lOMoARcPSD|34376784

Chapter 1 Cyber Security-combined

B. Tech in Information Technology (Maulana Abul Kalam Azad University of Technology)

Studocu is not sponsored or endorsed by any college or university

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)
 lOMoARcPSD|34376784

Cyber Security
Code: PEC-CS702E

Unit I:
Introduction:

Q1. Introduction to Cyber Security

1. The technique of protecting internet-connected systems such as computers, servers, mobile
devices, electronic systems, networks, and data from malicious attacks is known as cyber
security.
2. We can divide cyber security into two parts one is cyber, and the other is security.
a. Cyber refers to the technology that includes systems, networks, programs, and data.
b. Security is concerned with the protection of systems, networks, applications, and information.
3. The another name of cyber security is electronic information security or information
technology security.
4. designed to protect networks, devices, programs, and data from attack, theft, damage,
modification or unauthorized access.

Types of Cyber Security

Every organization's assets are the combinations of a variety of different systems.

o Network Security: It involves implementing the hardware and software to secure a computer
network from unauthorized access, intruders, attacks, disruption, and misuse. This security helps
an organization to protect its assets against external and internal threats.
o Application Security: It involves protecting the software and devices from unwanted threats.
This protection can be done by constantly updating the apps to ensure they are secure from
attacks. Successful security begins in the design stage, writing source code, validation, threat
modeling, etc., before a program or device is deployed.
o Information or Data Security: It involves implementing a strong data storage mechanism
to maintain the integrity and privacy of data, both in storage and in transit.
o Identity management: It deals with the procedure for determining the level of access that
each individual has within an organization.
o Operational Security: It involves processing and making decisions on handling and securing
data assets.

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

o Mobile Security: It involves securing the organizational and personal data stored on mobile
devices such as cell phones, computers, tablets, and other similar devices against various
malicious threats. These threats are unauthorized access, device loss or theft, malware, etc.
o Cloud Security: It involves in protecting the information stored in the digital environment or
cloud architectures for the organization. It uses various cloud service providers such as AWS,
Azure, Google, etc., to ensure security against multiple threats.
o Disaster Recovery and Business Continuity Planning: It deals with the processes,
monitoring, alerts, and plans to how an organization responds when any malicious activity is
causing the loss of operations or data. Its policies dictate resuming the lost operations after any
disaster happens to the same operating capacity as before the event.
o User Education: It deals with the processes, monitoring, alerts, and plans to how an
organization responds when any malicious activity is causing the loss of operations or data. Its
policies dictate resuming the lost operations after any disaster happens to the same operating
capacity as before the event.

Q2. Importance and challenges in Cyber Security

Cyber Security Goals

1. Cyber Security main objective is to ensure data protection.
2. The security community provides a triangle of three related principles to protect the data
from cyber-attacks.
3. This principle is called the CIA triad.
4. The CIA model is designed to guide policies for an organization's information security
infrastructure. When any security breaches are found, one or more of these principles
has been violated.

We can break the CIA model into three parts: Confidentiality, Integrity, and
Availability. It is actually a security model that helps people to think about various parts
of IT security.

Confidentiality

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

Confidentiality is equivalent to privacy that avoids unauthorized access of information. It involves

ensuring the data is accessible by those who are allowed to use it and blocking access to others. It
prevents essential information from reaching the wrong people. Data encryption is an excellent example
of ensuring confidentiality.

Integrity

This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized
modification by threat actors or accidental user modification. If any modifications occur, certain measures
should be taken to protect the sensitive data from corruption or loss and speedily recover from such an
event. In addition, it indicates to make the source of information genuine.

Availability

This principle makes the information to be available and useful for its authorized people always. It
ensures that these accesses are not hindered by system malfunction or cyber-attacks.

ADVANTAGES

- Cyber security will defend us from critical cyber- attacks.

- It helps us to browse the safe website.
- Cyber security will defend us from hacks & virus.
- The application of cyber security used in our PC needs to update every week.
- Internet security processes all the incoming & outgoing data on our computer.
- It helps to reduce computer chilling & crashes.
- Gives us privacy.

DISADVANTAGES

- It was expensive; most of the users can’t afford this.

- A normal user can’t use this properly, requiring special expertise.
- Lack of knowledge is the main problem.
- It was not easy to use.
- It makes the system slower.
- It could take hours to days to fix a breach in security.

Malware
Malware means malicious software, which is the most common cyber attacking tool. It is used
by the cybercriminal or hacker to disrupt or damage a legitimate user's system. The following are
the important types of malware created by the hacker:

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

o Virus: It is a malicious piece of code that spreads from one device to another. It can clean files
and spreads throughout a computer system, infecting files, stoles information, or damage device.
o Spyware: It is a software that secretly records information about user activities on their
system. For example, spyware could capture credit card details that can be used by the
cybercriminals for unauthorized shopping, money withdrawing, etc.
o Trojans: It is a type of malware or code that appears as legitimate software or file to fool us into
downloading and running. Its primary purpose is to corrupt or steal data from our device or do
other harmful activities on our network.
o Ransomware: It's a piece of software that encrypts a user's files and data on a device, rendering
them unusable or erasing. Then, a monetary ransom is demanded by malicious actors for
decryption.
o Worms: It is a piece of software that spreads copies of itself from device to device without
human interaction. It does not require them to attach themselves to any program to steal or
damage the data.
o Adware: It is an advertising software used to spread malware and displays advertisements on our
device. It is an unwanted program that is installed without the user's permission. The main
objective of this program is to generate revenue for its developer by showing the ads on their
browser.
o Botnets: It is a collection of internet-connected malware-infected devices that allow
cybercriminals to control them. It enables cybercriminals to get credentials leaks, unauthorized
access, and data theft without the user's permission.

