1.Define Cyber Security? 2. Define Phishing? 3. Define cyber law? 4.

Describe
Salami attack? 5. Describe the phases of attack on mobiles? 6. What is Indian IT
act?
1. Cybersecurity refers to the practice of protecting computer systems, networks,
and digital devices from unauthorized access, theft, damage, or other
malicious attacks. It involves a combination of hardware, software, and human
resources that work together to safeguard information and prevent cyber
threats.
2. Phishing is a type of cyber attack where an attacker attempts to trick a victim
into divulging sensitive information, such as login credentials or financial data,
by masquerading as a trustworthy entity in an electronic communication, such
as an email or instant message.
3. Cyber law, also known as internet law or digital law, refers to the legal
regulations that govern the use of the internet, computer systems, and other
digital technologies. It encompasses a wide range of issues, including online
privacy, intellectual property, data protection, cybercrime, and e-commerce.
4. A salami attack is a type of cyber attack where an attacker steals small
amounts of money or data from a large number of victims, with the goal of
accumulating a significant amount over time. The term "salami" refers to the
idea of slicing off thin pieces, like a slice of salami, until the attacker has
accumulated enough to be valuable.
5. The phases of an attack on a mobile device typically include reconnaissance,
weaponization, delivery, exploitation, installation, command and control, and
actions on objectives. During the reconnaissance phase, the attacker gathers
information about the target device and identifies vulnerabilities. In the
weaponization phase, the attacker creates a payload that can exploit these
vulnerabilities. In the delivery phase, the payload is delivered to the target
device, often through a malicious app or website. In the exploitation phase,
the payload is used to gain access to the device and bypass security measures.
In the installation phase, the attacker installs additional malware or tools to
maintain control over the device. In the command and control phase, the
attacker establishes a connection to the compromised device and can issue
commands. In the actions on objectives phase, the attacker carries out their
ultimate goal, which could include stealing data, installing additional malware,
or using the device as part of a larger botnet.
6. The Indian IT Act, or the Information Technology Act 2000, is a law passed by
the Indian parliament to provide legal recognition and regulation for
electronic transactions and digital signatures. The act also addresses issues
related to cybercrime, such as unauthorized access to computer systems, data
theft, and online harassment. It has been amended several times, most
recently in 2021, to keep pace with technological advancements and address
emerging cyber threats.
1. Explain the types of attacks?
There are various types of cyber attacks, and they can be classified based on the
method of attack or the type of objective. Here are some of the most common types
of attacks:

1. Malware attacks: Malware is a type of software that is designed to harm a

computer system, network, or device. Malware attacks include viruses, worms,
Trojan horses, ransomware, and spyware.
2. Phishing attacks: Phishing attacks use social engineering to trick victims into
providing sensitive information, such as login credentials or financial data.
These attacks often come in the form of fake emails or websites that appear to
be legitimate.
3. Denial of service (DoS) and distributed denial of service (DDoS) attacks:
These attacks overwhelm a website or network with traffic, making it
inaccessible to users. In a DDoS attack, the traffic comes from multiple
sources, making it harder to block.
4. Man-in-the-middle (MitM) attacks: In a MitM attack, an attacker intercepts
communications between two parties to steal data or manipulate the
conversation. This can occur through a compromised network or by
impersonating a trusted entity.
5. Password attacks: Password attacks involve trying to guess or crack a user's
password to gain unauthorized access to a system or account. This can be
done through brute force attacks, dictionary attacks, or phishing attacks.
6. SQL injection attacks: These attacks exploit vulnerabilities in web applications
to inject malicious code into a database, allowing attackers to steal data or
take control of the system.
7. Advanced persistent threats (APTs): APTs are complex, targeted attacks that
are designed to infiltrate a specific target, such as a government agency or
corporation. These attacks often involve multiple stages and may go
undetected for long periods.

