E-Commerce

Prepared by: Khushbu A Patel

INTRODUCTION
• E-Commerce or Electronic Commerce means buying and selling of
goods, products, or services over the internet. E-commerce is also
known as electronic commerce or internet commerce. These services
provided online over the internet network.
• Transaction of money, funds, and data are also considered as E-
commerce.
• These business transactions can be done in four ways: Business to
Business (B2B), Business to Customer (B2C), Customer to Customer
(C2C), Customer to Business (C2B).
• The standard definition of E-commerce is a commercial transaction
which is happened over the internet. Online stores like Amazon,
Flipkart, Shopify, Myntra, Ebay, Quikr, Olx are examples of E-
commerce websites
• E-Commerce is defined as the buying and selling of goods and
services including digital products over digital and electronic
networks. Electronic commerce (E-commerce) draws on technologies
such as mobile commerce, electronic funds transfer, supply chain
management, Internet marketing, online transaction processing,
electronic data interchange (EDI), inventory management systems,
and automated data collection systems.
• “E-Commerce or Electronic Commerce, a subset of E-Business, is the
purchasing, selling and exchanging of goods and services over
computer networks (such as Internet) through which transactions
are performed”.
• Example:- Amazon.com, an online bookstore started in 1995 grew its
revenue to more than 600$ million in 1998.
E-Commerce in India
• As in 2019, India has an internet user base of about 40% of the total
Indian population, especially with regard to e-commerce. E-
commerce in India has been budding since 2009 and many major e-
commerce companies have grown their businesses in India.
• Multi-product E-Commerce – The portals which sell multiple products
on the same website or application are Multi-product E-Commerce
companies. This includes Amazon, Flipkart, Snapdeal, where
garments, furniture, books, stationery, etc. are all available at a single
platform.
• Single Product E-Commerce – Under this, the companies which sell
only a single type of product online are called Single-Product E-
commerce companies. This includes portals like Makemytrip which
enables all kinds of tourism-related services.
Aims/Benefits of E-commerce
Convenience & accessibility

Increased selection of products

Lower start-up cost

International or cross-border sales opportunities

Easily retarget customers online

Scalability with lower operational costs

Delivery personalized experiences

Access to new technologies

• Convenience & accessibility: E-commerce can occur 24/7; for this
reason, it provides customers with the best in both convenience and
accessibility. They can find what they need, when they need it, and
directly from their mobile or desktop devices. This level of
convenience and access translates into sales and revenue opportunity
round the clock for ecommerce businesses.
• Increased selection of products: Retail brands have the flexibility to
offer a wider selection of products through their online store; online
compared to their physical brick-and-mortar stores. Many retail
brands also offer consumers access to exclusive inventory and
promotional offers that aren’t available elsewhere.
• Lower start-up cost: Compared to traditional retail stores, pure-play
e-commerce businesses can avoid a lot of upfront start-up costs
associated with running physical stores such as rent, inventory, and
in-store headcount. However, they can have warehouse costs and
shipping costs.
• International or cross-border sales opportunities: As long as a
customers can place an order online and the e-commerce store can
capture the revenue from the sale, then ship the product or service to
the customer’s location. Online stores aren’t limited by geographic
location as brick-and-mortar stores are. An ecommerce store allows
your business to reach more customers, globally — maximizing selling
potential.
• Easily retarget customers online: E-commerce stores regularly use
retargeting as a way to attract and retain existing customers, or
acquire new look-a-like customers. With retargeting, you can either
target your existing customers, or your most profitable customers
with products that are similar to the ones they love, or complement
their past purchases. Retargeting is also a strategy used by online
stores to recover abandoned (left) carts.
• Scalability with lower operational costs: As the customer base grows,
brick-and-mortar retail operations are forced to either relocate to a larger
location or expand their physical store footprint, all of which comes with
significant costs. In contrast, an e-commerce platform can be equipped to
handle high traffic volume and sales spikes, enabling an e-commerce
businesses to scale with increased inventory and order fulfilment.
• Delivery personalized experiences: E-commerce businesses can
personalize everything from onsite search to dynamic pricing and curated
product recommendations. With an AI-powered e-commerce platform, you
can upsell, cross-sell, and present products that customers are most likely
to be interested in, thereby increasing revenue-per-customer.
• Access to new technologies: With progressive enhancements to e-
commerce platforms and technologies, you can always find ways to
streamline your e-commerce business operations to save time and money. In
contrast, there are limitations to what technology can do to streamline
physical stores. E-commerce has the upper hand in its ability to leverage
technology to streamline operations, market products, improve team
collaboration, and provide faster customer service.
E-commerce Business Models

Business to Consumer (B2C):

Business to Business (B2B)
Direct to Consumer (D2C)
Consumer to Consumer (C2C)
Consumer to Business (C2B)
Business to Government (B2G)
Consumer to Government (C2G)
• Business to Consumer (B2C): B2C e-commerce is the most popular e-
commerce model. Business to consumer means that the sale is taking
place between a business and a consumer, like when you buy
something from an online retailer.
• Business to Business (B2B): B2B e-commerce refers to a business
selling a good or service to another business, like a manufacturer and
wholesaler, or a wholesaler and a retailer. Business to business e-
commerce isn’t consumer-facing, and usually involves products like
raw materials, software, or products that are combined.
Manufacturers also sell directly to retailers via B2B ecommerce.
• Direct to Consumer (D2C): Direct to consumer e-commerce is the
newest model of ecommerce, and trends within this category are
continually changing. D2C means that a brand is selling directly to
their end customer without going through a retailer, distributor, or
wholesaler. Subscriptions are a popular D2C item, and social selling
via platforms like InstaGram, Pinterest, TikTok, Facebook (Meta),
SnapChat, etc. are popular platforms for direct to consumer sales.
• Consumer to Consumer (C2C): C2C e-commerce refers to the sale of a
good or service to another consumer. Consumer to consumer sales take
place on platforms like eBay, Etsy, and Fivver.
• Consumer to Business (C2B): Consumer to business is when an individual
sells their services or products to a business organization. C2B
encompasses influencers offering exposure, photographers, consultants,
freelance writers, etc.
• Business to Government (B2G): Also known as business-to-administration
(B2A), business to government involves the sale of goods and services
between the business sector as a supplier and a government entity as a
customer. For example, government agencies may orders goods or services
from external third-party contractors for cleaning and maintaining of public
spaces like parks.
• Consumer to Government (C2G): Also called consumer-to-administration
(C2A), consumer to government enables consumers to provide feedback or
request information regarding public agencies directly to the government
administration or authorities. Examples include paying an electricity bill or
taxes through a government website e.g. Bharat BillPay (BBPS).
Introduction to M-commerce
• Mobile commerce is also sometimes referred to as m-commerce which
involves shopping through a mobile device (mostly smartphone), and
all transactions are performed over a mobile device.
• Mobile commerce or M-commerce refers to the business platform
where you can buy and sell products and services with the help of
your smartphones (wireless handheld devices).
• The term mobile commerce was originally coined in 1997 by Kevin
Duffey at the launch of the Global Mobile Commerce Forum, to
mean “the delivery of electronic commerce capabilities directly into
the consumer’s hand, anywhere, via wireless technology”. Many
choose to think of Mobile Commerce as meaning "a retail outlet in
your customer’s pocket”.
• Mobile commerce services were first delivered in 1997, when the first
two mobile-phone-enabled Coca-Cola vending machines were
installed in the Helsinki area in Finland. The machines accepted
payment via SMS text messages. This work evolved into several new
mobile applications such as the first mobile phone-based banking
service launched in 1997 by Merita Bank of Finland, also using SMS.
Types of M-commerce

Mobile Shopping

Mobile Banking

Mobile Payments
• Mobile Shopping: Mobile Shopping: The mobile device plays an
important role in the success of mobile shopping. But what a
customer expects today is an omnichannel experience, they want
their brands to be available on their preferred channel. For instance, if
a customer scans a QR code in a retail store they can do the shopping
on Viber Chatbot and continue their shopping.
• Mobile Banking: Mobile banking is also popularly known as “Net
Banking” which is like online banking. Financial institutes especially
banks use both SMS, apps, and chatbots to send out alerts and
account activities. With the help of the WhatsApp Chatbot, customers
can view their account balance, bank statement, fund transfer, review
loans, and many other transactions by just communicating via
WhatsApp in real-time.
• Mobile Payments: Mobile payment is an alternative to the traditional
channels of payments such as cash, cheque, credit/debit cards which
are also known as Mobile Money Transfer, mobile money, or m-
payments. Due to physical distancing, customers prefer to use
contactless payments, and that is where mobile payments come in
handy.
1.4 E-Commerce Consumer applications
• People needs entertainment on demand including video, games,
news on-demand, electronic retailing via catalogs etc.
• Currently now we are taking the video on-demand.
• Why most companies betting heavily on this?
1. 93 million homes have television
2. Americans spend nearly half their free time watching television
3. Every evening, more than one-third of the population is in front of
a television
4. Sight, sound, and motion combine to make television a powerful
means of marketing
Consumer Applications and Social Interaction:
• Lessons from history indicate that the most successful technologies
are those that make their mark social
• In 1945, in U.S no one had TV. By 1960 about 86percent of
households did
• Now contrast with Telephone. Bell invented the telephone in 1876
and by1940, 40% of U.S. households and by 1980 about 95-98
percent of households connected
• Penetration was slower for Telephone than for TV because of the
effort needed to set up the wiring infrastructure The impact of both
was good on business, social, consumer behavior and entertainment
habits Radio began in 1960, and by 1989, almost 3 decades later, just
319 radio stations followed the news format
• In 1994, their number exceeded 1000
• What do Consumers really want?
• 1. They want quality and cost of service
• 2.If a new system requires more steps to do essentially the same
things, consumers may resist it
• 3.Some people fit that mold, but most of public prefers to lay back
and just watch television and let someone else do the work of
figuring out the sequence of television programming
• What are Consumers willing to spend?

• 1.According to the video on-demand, consumers get the

cable bill at basic charge they will buy
• 2.If it is doubled they will not buy and at the service
provider economics will increased then network operators
might look to advertises to fill the gap
Delivering products to Consumers
1. Packing and distribution must be considered
2. Blockbuster video collects the information and shows the typical
consumer
3. Spends $12 a month on home video expenditures
4. Go to video store to select video on limited budget and has time to
5. Only periodically expends a large sum of money
Consumer Research and Ecommerce
• Consumer opinion about interactive television is
• 46% be willing to pay
• 39% want video phone calls
• 63% would pay for movies on-demand
• 57% would pay for Television shows on-demand
• 78% said their worry about it is that they will pay for something that
they previously received free of charge
• 64% are think it make it harder for viewers to protect privacy
• 41% are tell that it is too confusing to use
1.3 E-Commerce Framework

Introduction
The basic framework of e-commerce enables doing business online. The
framework consists of a comprehensive structure beginning with the
based technology layer to the general service layer. E-commerce has, to a
certain extent, changed markets structure. Traditionally, market ties were
created through the exchange of goods, services, and money. E-commerce
has brought in an essential element: information. Market ties are now
based on information services, information goods and electronic money.
Although the nature of exchanging products remains unchanged, the
channel and the format of doing business have changed. To better
understand the basic framework of e-commerce, the following paragraphs
explain the features of the major layers in the environment of e-commerce.
Basic Framework

1. The First layer: Network Infrastructure

Also known as the “Information Superhighway”, network

infrastructure is the foundation layer of hardware infrastructure. It is a
mixture of many forms of information transport systems, which
include telecom, cable TV, wireless and the Internet. These systems,
in particular the Internet, provide various types of telecommunication
channels for transmission of contents used in ecommerce.

2. The Second Layer: Multimedia Content and Network Publishing

While the Information Superhighway is the transportation basis that
allows content such as text, sounds and images to be transmitted, the
second layer provides an architecture that enables the content to be
developed in a programming language know as Hyper Text Markup
Language (HTML) for publishing on the World Wide Web (WWW).
Another programming language in use is Java, which enables multimedia
content to be transmitted to end users‟ personal computers via various
networks such as cable, wireless, fiber optics and satellites
3. The Third layer: Messaging and Information Dissemination

Messaging transmission is usually done by the following technologies:

(a) Communicating non-formatted data: by using facsimile, electronic

mail, which mainly directs to individuals.
(b) Communicating formatted data: by using Electronic Data
Interchange (EDI) without human intervention. It is mainly used for
business documents such as purchase orders, invoices and packing lists.
Messaging transmission technology has encouraged business process
automation.

(c) Hyper Text Transfer Protocol (HTTP): HTTP is an information

dissemination tool generally used on the Internet. It uses a common
display format to publish non-formatted multimedia messages in various
environments.

(d) Uniform Resource Locator (URL): URL is at present used by many

web surfers to search for information.

4. The Fourth layer: Security Protection in Business Services

This layer is regarded as the essential facilities for doing business because
it is required by both business corporations and individuals in business
transactions. The facilities include standardized product catalogues, price
lists, electronic payment methods, secured transmission of business
information, and the authentication of identity of both trading parties. The
ultimate goal of e-commerce is that the seller gets the payment and the
buyer obtains the product. To ensure transaction security, e-commerce
needs to ensure content reliability, integrity, non- repudiation, and to
provide the relevant evidence in case of disputes. Therefore, payment
security on the web is crucial to ensure smooth completion of a
transaction. The prevailing method of security measure is by electronic
certification which provides „end-to-end‟ security protection.
5. The Fifth layer: Practical Application of E-commerce

E-commerce is widely employed in supply chain management, electronic

marketing, electronic advertising, online shopping, online entertainment,
pay-information service and network banking.

1.4 E-Commerce Consumer applications

• People needs entertainment on demand including video, games,
news on-demand, electronic retailing via catalogs etc.
• Currently now we are taking the video on-demand.
• Why most companies betting heavily on this?
1. 93 million homes have television
2. Americans spend nearly half their free time watching television
3. Every evening, more than one-third of the population is in front of
a television
4. Sight, sound, and motion combine to make television a powerful
means of marketing
Consumer Applications and Social Interaction:
• Lessons from history indicate that the most successful technologies
are those that make their mark social
• In 1945, in U.S no one had TV. By 1960 about 86percent of
households did
 • Now contrast with Telephone. Bell invented the telephone in 1876
and by1940, 40% of U.S. households and by 1980 about 95-98
percent of households connected
• Penetration was slower for Telephone than for TV because of the
effort needed to set up the wiring infrastructure The impact of both
was good on business, social, consumer behavior and entertainment
habits Radio began in 1960, and by 1989, almost 3 decades later,
just 319 radio stations followed the news format
• In 1994, their number exceeded 1000
What do Consumers really want?
• 1. They want quality and cost of service
• 2.If a new system requires more steps to do essentially the same
things, consumers may resist it
• 3.Some people fit that mold, but most of public prefers to lay back
and just watch television and let someone else do the work of
figuring out the sequence of television programming
What are Consumers willing to spend?
• 1.According to the video on-demand, consumers get the cable bill at
basic charge they will buy
• 2.If it is doubled they will not buy and at the service provider
economics will increased then network operators might look to
advertises to fill the gap
Delivering products to Consumers
1. Packing and distribution must be considered
2. Blockbuster video collects the information and shows the typical
consumer
3. Spends $12 a month on home video expenditures
 4. Go to video store to select video on limited budget and has time to
5. Only periodically expends a large sum of money
Consumer Research and Ecommerce
• Consumer opinion about interactive television is
• 46% be willing to pay
• 39% want video phone calls
• 63% would pay for movies on-demand
• 57% would pay for Television shows on-demand
• 78% said their worry about it is that they will pay for something that
they previously received free of charge
• 64% are think it make it harder for viewers to protect privacy
• 41% are tell that it is too confusing to use

1.5 E-Commerce Organization applications

Changing business Environment

 The traditional business environment is changing rapidly
 Many companies are looking outside and within to shape business
strategies
 These activities include private electronic connections to
customers ,suppliers ,distributors ,industry groups etc
 The I-superhighway will expand this trend so that it allow business
to exchange information
E-Commerce and the retail Industry
 Conditions are changing in the “new economy” with respect to the
retail industry
 Consumers are demanding lower prices, better quality, a large
selection of in-season goods.
 Retailers are filling their order by slashing back-office costs,
reducing profit margins, reducing cycle times. buying more wisely
and making huge investments in technology
 Retailers are in the immediate line of fire and were first to bear the
brunt of cost cutting