What is Cyberspace?

1. Cyberspace can be defined as an intricate environment that involves interactions between

people, software, and services.
2. It is maintained by the worldwide distribution of information and communication
technology devices and networks.
3. With the benefits carried by the technological advancements, the cyberspace today has
become a common pool used by citizens, businesses, critical information infrastructure,
military and governments in a fashion that makes it hard to induce clear boundaries
among these different groups.
4. The cyberspace is anticipated to become even more complex in the upcoming years, with
the increase in networks and devices connected to it.
what is Cyber threats

A Cyber Threat or a Cyber Security Threat is a malicious act performed by hackers to

intentionally steal data or other assets, misuse them, or simply cause disruption in digital life in

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

general. Cyber Threats can come from remote locations by unknown parties or even within an
organization by trusted users.
Common Sources of Cyber Threats

 Nation states—hostile countries can launch cyber attacks against local companies and
institutions, aiming to interfere with communications, cause disorder, and inflict damage.
 Terrorist organizations—terrorists conduct cyber attacks aimed at destroying or abusing
critical infrastructure, threaten national security, disrupt economies, and cause bodily harm to citizens.
 Criminal groups—organized groups of hackers aim to break into computing systems for
economic benefit. These groups use phishing, spam, spyware and malware for extortion, theft of private
information, and online scams.
 Hackers—individual hackers target organizations using a variety of attack techniques. They are
usually motivated by personal gain, revenge, financial gain, or political activity. Hackers often develop
new threats, to advance their criminal ability and improve their personal standing in the hacker
community.
 Malicious insiders—an employee who has legitimate access to company assets, and abuses
their privileges to steal information or damage computing systems for economic or personal gain. Insiders
may be employees, contractors, suppliers, or partners of the target organization. They can also be
outsiders who have compromised a privileged account and are impersonating its owner.

What Is Cyber Warfare?

Cyber Warfare is typically defined as a set of actions by a nation or organization to attack

countries or institutions' computer network systems with the intention of disrupting,
damaging, or destroying infrastructure by computer viruses or denial-of-service attacks.

Cyber warfare can take many forms, but all of them involve either the destabilization or destruction
of critical systems. The objective is to weaken the target country by compromising its core systems.

This means cyber warfare may take several different shapes:

1. Attacks on financial infrastructure

2. Attacks on public infrastructure like dams or electrical systems
3. Attacks on safety infrastructure like traffic signals or early warning systems
4. Attacks against military resources or organizations

What is Cyber Terrorism?

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

1. Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten,
the loss of life or significant bodily harm, in order to achieve political or ideological gains
through threat or intimidation.
2. Acts of deliberate, large-scale disruption of computer networks, especially of personal
computers attached to the Internet by means of tools such as computer viruses, computer
worms, phishing, malicious software, hardware methods, programming scripts can all be
forms of internet terrorism.
3. Cyberterrorism can be also defined as the intentional use of computers, networks, and
public internet to cause destruction and harm for personal objectives.
4. xperienced cyberterrorists, who are very skilled in terms of hacking can cause massive
damage to government systems and might leave a country in fear of further attacks.

Cyber Security of Critical Infrastructure?

Critical infrastructure security is the area of concern surrounding the protection of systems,
networks and assets whose continuous operation is deemed necessary to ensure the security of
a given nation, its economy, and the public's health and/or safety.

The UK internet industry and Government recognized the need to develop a series of Guiding
Principles for improving the online security of the ISPs' customers and limit the rise in cyber-
attacks. Cybersecurity for these purposes encompasses the protection of essential information,
processes, and systems, connected or stored online, with a broad view across the people,
technical, and physical domains.

These Principles recognize that the ISPs (and other service providers), internet users, and UK
Government all have a role in minimizing and mitigating the cyber threats inherent in using the
internet.

These Guiding Principles have been developed to respond to this challenge by providing a
consistent approach to help, inform, educate, and protect ISPs' (Internet Service Provider's)
customers from online crimes. These Guiding Principles are aspirational, developed and
delivered as a partnership between Government and ISPs. They recognize that ISPs have
different sets of customers, offer different levels of support and services to protect those
customers from cyber threats.

Some of the essential cybersecurity principles are described below-

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

1. Economy of mechanism
2. Fail-safe defaults
3. Least Privilege
4. Open Design
5. Complete mediation
6. Separation of Privilege
7. Least Common Mechanism
8. Psychological acceptability
9. Work Factor
10. Compromise Recording

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

1. Economy of mechanism
This principle states that Security mechanisms should be as simple and small as possible.
The Economy of mechanism principle simplifies the design and implementation of
security mechanisms. If the design and implementation are simple and small, fewer
possibilities exist for errors. The checking and testing process is less complicated so that
fewer components need to be tested.

