MICHAEL ABRAHAM O.

CYS 206 assignment

1. Cybersecurity is a set of measures and practices used to protect computer systems,
networks, and sensitive information from unauthorized access, use, disclosure,
disruption, modification, or destruction. The Cyberterrorism Act of 2002 defines
cybersecurity as the prevention of damage to, protection of, and restoration of
computers, electronic communications systems, electronic communication services, wire
communication, and electronic communication, including information contained therein,
to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.
2. The Internet enables cybercrime in various ways. First, the Internet provides anonymity,
allowing cybercriminals to hide their true identity and location, making it difficult for law
enforcement to track and prosecute them. Second, the Internet provides a global reach,
allowing cybercriminals to target victims from anywhere in the world, increasing the
potential for financial gain. Third, the Internet provides a platform for cybercriminals to
distribute malware, such as viruses, worms, and trojans, to infect computers and steal
sensitive information. Fourth, the Internet provides a means for cybercriminals to engage
in fraudulent activities, such as phishing, identity theft, and online scams, to deceive and
defraud unsuspecting victims. Finally, the Internet provides a channel for cybercriminals
to engage in illegal activities, such as drug trafficking, human trafficking, and terrorism,
to finance their criminal operations.
3. The four basic components of security are confidentiality, integrity, availability, and
accountability.
Confidentiality: Confidentiality refers to the protection/security of sensitive information
from unauthorized access, use, disclosure, or modification. Examples of confidential
information include personal data, financial information, trade secrets, and classified
documents. Confidentiality is achieved through the use of access controls, encryption,
and secure communication channels.

Integrity: Integrity refers to the protection of information from unauthorized modification

or destruction. Examples of information that require integrity protection include medical
records, legal documents, and financial transactions. Integrity is achieved through the
use of data backups, digital signatures, and access controls.

Availability: Availability refers to the assurance that information and systems are
accessible and usable when needed. Examples of systems that require availability
protection include e-commerce websites, emergency services, and critical infrastructure.
Availability is achieved through the use of redundancy, fault tolerance, and disaster
recovery plans.

Accountability: Accountability refers to the ability to track and audit the actions of users
and systems. Examples of activities that require accountability include financial
 transactions, access to sensitive data, and system configuration changes. Accountability
is achieved through the use of audit logs, access controls, and monitoring tools.

Confidentiality secures information from unauthorized access, integrity protects

information from unauthorized modification, availability ensures that information and
systems are accessible when needed, and accountability ensures that actions can be
tracked and audited.
4. Passive attacks and active attacks are two types of cyber attacks.
– Passive attacks are attacks that do not alter or damage the target system but rather aim
to intercept or eavesdrop on data. Examples of passive attacks include:
Eavesdropping: Eavesdropping is the act of intercepting and listening to data
transmissions between two parties. An example of eavesdropping is sniffing the network
traffic to capture sensitive information, such as passwords or credit card numbers.

Traffic analysis: Traffic analysis is the act of monitoring and analyzing network traffic
patterns to gain insight into the behavior of a system or user. An example of traffic
analysis is monitoring the frequency of network requests to identify which websites a
user is visiting.

Passive reconnaissance: Passive reconnaissance is the act of gathering information

about a target system or network without directly interacting with it. An example of
passive reconnaissance is searching for information about a company or its employees on
social media.

Shoulder surfing: Shoulder surfing is the act of observing someone as they enter
sensitive information, such as a password or PIN, into a device. An example of shoulder
surfing is watching someone enter their password at an ATM machine.
– ACTIVE ATTACKS:- Active attacks are attacks that aim to alter or damage the target
system. Examples of active attacks include:
1. Denial-of-service (DoS) attack: A DoS attack is an attack that aims to make a system
or network unavailable by overwhelming it with traffic or requests. An example of a DoS
attack is flooding a website with traffic to make it unavailable to legitimate users.

Man-in-the-middle (MitM) attack: A MitM attack is an attack that intercepts data between
two parties to steal information or modify data. An example of a MitM attack is
intercepting and modifying bank transactions between a customer and their bank.