Marketing and E-Commerce

 E-commerce is forcing companies to rethink the existing ways of
doing target marketing and even event marketing.
 Interactive marketing is in electronic markets via interactive
multimedia catalogs
 Users find moving images more appealing than still image and
listening more appealing than reading text on a screen
 Consumer information services are a new type of catalog business

Inventory Management and Organizational Applications

 With borders opening up and companies facing stiff global
competition
 Adaptation would include moving to computerized, “paperless”
operations to reduce
 Once targeted business process is inventory management, solutions
for these processes go by different names
 In manufacturing industry they’re known as just-in-time inventory
systems, in the retail as quick response programs, and in
transportation industry as consignment tracking systems

Just-in-Time (JIT) Manufacturing

  It is viewed as an integrated management system consisting of a
number of different management practices dependent on the
characteristics of specific plants
 The first principle is elimination of all waste (time ,materials ,labour
& equipment)
 The following management practices are focused factory, reduced
set-up times, group technology, total productive maintenance,
multifunction employees, uniform workloads, IT purchasing bank
an total quality control & quality circles

Quick Response Retailing (QR)

 It is a version of JIT purchasing tailored for retailing
 To reduce the risk of being of out of stock, retailers are
implementing QR systems
 It provides for a flexible response to product ordering and lowers
costly inventory levels
 QR retailing focuses on market responsiveness while maintaining
low levels of stocks
 It creates a closed loop consisting of retailer, vendor, & consumer
chain,& as consumers make purchases the vendor orders new
deliveries from the retailer through its computer network

Supply Chain Management

 QR and JIT address only part of the overall picture
 Supply Chain Management (SCM) is also called “extending”,
which means integrating the internal and external partners on the
supply and process chains to get raw materials to the manufacturer
and finished products to the consumer

Work group Collaboration Applications:

 A internet work that enables easy and inexpensive connection of
various organizational segments
 It is to improve communications and information sharing and to
gather and analyze competitive data in real-time
  Videoconferencing, document sharing and multimedia e-mail, are
expected to reduce travel and encourage telecommuting

1.5 Introduction to M-commerce

Mobile commerce is also sometimes referred to as m-commerce which
involves shopping through a mobile device (mostly smartphone), and all
transactions are performed over a mobile device.
Mobile commerce or M-commerce refers to the business platform where you
can buy and sell products and services with the help of your smartphones
(wireless handheld devices).
The term mobile commerce was originally coined in 1997 by Kevin Duffey at
the launch of the Global Mobile Commerce Forum, to mean “the delivery of
electronic commerce capabilities directly into the consumer’s hand, anywhere,
via wireless technology”. Many choose to think of Mobile Commerce as
meaning "a retail outlet in your customer’s pocket”.
Mobile commerce services were first delivered in 1997, when the first two mobile-
phone-enabled Coca-Cola vending machines were installed in the Helsinki area in
Finland. The machines accepted payment via SMS text messages. This work
evolved into several new mobile applications such as the first mobile phone-based
banking service launched in 1997 by Merita Bank of Finland, also using SMS.
Types of M-commerce
• Mobile Shopping
• Mobile Banking
• Mobile Payments
• Mobile Shopping: Mobile Shopping: The mobile device plays an important
role in the success of mobile shopping. But what a customer expects today is
an omnichannel experience, they want their brands to be available on their
preferred channel. For instance, if a customer scans a QR code in a retail store
they can do the shopping on Viber Chatbot and continue their shopping.
• Mobile Banking: Mobile banking is also popularly known as “Net Banking”
which is like online banking. Financial institutes especially banks use both
 SMS, apps, and chatbots to send out alerts and account activities. With the
help of the WhatsApp Chatbot, customers can view their account balance,
bank statement, fund transfer, review loans, and many other transactions by
just communicating via WhatsApp in real-time.
• Mobile Payments: Mobile payment is an alternative to the traditional
channels of payments such as cash, cheque, credit/debit cards which are also
known as Mobile Money Transfer, mobile money, or m-payments. Due to
physical distancing, customers prefer to use contactless payments, and that is
where mobile payments come in handy.
Unit 2: Network Infrastructure of e-Com, Payment and Security:
2.1. Concepts of Information Way
2.2. Components of I-Way
2.2.1. Network Access Equipment
2.2.2. Local on-ramps
2.2.3. Global Information Distribution Network
2.3. Transaction Models
2.4 e-Commerce Payments and Security Issues
2.4.1. e-Commerce Payment Systems
2.4.2. Debit Card Based, Credit Card Based, Risks & EPS
2.4.3. e-Cash, e-Cheque, e-wallet
2.5. Security on Web, SSL

2.1. Concepts of Information Way

What is the information superhighway?

An information superhighway is a telecommunications infrastructure or

system (as of television, telephony, or computer networks) used for
widespread and usually rapid access to information. The information
superhighway or infobahn was a widespread term used through the 1990s
to denote alphanumeric communication systems and the Internet
telecommunications network. It is related to the United States Senator and
later Vice-President Al Gore.

2.2. Components of I-Way

There are three components of the I-way infrastructure:
• Consumer access equipment
• Local on-Ramps
• Global information Distribution Network

1. Consumer access equipment: - which is at the consumer end and enables the consumer to
access the network. It consists of the hardware such as computers, modems, routers, switches for
computer networks, set-top boxes for television networks and software platforms such as browsers
and operating systems.
2. Local on-Ramps: - provide the communication backbone for the transmission of data and
information. The access providers can also be differentiated into four categories: telecom based
cable TV-based, wireless-based, or computer-based online systems.

3. Global information distribution networks: providing the infrastructure for connecting across
the countries and continents. They include such networks as the long-distance telephone lines,
satellite networks, and the internet.

2.3. Transaction Models

E-commerce business models can generally be categorized into the following

categories.

 Business - to - Business (B2B)

 Business - to - Consumer (B2C)
 Consumer - to - Consumer (C2C)
 Consumer - to - Business (C2B)
 Business - to - Government (B2G)
 Government - to - Business (G2B)
 Government - to - Citizen (G2C)

 Business - to - Business
 A website following the B2B business model sells its products to an
intermediate buyer who then sells the product to the final customer. As an
example, a wholesaler places an order from a company's website and after
receiving the consignment, sells the endproduct to the final customer who
comes to buy the product at one of its retail outlets.

 Business - to - Consumer
 A website following the B2C business model sells its products directly to a
customer. A customer can view the products shown on the website. The
customer can choose a product and order the same. The website will then send
a notification to the business organization via email and the organization will
dispatch the product/goods to the customer.


 Consumer - to - Consumer
 A website following the C2C business model helps consumers to sell their
assets like residential property, cars, motorcycles, etc., or rent a room by
 publishing their information on the website. Website may or may not charge
the consumer for its services. Another consumer may opt to buy the product of
the first customer by viewing the post/advertisement on the website.


 Consumer - to - Business
 In this model, a consumer approaches a website showing multiple business
organizations for a particular service. The consumer places an estimate of
amount he/she wants to spend for a particular service. For example, the
comparison of interest rates of personal loan/car loan provided by various
banks via websites. A business organization who fulfills the consumer's
requirement within the specified budget, approaches the customer and provides
its services.


 Business - to - Government
 B2G model is a variant of B2B model. Such websites are used by governments
to trade and exchange information with various business organizations. Such
 websites are accredited by the government and provide a medium to businesses
to submit application forms to the government.


 Government - to - Business
 Governments use B2G model websites to approach business organizations.
Such websites support auctions, tenders, and application submission
functionalities.


 Government - to - Citizen
 Governments use G2C model websites to approach citizen in general. Such
websites support auctions of vehicles, machinery, or any other material. Such
website also provides services like registration for birth, marriage or death
certificates. The main objective of G2C websites is to reduce the average time
for fulfilling citizen’s requests for various government services.

2.4 e-Commerce Payments and Security Issues

2.4.1. e-Commerce Payment Systems
E-commerce sites use electronic payment, where electronic payment refers to
paperless monetary transactions. Electronic payment has revolutionized the
business processing by reducing the paperwork, transaction costs, and labor cost.
Being user friendly and less time-consuming than manual processing, it helps
business organization to expand its market reach/expansion.
2.4.2. Debit Card Based, Credit Card Based, Risks & EPS

Debit Card
Debit card, like credit card, is a small plastic card with a unique number mapped with
the bank account number. It is required to have a bank account before getting a debit
card from the bank. The major difference between a debit card and a credit card is that
in case of payment through debit card, the amount gets deducted from the card's bank
account immediately and there should be sufficient balance in the bank account for
the transaction to get completed; whereas in case of a credit card transaction, there is
no such compulsion.

Debit cards free the customer to carry cash and cheques. Even merchants accept a
debit card readily. Having a restriction on the amount that can be withdrawn in a day
using a debit card helps the customer to keep a check on his/her spending.

Credit Card
Payment using credit card is one of most common mode of electronic payment. Credit
card is small plastic card with a unique number attached with an account. It has also a
magnetic strip embedded in it which is used to read credit card via card readers. When
a customer purchases a product via credit card, credit card issuer bank pays on behalf
of the customer and customer has a certain time period after which he/she can pay the
credit card bill. It is usually credit card monthly payment cycle. Following are the
actors in the credit card system.

 The card holder − Customer

 The merchant − seller of product who can accept credit card payments.
 The card issuer bank − card holder's bank
 The acquirer bank − the merchant's bank
 The card brand − for example, visa or MasterCard.

Credit Card Payment Process

Step Description

Bank issues and activates a credit card to the customer on his/her

Step 1
request.
 The customer presents the credit card information to the merchant site
Step 2 or to the merchant from whom he/she wants to purchase a
product/service.

Merchant validates the customer's identity by asking for approval from

Step 3
the card brand company.

Card brand company authenticates the credit card and pays the
Step 4
transaction by credit. Merchant keeps the sales slip.

Merchant submits the sales slip to acquirer banks and gets the service
Step 5
charges paid to him/her.

Acquirer bank requests the card brand company to clear the credit
Step 6
amount and gets the payment.

Now the card brand company asks to clear the amount from the issuer
Step 6
bank and the amount gets transferred to the card brand company.

Risks & EPS

Security Risks: Despite strong security measures, electronic payment systems are
vulnerable to hacking, data breaches, and identity theft, potentially exposing
customers’ sensitive information.

Technical Glitches: System failures or technical glitches in electronic payment

platforms can disrupt transactions and cause inconvenience to both businesses and
customers.

Dependency on Technology: Electronic payment systems heavily rely on technology

and the internet. Any disruption in network connectivity or power outage can disrupt
payment services.

Fraud and Scams: Cybercriminals continuously develop new methods to exploit

vulnerabilities in electronic payment systems, leading to fraudulent activities that can
harm businesses and individuals.
Lack of Anonymity: Electronic transactions leave digital footprints, compromising
user privacy and anonymity compared to cash transactions.

Potential Fees: While electronic payments are generally cost-effective, some

transactions may incur additional fees, especially for cross-border transactions or
currency conversions.

Limited Acceptance: In some regions or certain demographics, electronic payment

methods may have limited acceptance, which can inconvenience users who prefer or
rely on traditional payment methods.

2.4.3. e-Cash, e-Cheque, e-wallet

E-Cash
eCash is known as Electronic Cash which is a digital currency technique
from which transactions can be achieved anywhere through the internet.
It is an easier form of payment, it is based on the principles of
blockchain technology (Digital Signatures) among the Peer-to-Peer
network. All transactions and dealings are stored in specific digital
databases. It is the alternate payment system to pay for bills, products,
and services without the use of paper or coin currency. Applications of
electronic or digital cash are digital cash, debit cards, electronic cases,
electronic check, and credit cards.

E-cheque:
An electronic check is an electronic version of the conventional paper
check. It is a form of online payment where money is withdrawn from
one account and deposited into another account using the Automated
Clearing House (ACH) network.
Through an ACH merchant account, a business can collect payments for
products or services directly from a customer’s bank account
electronically. However, the payment must first be authorized by the
customer, which is usually done through consent taken in various forms,
such as acceptance of a website’s terms and conditions or a signed
contract.
How to Process Electronic Checks

The processing of electronic checks is similar to processing paper

checks, but it is done faster. As the process is carried out online, paper,
as well as time, is saved while transacting using e-checks.

Listed below are the steps involved in processing an electronic check:

 Requesting authorization: The payee needs to get authorization

from the payer to make the transaction.
 Setting up the payment: Payment information is fed into the
online payment processing software.
 Finalizing the payment: Once all the relevant details are entered,
the information is submitted, and it starts the ACH transaction
process.
 Payment confirmation and fund transfer: The payment is
withdrawn from the payer’s bank account and is deposited in the
payee’s bank account. It happens automatically, and a payment
receipt is also sent to the payer. Funds usually take around 3-5
business days to transfer once the ACH transaction is initiated.

E-Wallet
The E-Wallet can be simply understood as a prepaid account that allows
customers to store numerous debit cards, credit cards, etc., in a secure
environment that eliminates the need to enter the information every time the
customer wants to make a payment. The use of E-Wallets is rising with each
passing day.
2.5. Security on Web, SSL

Three basic security concepts important to information on the Internet

are confidentiality, integrity, and availability. Concepts relating to the
people who use that information are authentication, authorisation, and
nonrepudiation. Integrity and confidentiality can also be enforced on
Web Services through the use of Transport Layer Security (TLS). Both
SSL and TSL (Transport Layer Security) are the same. The
dependencies among these concepts (also called objects) Integrity.
Integrity has two facets:
Data Integrity: This property, that data has not been altered in an
unauthorized manner while in storage, during processing or while in
transit. Another aspect of data integrity is the assurance that data can only
be accessed and altered by those authorised to do so. Often such integrity
is ensured by use of a number referred to as a Message Integrity Code or
Message Authentication Code.

System Integrity: This quality that a system has when performing the
intended function in an unimpaired manner, free from unauthorised
manipulation. Integrity is commonly an organisations most important
security objective, after availability. Integrity is particularly important for
critical safety and financial data used for activities such as electronic
funds transfers, air traffic control, and financial accounting.

SSL
Secure Socket Layer (SSL) provides security to the data that is
transferred between web browser and server. SSL encrypts the link
between a web server and a browser which ensures that all data passed
between them remain private and free from attack.
Secure Socket Layer Protocols:
 SSL record protocol
 Handshake protocol
 Change-cipher spec protocol
 Alert protocol
SSL Protocol Stack:

SSL Record Protocol:

SSL Record provides two services to SSL connection.

 Confidentiality
 Message Integrity
In the SSL Record Protocol application data is divided into fragments. The
fragment is compressed and then encrypted MAC (Message Authentication
Code) generated by algorithms like SHA (Secure Hash Protocol) and MD5
(Message Digest) is appended. After that encryption of the data is done and in
last SSL header is appended to the data.
Handshake Protocol:
Handshake Protocol is used to establish sessions. This protocol allows the
client and server to authenticate each other by sending a series of messages to
each other. Handshake protocol uses four phases to complete its cycle.
 Phase-1: In Phase-1 both Client and Server send hello-packets to each
other. In this IP session, cipher suite and protocol version are exchanged for
security purposes.
 Phase-2: Server sends his certificate and Server-key-exchange. The server
end phase-2 by sending the Server-hello-end packet.
 Phase-3: In this phase, Client replies to the server by sending his certificate
and Client-exchange-key.
 Phase-4: In Phase-4 Change-cipher suite occurs and after this the
Handshake Protocol ends.
 

 SSL Handshake Protocol Phases diagrammatic representation

 Change-cipher Protocol:
 This protocol uses the SSL record protocol. Unless Handshake Protocol
is completed, the SSL record Output will be in a pending state. After the
handshake protocol, the Pending state is converted into the current
state.
Change-cipher protocol consists of a single message which is 1 byte in
length and can have only one value. This protocol’s purpose is to cause
the pending state to be copied into the current state.
 

 Alert Protocol:
 This protocol is used to convey SSL-related alerts to the peer entity. Each
message in this protocol contains 2 bytes.