Interfaces between security modules are the suspect area which should be as simple as
possible. Because Interface modules often make implicit assumptions about input or
output parameters or the current system state. If the any of these assumptions are
wrong, the module's actions may produce unexpected results. Simple security
framework facilitates its understanding by developers and users and enables the
efficient development and verification of enforcement methods for it.

2. Fail-safe defaults
The Fail-safe defaults principle states that the default configuration of a system should
have a conservative protection scheme. This principle also restricts how privileges are
initialized when a subject or object is created. Whenever access, privileges/rights, or
some security-related attribute is not explicitly granted, it should not be grant access to
that object.

Example: If we will add a new user to an operating system, the default group of the user
should have fewer access rights to files and services.

3. Least Privilege
This principle states that a user should only have those privileges that need to complete
his task. Its primary function is to control the assignment of rights granted to the user,
not the identity of the user. This means that if the boss demands root access to a UNIX
system that you administer, he/she should not be given that right unless he/she has a
task that requires such level of access. If possible, the elevated rights of a user identity
should be removed as soon as those rights are no longer needed.

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

4. Open Design
This principle states that the security of a mechanism should not depend on the secrecy
of its design or implementation. It suggests that complexity does not add security. This
principle is the opposite of the approach known as "security through obscurity." This
principle not only applies to information such as passwords or cryptographic systems
but also to other computer security related operations.

Example: DVD player & Content Scrambling System (CSS) protection. The CSS is a
cryptographic algorithm that protects the DVD movie disks from unauthorized copying.

5. Complete mediation
The principle of complete mediation restricts the caching of information, which often
leads to simpler implementations of mechanisms. The idea of this principle is that access
to every object must be checked for compliance with a protection scheme to ensure
that they are allowed. As a consequence, there should be wary of performance
improvement techniques which save the details of previous authorization checks, since
the permissions can change over time.

Whenever someone tries to access an object, the system should authenticate the access
rights associated with that subject. The subject's access rights are verified once at the
initial access, and for subsequent accesses, the system assumes that the same access
rights should be accepted for that subject and object. The operating system should
mediate all and every access to an object.

Example: An online banking website should require users to sign-in again after a certain
period like we can say, twenty minutes has elapsed.

6. Separation of Privilege
This principle states that a system should grant access permission based on more than
one condition being satisfied. This principle may also be restrictive because it limits
access to system entities. Thus before privilege is granted more than two verification
should be performed.

Example: To su (change) to root, two conditions must be met-

o The user must know the root password.

o The user must be in the right group (wheel).

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

7. Least Common Mechanism

This principle states that in systems with multiple users, the mechanisms allowing
resources shared by more than one user should be minimized as much as possible. This
principle may also be restrictive because it limits the sharing of resources.

Example: If there is a need to be accessed a file or application by more than one user,
then these users should use separate channels to access these resources, which helps to
prevent from unforeseen consequences that could cause security problems.

8. Psychological acceptability
This principle states that a security mechanism should not make the resource more
complicated to access if the security mechanisms were not present. The psychological
acceptability principle recognizes the human element in computer security. If security-
related software or computer systems are too complicated to configure, maintain, or
operate, the user will not employ the necessary security mechanisms. For example, if a
password is matched during a password change process, the password changing
program should state why it was denied rather than giving a cryptic error message. At
the same time, applications should not impart unnecessary information that may lead to
a compromise in security.

Example: When we enter a wrong password, the system should only tell us that the user
id or password was incorrect. It should not tell us that only the password was wrong as
this gives the attacker information.

9. Work Factor
This principle states that the cost of circumventing a security mechanism should be
compared with the resources of a potential attacker when designing a security scheme.
In some cases, the cost of circumventing ("known as work factor") can be easily
calculated. In other words, the work factor is a common cryptographic measure which is
used to determine the strength of a given cipher. It does not map directly to
cybersecurity, but the overall concept does apply.

Example: Suppose the number of experiments needed to try all possible four character
passwords is 244 = 331776. If the potential attacker must try each experimental
password at a terminal, one might consider a four-character password to be satisfactory.
On the other hand, if the potential attacker could use an astronomical computer capable
of trying a million passwords per second, a four-letter password would be a minor
barrier for a potential intruder.

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

10. Compromise Recording

The Compromise Recording principle states that sometimes it is more desirable to
record the details of intrusion that to adopt a more sophisticated measure to prevent it.

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

Chapter Name : Hackers and Cyber Crimes

What is Hackers? A hacker is a person who breaks into a computer system. The reasons for hacking can be
many: installing malware, stealing or destroying data, disrupting service, and more.
What is Crackers ? Crackers are kind of bad people who break or violate the system or a computer remotely
with bad intentions to harm the data and steal it. Crackers destroy data by gaining unauthorized access to the
network.
Write the Difference between Hackers and Crackers?
1. Hackers are people who use their knowledge for a good purpose and do not damage the data, whereas a cracker is
someone who breaks into the system with a malicious purpose and damages data intentionally.
2. Hackers possess advanced knowledge of computer systems and programming languages, while crackers might not
necessarily be so skilled and well-versed with computing knowledge.
3. The hackers work for an organization to improvise their network and solve any issues. Crackers are someone
from whom the hacker protects the organization. Crackers work just because a system might be challenging or to get
illegal gains.
4. Hacking is ethical, while cracking is illegal and unethical.
5. Hackers have ethical certificates, while the Crackers do not possess any certificates.
6. Hackers continuously work towards making new tools rather than using the existing ones. The crackers, on the
other hand, have inadequate computing knowledge to make new tools and use tools already used by other crackers.
Types of Hackers
White hat hacker Ethical Hacker (White hat): A security hacker who gains access to systems with a view to fix
the identified weaknesses. They may also perform penetration Testing and vulnerability assessments.