These are just a few examples of the types of attacks that can be used by
cybercriminals to gain unauthorized access, steal data, or disrupt systems.
2.Explain about credit card frauds in mobile & wireless computing?
Credit card fraud is a type of financial fraud that involves the unauthorized use of
someone else's credit card information to make purchases or obtain cash. With the
increasing use of mobile devices for online transactions, credit card fraud has
become a major concern in mobile and wireless computing.

One common method of credit card fraud in mobile and wireless computing is
through the use of mobile payment apps. These apps allow users to store their credit
card information on their mobile devices and make purchases directly from the app.
However, if a mobile device is lost or stolen, an unauthorized person may be able to
access the payment app and use the stored credit card information to make
fraudulent purchases.

Another way that credit card fraud can occur in mobile and wireless computing is
through the use of public Wi-Fi networks. Public Wi-Fi networks are often unsecured,
making it easy for attackers to intercept data transmitted over the network. If a user
enters their credit card information while connected to an unsecured public Wi-Fi
network, an attacker may be able to intercept the information and use it for
fraudulent purposes.

Phishing attacks are also a common method of credit card fraud in mobile and
wireless computing. Attackers may send emails or text messages that appear to be
from a legitimate source, such as a bank or credit card company, asking the user to
provide their credit card information or login credentials. If the user falls for the
phishing scam and provides their information, the attacker can use it to make
fraudulent purchases or steal money from the user's account.

To protect against credit card fraud in mobile and wireless computing, it is important
to take a few basic precautions. Users should be cautious about storing credit card
information on their mobile devices and should only use payment apps that have
strong security features, such as two-factor authentication. Users should also avoid
entering credit card information while connected to public Wi-Fi networks and
should be cautious about clicking on links or downloading attachments from
unknown sources, as these may be phishing attempts. Finally, users should regularly
monitor their credit card statements for any unauthorized charges and report any
suspicious activity to their bank or credit card company immediately.
3.Discuss about the classification of cyber crimes?
Cybercrime is a criminal activity that involves the use of computers or other digital
devices to commit illegal acts. Cybercrimes can be broadly classified into the
following categories:

1. Hacking: Hacking involves gaining unauthorized access to a computer system

or network. It can be done for various reasons, such as stealing sensitive
information, manipulating data, or causing damage to the system.
2. Malware: Malware is a type of software that is designed to harm a computer
system or network. Malware can take the form of viruses, worms, Trojans, or
ransomware. Malware can be used to steal information, encrypt files, or cause
system crashes.
3. Phishing: Phishing involves the use of social engineering techniques to trick
users into providing sensitive information, such as login credentials or
financial data. Phishing attacks often come in the form of fake emails or
websites that appear to be legitimate.
4. Identity theft: Identity theft involves stealing someone else's personal
information, such as their name, address, Social Security number, or credit
card information. This information can be used to open new accounts, make
fraudulent purchases, or commit other crimes.
5. Cyberstalking: Cyberstalking involves using digital devices to harass or
threaten someone. This can include sending threatening emails or messages,
posting defamatory content online, or using GPS tracking to monitor
someone's movements.
6. Cyberbullying: Cyberbullying is a form of online harassment that involves
using digital devices to humiliate, intimidate, or threaten someone. This can
include spreading rumors, posting embarrassing photos or videos, or sending
threatening messages.
7. Cyberterrorism: Cyberterrorism involves using digital devices to carry out
acts of terror or violence. This can include attacking critical infrastructure,
stealing sensitive information, or spreading propaganda to incite violence.