The level is further classified into two parts:

Warning (level = 1):

This Alert has no impact on the connection between sender and receiver. Some
of them are:

Fatal Error (level = 2):

This Alert breaks the connection between sender and receiver. The connection
will be stopped, cannot be resumed but can be restarted.

Features of Secure Socket Layer:

 The advantage of this approach is that the service can be tailored to the
specific needs of the given application.
 Secure Socket Layer was originated by Netscape.
 SSL is designed to make use of TCP to provide reliable end-to-end secure
service.
 This is a two-layered protocol.
Working of SSL

 The browser attempts to connect itself to a website/web server

secured with an SSL certificate.
 The web server sends a copy of the SSL certificate to the browser.
 The browser checks the authenticity of the certificate and sends a
message to the webserver.
 In return, the webserver/website sends a digitally signed acceptance
for initiating an SSL encrypted session.

Thus, encrypted communication is started between browser and web

server.
Unit-3: Introduction to Cyber Crimes:

3.1 Category of Cyber Crimes

3.2 Technical Aspects of Cyber Crimes

3.2.1 Unauthorized access & Hacking

3.2.2 Trojan, Virus and Worm Attacks

3.2.3 E-Mail related Crimes: Spoofing, Spamming, Bombing

3.2.4 Denial of Service Attacks

3.2.5 Distributed Denial of Service Attack

3.3 Various crimes:

3.3.1 IPR Violations (Software piracy, Copyright Infringement, Trademarks Violations, Theft of Computer
source code, Patent Violations)

3.3.2 Cyber Squatting, Cyber Smearing, Cyber Stacking

3.3.3 Financial Crimes: (Banking, credit card, Debit card related)

What is Cybercrime?
Cybercrime is defined as a crime where a computer is the object of the
crime or is used as a tool to commit an offense. A cybercriminal may
use a device to access a user’s personal information, confidential
business information, government information, or disable a device. It is
also a cybercrime to sell or elicit the above information online.
3.1 Category of Cyber Crimes It can be classified in to 4 major categories as

1. Cyber crime against Individual

2. Cyber crime Against Property
3. Cyber crime Against Organization
4. Cyber crime Against Society
1. Against Individuals
1. Email spoofing :
A spoofed email is one in which e-mail header is forged so that
mail appears to originate from one source but actually has been
sent from another source
 2. Spamming :
Spamming means sending multiple copies of unsolicited mails or
mass e-mails such as chain letters.
3. Cyber Defamation :
This occurs when defamation takes place with the help of
computers and / or the Internet. E.g. someone publishes
defamatory matter about someone on a website or sends e-mails
containing defamatory information.
4. Harassment & Cyber stalking :
Cyber Stalking Means following the moves of an individual’s
activity over internet. It can be done with the help of many
protocols available such at e- mail, chat rooms, user net groups.
2. Against Property:

1. Credit Card Fraud :

2. Intellectual Property crimes: These include Sftware piracy:
illegal copying of programs, distribution of copies of software.
1. Copyright infringement:
2. Trademarks violations:
Theft of computer source code:
3. Internet time theft:
the usage of the Internet hours by an unauthorized person which is
actually paid by another person.
3. Against Organization
1. Unauthorized Accessing of Computer:
Accessing the computer/network without permission from the
owner.
it can be of 2 forms:
1. Changing/deleting data:
Unauthorized changing of data.
2. Computer voyeur:
The criminal reads or copies confidential or proprietary
information, but the data is neither deleted nor changed.
 2. Denial of Service:
When Internet server is flooded with continuous bogus requests so
as to denying legitimate users to use the server or to crash the
server.
3. Computer contamination / Virus attack:
A computer virus is a computer program that can infect other
computer programs by modifying them in such a way as to include
a (possibly evolved) copy of it.
Viruses can be file infecting or affecting boot sector of the
computer.
Worms, unlike viruses do not need the host to attach themselves
to.
4. Email Bombing:
Sending large numbers of mails to the individual or company or
mail servers thereby ultimately resulting into crashing.
5. Salami Attack:
When negligible amounts are removed & accumulated in to
something larger. These attacks are used for the commission of
financial crimes.
6. Logic Bomb:
Its an event dependent programme , as soon as the designated
event occurs, it crashes the computer, release a virus or any other
harmful possibilities.
7. Trojan Horse :
an unauthorized program which functions from inside what seems
to be an authorized program, thereby concealing what it is actually
doing.
8. Data diddling :
This kind of an attack involves altering raw data just before it is
processed by a computer and then changing it back after the
processing is completed.
4. Against Society
1. Forgery: currency notes, revenue stamps, mark sheets etc can be
forged using computers and high quality scanners and printers.
 2. Cyber Terrorism: Use of computer resources to intimidate or
coerce others.
3. Web Jacking: Hackers gain access and control over the website
of another, even they change the content of website for fulfilling
political objective or for money.

3.2 Technical Aspects of Cyber Crimes

3.2.1 Unauthorized access & Hacking

Unauthorized access is when a person gains entry to a computer network,

system, application software, data, or other resources without permission.
Any access to an information system or network that violates the owner or
operator’s stated security policy is considered unauthorized access.
Unauthorized access is also when legitimate users access a resource that they
do not have permission to use.

The three primary objectives of preventing unauthorized access are:

 Confidentiality—the protection of sensitive information from
unauthorized access
 Integrity—the protection of sensitive information from unauthorized
modification or destruction
 Availability—the protection of sensitive information and information
systems from unauthorized disruption

Hacking:
An effort to attack a computer system or a private network inside a
computer is known as hacking.
Simply, it is unauthorized access to or control of computer network
security systems with the intention of committing a crime.
Hacking is the process of finding some security holes in a computer
system or network in order to gain access to personal or corporate
information.
One example of computer hacking is the use of a password cracking
technique to gain access to a computer system. The process of gaining
illegal access to a computer system, or a group of computer systems, is
known as hacking. This is accomplished by cracking the passwords and
codes that grant access to systems. Cracking is the term used to
describe the process of obtaining a password or code. The hacker is the
individual who performs the hacking.
Following are some of the things that can be hacked:
 Single systems
 Email account
 A group of systems
 LAN network
 A website
 Social media sites, etc.

Types of Hacking:
Hacking is something from which you’ve to protect yourself and solely
can be done by anticipating how a hacker might think to get into the
system.

Phishing –
In this type of hacking, hackers intention is to steal critical information
of users like account passwords, MasterCard detail, etc. For example,
hackers can replicate an original website for users interaction and can
steal critical information from the duplicate website the hacker has
created.

Virus –
These are triggered by the hacker into the filters of the website once
they enter into it . The purpose is to corrupt the information or
resources on the net website.

UI redress –
In this technique, the hacker creates a pretend interface and once the
user clicks with the intent of progressing to a particular website, they
are directed to a special website.

Cookie theft –
Hackers access the net website exploitation malicious codes and steal
cookies that contain tips, login passwords, etc. Get access to your
account then will do any factor besides your account.

Distributed Denial-of-service(DDoS) –
This hacking technique is aimed toward taking down a website so that a
user cannot access it or deliver their service. Gets the server down and
stops it from responding, which may cause a condition error constantly.

DNS spoofing –
This essentially uses the cache knowledge of an internet website or
domain that the user might have forgotten keeping up to date. It then
directs the data to a distinct malicious website.

Social Engineering –
Social engineering is an attempt to manipulate you to share personal
info, sometimes by impersonating a trustworthy supply.

Missing Security Patches –

Security tools will become outdated as a result of the hacking landscape
advancement and needs frequent updates to protect against new threats.

Malware-Injection Devices –
Cyber-criminals will use hardware to sneak malware onto your pc. You
would have detected infected USB sticks which can allow hackers
remote access to your device when it is connected to your pc.

Cracking Password –
Hackers will get your credentials through a technique known as key-
logging.

Types of Hackers

Hackers can be classified into three different categories:

1. Black Hat Hacker

2. White Hat Hacker
3. Grey Hat Hacker

Black Hat Hacker

Black-hat Hackers are also known as an Unethical Hacker or a

Security Cracker. These people hack the system illegally to steal
money or to achieve their own illegal goals. They find banks or other
companies with weak security and steal money or credit card
information. They can also modify or destroy the data as well. Black hat
hacking is illegal.

White Hat Hacker

White hat Hackers are also known as Ethical Hackers or a Penetration
Tester. White hat hackers are the good guys of the hacker world.

These people use the same technique used by the black hat hackers.
They also hack the system, but they can only hack the system that they
have permission to hack in order to test the security of the system. They
focus on security and protecting IT system. White hat hacking is legal.
Gray Hat Hacker
Gray hat Hackers are Hybrid between Black hat Hackers and White hat
hackers. They can hack any system even if they don't have permission to
test the security of the system but they will never steal money or damage
the system.

In most cases, they tell the administrator of that system. But they are
also illegal because they test the security of the system that they do not
have permission to test. Grey hat hacking is sometimes acted legally and
sometimes not.

Advantages of hacking :

1. Enhanced security: Hacking can help identify vulnerabilities in

a system or network that can be fixed to prevent malicious
attacks by cybercriminals.

2. Improving systems: Ethical hacking can help organizations

identify weaknesses in their system and fix them, leading to
improved security.

3. Protecting privacy: Hacking can uncover security flaws that

may compromise user privacy, and fixing these flaws can help
protect user data.

Disadvantages of hacking :

1. Illegal activities: Hacking is often associated with illegal

activities that can result in legal consequences.

2. Data breaches: Hacking can result in data breaches, which can

lead to the exposure of sensitive information or financial loss.

3. Ethical concerns: Hacking raises ethical concerns, particularly

in cases where it involves intruding into someone's privacy.
3.2.2 Trojan, Virus and Worm Attacks

Trojan horse malware is malware designed to look like a legitimate and

desirable program while concealing malicious functionality. For example,
malware might be built into a “free” version of Microsoft Office or even into
code designed to cheat at a video game. Once the seemingly legitimate
program is executed, the malicious functionality is run as well.

Types of Trojan viruses

Some of the most common types of Trojan virus include:
 Backdoor Trojans - This type of Trojan allows hackers to remotely access and
control a computer, often for the purpose of uploading, downloading, or executing
files at will.
 Exploit Trojans -These Trojans inject a machine with code deliberately designed
to take advantage of a weakness inherent to a specific piece of software.
 Rootkit Trojans -These Trojans are intended to prevent the discovery of
malware already infecting a system so that it can affect maximum damage.
 Banker Trojans -This type of Trojan specifically targets personal information
used for banking and other online transactions.
 Distributed Denial of Service (DDoS) Trojans - These are programmed to
execute DDoS attacks, where a network or machine is disabled by a flood of
requests originating from many different sources.
 Downloader Trojans -These are files written to download additional malware,
often including more Trojans, onto a device.

Examples of Trojans
 Zeus - Also known as Zbot, Zeus is a successful Trojan malware package with
many variants used to carry out a number of different types of attack. It’s perhaps
most well-known for its successful hack of the U.S. Department of
Transportation.
 Wirenet - Wirenet is a password-stealing Trojan notable for being among the first
to target Linux and OSX users, many of whom were migrating from Windows
operating systems based on perceived security flaws.
 Mobile banking Trojans - Webroot has documented a number of Trojans written
to target mobile banking apps for the purpose of stealing login credentials or
replacing legitimate apps with malicious ones.
 Common signs that you have been infected with a Trojan horse virus:
 Slow computer performance.
 Pop-up ads and unwanted toolbars.
 Unusual error messages.
 Changes to your homepage or search engine.
 Unexplained network activity.
 Missing or corrupted files.
 Unauthorized access to your accounts or personal information.

Virus
A computer virus is a program which can harm our device and files and infect
them for no further use. When a virus program is executed, it replicates itself by
modifying other computer programs and instead enters its own coding. This code
infects a file or program and if it spreads massively, it may ultimately result in
crashing of the device.

Across the world, Computer viruses are a great issue of concern as they can cause
billions of dollars’ worth harm to the economy each year.

Since the computer virus only hits the programming of the device, it is not visible.
But there are certain indications which can help you analyse that a device is virus-
hit.

Signs identify computer viruses:

 Speed of the System – In case a virus is completely executed into your

device, the time taken to open applications may become longer and the
entire system processing may start working slowly
 Pop-up Windows – One may start getting too many popup windows on their
screen which may be virus affected and harm the device even more
 Self-Execution of Programs – Files or applications may start opening in the
background of the system by themselves and you may not even know about
them
 Log out from Accounts – In case of a virus attack, the probability of
accounts getting hacked increase and password protected sites may also get
hacked and you might get logged out from all of them
  Crashing of the Device – In most cases, if the virus spreads in maximum
files and programs, there are chances that the entire device may crash and
stop working

Types of Computer Virus

Discussed below are the different types of computer viruses:

 Boot Sector Virus – It is a type of virus that infects the boot sector of
floppy disks or the Master Boot Record (MBR) of hard disks. The Boot
sector comprises all the files which are required to start the Operating
system of the computer. The virus either overwrites the existing program or
copies itself to another part of the disk.
 Direct Action Virus – When a virus attaches itself directly to a .exe or .com
file and enters the device while its execution is called a Direct Action Virus.
If it gets installed in the memory, it keeps itself hidden. It is also known as
Non-Resident Virus.
 Resident Virus – A virus which saves itself in the memory of the computer
and then infects other files and programs when it’s originating program is no
longer working. This virus can easily infect other files because it is hidden in
the memory and is hard to be removed from the system.
 Multipartite Virus – A virus which can attack both, the boot sector and the
executable files of an already infected computer is called a multipartite
virus. If a multipartite virus attacks your system, you are at risk of cyber
threat.
 Overwrite Virus – One of the most harmful viruses, the overwrite virus can
completely remove the existing program and replace it with the malicious
code by overwriting it. Gradually it can completely replace the host’s
programming code with the harmful code.
 Polymorphic Virus – Spread through spam and infected websites, the
polymorphic virus are file infectors which are complex and are tough to
detect. They create a modified or morphed version of the existing program
and infect the system and retain the original code.
 File Infector Virus – As the name suggests, it first infects a single file and
then later spreads itself to other executable files and programs. The main
source of this virus are games and word processors.
  Spacefiller Virus – It is a rare type of virus which fills in the empty spaces
of a file with viruses. It is known as cavity virus. It will neither affect the
size of the file nor can be detected easily.
 Macro Virus – A virus written in the same macro language as used in the
software program and infects the computer if a word processor file is
opened. Mainly the source of such viruses is via emails.

WORMS
What is a computer worm?
A computer worm is a type of malware whose primary function is to self-
replicate and infect other computers while remaining active on infected
systems.

A computer worm duplicates itself to spread to uninfected computers. It often

does this by exploiting parts of an operating system that are automatic and
invisible to the user.

Typically, a user only notices a worm when its uncontrolled replication

consumes system resources and slows or halts other tasks. A computer worm
is not to be confused with WORM, or write once, read many.
Types of computer worms

There are several types of malicious computer worms:

Email worms

Email worms work by creating and sending outbound messages to all the addresses
in a user's contact list. The messages include a malicious executable file that
infects the new system when the recipient opens it.

Successful email worms usually employ social

engineering and phishing techniques to encourage users to open the attached file.

File-sharing worms

File-sharing worms copy themselves into shared folders and spread through
peer-to-peer file-sharing networks. Worm authors often disguise these
malicious programs as media files.
Stuxnet, one of the most notorious computer worms to date, consists of two
components: a worm to propagate malware through USB devices infected
with the host file, and malware that targets supervisory control and data
acquisition systems.

File-sharing worms often target industrial environments, including power

utilities, water supply services and sewage plants.

Cryptoworms

Cryptoworms work by encrypting data on the victim's system. Perpetrators

can use this type of worm in ransomware attacks, where they follow up with
the victim and demand payment in exchange for a key to decrypt the files.

Internet worms

Some computer worms specifically target popular websites with poor security.
If they can infect the site, they can infect a computer accessing the site.

From there, internet worms spread to other devices that the infected computer
connects to through the internet and private network connections.