Black hat hacker Cracker (Black hat): A hacker who gains unauthorized access to computer systems for personal
gain. The intent is usually to steal corporate data, violate privacy rights, transfer funds from bank accounts etc.

Grey hat hacker

Grey hat: A hacker who is in between ethical and black hat hackers. He/she breaks into
computer systems without authority with a view to identify weaknesses and reveal them to the system owner.
Script kiddies

Script kiddies: A non-skilled person who gains access to computer systems using already
made tools.
Hacktivist

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

Hacktivist: A hacker who use hacking to send social, religious, and political, etc.
messages. This is usually done by hijacking websites and leaving the message on the hijacked website.
Phreaker

Phreaker: A hacker who identifies and exploits weaknesses in telephones instead of

computers.
What is Sniffing?
A sniffing attack is an act of intercepting or capturing data while in transit through a network.Sniffing is a process of
monitoring and capturing all data packets passing through given network. Sniffers are used by network/system
administrator to monitor and troubleshoot network traffic. Attackers use sniffers to capture data packets containing
sensitive information such as password, account information etc. Sniffers can be hardware or software installed in
the system.
Active Sniffing: Sniffing in the switch is active sniffing. A switch is a point to point network device. The switch
regulates the flow of data between its ports by actively monitoring the MAC address on each port, which helps it
pass data only to its intended target. In order to capture the traffic between target sniffers has to actively inject traffic
into the LAN to enable sniffing of the traffic. This can be done in various ways.
Passive Sniffing: This is the process of sniffing through the hub. Any traffic that is passing through the non-
switched or unbridged network segment can be seen by all machines on that segment. Sniffers operate at the data
link layer of the network. Any data sent across the LAN is actually sent to each and every machine connected to the
LAN. This is called passive since sniffers placed by the attackers passively wait for the data to be sent and capture
them.
What is gaining access in cyber security? Gaining access attack is the second part of the network penetration
testing. In this section, we will connect to the network. This will allow us to launch more powerful attacks and get
more accurate information. If a network doesn't use encryption, we can just connect to it and sniff out unencrypted
data. If a network is wired, we can use a cable and connect to it, perhaps through changing our MAC address.
What is Escalating Privileges in cyber security? A privilege escalation attack is a cyberattack designed to gain
unauthorized privileged access into a system. Privilege escalation is the act of exploiting a bug, a design flaw, or a
configuration oversight in an operating system or software application to gain elevated access to resources that are
normally protected from an application or user.
What is Trojans ? A Trojan is sometimes called a Trojan virus or a Trojan horse virus. A Trojan horse, or
Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan
is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network. A
Trojan Horse Virus is a type of malware that downloads onto a computer disguised as a legitimate program.
What is Worms in cyber security? A worm virus refers to a malicious program that replicates itself,
automatically spreading through a network. A computer worm is a type of malware that spreads copies of itself from
computer to computer. A worm can replicate itself without any human interaction, and it does not need to attach
itself to a software program in order to cause damage.
What is Backdoors in cyber security? A backdoor is a means to access a computer system or encrypted data
that bypasses the system's customary security. A backdoor is any method that allows somebody — hackers,
governments, IT people, etc. — to remotely access your device without your permission or knowledge. Hackers can
install a backdoor onto your device by using malware, by exploiting your software vulnerabilities, or even by
directly installing a backdoor in your device’s hardware/firmware.
What is Covering Tracks in cyber security?
If someone covers their tracks, they hide or destroy evidence of their identity or their actions, because they want to
keep them secret.

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

Ethical Hacking and Social Engineering:

What is Ethical hacking?

Ethical Hacking is also called as penetration Testing. It is an act of penetrating networks or systems
to find out threats and vulnerabilities in that system which the attacker would have exploited and
caused the loss of data, financial loss or other major damages to a business.
Purpose of Ethical hacking
The purpose of Ethical hacking is to build the security of the system or network by settling the
vulnerabilities which are detected while testing. Ethical hackers may use the same techniques and
mechanisms used by malicious hackers but with the permission of the authorized person, the Ethical
hackers help to develop the security and defend the systems from attacks.
Why Ethical Hacking is important?
When the Ethical hacker finds a vulnerability, he will inform the issues and advise how to fix the
problem. The company employs an Ethical hacker to protect and secure their data. The Ethical
hacker’s tests do not always mean a system is attacked by malicious attackers. Sometimes, it means
the hacker is preparing and protecting their data in precaution. Some of the advanced attacks caused
by hackers include:-
 Piracy
 Vandalism
 Credit card theft
 Theft of service
 Identity theft
 Manipulation of data
 Denial-of-service Attacks
These types of cyberattacks, hacking cases are increased because of the huge usage of online
services and online transactions in the last decade.
Phases of Ethical Hacking:-
The phases of Ethical Hacking:-

