data. She taught about the cryptanalysis, breaking cipher transmission or storage of secure data, study of cryptographic mechanism and explained the experimental process of using cryptool for data protection.
Day Eight
Day eight of this FDP was for familiarising us with the tool Burp Suite installation and handling the proxy setup intruder and our trainer Madam Valli aquent us with the application security risks and explain about various vulnerabilities of web applications and data communication.