Instant messaging worms

Like email worms, instant messaging worms are masked by attachments or

links, which the worm continues to spread to the infected user's contact list.
The only difference is that instead of arriving in an email, it comes as an
instant message on a chat service.

If the worm hasn't had time to replicate itself onto the computer, the user can
change their password on the chat service account to prevent its spread
 Basis of
Sr.No. Comparison WORMS VIRUS
A Virus is a malicious
executable code
A Worm is a form of malware attached to another
that replicates itself and can executable file which can
spread to different computers be harmless or can
1. Definition via Network. modify or delete data.
The main objective of worms is
to eat the system resources. It
consumes system resources
such as memory and
bandwidth and made the
system slow in speed to such The main objective of
an extent that it stops viruses is to modify the
2. Objective responding. information.
It doesn’t need a host to
replicate from one computer to It requires a host is
3. Host another. needed for spreading.
4. Harmful It is less harmful as compared. It is more harmful.
Worms can be detected and Antivirus software is
Detection and removed by the Antivirus and used for protection
5. Protection firewall. against viruses.
Worms can be controlled by Viruses can’t be
6. Controlled by remote. controlled by remote.
Worms are executed via Viruses are executed via
7. Execution weaknesses in the system. executable files.
Worms generally comes from Viruses generally comes
the downloaded files or through from the shared or
8. Comes from a network connection. downloaded files.
 Hampering computer  Pop-up windows
performance by slowing linking to malicious
9. Symptoms down it websites
  Automatic opening and  Hampering computer
running of programs performance by
 Sending of emails without slowing down it
your knowledge  After booting, starting
 Affected the performance of of unknown
web browser programs.
 Error messages concerning  Passwords get
to system and operating changed without your
system knowledge
 Installation of
Antivirus software
 Never open email
attachments
 Keep your operating system  Avoid usage of
and system in updated state pirated software
 Avoid clicking on links from  Keep your operating
untrusted or unknown system updated
websites  Keep your browser
 Avoid opening emails from updated as old
unknown sources versions are
 Use antivirus software and a vulnerable to linking
10. Prevention firewall to malicious websites
Boot sector virus, Direct
Action virus,
Internet worms, Instant Polymorphic virus,
messaging worms, Email Macro virus, Overwrite
worms, File sharing worms, virus, File Infector virus
Internet relay chat (IRC) worms are different types of
11. Types are different types of worms. viruses
Examples of viruses
Examples of worms include include Creeper, Blaster,
12. Examples Morris worm, storm worm, etc. Slammer, etc.
It does not need human action It needs human action to
13. Interface to replicate. replicate.
Its spreading speed is
slower as compared to
14. Speed Its spreading speed is faster. worms.
3.2.3 E-Mail related Crimes: Spoofing, Spamming, Bombing
What is spoofing?
Spoofing is a broad term for the type of behavior that involves a
cybercriminal masquerading as a trusted entity or device to get you to do
something beneficial to the hacker — and detrimental to you. Any time
an online scammer disguises their identity as something else, it’s
spoofing.
Spoofing can apply to a range of communication channels and can
involve different levels of technical complexity. Spoofing attacks
usually involve an element of social engineering, where scammers
psychologically manipulate their victims by playing on human
vulnerabilities such as fear, greed, or lack of technical knowledge.
Email spoofing
Among the most widely-used attacks, email spoofing occurs when the
sender forges email headers to that client software displays the
fraudulent sender address, which most users take at face value. Unless
they inspect the header closely, email recipients assume the forged
sender has sent the message. If it’s a name they know, they are likely to
trust it.
Spoofed emails often request a money transfer or permission to access a
system. Additionally, they can sometimes contain attachments that
install malware — such as Trojans or viruses — when opened. In many
cases, the malware is designed to go beyond infecting your computer
and spread to your entire network.
Email spoofing relies heavily on social engineering — the ability to
convince a human user to believe that what they are seeing is legitimate,
prompting them to take action and open an attachment, transfer money,
and so on.
 How to prevent spoofing
In general, following these online safety tips will help to minimize your
exposure to spoofing attacks:
1. Avoid clicking on links or opening attachments from unfamiliar
sources. They could contain malware or viruses which will infect your
device. If in doubt – always avoid.
2. Don’t answer emails or calls from unrecognized senders. Any
communication with a scammer carries potential risk and invites further
unwanted messages.
3. Where possible, set up two-factor authentication. This adds another
layer of security to the authentication process and makes it harder for
attackers to access your devices or online accounts.
4. Use strong passwords. A strong password is not easy to guess and
ideally made up of a combination of upper- and lower-case letters,
special characters, and numbers. Avoid using the same password across
the board and change your password regularly. A password manager
tool is an excellent way to manage your passwords.
5. Review your online privacy settings. If you use social networking
sites, be careful who you connect with and learn how to use your privacy
and security settings to ensure you stay safe. If you recognize suspicious
behavior, have clicked on spam, or have been scammed online, take
steps to secure your account and be sure to report it.
6. Don’t give out personal information online. Avoid disclosing personal
and private information online unless you are 100% sure it is a trusted
source.
7. Keep your network and software up to date. Software updates include
security patches, bug fixes, and new features – keeping up to date
reduces the risk of malware infection and security breaches.
8. Look out for websites, emails, or messages with poor spelling or
grammar – plus any other features that look incorrect, such as logos,
colors, or missing content. This can be a sign of spoofing. Only visit
websites with a valid security certificate.
Spamming
What is Spamming?

Spamming in cybersecurity is the act of sending unsolicited messages, often with

commercial or malicious purposes, to a large number of people. E-mails, texts &
instant messages can be used as forms of communication. Spamming can be used
to spread malware, steal personal information, or promote scams & phishing
schemes. It can also be used to overload networks & servers, causing them to
crash. It is important for individuals to be cautious when opening emails or
messages from unknown senders, & to avoid clicking on suspicious links or
providing personal information.

Types of Spam in Cybersecurity

With the evolution of technology, cybercriminals have adopted various tactics to

exploit the vulnerabilities of individuals & organizations. Through spam
messages, cybercriminals typically reach their targets.

What is spam messages, you ask? In simple terms, spam messages are
unsolicited & unwanted messages sent to a large group of people with the intent
to deceive, steal information, or spread malware. Spam messages can take
different forms. Let us see the various types of spamming in cyber security:

1. Email Spam: This type of spam is sent through email. Cybercriminals send
phishing emails that appear to be from legitimate sources, but contain
malicious links or requests for personal information.
2. Instant Messaging Spam: Instant messaging spam is sent through
messaging platforms such as WhatsApp & Telegram. They often contain
tempting offers such as job openings, contests or lottery wins that are too
good to be true.
3. Social Media Spam: There are several types of social media spam, like fake
profiles, fake likes, spam comments, & malicious links that can trick users
into downloading malware.
4. Comment Spam: Often found in the comments section of blogs, comment
spam are mostly automated messages that can include unrelated links or
promotional content.
 5. SMS Spam: This type of spam messages are sent in bulk to mobile phones.
They may contain fake lottery wins, offers for free stuff or requests to click a
link that will download malware to the phone.
6. Voice Call Spam: Cybercriminals use robocalls to make unsolicited calls to
mobile or landline phones to promote products, spread scams or demand
payments.
7. Forum & Blog Spam: Spam comments on blogs & forums are mostly
irrelevant, & could contain links that lead to malware downloads.

Bombing
What is an e-mail bomb?

An e-mail bomb is the sending of a huge number of e-mails to one

system or person. We also call it a ‘mail bomb.’ It is a kind of
technological attack or cyber attack. The e-mail bomber aims to
overwhelm a mailbox so that it shuts down. Sometimes, the whole e-
mail server shuts down too. An e-mail bomb is a form of Internet abuse
in which the attacker tries to trigger a denial-of-service situation.

E-mail bomb – two types

There are two main types of e-mail bombs, one floods the system and
the other triggers massive subscription sign ups.
Denial-of-service attack
In this type of bomb, the attacker sends a massive number of emails to
one address.
The system floods, resulting in a denial-of-service, i.e., the system
crashes.
Mass subscriptions
We call this type ‘e-mail subscription bombing.’ The attacker
automatically subscribes someone, i.e., the victim, to many electronic
mailing lists.
Each mailing list sends many messages regularly. Subsequently, there is
a flood of mail hitting the victim’s e-mail account virtually all the time.
Text bomb vs. e-mail bomb

A text bomb is like an e-mail bomb, but the attacker uses text messages
over SMS. The attacker floods the victim with SMS text messages.
Text bombing is a means of online harassment or cyber-bullying.
Some Android apps had to be banned because of text bombs. In some
cases, the bombs led to extremely high phone bills.
Some Android apps exist that can help protect the Android phone user
from bombs.

3.2.4 Denial of Service Attacks

What Is a Denial-of-Service (DoS) Attack?

A Denial-of-Service (DoS) attack is a cyberattack that floods a machine or network

with false requests in order to disrupt business operations. In a DoS attack, users
are unable to perform routine and necessary tasks, such as accessing email,
websites, online accounts or other resources that are operated by a compromised
computer or network.

While most DoS attacks do not result in lost data and are typically resolved without
paying a ransom, they cost the organization time, money and other resources in
order to restore critical business operations.

Types of DoS Attacks

There are two main types of DoS attacks:
Those that crash web-based services, called buffer overflows.
Those that flood them, called flood attacks.
Within those two categories, there are different subsets, which vary
based on the adversary’s methods, the equipment that is targeted and
how the attack is measured.
Type Description Examples

1. Buffer Buffer overflows is the Stack Overflow: Most common type of

Overflows most common form of buffer overflow attack where a computer
DoS attack. In this type program tries using memory space in
of exploit, the adversary the call stack that has been allocated to.
drives more traffic to a It overrides the boundaries in which the
network address than buffer has been on.
the system is capable of
handling. This causes Unicode Overflow: It creates a buffer
the machine to overflow through Unicode, where any
consume all available character can be created. The attack
buffers, or memory comes into play when Unicode is
storage regions that inserted on an expected ASCII input.
temporarily hold data Unicode and ASCII are encoding
while it is being standards. They allow computers to
transferred within the represent text.
network. A buffer
overflow occurs when
the volume of data
exceeds all available
bandwidth, including
disk space, memory, or
CPU, resulting in slow
performance and
system crashes.

2. Flood Flood attacks occur ICMP Floods: Commonly called smurf

Attacks when the system or ping attacks, exploit misconfigured
receives too much network devices. In these attacks, the
traffic for the server to adversaries deploy spoofed packets —
manage, causing them or the false IP addresses — that “ping”
to slow and possibly each device on the targeted network
without waiting for a reply. As the
 Type Description Examples

stop. network manages the surge in traffic,

the system will slow and possibly stop.

SYN Flood: It sends a connection

request to a server, but never completes
the metaphorical “handshake” with the
host. These requests continue to flood
the system until all open ports are
saturated, leaving no available avenues
for access for legitimate users.

3.2.5 Distributed Denial of Service Attack

What Is A DDoS Attack?

A distributed denial-of-service (DDoS) attack occurs when multiple

machines are operating together to attack one target to disrupt the normal
traffic of a targeted server, service or network by overwhelming the target or
its surrounding infrastructure with a flood of Internet traffic.

DDoS allows for exponentially more requests to be sent to the target,

therefore increasing the attack power. It also increases the difficulty of
attribution, as the true source of the attack is harder to identify.

DDoS attacks can be devasting to an online business, which is why

understanding how they work and how to mitigate them quickly is critical.

Motivations for carrying out a DDoS vary widely, as do the types of

individuals and organizations who execute DDoS attacks. Some attacks are
carried out by disgruntled individuals and hacktivists wanting to take down a
company's servers simply to make a statement, have fun by exploiting a
weakness, or express disapproval.

Other distributed denial-of-service attacks are financially motivated, such as

a competitor disrupting or shutting down another business's online operations
to steal business away in the meantime. Others involve extortion, in which
perpetrators attack a company and install ransomware on their servers, then
force them to pay a large financial sum for the damage to be reversed.

Types of DDoS Attacks

Application, Layer-7 DDoS Attacks

Application DoS attacks target resource exhaustion by using the well-
known Hypertext Transfer Protocol (HTTP) as well as HTTPS, SMTP,
FTP, VOIP and other application protocols that possess exploitable
weaknesses, allowing for DoS attacks. Much like attacks targeting
network resources, attacks targeting application resources come in a
variety of flavors, including floods and “low and slow” attacks.
 Volume-Based Attacks
Volumetric and reflection/amplification attacks take advantage of a
disparity of request and response ratios in certain technical protocols.
The attackers send packets to the reflector servers with a source IP
address spoofed to their victim’s IP, therefore indirectly overwhelming
the victim with the response packets. At high rates, these responses have
generated some of the largest volumetric DDoS attacks to date. A
common example is a reflective DNS amplification attack.
SSL/TLS And Encrypted Attacks
Attackers use SSL/TLS protocols to mask and further complicate attack
traffic in both network and application-level threats. Many security
solutions use a passive engine for SSL/TLS attack protection, meaning
they cannot effectively differentiate encrypted attack traffic from
encrypted legitimate traffic while only limiting the rate of request.

Stopping assaults like these requires DDoS mitigation that combines

automated, machine-learning based detection and mitigation capabilities
with comprehensive protection for any infrastructure: on premise,
private cloud and public cloud.

Web DDoS Tsunami Attack

Web DDoS Tsunami attacks combine application layer attack vectors,
leveraging new tools to create sophisticated attacks that are harder—and
sometimes impossible—to detect and mitigate with traditional methods.

3.3 Various crimes:

3.3.1 IPR Violations (Software piracy, Copyright
Infringement, Trademarks Violations, Theft of Computer
source code, Patent Violations)
Software piracy
Software Piracy is the illegal approach of copying, distributing,
modifying, selling, or using the software which is legally protected. So
in a simple term, we can say Software piracy is the act of stealing legal
software in an illegal way. This software piracy refers to the
unauthorized copy and use of legal software. And now this critical
problem has turned into a global issue.
Regulation for Software Piracy :
Software piracy is illegal and there are strict laws for these illegal
activities. So monetary penalties are also there for this lawbreaker who
breaks these copyright laws and creates copyright violation.
End-User License Agreement(EULA) is a license agreement which is
mostly used for software to protect its legality. It is a contract between
the manufacturer and the end-user. This rule defines the rules for legal
software. One common rule in EULA is that it prevents the user from
sharing the software with others.
Types of Software Piracy :
There are mainly 5 types of Software Piracy. Each type of software
piracy is explained well below:
1. Softlifting-
It is the most common type of software piracy. In this piracy, the
legal owner of the software is one, but the users are multiple. For
instance, someone purchases the genuine software, and others will
illegally use that software by downloading the software to their
computer.
For example, many times we borrow the software from our
colleague and install a copy of that on our computer just to save the
money which rises to softlifting one type of software piracy.
2. Hard-disk Loading-
It is the most common type of software piracy which mainly happens
in PC resell shops. The shop owner buys a legal copy of the software
and reproduces its copies in multiple computers by installing it.
Most of the time customers/PC users are not aware of these things
and get the pirated version of the software in the original S/W price
or less than the original price. It is one type of Commercial software
piracy.
3. Counterfeiting-
In counterfeiting the duplicates are created of genuine/legal software
programs with the appearance of authenticity. Then these duplicate
software are sold out at less price.
4. Client-Server overuse –
In client-server overuse, more copies of the software are installed
than it has licensed for. Mainly it has seen in local business sectors
when they work under a local area n/w and install the software in all
 the computers for use by a number of employees which is an
unauthorized practice.
5. Online Piracy-
In online piracy, the illegal software is acquired from online auction
sites and blogs which is mainly achieved through the P2P(Peer to
Peer) file-sharing system. As it is acquired by means of the Internet,
often it is called Internet Piracy.

Copyright Infringement

Copyright infringement refers to the unauthorized use of

someone’s copyrighted work. Thus, it is the use of someone’s
copyrighted work without permission thereby infringing certain
rights of the copyright holder, such as the right to reproduce,
distribute, display or perform the protected work.