 Scanning
 Footprinting & Reconnaissance
 Enumeration
 System Hacking
 Escalation of Privileges
 Covering Track
Skills of an Ethical Hacker
A skilled Ethical Hacker should hold a collection of technical and non-technical skills.
Technical Skills
1. The Ethical Hackers must have strong knowledge in all Operating Systems like
Windows, Linux, and Mac.
2. The Ethical Hackers should be skilled with Networking and have a strong knowledge of
basic and detailed concepts in technologies, software, and hardware applications.
3. Ethical Hackers must know all kinds of attacks.
Non-Technical Skills
1. Communication Skills
2. Learning Ability
3. Problem-solving skills

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

4. Proficient in the security policies

5. Awareness of laws, standards, and regulations.
Scope of Ethical Hacking:-
Ethical hacking is generally used as penetration testing to detect vulnerabilities, risk and
identify the loopholes in a security system and to take corrective measures against those
attacks.
Ethical hacking is a key component of risk evaluation, auditing, and counter-frauds. The
scope for the Ethical Hackers is high and it is one of the rapidly growing careers at present
as many malicious attackers cause a threat to the business and its networks. Industries like
Information Technology and Banking Sectors hire several Ethical hackers t o protect their
data and infrastructure. Also, in the upcoming days, the demand for this profile is going to
be high compared to other profiles due to an increased threat of vulnerabilities.

What is Ethical Hacking Scopes?

 Information Security Analyst.

 Cyber Security Analyst.
 Security Engineer.
 Penetration Tester.
 Security Analyst.
 Information Security Manager.
 Cyber Security Engineer.

What is Threats and Attack Vectors in cyber security?

1. An attack vector is a pathway or method used by a hacker to illegally access a
network or computer in an attempt to exploit system vulnerabilities.
2. Hackers use numerous attack vectors to launch attacks that take advantage of
system weaknesses, cause a data breach, or steal login credentials.

 Passive Attack A passive attack occurs when an attacker monitors a system

for open ports or vulnerabilities to gain or gather information about their target. Passive
attacks can be difficult to detect because they do not involve altering data or system
resources.
 Active Attack An active attack vector is one that sets out to disrupt or
cause damage to an organization’s system resources or affect their regular
operations. This includes attackers launching attacks against system vulnerabilities,
such as denial-of-service (DoS) attacks, targeting users’ weak passwords, or through
malware and phishing attacks.

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

Write common types of cyber attack vectors ?

1. Malicious Insiders
A malicious insider is an employee who exposes private company information and/or
exploits company vulnerabilities.
2. Missing or Poor Encryption
Data encryption translates data into another form that only people with access to a secret
key or password can read. Encrypted data is commonly referred to as ciphertext, while
unencrypted data is called plaintext. The purpose of data encryption is to protect digital
data confidentiality

Missing / poor encryption leads to sensitive information including credentials being

transmitted either in plaintext, or using weak cryptographic ciphers or protocols.
3. Weak and Stolen Credentials
Weak passwords and password reuse make credential exposure a gateway for initial attacker
access and propagation.

Apps and protocols sending login credentials over your network pose a significant security threat. An
attacker connected to your network can easily locate and utilize these credentials for lateral movement.
For example, in the Target attack, adversaries were able to steal Active Directory credentials and
propagate their attack into the enterprise payment network.

4. Phishing Phishing is a cybercrime tactic in which the targets are contacted by email, telephone or
text message by someone posing as a legitimate institution to lure individuals into providing sensitive
data such as personally identifiable information, banking and credit card details, and passwords.

5. Ransomware Ransomware is a form of cyber-extortion in which users are unable to access their
data until a ransom is paid. Users are shown instructions for how to pay a fee to get the decryption key.

6. Misconfiguration : Misconfiguration is when there is an error in system configuration.

What is Information Assurance (IA)?

1. Information Assurance (IA) is the practice of managing information-related risks and the
steps involved to protect information systems such as computer and network systems. \

2. Information assurance is the practice of assuring information and managing risks related
to the use, processing, storage, and transmission of information.
3. Information assurance includes protection of the integrity, availability, authenticity and
confidentiality of user data.

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

pillars of Information Assurance:

1. Integrity
2. Availability
3. Authentication
4. Confidentiality
5. Non repudiation

Integrity
Integrity involves assurance that all information systems are protected

Availability

Availability means those who need access to information, are allowed to access it. Information
should be available to only those who are aware of the risks associated with information
systems.

Authentication

Authentication involves ensuring those who have access to information are who they say they
are. authentication include methods such as two-factor authentication, strong passwords,
biometrics, and other devices.

Confidentiality

IA involves the confidentiality of information, meaning only those with authorization may view
certain data.

Non repudiation

Assurance that the sender of information is provided with proof of delivery and the recipient is
provided with proof of the sender's identity

What is vulnerability assessment in cyber security ?

A vulnerability assessment is the testing process used to identify and assign severity levels to as
many security defects as possible in a given timeframe.

A vulnerability assessment is a systematic review of security weaknesses in an information

system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity
levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever
needed.

Penetration Testing in cyber security?