These are just a few examples of the types of cybercrimes that exist. As technology
continues to evolve, new types of cybercrimes are likely to emerge, and law
enforcement agencies will need to stay vigilant to protect against them.
4.Demonstrate the security challenges posed by mobile devices?
Mobile devices such as smartphones and tablets have become an integral part of our
daily lives, and while they offer many benefits, they also pose several security
challenges. Some of the security challenges posed by mobile devices include:

1. Data theft: Mobile devices can store a vast amount of sensitive data,
including personal information, financial information, and login credentials. If
a mobile device is lost or stolen, this data can be easily accessed by an
unauthorized person, leading to identity theft, financial loss, and other security
risks.
2. Malware and viruses: Malware and viruses can be easily downloaded onto a
mobile device through apps, email attachments, or malicious websites. Once
installed, these threats can compromise the security of the device, steal
sensitive data, or cause the device to malfunction.
3. Phishing: Phishing attacks can be carried out through emails, SMS, or social
media apps on mobile devices. These attacks can trick users into giving away
sensitive information, such as login credentials, credit card information, or
other personal data.
4. Wi-Fi security: Wi-Fi networks are often used by mobile devices to connect to
the internet. However, public Wi-Fi networks can be insecure and easily
hacked, allowing an attacker to intercept data transmitted over the network.
5. Physical security: Unlike desktop computers, mobile devices are easily lost or
stolen. Without proper physical security measures, such as strong passwords
or biometric authentication, the data on the device can be accessed by
anyone who has physical access to it.
6. Third-party apps: Mobile devices rely heavily on third-party apps for
functionality, and not all of these apps are secure. Some apps may contain
malware or other security vulnerabilities, putting the device and the user's
data at risk.

To mitigate these security challenges, users should take a proactive approach to

mobile device security. This includes setting strong passwords, using biometric
authentication, installing anti-malware software, avoiding public Wi-Fi networks, and
only installing apps from trusted sources. Regular software updates and backups are
also recommended to ensure that mobile devices are running the latest security
patches and that important data is protected.
5.Illustrate the challenges to Indian law and cyber crime scenario in India?
India, like many other countries, faces several challenges in dealing with cybercrime.
Some of the challenges to Indian law and the cybercrime scenario in India are:

1. Lack of Cybersecurity infrastructure: There is a significant gap in the

cybersecurity infrastructure of India. This includes a lack of trained
professionals, outdated laws, and inadequate technical capabilities to
investigate and prosecute cybercrimes.
2. Rise of Digital Transactions: The rise of digital transactions in India has led
to an increase in cyber frauds such as phishing, skimming, and online scams.
As a result, financial institutions have to remain vigilant in detecting and
preventing such attacks.
3. Low Cybercrime Conviction Rates: The low conviction rates in cybercrime
cases are a major challenge in India. This is due to a lack of technical expertise
among law enforcement agencies and inadequate laws to prosecute
cybercriminals.
4. Cyber Extortion: Cyber extortion has become a major threat in India in recent
years. Cybercriminals often target small and medium-sized enterprises (SMEs)
by infecting their systems with malware and then demanding ransom
payments in exchange for the decryption keys.
5. Cyber Espionage: Cyber espionage is also a major challenge in India, with
foreign intelligence agencies and state-sponsored hackers targeting Indian
government agencies, defense establishments, and research institutions.
6. Social Media Crimes: Social media has become a breeding ground for
cybercrimes in India, including online harassment, cyberbullying, and fake
news. These crimes can have a significant impact on the mental health of
individuals and the social fabric of the society.

To address these challenges, India has taken several steps to improve its
cybersecurity infrastructure. The government has launched various initiatives to
promote cybersecurity awareness, such as the Digital India program and the Cyber
Swachhta Kendra. The government has also enacted laws such as the Information
Technology Act and the Indian Penal Code to prosecute cybercriminals. However,
more needs to be done to improve the cybersecurity landscape in India and make it
safer for individuals and businesses.
6.Illustrate how criminals plan the attacks?
Criminals use various methods and techniques to plan their attacks. Here are some
common ways in which criminals plan their attacks:

1. Reconnaissance: Criminals often gather information about their target before

carrying out an attack. This may involve researching the target's online
presence, physical location, and security measures in place.
2. Social Engineering: Social engineering is a technique used by attackers to
manipulate individuals into divulging sensitive information or performing
actions that may compromise security. This could include posing as a
legitimate entity to obtain information or tricking individuals into
downloading malware.
3. Malware Development: Criminals may develop or purchase malware to gain
unauthorized access to a target's system or data. They may use different types
of malware, such as viruses, trojans, or ransomware, depending on their
objectives.
4. Exploiting Vulnerabilities: Criminals may exploit vulnerabilities in software or
systems to gain access to a target's data or network. They may use tools such
as scanners or exploit kits to identify and exploit these vulnerabilities.
5. Social Media Monitoring: Criminals may monitor social media platforms to
gather information about their targets or to identify vulnerabilities in their
security measures.
6. Phishing: Criminals may use phishing attacks to obtain sensitive information
such as login credentials or credit card details. They may send fake emails, text
messages or phone calls to trick individuals into providing their personal or
financial information.

Once the criminals have gathered the required information and planned the attack,
they may execute it using various methods, such as launching a denial-of-service
attack, exploiting a vulnerability, or social engineering techniques. To protect against
these attacks, individuals and organizations must implement effective security
measures, such as using strong passwords, keeping software up to date, and being
aware of social engineering techniques. They should also regularly review their
security measures and stay informed about new threats and vulnerabilities.
7.Illustrate the Authentication service security in mobile computing?
Authentication is a crucial security service in mobile computing that ensures that only
authorized users can access mobile devices, applications, and data. Here are some of
the authentication services used in mobile computing to ensure security:

1. Password-based authentication: Passwords are the most common form of

authentication in mobile computing. Users are required to enter a unique
username and password to access their device, application, or data. To
improve the security of password-based authentication, users should use
complex and unique passwords, change their passwords frequently, and
enable two-factor authentication.
2. Biometric authentication: Biometric authentication uses physiological or
behavioral characteristics, such as fingerprints, facial recognition, or voice
recognition, to authenticate users. Biometric authentication provides a more
secure and convenient way to authenticate users in mobile computing, as it
eliminates the need for passwords or PINs.
3. Certificate-based authentication: Certificate-based authentication involves
the use of digital certificates to authenticate users. Users are required to
present their digital certificate to access their device, application, or data.
Certificate-based authentication provides a higher level of security than
password-based authentication, as it ensures that only trusted users can
access the system.
4. Multi-factor authentication: Multi-factor authentication combines two or
more authentication methods to improve the security of mobile computing.
For example, a user may be required to enter a password and provide a
fingerprint scan or use an OTP (one-time password) to access their device,
application, or data.
5. OAuth and OpenID Connect: OAuth and OpenID Connect are authentication
protocols that allow users to authenticate using their existing social media or
email accounts. This eliminates the need for users to create a new account or
remember new login credentials, making the authentication process more
convenient.

To ensure the security of authentication services in mobile computing, it is essential

to implement proper security measures, such as encryption, secure communication
protocols, and secure storage of user credentials. Regular security audits and testing
can also help identify vulnerabilities and ensure that the authentication services
remain secure.
8.Explain the types of attacks?
There are many types of attacks that can be carried out against computer systems
and networks. Here are some common types of attacks:

1. Malware attacks: Malware is software that is designed to damage, disrupt, or

gain unauthorized access to a computer system or network. Common types of
malware include viruses, worms, trojans, ransomware, and spyware.
2. Phishing attacks: Phishing attacks are a type of social engineering attack in
which an attacker sends a fraudulent email, message, or website to trick the
recipient into providing sensitive information, such as passwords or credit card
numbers.
3. Denial-of-service (DoS) attacks: A DoS attack is a type of attack that
attempts to make a computer system or network unavailable by
overwhelming it with traffic or requests.
4. Man-in-the-middle (MitM) attacks: A MitM attack is a type of attack in
which an attacker intercepts communications between two parties to
eavesdrop, modify, or impersonate them.
5. Password attacks: Password attacks are attacks that attempt to gain access to
a system or network by guessing or cracking passwords. Common types of
password attacks include brute-force attacks, dictionary attacks, and rainbow
table attacks.
6. SQL injection attacks: SQL injection attacks are attacks that exploit
vulnerabilities in web applications to inject malicious SQL code into a
database. This can be used to gain unauthorized access to sensitive data or to
modify or delete data.
7. Cross-site scripting (XSS) attacks: XSS attacks are attacks that exploit
vulnerabilities in web applications to inject malicious scripts into a website.
This can be used to steal user data or to hijack user sessions.
8. Eavesdropping attacks: Eavesdropping attacks are attacks in which an
attacker intercepts and listens to network communications to steal sensitive
information, such as passwords or credit card numbers.