Section 51 of the Copyright Act specifies when a copyright is

infringed. According to Section 51 of the Act, Copyright is
deemed to be infringed if:

 A person without obtaining the permission of the

copyright holder does any act which only the copyright
holder is authorised to do.
 A person permits the place to be used for
communication, selling, distribution or exhibition of an
infringing work unless he was not aware or has no reason
to believe that such permission will result in the violation
of copyright.
 A person imports infringing copies of a work
  A person without obtaining the authority from the
copyright holder reproduces his work in any form.

Copyright Infringement examples

 If a person uses someone’s song as background music in
his/her music video then he could be made liable for
copyright infringement.
 If a person downloads movies or songs from an
unauthorized source then it will amount to copyright
infringement.
 A person is free to record a TV program to view it later,
but if he transfers or distributes it to others then it
becomes a copyright infringement.

Copyright infringement elements

 The work was the original creation of the author
 The defendant actually copied the work of the
author. It is important to note that not all factually
copying is legally actionable. The substantial
similarity between the works of the author and the
defendant has to be established to prove that the
defendant has infringed the author’s copyright.
Types of Copyright Infringement
Copyright infringement can be broadly
classified into two categories:
1.Primary Infringement
2.Secondary Infringement

Primary Infringement
Primary infringement refers to the real act of
copying the work of the copyright holder. For
example, photocopying a book and then
distributing it for commercial purposes.
However, sometimes a person may only copy a
part of the work, for example, a paragraph of an
article. In such a case, the copyright holder is
required to establish two things:

 Substantial Taking
A copyright is infringed only when an
unauthorized person copies a substantial part of
the work. For example, copying a catchy phrase
of a lyricist.
While deciding the case, the court also tries to
conceive, how an ordinary person will perceive
the work. If an ordinary person will perceive
that the work is copied from a different source
then it will be considered infringement.
If the writing style, language and errors are
similar to the copyrighted work then it will
serve as evidence of copying in a court of law.
The minor alterations made by the person in the
work of a copyright holder will not affect the
claim of infringement.

 Casual Connection
The copyright holder must prove that there is a
similarity in the works of the copyright holder
and the infringer. However, this may be because
of several other reasons like both of them have
used the same source for the research. In such a
case, the copyright holder can not claim for
infringement.

Secondary Infringement
Secondary Infringement refers to the
infringement of copyright work without actually
copying it. This can happen in the following
ways:

 Providing a place for Copyright

Infringement
If a person provides the place or permits the
place (for profit) to be used for communicating
of the work the public and such work amounts
to copyright infringement then such person can
be made liable for the offence of copyright
imprisonment. However, if the person is
unaware or has no reason to believe that the
place is used for copyright infringement then
cannot be made liable for the same.
It is important to note that the person should let
the place for “profit” to be made liable for
copyright infringement. If an NGO lets the place
then the NGO cannot be made liable for the
same.

 Selling Infringing Copies

If a person sells the copies that infringe the right
of the copyright holder then it will amount to
copyright infringement.

 Distributing Infringing Copies

When a person distributes infringing copies of
the copyright holder works then it will amount
to copyright infringement. For example, if a
person uploads a movie on the internet for free
then it is an infringement of copyright.

 Importing Infringing Copies

Importing the infringed work of the copyright
holder in India also amounts to infringement of
Copyright. However, if the person has imported
the infringed work for the domestic or personal
 use then it will not amount to Copyright
Infringement.

Trademarks Violations
What is a Trademark?
 A trademark is a symbol, design, word or phrase that is
identified with a business and when a trademark is registered, its
owner can claim “exclusive rights” on its use.
 The Trademark Act 1999 guarantees protection for a
trademark that is registered with the Controller General of
Patents, Designs, and Trademarks, also known as
the trademark registry.
 A trademark is valid for 10 years, and can be renewed by the
owner indefinitely every 10 years.
What Constitutes a Trademark Violation?
 Using a registered trademark without authorisation of the
entity that owns the trademark is a violation or infringement
of the trademark.
 There are several ways in which a trademark can be infringed
such as Deceptive similarity, passing off (Say, a brand logo is
misspelt in a way that’s not easy for the consumer to discern).
 In such cases, courts have to determine whether this can cause
confusion for consumers between the two.
 In such cases, the infringing products need not be identical, but
similarity in the nature, character and performance of the goods
of the rival traders has to be established.
o For example, Cadila Healthcare Limited vs Cadila
Pharmaceuticals Limited.
 There are two types of infringement – direct and indirect
infringement.

 Direct Infringement
 Unauthorized person – this means a person who is not the
owner or the licensee of the registered trademark.
 ‘Identical’ or ‘Deceptively similar ‘– the test for determining
whether marks are identical or not is by determining whether
there is a chance for a likelihood of confusion among the public.
If the consumers are likely to get confused between the two
marks, then there is an infringement.
 Registered Trademark – You can only infringe a registered
trademark. For an unregistered Trademark, the common law
concept of passing off will apply.
 Goods/ Services – In order to establish infringement even the
goods/ services of the infringer must be identical with or similar
to the goods that the registered Trademark represents.
Indirect infringement

 Indirect infringement is a common law principle that holds

accountable not only the direct infringers but also the people
who induce the direct infringers to commit the infringement.
 Indirect infringement is also known as secondary liability has
two categories: contributory infringement and vicarious
liability.
 A person will be liable for contributory infringement in two
circumstances:
o When a person knows of the infringement
o When a person materially contributes or induces the direct
infringer to commit the infringement.
 A person will be vicariously liable under the following
circumstances:
o When the person has the ability to control the actions of the
direct infringer.
o When a person derives a financial benefit from the infringement.
o When a person has knowledge of the infringement and
contributes to it.

Theft of Computer source code

What is Source Code Theft?

Source code theft is an act of stealing the unique code of any
software generated by companies. This software helps the
company in many scenarios such as keeping financial records,
preserving confidential data, and improving communication.
However, once hackers gain illegal access to the software, they
might edit the source code to suit their purposes. This also grants
the hacker unfettered access to the company’s computer system
which poses a serious risk to an organization.

What is the Punishment Under the Law for Source Code

Theft?
Stealing the source code of another person or organization is a
cybercrime in India.
This crime is punishable under Section 43, 65, 66 & 66B of
the Information Technology Act, 2000. Also, under Section
63 of the Copyright Act, 1957.
The Information Technology Act, 2000
Section 43 – Fine and Reimbursement for damage to the
computer, computer system, etc.
For claims up to Rs 5 Crore, the petitioner can approach the
Adjudicating officer (Who is an IT Secretary of each state)
However, for claims more than Rs 5 Crore, the petitioner
needs to approach the Competent Court.
Section 65 – Altering Computer Source Documents
For this act, the law penalizes the individual with imprisonment
for up to three years or a fine of up to two lakh rupees or
both. Sample Certificate 65b for admissibility of Electronic
Evidence.
Section 66 – Computer-related Infringements
If a person commits the act specified in Section 42 dishonestly
or fraudulently, he faces up to three years in jail or a fine of five
lakh rupees, or both.
Section 66B – Penalty for Accepting Stolen Computer
Resources or Communication Devices Dishonestly.
The Copyright Act, 1957
Section 63 – Infringement of Copyright or other Rights
Conferred by this Act
Any person who intentionally infringes or aids in the
infringement of:
(a) the copyright in work (SourceCode), or
(b) any other right conferred by this Act, excluding the right
given by section 53A.
For this, the person is imprisoned for a term ranging from 6
months to 3 years. In addition, a fine of Rs 50,000 Rs 2
lakhs is levied.

To Prevent Source Code Theft

To safeguard yourself during development, avoid sharing access
to the computer or network where the software is hosted.
1. Always register the copyright for the computer program,
source code, and documentation for greater protection and
legal recourse.
2. Always have a Non-Disclosure Agreement in place with
each contractual party.
3. Train and prepare employees against phishing attacks and
data breaches.
4. Always have a License Agreement in place with your
clients.
Patent Violations
A patent is the most important form of Intellectual Property. The
government granted a set of absolute rights to an inventor or its
assignee for a limited period, in exchange for public disclosure
of the invention. In simple words, “Patent Infringement” means
encroachment upon the patent rights of the patent holder or
patentee, where the patent is valid and enforceable by law in a
specific jurisdiction. In India, the Patent Act of 1970 governs all
the matters related to Patents and this act was amended in 1999,
2002, and 2005 to comply with the WIPO and TRIP guidelines
on Patents. Since the 2005 amendments, there are many suit files
on the infringement of patent rights and therefore patent
jurisprudence has been cognate over the years with several
judgments on that cases related to the infringement of patent
rights by the High court and Supreme Court.

Types of Patent Infringement There are many types of patent

infringement which are given following:
1. Direct Infringement: Making, selling, or importing
something without getting a license from the patent holder
that is called a direct infringement of patent rights. This act
must complete willfully by the offender.
2. Indirect Infringement: Indirect infringement which includes
contributory infringement and inducement to infringe a patent.
Under these terms, even if a company does not the one that
initially infringed on the patent, that company can still be held
accountable for patent infringement.
3. Contributory Infringement: This kind of infringement
includes purchasing or importing a part that helps create a
patented item. To prove contributory infringement, one must
show that the main use of the component would be to create a
patented item. The comprehensive good that has other uses
usually doesn’t qualify in proving contributory infringement.
4. Induced Infringement: When a person or company aids in
patent infringement by providing components or helping to
make a patented product then occur induced infringement. It
occurs by offering instructions, preparing instructions, or
licensing processes.
5. Willful Infringement: Willful infringement exists when a
person determines complete disregard for a patent that is
someone else’s patent. It is especially damaging to defendants in
a civil suit. If they are found guilty then the penalties are much
higher, typically defendant must pay all pleader costs and court
costs
6. Literal Infringement: To prove literal infringement, there
must be a direct correspondence between the infringing device
or process and the patented device or process.
7. The doctrine of Equivalents: Even if the method doesn’t
exactly infringe a patent then a judge might find in favor of the
patent holder. If the device or method does the same thing and
produces the same results then it could be an infringement.
There are five ways to justify a case of patent infringement:
Doctrine of Equivalents
The Doctrine of Complete Coverage
Doctrine of Compromise
Doctrine of Estoppel
Doctrine Of Superfluity

3.3.2 Cyber Squatting, Cyber Smearing, Cyber Stacking

What is cybersquatting?

Cybersquatting refers to the act of registering or using a

domain name to profit from a trademark, corporate name,
or personal name of an individual.

In the context of this cybersquatting definition, domain

squatting takes place as either a form of extortion or as an
attempt to steal business from a rival. It is possible,
however, that a domain was registered in good faith. In
this case, it would not be cybersquatting. In other words,
domain squatting does not occur when a valid business
name is registered without any ill intention—even if the
name is already in use.

Types of Cybersquatting
There are several different kinds of cybersquatting, all of
which are illegal.
Typo squatting
One of the most prevalent forms of cybersquatting is typo
squatting. In this case, the cyber squatter purchases
misspelled domain names for well-known brands on
purpose. The objective is to take users to a fraudulent
website if they type a domain name incorrectly.

Typo squatting focuses on altering a domain's original

spelling by introducing or deleting numbers, letters, or
periods. It also entails changing the sequence of the letters
or words inside a domain. In essence, typo squatting
refers to taking advantage of potential typos.

For instance, the following can be considered typo

squatting:

Yajoo.com
Googgle.com
Fxnews.com
ABCnewss.com
Identity Theft
Cybersquatting can also be used for identity theft because
someone can take a company’s identity and use it to
create a similar Uniform Resource Locator (URL). If a
user goes to that company’s website, they may end up on
the fake site instead. At that point, the cyber squatter has,
in effect, stolen the digital identity of their target.

For example, suppose your company just announced a

joint venture with another organization and you have not
purchased a URL yet. Your company’s name is Sky
Computing, and the company you are joining forces with
is Reach Digital. You send out a press release, stating that
the name of the joint venture will be Sky Reach.

A cyber squatter wanting to take advantage of this

“opportunity” can then hop online and register
“skyreach.com.” When you register the URL you want,
you see that it is already taken. This is illegal, and through
the legal process, you can have the domain
“skyreach.com” transferred to either your company, the
partner company, or the joint venture.
Name Jacking
In the United States, personal names can be trademarked.
This usually only happens if the names have developed a
secondary significance in the marketplace (such as Prince
or Shakira). The ACPA may not always apply to name
jacking because someone may have the same name as a
celebrity, making it very hard to prove the domain
registration was done in bad faith.

Name jacking can also occur on social media. Even

without a registered domain name, creating a profile that
represents a celebrity or well-known person may be
considered cybersquatting. Given the abundance of fan
sites now online, this is a gray area. However, if the
website starts selling goods that violate the victim’s
trademark or without proper licensing, that can help build
the case for cybersquatting.

Reverse Cybersquatting
Reverse domain name hijacking (RDNH), also known as
reverse cybersquatting, is a technique that is, in some
ways, the opposite of cybersquatting. While purchasing a
domain name that contains a trademark with the goal of
making money off that trademark is cybersquatting,
reverse domain hijacking is a little different. It happens
when a person or business makes a false claim that she,
he, or it owns a trademark and then takes unjustified steps
to take your legitimate domain name away.

For example, suppose you registered a URL,

IndustrialChemicals.com. Someone can start a business,
name it Industrial Chemicals, and then claim that you are
cybersquatting using their business name. In reality, they
are trying to use ACPA to enable their own
cybersquatting.

Cyber smearing
What is cyber smearing?
“Cyber smear” is the practice of anonymously posting
messages on the Internet through the use of message
boards and chat rooms, which assert disparaging, or even
defamatory, rumors or statements about a company, its
executives or its stock.
Cyber Stalking
In Cyber Stalking, a cybercriminal uses the internet to
consistently threaten somebody. This crime is often
perpetrated through email, social media, and the other
online medium. Cyber Stalking can even occur in
conjunction with the additional ancient type of stalking,
wherever the bad person harasses the victim offline.
There’s no unified legal approach to cyber stalking,
however, several governments have moved toward
creating these practices punishable by law. Social media,
blogs, image sharing sites and lots of different ordinarily
used online sharing activities offer cyber Stalkers with a
wealth of data that helps them arrange their harassment. It
includes actions like false accusations, fraud, information
destruction, threats to life and manipulation through
threats of exposure. It has stalkers take the assistance of
e-mails and other forms of message applications,
messages announce to an online website or a discussion
cluster, typically even the social media to send unwanted
messages, and harass a specific person with unwanted
attention. Cyber Stalking is typically cited as internet
stalking, e-stalking or online stalking.
Types of Cyber Stalking:
 Webcam Hijacking: Internet stalkers would attempt

to trick you into downloading and putting in a

malware-infected file that may grant them access to
your webcam. The method is therefore sneaky that it’s
probably you wouldn’t suspect anything strange.
 Observing location check-ins on social media: In

case you’re adding location check-ins to your

Facebook posts, you’re making it overly simple for an
internet stalker to follow you by just looking through
your social media profiles.
 Catfishing: Catfishing happens via social media sites,

for example, Facebook, when internet stalkers make

counterfeit user-profiles and approach their victims as
a companion of a companion.
 Visiting virtually via Google Maps Street View: If a

stalker discovers the victim’s address, then it is not

hard to find the area, neighborhood, and surroundings
by using Street View. Tech-savvy stalkers don’t need
that too.
 Installing Stalkerware: One more method which is

increasing its popularity is the use of Stalker ware. It is

 a kind of software or spyware which keeps track of the
location, enable access to text and browsing history,
make an audio recording, etc. And an important thing
is that it runs in the background without any
knowledge to the victim.
 Looking at geotags to track location: Mostly digital
pictures contain geotags which is having information
like the time and location of the picture when shot in
the form of metadata. Geotags comes in the EXIF
format embedded into an image and is readable with
the help of special apps. In this way, the stalker keeps
an eye on the victim and gets the information about
their whereabouts.

3.3.3 Financial Crimes: (Banking, credit card, Debit

card related)

What Is Bank Fraud?

Bank fraud is a form of financial crime which involves
the misuse of a financial institution or its services for
personal gain or to commit other criminal activities. It can
involve a variety of techniques, such as creating false
accounts, using false identities, or manipulating account
records. It can also involve using stolen credit cards,
 ATM cards, or other forms of unauthorised access to a
financial institution’s funds. Bank fraud is a serious crime
and can result in serious penalties, including fines,
imprisonment, and even the loss of business licenses.