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

A penetration test (pen test) is an authorized simulated attack performed on a computer system
to evaluate its security. Penetration testers use the same tools, techniques, and processes as
attackers to find and demonstrate the business impacts of weaknesses in a system.

Penetration Testing is the method to evaluate the security of an application or network by

safely exploiting any security vulnerabilities present in the system. These security flaws can be
present in various areas such as system configuration settings, login methods, and even end-users
risky behaviors.

Insider Attack in cyber security?

An insider threat is a security risk that originates from within the targeted organization. It
typically involves a current or former employee or business associate who has access to sensitive
information or privileged accounts within the network of an organization, and who misuses this
access.

how to prevent insider threats ?

1. Security Policy: One of the best ways to prevent insider threats is to include procedures in
your security policy to prevent and detect misuse.
2. Physical Security : One of the best ways to prevent insider theft is to physically keep
employees away from your critical infrastructure. Giving your employees a place to lock
up their sensitive information
3. Use Multifactor Authentication: implementing strong, multifactor authentication
measures to extremely sensitive applications within your company.
4. Segment LANs : It can be very difficult to find the many choke points inside LANs so
instead, segment LANs with firewalls which will create a zone of trust at all points that each LAN
connects with the corporate LAN.
5. Seal Information Leaks : can also use software that will scan your policy and alert you
when employees violate this policy on your network. There is also software available that will
scan the text of outgoing emails to ensure that your employees are not sharing company secrets.
6. Investigate Unusual Activities: Many times, an employee betrays a company’s trust,
they don’t expect to get cause because most companies are too busy looking for outside
threats. there are monitoring laws so make sure you familiarize yourself with these laws before
you break any of them.
7. Implement Perimeter Tools & Strategies : Make sure you patch web and email
servers and get rid of any unused services. Also, try locking down configurations to
increase your security protocol.

What is social engineering targets and defense strategies?

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

Social Engineering Definition

Social engineering is a manipulation technique that exploits human error to gain private
information, access, or valuables.
social engineering attackers have one of two goals:
1. Sabotage: Disrupting or corrupting data to cause harm or inconvenience.
2. Theft: Obtaining valuables like information, access, or money.
social engineering targets/Attack ?

1. Pretexting : Pretexting is another form of social engineering where attackers focus on

creating a pretext, or a fabricated scenario, that they can use to steal someone’s personal
information.

2. Phishing : Phishing is a cybercrime tactic in which the targets are contacted by email,
telephone or text message by someone posing as a legitimate institution to lure individuals into
providing sensitive data such as personally identifiable information, banking and credit card
details, and passwords.
3. Baiting : Baiting attacks may leverage the offer of free music or movie downloads to trick users
into handing their login credentials.

4. Quid Pro Quo : quid pro quo attacks promise something in exchange for information.
5. Tailgating (piggybacking) : It is a type of physical security breach in which an unauthorized
person follows an authorized individual to enter secured premises.

social engineering defense strategies ?

1. Educate Yourself
2. Be Aware Of The Information You’re Releasing
3. Determine Which Of Your Assets Are Most Valuable To Criminals
4. Write A Policy And Back It Up With Good Awareness Training
5. Keep Your Software Up To Date
6. Give Employees A Sense Of Ownership When It Comes To Security
7. When Asked For Information, Consider Whether The Person You’re Talking To
Deserves The Information They’re Asking About

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

Unit 4 Cyber Forensics and Auditing

What is Cyber Forensics?

1. Cyberforensics is an electronic discovery technique used to determine and reveal technical criminal
evidence.
2. It often involves extracting data from local and/or cloud storage to electronic to establish a chain of
evidence for legal process purposes.
3. Computer forensics is the application of investigation and analysis techniques to gather and preserve
evidence from a particular computing device in a way that is suitable for presentation in a court of law.
4. The goal of computer forensics is to perform a structured investigation and maintain a documented chain of
evidence to find out exactly what happened on a computing device and who was responsible for it.

What is Role of forensics Investigator in Cyber Forensics?

Investigators use a variety of techniques and proprietary forensic applications to examine the copy they've made of a
compromised device. They search hidden folders and unallocated disk space for copies of deleted, encrypted or
damaged files.

 Reverse steganography. Steganography is a common tactic used to hide data inside any type of digital file,
message or data stream. Computer forensic experts reverse a steganography attempt by analyzing the
data hashing that the file in question contains. If a cybercriminal hides important information inside an image or
other digital file, it may look the same before and after to the untrained eye, but the underlying hash or string of
data that represents the image will change.
 Stochastic forensics. Here, investigators analyze and reconstruct digital activity without the use of digital
artifacts. Artifacts are unintended alterations of data that occur from digital processes. Artifacts include clues
related to a digital crime, such as changes to file attributes during data theft. Stochastic forensics is frequently
used in data breach investigations where the attacker is thought to be an insider, who might not leave behind
digital artifacts.
 Cross-drive analysis. This technique correlates and cross-references information found on multiple computer
drives to search for, analyze and preserve information relevant to an investigation. Events that raise suspicion
are compared with information on other drives to look for similarities and provide context. This is also known
as anomaly detection.
 Live analysis. With this technique, a computer is analyzed from within the OS while the computer or device is
running, using system tools on the computer. The analysis looks at volatile data, which is often stored in cache
or RAM. Many tools used to extract volatile data require the computer in to be in a forensic lab to maintain the
legitimacy of a chain of evidence.
 Deleted file recovery. This technique involves searching a computer system and memory for fragments of files
that were partially deleted in one place but leave traces elsewhere on the machine. This is sometimes known
as file carving or data carving.