Malware: Malware is software that is designed to damage, disrupt, or gain unauthorized

access to a system or network. Examples of malware include viruses, worms, and trojans

Password attacks: Password attacks are attacks that aim to guess or steal passwords to
gain unauthorized access to a system or network. Examples of password attacks include
brute force attacks, dictionary attacks, and phishing attacks.
5. Frontal Assault and Internal Assault are two types of attacks that can be used against a
system or network.
– Frontal Assault: Frontal assault is a type of attack that involves directly attacking a
system or network from the outside. Examples of frontal assault include:
Network scanning: Network scanning is the act of scanning a network to identify potential
vulnerabilities. An attacker can use network scanning to identify open ports, services,
and devices on a network.

Password cracking: Password cracking is the act of guessing or cracking passwords to

gain unauthorized access to a system or network. An attacker can use password cracking
to gain access to a system or network by guessing weak passwords.

Distributed Denial-of-Service (DDoS) attacks: DDoS attacks are attacks that aim to make
a system or network unavailable by overwhelming it with traffic from multiple sources. An
attacker can use DDoS attacks to take down a website or service by flooding it with
traffic.

Phishing attacks: Phishing attacks are attacks that aim to steal sensitive information,
such as passwords or credit card numbers, by tricking users into providing it. An attacker
can use phishing attacks to gain access to a system or network by tricking a user into
providing their login credentials.

– Internal Assault: Internal assault is a type of attack that involves attacking a system or
network from the inside. Examples of internal assault include:

Insider threats: Insider threats are threats that come from within an organization. An
attacker can use insider threats to gain access to a system or network by exploiting their
position within the organization.

Social engineering: Social engineering is the act of manipulating people into performing
actions or divulging confidential information. An attacker can use social engineering to
gain access to a system or network by tricking employees into providing sensitive
information.

Malware: Malware is software that is designed to damage, disrupt, or gain unauthorized

access to a system or network. An attacker can use malware to gain access to a system or
network by infecting a computer or device with malware.

Privilege escalation: Privilege escalation is the act of gaining higher-level access to a

system or network than is authorized. An attacker can use privilege escalation to gain
access to a system or network by exploiting a vulnerability to gain higher-level access
than is authorized.
. Fig 0.1
. Terms in context of Cryptography.
Plaintext: The original message that is to be encrypted.

Cipher: The encrypted message that is produced after encryption.

Key: The secret code that is used to encrypt or decrypt the message.
 Key: The secret code that is used to encrypt or decrypt the message.

Encipher: The process of converting the plaintext into a cipher text.

Decipher: The process of converting the cipher text back into plaintext using the key.
. a=4 b=8 c=8 d=3 E=1 F=1 G=9 H=6
. The security impact on confidentiality is said to be low when the information that is
potentially at risk is not sensitive or valuable, or when the potential attacker is not able to
access the information due to strong security measures in place.
. Write short notes on the following:
1. Access Control List (ACL): An ACL is a security mechanism used to restrict access to
resources based on the identity of users or groups. It is a list of permissions attached to
an object, such as a file or folder, that specifies which users or groups are granted access
to the object and what level of access they have. ACLs are commonly used in operating
systems, network devices, and web applications to enforce security policies and protect
sensitive data.

Single Sign-on (SSO): SSO is a method of authentication that allows users to access
multiple applications or systems with a single set of login credentials. With SSO, users
only need to authenticate once, and then they can access all the applications or systems
that they are authorized to use without having to enter their credentials again. SSO is
commonly used in enterprise environments to streamline the login process, improve
security, and reduce the risk of password-related security incidents.

Kerberos: Kerberos is a network authentication protocol that provides secure

authentication for client-server applications over insecure networks. It uses a trusted
third-party authentication server to verify the identity of users and servers and to issue
tickets that can be used to access network resources. Kerberos is widely used in
enterprise environments to provide secure authentication for services such as Active
Directory, file sharing, and email. It is designed to be secure against a wide range of
attacks, including eavesdropping, replay attacks, and man-in-the-middle attacks.
Fig 0.1