Credit Card Fraud Definition

Credit card fraud is the unauthorized use of a debit or
credit card to make purchases or withdraw cash. In 2021,
there were 389,845 reports of credit card fraud in the US
with the Federal Trade Commission reporting it to be the
most common type of identity fraud affecting people aged
20-39.

How Does Credit Card Fraud Happen?

Credit card fraud happens when a criminal steals someone
else’s credit card information and uses it for their own
financial gain.
Traditionally, credit card fraud occurred when a physical
card was stolen from the owner. With contemporary
credit card fraud, it is increasingly likely a fraudster will
obtain a victim’s credit card details, but not the physical
card.
The two main types of credit card fraud are:
 Application fraud
 Account takeover fraud
With application fraud, a fraudster uses illegally obtained
credit card information to open a new account in the
victim’s name. The criminal may have stolen or bought
the victim’s details from the dark web.
With account takeover fraud, a criminal uses a victim’s
personal identifying information to take control of their
account and misappropriate funds.
Unit-4

4.1 Concepts of Cyber Security:

4.1.1 Types of Threats

4.1.2 Advantages of Cyber Security

4.2 Basic Terminologies:

4.2.1 IP Address, MAC Address

4.2.2 Domain name Server (DNS)

4.2.3 DHCP, Router, Bots

4.3 Common Types of Attacks:

4.3.1 Distributed Denial of Service

4.3.2 Man in the Middle, Email Attack

4.3.3 Password Attack, Malware

4.4 Hackers:

4.4.1 Various Vulnerabilities:

4.4.1.1 Injection attacks, Changes in security settings

4.4.1.2 Expouser of Sensitive Data

4.4.1.3 Breach in authentication protocol

4.4.2 Types of Hackers: White hat and Black hat

4.1 Concepts of Cyber Security:

4.1.1 Types of Threats

4.1.2 Advantages of Cyber Security

4.1 Concepts of Cyber Security

Cyber Security is the body of technologies, processes, and practices designed to
protect networks, devices, programs, and data from attack, theft, damage,
modification or unauthorized access. It’s also known as Information Security
(INFOSEC), Information Assurance (IA), or System Security.
 4.1.1 Types of Threats

 ter, it executes its malicious functionality.

 Remote Access Trojan (RAT): RATs are a type of trojan designed to serve as
an access point for follow-on attacks. Once the malware is running on the
infected computer, it provides the attacker with remote access and control,
enabling them to download other malware, steal sensitive data, or take other
actions.

 Spyware: Spyware is malware designed to spy on and collect information

about the user of an infected computer. Spyware may be designed to steal
user credentials, financial data, and other sensitive and potentially valuable
information that the attacker could sell or use in future attacks.

 Cryptojacking: Proof of Work (PoW) cryptocurrencies use a computationally

expensive process called mining to create new blocks on the blockchain.
Cryptojacking malware performs mining operations on an infected machine,
using the victim’s computational power to create blocks and earn
cryptocurrency for the attacker.

Social Engineering Attacks

Social engineering attacks use trickery, coercion, and other forms of
psychological manipulation to get the target to do what the attacker wants.
Some examples of common social engineering tactics include:

 Phishing: Phishing attacks use social engineering techniques to try to trick the
recipient into taking an action that benefits the attacker. Phishing messages
— sent over email, social media, corporate communications apps, or other
messaging platforms — typically are designed to trick a target into clicking a
malicious link, opening a malicious attachment, or handing over sensitive
information such as login credentials.

 Spear Phishing: Spear phishing attacks are phishing attacks that are targeted
at a particular person or group and use information about their target to make
 the pretext of the phishing message more believable. For example, a spear
phishing email to an employee in the finance department may claim to be an
unpaid invoice from one of the company’s legitimate vendors or suppliers.

 Smishing: Smishing attacks are phishing attacks performed using SMS text
messages. These attacks take advantage of the features of mobile devices,
such as the common use of link shortening services (such as bit.ly) and the
ability to mouse over a link to check its destination in SMS messages.

 Vishing: Vishing attacks use many of the same techniques as phishing but are
performed over the phone. The attacker attempts to talk the target into
performing some action or handing over sensitive data, such as payment card
information or login credentials.

Web Application Attacks

Web applications make up a significant portion of an organization’s public-
facing digital attack surface. Some of the most common and high-impact
vulnerabilities in web applications are the following:

 SQL Injection (SQLI): SQL, which is used when interacting with a database,
intermingles data and instructions, often separated by single (‘) or double (“)
quotes. SQLI attackers provide deliberately malformed data that is used in an
SQL query so that part of the attacker-provided data is interpreted as a
command, enabling the attacker to control the action performed on the
database.

 Remote Code Execution (RCE): RCE vulnerabilities are those that allow an
attacker to execute code on the system hosting a vulnerable application. For
example, an attacker may be able to exploit a buffer overflow vulnerability to
run their malicious commands.

 Cross-Site Scripting (XSS): HTML web pages allow scripts to be embedded

alongside the data defining the contents and structure of the web page. XSS
attacks exploit injection, access control, or other vulnerabilities to insert
malicious scripts into a page. These scripts are then run every time a user
 visits the page, allowing the attacker to steal sensitive information (login
credentials, payment card data, etc.) or run malicious code.

Supply Chain Attacks

Supply chain attacks exploit an organization’s relationships with external parties.
Some of the ways in which an attacker can take advantage of these trust
relationships include:

 Third-Party Access: Companies commonly allow their vendors, suppliers,

and other external parties to have access to their IT environments and
systems. If an attacker can gain access to a trusted partner’s network, they
can exploit the partner’s legitimate access to a company’s systems.

 Trusted External Software: All companies use third-party software and allow
it inside their networks. Like in the SolarWinds hack, if an attacker can insert
malicious code into third-party software or an update to it, that malicious code
may be trusted within the organization’s environment, providing access to
sensitive data and critical systems.

 Third-Party Code: Nearly all applications incorporate third-party and open-

source code and libraries. This external code may include exploitable
vulnerabilities, such as Log4j, or malicious functionality inserted by an attacker.
If an organization’s applications rely on vulnerable or malicious code, they
may be vulnerable to attack or misuse.

DoS Attacks
Denial of Service (DoS) attacks are designed to disrupt the availability of a
service. Common DoS threats include the following:

 Distributed DoS (DDoS) Attacks: In a DDoS attack, multiple machines —

typically infected computers or cloud-based resources — send many spam
requests to a service. Since an application, the system that hosts it, and its
 network connections all have finite bandwidths, the attacker can exceed these
thresholds and render the service unavailable to legitimate users.

 Ransom DoS (RDoS) Attacks: In an RDoS attack, the attacker demands a

ransom to not perform a DDoS attack against an organization or to stop an
ongoing DDoS attack. These attacks may be standalone campaigns or
combined with a ransomware attack to provide the attacker with additional
leverage to force the victim to pay the ransom.

 Vulnerability Exploitation: Applications may have logical errors, such as a

buffer overflow vulnerability, that could cause them to crash if exploited. If an
attacker exploits these vulnerabilities, they could perform a DoS attack against
the vulnerable service.

MitM Attacks
Man-in-the-Middle (MitM) attacks are focused on intercepting
communications. Some MitM threats include:

 Man-in-the-Middle (MitM) Attack: In a MitM attack, the attacker intercepts

traffic between its source and destination. If the traffic is not protected by
encryption and digital signatures, this might allow the attacker to read and
modify the intercepted traffic.

 Man-in-the-Browser (MitB) Attack: In a MitB attack, the attacker exploits

vulnerabilities in a user’s browser to implant malicious code in the browser.
This allows the attacker to read or modify data before it is viewed by the user
or sent to the server.

Advantages of Cyber Security

With the groundbreaking role of cyber security, its benefits are numerous, here are some of the
advantages of cyber security.

1. Protection of Sensitive Data

Cyber security actions shield sensitive data from unsanctioned access, aiding in maintaining privacy
and averting identity theft.

2. Business Continuity
By preventing cyber attacks, organizations can ensure the availability of their systems and services,
minimizing downtime and potential losses.

3. Compliance with Regulations

Adhering to cyber security standards and regulations can protect businesses from legal issues and
potential fines.

4. Enhanced Customer Trust

One of the major benefits of cyber security is building customer trust. A strong cyber security posture
helps organizations build trust with their customers, partners, and stakeholders.

5. Competitive Benefit
Companies with robust cyber security measures in place are less vulnerable to cyber-attacks and can
gain a competitive edge over competitors who may not prioritize security.

6. Early Detection and Response

Proactive cyber security measures can help organizations detect threats early and respond effectively,
minimizing potential damage and disruption.

7. Intellectual Property Protection

Robust cyber security helps protect intellectual property (IP), such as patents, trade secrets, and
copyrighted material, ensuring the organization’s competitive advantage is maintained.

8. Reputation Protection
A strong cyber security posture helps organizations avoid reputational damage caused by data
breaches and other cyber incidents, which can lead to loss of customer trust and decreased business
opportunities.

9. Enhanced Collaboration
Secure communication platforms and tools enable teams to collaborate effectively and share sensitive
information without worrying about unauthorized access or data leaks.

10. Remote Work Security

As remote work becomes increasingly common, cyber security measures ensure the secure access
and use of organizational resources, maintaining productivity while reducing risks associated with
remote work environments.

4.2 Basic Terminologies:

4.2.1 IP Address, MAC Address

4.2.2 Domain name Server(DNS)

4.2.3 DHCP, Router, Bots

S.NO MAC Address IP Address

S.NO MAC Address IP Address

MAC Address stands for Media IP Address stands for Internet Protocol
1.
Access Control Address. Address.

MAC Address is a six byte IP Address is either a four-byte (IPv4)

2.
hexadecimal address. or a sixteen-byte (IPv6) address.

A device attached with MAC

A device attached with IP Address can
3. Address can retrieve by ARP
retrieve by RARP protocol.
protocol.

NIC Card’s Manufacturer Internet Service Provider provides IP

4.
provides the MAC Address. Address.

MAC Address is used to ensure

IP Address is the logical address of the
5. the physical address of a
computer.
computer.

MAC Address operates in the IP Address operates in the network

6.
data link layer. layer.

MAC Address helps in simply IP Address identifies the connection of

7.
identifying the device. the device on the network.

MAC Address of computer

IP Address modifies with the time and
8. cannot be changed with time
environment.
and environment.

MAC Addresses can’t be found IP Addresses can be found by a third

9.
easily by a third party. party.

It is a 48-bit address that IPv4 uses 32-bit addresses in dotted

contains 6 groups of 2 notations, whereas IPv6 uses 128-bit
hexadecimal digits, separated addresses in hexadecimal notations.
10. by either hyphens (-) or
colons(.). Example:

Example: IPv4 192.168.1.1

S.NO MAC Address IP Address

00:FF:FF:AB:BB:AA IPv6 FFFF:F200:3204:0B00

or
00-FF-FF-AB-BB-AA

No classes are used for MAC IPv4 uses A, B, C, D, and E classes

11.
addressing. for IP addressing.

MAC Address sharing is not In IP address multiple client devices

12.
allowed. can share the IP address.

MAC address help to solve IP IP addresses never able to solve MAC

13.
address issue. address issues.

MAC addresses can be used The IP address can be used for

14.
for broadcasting. broadcasting or multicasting.

MAC address is hardware

15. IP address is software oriented.
oriented.

While communication, Switch

While communication, Router need IP
16. needs MAC address to forward
address to forward data.
data.

Domain Name Server

The client machine sends a request to the local name server, which, if the root
does not find the address in its database, sends a request to the root name
server, which in turn, will route the query to a top-level domain (TLD) or
authoritative name server. The root name server can also contain some
hostname to IP address mappings. The Top-level domain (TLD) server always
knows who the authoritative name server is. So finally the IP address is
returned to the local name server which in turn returns the IP address to the
host.
Domain Name Server
4.2.3 DHCP, Router, Bots

DHCP
DHCP stands for Dynamic Host Configuration Protocol. It is the critical feature
on which the users of an enterprise network communicate. DHCP helps
enterprises to smoothly manage the allocation of IP addresses to the end-user
clients’ devices such as desktops, laptops, cellphones, etc. is an application
layer protocol that is used to provide:
Subnet Mask (Option 1 - e.g., 255.255.255.0)
Router Address (Option 3 - e.g., 192.168.1.1)
DNS Address (Option 6 - e.g., 8.8.8.8)
Vendor Class Identifier (Option 43 - e.g.,
'unifi' = 192.168.1.9 ##where unifi = controller)
Working of DHCP
The working of DHCP is as follows:
DHCP works on the Application layer of the TCP/IP Protocol. The main task of
DHCP is to dynamically assigns IP Addresses to the Clients and allocate
information on TCP/IP configuration to Clients. For more, you can refer to the
Article Working of DHCP.
The DHCP port number for the server is 67 and for the client is 68. It is a
client-server protocol that uses UDP services. An IP address is assigned from a
pool of addresses. In DHCP, the client and the server exchange mainly 4 DHCP
messages in order to make a connection, also called the DORA process, but
there are 8 DHCP messages in the process.

Advantages of DHCP
The advantages of using DHCP include:
 Centralized management of IP addresses.
 Centralized and automated TCP/IP configuration.
 Ease of adding new clients to a network.
 Reuse of IP addresses reduces the total number of IP addresses that are
required.
 The efficient handling of IP address changes for clients that must be updated
frequently, such as those for portable devices that move to different
locations on a wireless network.
 Simple reconfiguration of the IP address space on the DHCP server without
needing to reconfigure each client.
 The DHCP protocol gives the network administrator a method to configure
the network from a centralized area.
 With the help of DHCP, easy handling of new users and the reuse of IP
addresses can be achieved.

Disadvantages of DHCP
The disadvantage of using DHCP is:
 IP conflict can occur.
 The problem with DHCP is that clients accept any server. Accordingly, when
another server is in the vicinity, the client may connect with this server, and
this server may possibly send invalid data to the client.
 The client is not able to access the network in absence of a DHCP Server.
 The name of the machine will not be changed in a case when a new IP
Address is assigned.

Router
What is a router?
A router is a physical or virtual appliance that passes information
between two or more packet-switched computer networks. A router
inspects a given data packet's destination IP address, calculates the best
way for it to reach its destination and then forwards it accordingly.

A router is a common type of gateway. It is positioned where two or

more networks meet at each point of presence on the internet. Hundreds
of routers might forward a single packet as it moves from one network to
the next on the way to its final destination. Routers exist on Layer 3,
the network layer, of the Open Systems Interconnection model.

Traditional routers are standalone devices that use proprietary software.

A virtual router is a software instance that performs the same functions
as a physical router. Virtual routers typically run on commodity servers,
either alone or packaged with other virtual network functions, such as
Firewall packet filtering, load balancing and WAN optimization
capabilities.

Types of routers
Some of the different types of routers include the following:

 Core routers.
 Edge routers.
 Branch routers.
 Logical routers.
 Wireless routers.
Core routers

ISPs use core routers, which are the fastest and most powerful type of
router. Core routers sits at the center of the internet and forward
information along the main fiber optic backbone. Enterprise routers
connect large organizations' networks to core routers.

Edge routers

An edge router, also known as an access router, is a lower-capacity

device that resides at the boundary of a LAN and connects it to the
public internet, a private WAN or an external LAN. Subscriber edge
routers are edge routers used in home and small office routers.

Branch routers

Branch routers link an organization's remote office locations to its

WAN, connecting to the primary campus network's edge routers. Branch
routers often provide additional features, like time-division multiplexing,
wireless LAN management capabilities and WAN application
acceleration.

Logical routers

A logical router is a configured partition of a traditional network

hardware, or physical, router. It replicates the hardware's functionality,
creating multiple routing domains within a single router. Logical routers
perform a subset of the tasks that physical routers can complete, and
each logical router can contain multiple routing instances and routing
tables.

Wireless routers

A wireless router works in the same way as the router in a hard-wired

home or business LAN but enables greater mobility for notebook or
portable computers. Wireless routers use the 802.11g specification, a
standard that offers transmission over short distances.