How did Cyber Forensics Experts work?

Cyber forensics is a field that follows certain procedures to find the evidence to reach conclusions after proper
investigation of matters.
 Identification: The first step of cyber forensics experts are to identify what evidence is present, where it is
stored, and in which format it is stored.
 Preservation: After identifying the data the next step is to safely preserve the data and not allow other people
to use that device so that no one can tamper data.
 Analysis: After getting the data, the next step is to analyze the data or system. Here the expert recovers the
deleted files and verifies the recovered data and finds the evidence that the criminal tried to erase by deleting
secret files. This process might take several iterations to reach the final conclusion.
 Documentation: Now after analyzing data a record is created. This record contains all the recovered and
available(not deleted) data which helps in recreating the crime scene and reviewing it.
 Presentation: This is the final step in which the analyzed data is presented in front of the court to solve cases.

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

How many Types of computer forensics?

There are multiple types of computer forensics depending on the field in which digital investigation is needed. The
fields are:
 Network forensics: This involves monitoring and analyzing the network traffic to and from the criminal’s
network. The tools used here are network intrusion detection systems and other automated tools.
 Email forensics: In this type of forensics, the experts check the email of the criminal and recover deleted
email threads to extract out crucial information related to the case.
 Malware forensics: This branch of forensics involves hacking related crimes. Here, the forensics expert
examines the malware, trojans to identify the hacker involved behind this.
 Memory forensics: This branch of forensics deals with collecting data from the memory(like cache, RAM,
etc.) in raw and then retrieve information from that data.
 Mobile Phone forensics: This branch of forensics generally deals with mobile phones. They examine and
analyze data from the mobile phone.
 Database forensics: This branch of forensics examines and analyzes the data from databases and their
related metadata.
 Disk forensics: This branch of forensics extracts data from storage media by searching modified, active, or
deleted files.

Advantages
 Cyber forensics ensures the integrity of the computer.
 Through cyber forensics, many people, companies, etc get to know about such crimes, thus taking proper
measures to avoid them.
 Cyber forensics find evidence from digital devices and then present them in court, which can lead to the
punishment of the culprit.
 They efficiently track down the culprit anywhere in the world.
 They help people or organizations to protect their money and time.
 The relevant data can be made trending and be used in making the public aware of it.

What are the required set of skills needed to be a cyber forensic expert?

The following skills are required to be a cyber forensic expert:

 As we know, cyber forensic based on technology. So, knowledge of various technologies, computers, mobile
phones, network hacks, security breaches, etc. is required.
 The expert should be very attentive while examining a large amount of data to identify proof/evidence.
 The expert must be aware of criminal laws, a criminal investigation, etc.
 As we know, over time technology always changes, so the experts must be updated with the latest technology.
 Cyber forensic experts must be able to analyse the data, derive conclusions from it and make proper
interpretations.
 The communication skill of the expert must be good so that while presenting evidence in front of the court,
everyone understands each detail with clarity.
 The expert must have strong knowledge of basic cyber security.

How to write computer forensics report?

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

1. Executive Summary : Executive Summary section of computer forensics report template

provides background data of conditions that needs a requirement for investigation.

2. Objectives : Objectives section is used to outline all tasks that an investigation has planned to
complete.

3. Computer Evidence Analyzed : The Computer Evidence Analyzed section is where all
gathered evidences and its interpretations are introduced. It provides detailed information.

4. Relevant Findings :This section of Relevant Findings gives summary of evidences found
of probative Value When a match is found between forensic science material recovered from a
crime scene e.g., a fingerprint, a strand of hair, a shoe print, etc.

5. Supporting Details : Supporting Details is section where in-depth analysis of relevant

findings is done.

6. Investigative Leads : Investigative Leads performs action items that could help to discover
additional information related to the investigation of case. The investigators perform all
outstanding tasks to find extra information if more time is left.

7. Additional Subsections : Various additional subsections are included in a forensic report.

 Attacker Methodology – Additional briefing to help reader understand general or exact attacks
performed is given in this section of attacker methodology.
 User Applications – In this section we discuss relevant applications that are installed on media
analyzed because it is observed that in many cases applications present on system.
 Internet Activity –Internet Activity or Web Browsing History section gives web surfing history of user
of media analyzed.
 Recommendations –This section gives recommendation to posture client to be more prepared and
trained for next computer security incident.

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

What is an ISMS (Information Security Management System)?

1. ISMS stands for “information security management system.

2. An ISMS includes policies, processes and procedures to manage information security risks in a structured
and systematic way.
3. The goal of an ISMS is to minimize risk and ensure business continuity by proactively limiting the impact
of a security breach.
4. ISMS that identifies the organizational assets and provides the following assessment:
 the risks the information assets face;
 the steps taken to protect the information assets;
 a plan of action in case a security breach happens; and
 identification of individuals responsible for each step of the information security process.

Introduction to ISO 27001:2013?