These are just a few examples of the many types of attacks that can be carried out
against computer systems and networks. It is important to implement appropriate
security measures, such as firewalls, anti-virus software, and strong passwords, to
protect against these attacks. Regular security audits and testing can also help
identify vulnerabilities and ensure that systems remain secure.
9.Describe the proliferation of mobile and wireless devices?
Mobile and wireless devices have become ubiquitous in our daily lives, with millions
of devices being used all around the world. The proliferation of mobile and wireless
devices can be attributed to several factors:

1. Advancements in technology: Mobile and wireless devices have become

more powerful, efficient, and affordable over the years. This has led to an
increase in demand for these devices, as they offer a convenient and portable
way to stay connected and access information.
2. Increasing need for mobility: With more people working remotely and
traveling for business and leisure, there is a growing need for mobile and
wireless devices that can provide access to information and communication
on-the-go.
3. Internet of Things (IoT): The proliferation of IoT devices, such as smart
homes, wearables, and connected cars, has contributed to the growing
demand for mobile and wireless devices.
4. Social media and mobile apps: Social media and mobile apps have become
an integral part of our daily lives, and have led to an increase in the use of
mobile and wireless devices for entertainment, communication, and
productivity.
5. Cloud computing: Cloud computing has enabled users to access data and
applications from anywhere, at any time, using mobile and wireless devices.

The proliferation of mobile and wireless devices has led to a number of benefits, such
as increased productivity, convenience, and connectivity. However, it has also posed
several security challenges, such as the risk of data breaches, malware attacks, and
identity theft. To address these challenges, it is important to implement appropriate
security measures, such as encryption, secure authentication, and mobile device
management (MDM) solutions.
10.Why do we need cyber laws?
Cyber laws are needed to protect individuals and organizations from cybercrime,
cyberbullying, and other forms of online harassment. Cyber laws establish legal
guidelines for the use of the internet and other digital technologies, and provide a
framework for prosecuting individuals who engage in illegal activities online.

Here are some reasons why we need cyber laws:

1. Protecting personal and sensitive information: Cyber laws help to protect

personal and sensitive information from being stolen, misused, or shared
without consent. This includes credit card information, social security
numbers, and medical records.
2. Preventing cyberbullying and harassment: Cyber laws can be used to
prevent cyberbullying and other forms of online harassment. This includes
online stalking, hate speech, and the distribution of sexually explicit material.
3. Protecting intellectual property: Cyber laws protect intellectual property
rights, such as patents, copyrights, and trademarks. This helps to prevent the
unauthorized use or reproduction of creative works, and provides legal
remedies for individuals and organizations whose intellectual property has
been infringed.
4. Combating cybercrime: Cyber laws provide a legal framework for
prosecuting cybercrime, such as hacking, identity theft, and cyber espionage.
This helps to deter individuals and organizations from engaging in illegal
activities online, and provides a means of punishment for those who do.
5. Establishing online governance: Cyber laws help to establish online
governance by providing guidelines for the use of the internet and other
digital technologies. This includes regulations for e-commerce, online
advertising, and online privacy.

In summary, cyber laws are essential for protecting individuals and organizations
from cybercrime, cyberbullying, and other forms of online harassment. They establish
legal guidelines for the use of the internet and other digital technologies, and
provide a framework for prosecuting individuals who engage in illegal activities
online.