What Are Bots

An Internet bot is a software application that runs automated tasks over

the internet. Tasks run by bots are typically simple and performed at a
much higher rate compared to human Internet activity.

Some bots are legitimate—for example, Googlebot is an application

used by Google to crawl the Internet and index it for search. Other bots
are malicious—for example, bots used to automatically scan websites
for software vulnerabilities and execute simple attack patterns.

4.3 Common Types of Attacks:

4.3.1 Distributed Denial of Service

4.3.2 Man in the Middle, Email Attack

4.3.3 Password Attack

Password attacks involve abusing a compromised authorization

vulnerability in the system, in combination with automatic
password attack tools that accelerate password guessing and
cracking.
The attacker employs a variety of tactics to gain access to and
reveal an authorized user's credentials, and impersonate their
identity and privileges. The username-password combination is
one of the oldest known account authentication techniques.
Adversaries have had time to devise various approaches for
obtaining guessable passwords.
Furthermore, because their vulnerabilities are generally known,
applications that rely solely on password authentication are
vulnerable to password attacks.
Types of password attacks
Hackers often utilize various strategies to gain and
authenticate with a valid user's password. These include
the following:
Phishing attacks
A phishing attack is by far the most common type of
password attack. It uses a social engineering approach in
which the hacker masquerades as a trustworthy site by
giving the victim a malicious link. The victim assumes they
are authenticating to a legitimate web server and clicks the
link, supplying the attacker with their account details.
Brute-force password attacks
The brute-force attack uses trial-and-error approaches to
guess a user's login details. Hackers use automated
scripts to run through as many permutations as possible to
guess the user's password successfully. While this is an
old method that involves a lot of patience and effort, a
brute force attack is still used in account breach attempts.
This is because it is automated and relatively simple.
Dictionary password attacks
The dictionary password attack technique employs a
prepared list of terms most likely to be used as passwords
by a given target network. The list is prepared by
analyzing a user's behavior patterns and passwords
retrieved from prior data breaches. The lists are generated
by altering common word combinations by case, adding
numeric suffixes and prefixes, and employing common
phrases. These lists are then fed into an automated
application, which attempts to authenticate against a
database of known usernames.
Password spraying attack
In password spraying, the hacker attempts to
authenticate using the same password on multiple
accounts before resetting the password. This is effective
because most website users use easy passwords, and the
practice doesn't break lockout regulations because it uses
many accounts. Attackers typically orchestrate password
spraying on websites where administrators specify a
uniform default password for new users and unregistered
accounts.
Keylogging
During a keylogging attack, a hacker installs monitoring
tools on the user's computer to record the keys the user
presses secretly. A keylogger collects all information that
users enter into input fields, and transfers it to a malicious
third party. While keyloggers are often used in workplace
settings, attackers utilize them maliciously to acquire
information such as login credentials for unauthorized
access.
Prevention
Some best practices to avoid password attacks are as
follows:
 Enforcing strong password policies
 Enabling multi-factor authentication
 Providing training on password security awareness
 Using password managers
Hackers are always in search of adopting new
technologies to attempt password attacks. For this
purpose, users must strictly enforce prevention measures
to avoid becoming victims of such attacks.
4.4 Hackers:

4.4.1 Various Vulnerabilities:

4.4.1.1 Injection attacks, Changes in security settings

4.4.1.2 Expouser of Sensitive Data

4.4.1.3 Breach in authentication protocol

4.4.2 Types of Hackers: White hat and Black hat

4.4.1.1 Injection attacks

Types of Injection attacks
The following types of attacks are considered Injection attacks:
Attack type Attack description
Allows an attacker to use an error page returned by the database
Blind SQL server to ask a series of True and False questions using SQL
Injection statements in order to gain total control of the database or
execute commands on the system.
Allows an attacker who does not know the structure of an XML
Blind XPath
document to use methods that attempt to determine the structure
Injection
of the document.
Alters the flow of an application by overwriting parts of
Buffer Overflow memory.

Alters the flow of an application by using string formatting

library features to access other memory space.
Format String
Attack In this type of attack, data provided by users might be used as
formatting string input for certain C/C++ functions (for
example: fprintf, printf, sprintf, setproctitle, syslog).
Exploits web sites that construct LDAP (Lightweight Directory
Access Protocol) statements from data provided by users.
LDAP Injection
In this type of attack, an attacker might modify LDAP
statements using a local proxy in order to execute arbitrary
Attack type Attack description
commands (granting permissions to unauthorized queries) or
modify the content of the LDAP tree.

Exploits web sites by injecting an operating system command

OS through an HTTP request to the web application.
Commanding
In this type of attack, an attacker might upload malicious
programs or obtain passwords.
Takes advantage of the SQL syntax to inject commands that can
read or modify a database, or compromise the meaning of the
original SQL query.
SQL Injection
In this type of attack, an attacker can spoof identity; expose,
tamper, destroy, or make existing data unavailable; become the
Administrator of the database server.
Allows an attacker to send code to a web application, which will
later be executed locally by the web server.
SSI Injection
In this type of attack, an attacker exploits the failure of the web
application to filter data provided by users before it inserts that
data into a server-side interpreted HTML file.
Exploits web sites that allow an attacker to inject data into an
application in order to execute XPath queries. (XPath is a query
language that describes how to locate specific elements, such as
XPath Injection attributes or processing instructions in an XML document.)

In this type of attack, the attacker might be able to bypass

authentication or access information without needing proper
authorization.
Table 1. Injection attacks

Expouser of Sensitive Data

 What is sensitive data exposure?
Sensitive data exposure refers to the accidental or deliberate disclosure
of critical information such as personally identifiable information (PII),
payment card information (PCI), electronic protected health information
(ePHI), and intellectual property (IP). Organizations with inadequate
data protection measures create vulnerabilities within the system,
leading to sensitive data exposure.
Sensitive data exposure differs from a data breach, where malicious
entities exploit vulnerabilities to carry out attacks intended to steal,
misuse, or destroy sensitive personal data.

What causes sensitive data exposure?

Regardless of whether the data is in storage or in transit, its exposure can
always be traced back to one of the following root causes:

No encryption or weak encryption
Applications, NAS devices, database servers, and other repositories that
are unencrypted or have weak encryption protocols are vulnerable to
data exposure. In such cases, attackers can view vital information readily
or crack the weak encryption in place easily.

Insecure passwords
When user credentials are stored as plain-text documents without being
hashed and salted, they can be easily misused. Hashing and salting
convert passwords to cipher texts that are difficult to decipher.

Unsecure webpages
Web applications and cloud storage with misconfigured SSL/HTTPS
security protocols can lead to data being uploaded or downloaded
 without any encryption. Such unencrypted data in transit can be easily
intercepted and exposed.

Poor access controls
Providing excessive permissions to users who don't need them and a
lack of visibility into who has access to what files, empowers users to
access and share data without any accountability.

Misconfiguration errors
Applications' default permissions settings are meant for maximum
usability, not security. When administrators fail to update the settings
according to their data security requirements or miss security updates, it
can lead to data exposure.

Sensitive data exposure examples


Yahoo! (2013)
Over three billion users' personal data were exposed through a phishing
scheme. However, poor security practices like storing security questions
and answers without encryption were also given as reasons for the data
breach.

Government of India (2018)
Over one billion Indian citizens had their personal information, such as
addresses, photos, phone numbers, and biometric data, exposed through
Indane, the state-owned utility company's website. The database that
was supposed to be accessed only by authorized dealers and distributors
was misconfigured to allow public access, leading to the exposure.

Atlassian Jira (2019)
Employees’ names, email addresses, and confidential details about
internal projects across more than 100,000 organizations and
government agencies were exposed due to an authorization
misconfiguration in the Global Permission settings in the project
management software Jira.
Breach in authentication protocol

Authentication Protocols

Authentication protocols serve as the gatekeepers that validate a user's

identity before granting access. These protocols encompass various
methods such as passwords, biometrics, tokens, multi-factor
authentication (MFA), and cryptographic keys. The primary goal is to
ensure that individuals accessing a system are who they claim to be.

Common Types of Authentication Protocol Breaches:

Password-Based Attacks: Brute-force attacks, dictionary attacks, and
phishing are common methods used to breach password-based
authentication. Weak passwords, password reuse, and inadequate
password management exacerbate this vulnerability.

Man-in-the-Middle (MITM) Attacks: Attackers intercept

communication between two parties and can manipulate or eavesdrop on
the authentication process. This allows them to steal credentials or inject
malicious code.

Replay Attacks: In this scenario, an attacker intercepts valid

authentication data and reuses it to gain unauthorized access. These
attacks exploit weaknesses in protocols that don’t use measures to
prevent reused data.
Credential Stuffing: Attackers leverage leaked username-password
combinations obtained from other breaches to gain unauthorized access
to other systems, exploiting users who reuse credentials across
platforms.

4.4.2 Types of Hackers: White hat and Black hat

Ch-3
Unit-5:
5.1 Ethical Hacker
5.1.1 Roles and Responsibilities
5.1.2 Benefit of Ethical Hacking
5.1.3 Skills require to become Ethical hacker
5.2 Penetration testing concepts
5.2.1 Phases of Ethical hacking
5.2.2 Areas of penetration testing
5.3 SQL Injection:
5.3.1 Concepts of SQL Injection
5.3.2 Types of SQL Injection
5.3.3 Case study of SQL Injection
5.4 Firewall:
5.4.1 Concepts of Firewall
5.4.2 Types of Firewall
5.4.3 Working, Advantages and Importance of Firewall

5.1 Ethical Hacker

5.1.1 Roles and Responsibilities
5.1.2 Benefit of Ethical Hacking
5.1.3 Skills require to become Ethical hacker

5.1 Ethical Hacker

What is Ethical Hacking?
Ethical hacking is an authorized practice of detecting
vulnerabilities in an application, system, or organization’s
infrastructure and bypassing system security to identify
potential data breaches and threats in a network. Ethical
hackers aim to investigate the system or network for weak points
that malicious hackers can exploit or destroy. They can improve
the security footprint to withstand attacks better or divert them.

The company that owns the system or network allows Cyber

Security engineers to perform such activities in order to test the
system’s defenses. Thus, unlike malicious hacking, this process
is planned, approved, and more importantly, legal.

Ethical hackers aim to investigate the system or network for

weak points that malicious hackers can exploit or destroy. They
collect and analyze the information to figure out ways to
strengthen the security of the system/network/applications. By
doing so, they can improve the security footprint so that it can
better withstand attacks or divert them.

Ethical hackers are hired by organizations to look into the

vulnerabilities of their systems and networks and develop
solutions to prevent data breaches. Consider it a high-tech
permutation of the old saying “It takes a thief to catch a thief.”

5.1.1 Roles and Responsibilities

Ethical Hacker Roles and Responsibilities:
Ethical Hackers Responsibilities Role:
 In-depth Knowledge of Security: Ethical hackers should be

well versed with potential threats and vulnerabilities that can

 hack organisational systems. Ethical hackers are hired by
organisations for their expertise skills and quick resolution to
security vulnerabilities. They should be cyber security
professionals having knowledge of the computer systems,
network and security.
 Think like Hackers: The primary role of Ethical hackers is

to attack the system like hackers, without adopting

authorised methods. They are supposed to think like hackers
who want to steal confidential data /information. Ethical
hackers look for areas that are most likely to be attacked and
the different ways in which attack can take place.
 In-depth Knowledge of the Organisation they intend to

provide Service: Ethical hackers should be well versed with

the services of the functional working of the organisation
they are associated with. It should have the knowledge about
the information that is extremely safe and needs to be
protected. Ethical hackers should be capable of finding the
attack methods for accessing the sensitive content of the
organisation.
Ethical Hackers Responsibilities:
 Hacking their own Systems: Ethical hackers hack their own

systems to find potential threats and vulnerabilities. They are

hired to find vulnerabilities of the system before they are
discovered by hackers.
 Diffuse the intent of Hackers: Ethical hackers are hired as a

Precautional Step towards Hackers, who aim at breaching the

security of computers. Vulnerabilities when detected early
can be fixed and safe confidential information from being
exposed to hackers who have malicious intentions.
 Document their Findings: Ethical hackers must properly

document all their findings and potential threats. The main

 part of the work they are hired by the organisations is proper
reporting of bugs and vulnerabilities which are threat to the
security.
 Keeping the Confidential Information Safe: Ethical
hackers must oblige to keep all their findings secure and
never share them with others. Under any kind of situation
they should never agree to share their findings and
observations.
 Sign Non-Disclosure Agreements: They must sign
confidential agreements to keep the information they have
about the organisations safe with them. This will prevent
them to give -out confidential information and legal action
will be taken against them if they indulge in any such acts.
 Handle the loopholes in Security: Based on their
observations, Ethical hackers should restore/ repair the
security loopholes. This will prevent hackers from breaching
the security of the organisation from attacks.

5.1.2 Benefit of Ethical Hacking

 This helps to fight against cyber terrorism and to fight

against national security breaches.
 This helps to take preventive action against hackers.
 This helps to build a system that prevents any kinds of
penetration by hackers.
 This offers security to banking and financial establishments.
 This helps to identify and close the open holes in a computer
system or network.
5.1.3 Skills require to become Ethical hacker
Ethical Hacking is compromising computer systems for
assessing security and acting in good faith by informing the
vulnerable party. Ethical hacking is a key skill for many job
roles related to securing the online assets of an organization.
The professionals working on these job roles maintain the
organization’s computers, servers, and other components of its
infrastructure in working conditions preventing unauthorized
access through non-physical channels.

1. Computer Networking Skills

One of the most important skills to become an ethical hacker is

networking skills. The computer network is nothing but the
interconnection of multiple devices, generally termed as Hosts
connected using multiple paths to send/receive data or media.
Understanding networks like DHCP, Suoernetting, Subnetting,
and more will provide ethical hackers to explore the various
interconnected computers in a network and the potential
security threats that this might create, as well as how to handle
those threats.

2. Computer Skills

Computer skills are knowledge and ability which allow one to

use computers and related technology. Typically, basic
computer skills include data processing, managing computer
files, and creating presentations. Advanced computer skills
include managing databases, programming, and running
calculations in spreadsheets. Some of the most essential
computer skills are MS Office, Spreadsheets, Email, Database
Management, Social Media, Web, Enterprise systems, etc. An
ethical hacker needs to be a computer systems expert.

3. Linux Skills

Linux is a community of open-source Unix like operating

systems that are based on the Linux Kernel. It is a free and
open-source operating system and the source code can be
modified and distributed to anyone commercially or non
commercially under the GNU General Public License. The
main reason to learn Linux for an ethical hacker is, in terms of
security, Linux is more secure than any other operating system.
It does not mean that Linux is 100 percent secure it has some
malware for it but is less vulnerable than any other operating
system. So, it does not require any anti-virus software.

4. Programming Skills

Another most important skill to become an ethical hacker is Programming Skills.

So what does the word programming in the computer world actually means? It
means, “The act of writing code understood by a computational device to
perform various instructions.” So, to get better at programming, one will be
writing a lot of code! Before one writes code he/she must choose the best
programming language for his/her programming. Here is the list of programming
languages used by ethical hackers along with where to learn these
programming language.

 Python: Python Programming Language

 SQL: SQL Tutorial
 C: C Programming Language
 JavaScript: JavaScript Tutorials
 PHP: PHP Tutorials
 C++: C++ Programming Language
 Java: Java Programming Language
 Ruby: Ruby Programming Language
 Perl: Perl Programming Language

5. Basic Hardware Knowledge

Computer hardware comprises the physical parts of a

computer, like the central processing unit (CPU), monitor,
mouse, keyboard, computer data storage, graphics card,
sound card, speakers and motherboard, etc. By contrast,
the software is the set of instructions that can be stored
and run by hardware. For example, suppose one wants to
hack a machine that is controlled by a computer. First, he
needs to know about the machine or how it works. Last,
he has to get access to the computer that controls the
machine. Now, the machine will have a very good
software security system; however, hackers don’t care
about hardware security, so he can play with the
hardware if he can access it. If one doesn’t know about
hardware, then how will he/she know how the
motherboard works, how USBs to transfer data, or how
CMOS or BIOS work together, etc.? So one must have
basic hardware knowledge also to become an ethical
hacker.