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually
improving an information security management system within the context of the organization. It also includes
requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations,
regardless of type, size or nature.

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

Unit 5 Cyber Ethics and Laws:

What is Cyber Laws?

Cyber Law also called IT Law is the law regarding Information-technology including computers and
the internet. It is related to legal informatics and supervises the digital circulation of information,
software, information security, and e-commerce.

Write the Importance of Cyber Law?

1.It covers all transactions over the internet.

2.It keeps eye on all activities over the internet.
3.It touches every action and every reaction in cyberspace.

Write some Advantages of Cyber Law?

•Organizations are now able to carry out e-commerce using the legal infrastructure provided by
the Act.
•Digital signatures have been given legal validity and sanction in the Act.
•It allows Government to issue notifications on the web e-governance.
•It gives authority to the companies or organizations to file any form, application, or any other
document with any office, authority, body, or agency owned or controlled by the suitable
Government in e-form using such e-form as may be prescribed by the suitable Government.
•The IT Act also addresses the important issues of security, which are so critical to the success
of electronic transactions.
•Cyber Law provides both hardware and software security.

Explain Area of Cyber Law?

1. Cyber laws contain different types of purposes.

2. Some laws create rules for how individuals and companies may use computers and the internet
while some laws protect people from becoming the victims of crime

A. Fraud:
Consumers depend on cyber laws to protect them from online fraud. Laws are made to prevent
identity theft, credit card theft, and other financial crimes that happen online.

B. Copyright : Copyright violation is an area of cyber law that protects the rights of individuals and
companies to profit from their creative works.

C. Defamation : Defamation laws are civil laws that save individuals from fake public statements
that can harm a business or someone’s reputation. When people use the internet to make
statements that violate civil laws, that is called Defamation law.

D. Harassment and Stalking: When a person makes threatening statements again and again
about someone else online, there is a violation of both civil and criminal laws. Cyber lawyers both

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

prosecute and defend people when stalking occurs using the internet and other forms of electronic
communication.

E. Freedom of Speech: Cyber lawyers must advise their clients on the limits of free speech
including laws that prohibit obscenity. Cyber lawyers may also defend their clients when there is a
debate about whether their actions consist of permissible free speech.

F. Contracts and Employment Law:

Every time you click a button that says you agree to the terms and conditions of using a website,
you have used cyber law. There are terms and conditions for every website that are somehow
related to privacy concerns.

Write the difference between ecommerce and e governance.

What is Intellectual Property Rights in Cyberspace?

Intellectual Property (IP) simply refers to the creation of the mind. It refers to the possession of thought
or design by the one who came up with it. It offers the owner of any inventive design or any form of
distinct work some exclusive rights, that make it unlawful to copy or reuse that work without the owner’s
permission. It is a part of property law. People associated with literature, music, invention, etc. can use
it in business practices.
There are numerous types of tools of protection that come under the term “intellectual property”.
Notable among these are the following:

•Patent
•Trademark

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

•Geographical indications
•Layout Designs of Integrated Circuits
•Trade secrets
•Copyrights
•Industrial Designs

Cyberspace is the non-physical domain where numerous computers are connected through
computer networks to establish communication between them. With the expansion of technology,
cyberspace has come within reach of every individual. This fact led to the emergence of
cyberspace as a business platform and hence increases pressure on Intellectual Property.

Write The offences included in the IT Act 2000 are as follows:

1. Tampering with the computer source documents.

2. Hacking with computer system.
3. Publishing of information which is obscene in electronic form.
4. Power of Controller to give directions
5. Directions of Controller to a subscriber to extend facilities to decrypt information
6. Protected system
7. Penalty for misrepresentation
8. Penalty for breach of confidentiality and privacy
9. Penalty for publishing Digital Signature Certificate false in certain particulars
10. Publication for fraudulent purpose
11. Act to apply for offence or contravention committed outside India
12. Confiscation
13. Penalties or confiscation not to interfere with other punishments.
14. Power to investigate offences.

What is IP security (IPSec) ?

1. The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of protocols
between 2 communication points across the IP network that provide data authentication, integrity,
and confidentiality.
2. It also defines the encrypted, decrypted and authenticated packets. The protocols needed for
secure key exchange and key management are defined in it.

Uses of IP Security –
IPsec can be used to do the following things:

•To encrypt application layer data.

•To provide security for routers sending routing data across the public internet.
•To provide authentication without encryption, like to authenticate that the data originates from
a known sender.
•To protect network data by setting up circuits using IPsec tunneling in which all data is being
sent between the two endpoints is encrypted, as with a Virtual Private Network(VPN)
connection.

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)

 lOMoARcPSD|34376784

Components of IP Security –

A. Encapsulating Security Payload (ESP) –

It provides data integrity, encryption, authentication and anti replay. It also provides authentication
for payload.

B. Authentication Header (AH) –

It also provides data integrity, authentication and anti replay and it does not provide encryption.

C. Internet Key Exchange (IKE) –

It is a network security protocol designed to dynamically exchange encryption keys and find a way over
Security Association (SA) between 2 devices. The Security Association (SA) establishes shared
security attributes between 2 network entities to support secure communication.

Downloaded by Sudeept Pradhan (sudeeptnarayan@gmail.com)