6. Reverse Engineering

Reverse Engineering is a process of recovering the

design, requirement specifications, and functions of a
product from an analysis of its code. It builds a program
database and generates information from this. The
objective of reverse engineering is to expedite the
maintenance work by improving the understandability of a
system and to produce the necessary documents for a
legacy system. In software security, reverse engineering
is widely used to ensure that the system lacks any major
security flaws or vulnerabilities. It helps to make a system
robust, thereby protecting it from hackers and spyware.
Some developers even go as far as hacking their system
to identify vulnerabilities – a system referred to as ethical
hacking.

7. Cryptography Skills

Cryptography is the study and application of techniques

for reliable communication in the presence of third parties
called adversaries. It deals with developing and analyzing
protocols that prevent malicious third parties from
retrieving information being shared between two entities
thereby following the various aspects of information
security. Cryptography deals with converting a normal
text/message known as plain text to a non-readable form
known as ciphertext during the transmission to make it
incomprehensible to hackers. An ethical hacker must
assure that communication between different people
within the organization does not leak.

8. Database Skills

DBMS is the crux of creating and managing all

databases. Accessing a database where all the
information is stored can put the company in a
tremendous threat, so ensuring that this software is hack-
proof is important. An ethical hacker must have a good
understanding of this, along with different database
engines and data schemas to help the organization build
a strong DBMS.

9. Problem-solving Skills

Problem-solving skills help one to determine the source of

a problem and find an effective solution. Apart from the
technical skills pointed above, an ethical hacker also must
be a critical thinker and dynamic problem solver. They
must be wanting to learn new ways and ensure all
security breaches are thoroughly checked. This requires
tons of testing and an ingenious penchant to device new
ways of problem-solving.
5.2 Penetration testing concepts
Phases of Penetration Testing Process:

Phases of Penetration Testing

1. Reconnaissance:
This phase is also known as the planning phase. In this phase, important
information about the target system is gathered. Reconnaissance is the first
phase of the penetration testing process. It involves gathering information about
the target system or network to identify potential vulnerabilities and attack
vectors. During the reconnaissance phase, the penetration tester will gather
information from a variety of sources, including. Publicly available information,
such as company websites, social media accounts, and domain name
registration records
Network scanning tools, which can be used to identify live hosts, open ports,
and running services
Vulnerability scanning tools, which can be used to identify known vulnerabilities
in the system
OSINT (Open-Source Intelligence) techniques, can be used to gather
information from various sources such as Google, social media, and other
public domains.
The goal of reconnaissance is to gather as much information as possible about
the target system or network, to identify potential weaknesses that can be
exploited during the later phases of the penetration test.
It is a crucial step of the penetration testing process as it allows the testers to
understand the target system environment and to define the scope of the test.
2. Scanning:
In this phase, different scanning tools are used to determine the response of the
system towards an attack. Vulnerabilities of the system are also
checked. Scanning is the second phase of the penetration testing process,
following reconnaissance. It involves using automated tools to actively probe
the target system or network to identify live hosts, open ports, and running
services.
During the scanning phase, the penetration tester will use a variety of tools to
perform different types of scans, such as:
 Port scans: which identify open ports on live hosts, and the services running
on those ports.
 Vulnerability scans: search for known vulnerabilities in the system based
on the version and configuration of the software running on the open ports.
 Network mapping: this creates a visual representation of the target
network, including the hosts, devices, and services. Scanning can be done
internally or externally, depending on the scope of the test and the objectives
of the organization.
It is an important phase of the penetration testing process as it allows the
testers to identify the attack surface of the target system, and to identify
potential vulnerabilities that can be exploited during the next phase of the test.
It is important to note that the results of the scan may not necessarily be
accurate and should be verified by a human tester to avoid false positives.
3. Gaining Access:
In this phase using the data gathered in the planning and scanning phases, a
payload is used to exploit the targeted system. Gaining access is the third
phase of the penetration testing process, following reconnaissance and
scanning. In this phase, the penetration tester will attempt to exploit the
vulnerabilities identified in the previous phases to gain unauthorized access to
the target system or network.
During the gaining access phase, the penetration tester will use a variety of
techniques, such as:
 Exploiting software vulnerabilities: using known exploits to gain access to
a system or network.
 Social engineering: tricking employees or users into revealing login
credentials or other sensitive information.
 Password cracking: using automated tools to guess or crack passwords.
The goal of this phase is to gain access to the system and to establish a
foothold from which the penetration tester can move laterally through the
network. It is an important phase of the penetration testing process as it allows
the testers to assess the real impact of the identified vulnerabilities and to
evaluate the effectiveness of the security controls in place. It is important to
note that gaining access should be done in a controlled environment, with
proper permissions and guidelines, and not to cause any harm to the system or
data.

4. Maintaining Access:
This phase requires taking the steps involved in being able to be continuously
within the target environment to collect as much data as possible.
Maintaining access is the fourth phase of the penetration testing process,
following reconnaissance, scanning, and gaining access. In this phase, the
penetration tester will focus on maintaining their access to the target system or
network and expanding their control over it.
During the maintaining access phase, the penetration tester will use a variety of
techniques, such as:
 Establishing backdoors: creating a way to regain access to the system in
case the initial access is closed.
 Privilege escalation: increasing their level of access to the system, from a
low-privilege user to an administrator or root user.
 Persistence: maintaining access to the system over time by creating a way
to bypass security controls.
 Lateral movement: moving through the network to gain access to other
systems and resources.
The goal of this phase is to maintain access to the system or network for as
long as possible and to expand the scope of the attack. It is an important phase
of the penetration testing process as it allows the testers to assess the impact
of a successful attack and to evaluate the effectiveness of the security controls
in preventing or detecting prolonged unauthorized access.
It is important to note that maintaining access should be done in a controlled
environment, with proper permissions and guidelines, and not to cause any
harm to the system or data.
5. Be hidden from the user:
This is the moment where the attacker will have to clear the trace of any activity
done in the target system. It is done to remain hidden from the user/victim. In
the final phase of a penetration test, the tester will focus on being hidden from
the user. This phase is also known as “covering tracks.” The goal of this phase
is to make it as difficult as possible for the system administrator or security team
to detect the tester’s presence and activities on the system.
During the covering tracks phase, the penetration tester will use a variety of
techniques to hide their presence, such as:
 Clearing logs: deleting or modifying system logs to remove any evidence of
the tester’s activities
 Hiding files: using techniques such as rootkits or hidden directories to
conceal files and tools used during the test.
 Disabling security controls: disabling or circumventing security controls
such as firewalls, intrusion detection systems, and antivirus software to
evade detection.
It is an important phase of the penetration testing process as it allows the
testers to assess the ability of the system to detect and prevent prolonged
unauthorized access and to evaluate the incident response plan of the
organization.
It is important to note that covering tracks should be done in a controlled
environment, with proper permissions and guidelines, and not cause any harm
to the system or data. Also, the tester must leave the system in its initial state
after the test.

5.2.2 Areas of penetration testing

Network Penetration Testing

Network penetration testing is one of the most common
types of pen tests requested by businesses. It’s also known
as an infrastructure penetration test.

The primary aim of a network penetration test is to scan

and spot the most exposed vulnerabilities in an
 organization’s on-premise and cloud-based network
infrastructure.

These are typically related to the design, implementation,

and operation of servers, firewalls, switches, routers,
printers, and workstations. The goal of a penetration test is
to identify and rectify security flaws internally (assets inside
a corporate network) or externally (internet-facing
infrastructure) before an attacker targets the system.

Why Perform a Network Penetration Test?

So, what is a network penetration test used for? Well, it’s

deployed to mitigate various network-based exploitations,
including:

 Firewall Bypassing: Where threat actors bypass firewall

protection via firewall misconfiguration, social engineering
attacks, IoT device vulnerabilities, SQL injection attacks,
etc. They circumvent client-side or browser-based ftp
port restrictions by accessing the transmission control
protocol and user datagram protocol (TCP/UDP).
 Proxy Server Exploitation: Where cyberattackers typically
introduce malware or viruses to access a victim’s computer.
This is used as a jumping-off point to exploit an
organization’s network.
 Open Ports Attack: Open TCP and/or UDP ports are
essential for web pages, browsers, and servers, FTP file
transfers, and voice-over-IP (VOIP) to work. However, they
 actively allow data packets to enter a system, an inherent
vulnerability often exploited by hackers.
 Man-in-the-Middle Attack: Where an attacker positions
themself in between a user and system to intercept, delete,
modify, redirect, or block information.

Web App Penetration Testing

Web app penetration testing helps find vulnerabilities in a web application. A
tester deploys various penetration testing tools to break into systems just like a
threat actor would.

The typical scope of web application pen testing is pertinent to web-based

apps, browsers, and elements like ActiveX, Plugins, Silverlight, Scriplets, and
Applets.

More in-depth and targeted, web app penetration testing is considered more
complicated and time-consuming. The different stages of penetration testing aim
to identify the interaction endpoints of every web-based app in your system.

Why Perform Web App Pen Testing?

Experts know how to do penetration testing step by step to spot vulnerabilities in
components like databases, source coding, and back-end networks. Spotting
such loopholes helps improve the codebase of an application.
Any business heavily dependent on infotech generates multiple codes in a day.
This increases bugs and errors that act as gateways to hackers. That’s
why web application penetration tests are crucial to prevent cyberattacks.

Mobile App Penetration Testing

Mobile app penetration testing targets the security of Android and iOS
operating systems. It’s used to identify, authenticate, authorize, and check data
leakage issues. Testers are required to know the type and version of the mobile
app to plan a pen test.

As of the first quarter of 2022, there were 3.3million Android apps and 2.11
million apps available for iOS users. Hackers are constantly searching for
personal information stored in the app database. As a business, it’s your
responsibility to ensure your users’ data is safe. Data breaching can cause
irreparable harm to your brand’s reputation.

Why Perform Mobile Application Penetration

Testing?
Mobile app pen testing ensures the maximum safety of clients by attempting to
exploit an app’s vulnerabilities. It prevents emerging threats by determining
whether malicious action or unauthorized access is possible.

Mobile app pen testers typically identify weaknesses such as inadequate data
protection and binary compile issues. They also help mitigate more conventional
threats like SQL injection attacks and username enumeration.
 Moreover, mobile application pen testing can be done before apps go live,
eliminating most emerging vulnerabilities.

Client Side Penetration Testing

Client side penetration testing identifies vulnerabilities in client side
applications. These include web browsers, email clients, and programs or apps
like Gmail, Chrome, Macromedia Flash, Adobe Lightroom, Final Cut Pro, etc.

Why Perform Client Side Penetration Testing?

Client side penetration tests can help businesses safeguard themselves and
their users against various cyberattacks, including:

 Cross-Site Scripting (XSS) Attacks: Where hackers injects malicious scripts

into benign and credible apps and websites.
 Clickjacking Attacks: This tricks users into clicking on a malicious link invisible
or disguised as a harmless one.
 HTML Injection Attacks: Where attackers inject malicious HTML codes into an
app or web page to steal users’ confidential data.
 Form Hijacking: Where an attacker creates a baleful URL that alters the action
URL of a form. This redirects users to the attacker’s server.

Wireless Penetration Testing

A wireless penetration test identifies connections between all the devices
associated with an organization’s wifi. These include laptops, desktops, mobile
phones, tablets, etc. A tester must usually be on site to be within the wireless
signal range and perform one or more types of penetration tests. However,
remote pen testing is also possible.

Why Perform Wireless Penetration Testing?

It allows business owners to rectify loopholes in their wireless communications
and connections. A lot of data flows in and out of a network daily, and it’s vital to
spot vulnerabilities such as data leakage and unauthorized access points.

Social Engineering Penetration

Testing
Social engineering attackers aim to trick and induce users to share credentials,
phone numbers, email addresses, banking details, and other sensitive
information.

Social engineering penetration testing helps prevent numerous social

engineering attacks, including phishing, vishing, and smishing
attacks, scareware attacks, DNS spoofing, pretexting, watering hole attacks,
dumpster diving, eavesdropping, etc.
5.3 SQL Injection:
5.3.1 Concepts of SQL Injection
5.3.2 Types of SQL Injection
5.3.3 Case study of SQL Injection

5.3.1 Concepts of SQL Injection

SQL injection is a technique used to extract user data by injecting web page
inputs as statements through SQL commands. Basically, malicious users can
use these instructions to manipulate the application’s web server.
1. SQL injection is a code injection technique that can compromise your
database.
2. SQL injection is one of the most common web hacking techniques.
3. SQL injection is the injection of malicious code into SQL statements via web
page input.

5.3.2 Types of SQL Injection

1. Error-Based SQL Injections:

Error-based SQL Injections obtain information about the

database structure from error messages issued by the
database server. In rare circumstances, an attacker may
enumerate an entire database using only error-based
SQL injection.
Example:
In SQL Injections labs, if you type ?id=1 in the URL and
press enter, it gives you the login name and password.

2. Union-Based SQL Injections:

Union-based SQL Injections use the UNION

SQL operator to aggregate the results of two or more
SELECT queries into a single result, which is
subsequently returned as part of the HTTP response.
Query:
SELECT EMP_ID, EMP_DOJ FROM EMP
UNION SELECT dept_ID, dept_Name FROM dept;
This SQL query will produce a single result set with two
columns, including values from EMP columns EMP_ID
and EMP_DOJ and dept columns dept_ID and
dept_Name.
Two important needs must be met for a UNION query to
function:
 Each query must return the same number of columns.
 The data types must be the same, i.e., it is not changed

after query execution.

To determine the no of columns required in an SQL
injection UNION attack, we will Inject a sequence of
ORDER BY clauses and increment the provided column
index until an error is encountered.
?id=1' order by 1 --+ no error
?id=1' order by 2 --+ no error
?id=1' order by 3 --+ no error
?id=1' order by 4 --+ we get error

3. Blind Boolean-based SQL Injections:

Boolean-based SQL Injection works by submitting

a SQL query to the database and forcing the application
to produce a different response depending on whether the
query returns TRUE or FALSE.
Example:
In SQL Injections LABS if we type ?id=1 in the browser
URL, the query that will send to the database is:
Query:
SELECT * from table_name WHERE id=1

4. Blind Time-Based SQL Injections:

Time-based SQL Injection works by sending a SQL query

to the database and forcing it to wait for a predetermined
length of time (in seconds) before answering. The
response time will tell the attacker if the query result is
TRUE or FALSE.
Depending on the outcome, an HTTP response will either
be delayed or returned immediately. Even though no data
from the database is returned, an attacker can determine
if the payload used returned true or false. Because an
attacker must enumerate a database character by
character, this attack is often slow (particularly on big
databases).
And SLEEP(10) if sleep then Vulnerable
OR SLEEP(10) if sleep then vulnerable

5.4 Firewall:
5.4.1 Concepts of Firewall
5.4.2 Types of Firewall
5.4.3 Working, Advantages and Importance of Firewall
What is a Firewall?
A firewall can be defined as a special type of network security device or a software program that
monitors and filters incoming and outgoing network traffic based on a defined set of security
rules. It acts as a barrier between internal private networks and external sources (such as the
public Internet).

The primary purpose of a firewall is to allow non-threatening traffic and prevent malicious or
unwanted data traffic for protecting the computer from viruses and attacks. A firewall is a
cybersecurity tool that filters network traffic and helps users block malicious software from
accessing the Internet in infected computers.

5.4.2 Types of Firewall

There are mainly three types of firewalls, such as software firewalls, hardware
firewalls, or both, depending on their structure. Each type of firewall has different
functionality but the same purpose. However, it is best practice to have both to achieve
maximum possible protection.

A hardware firewall is a physical device that attaches between a computer network and a
gateway. For example- a broadband router. A hardware firewall is sometimes referred to
as an Appliance Firewall. On the other hand, a software firewall is a simple program
installed on a computer that works through port numbers and other installed software.
This type of firewall is also called a Host Firewall.
Besides, there are many other types of firewalls depending on their features and the
level of security they provide. The following are types of firewall techniques that can be
implemented as software or hardware:

o Packet-filtering Firewalls
o Circuit-level Gateways
o Application-level Gateways (Proxy Firewalls)
o Stateful Multi-layer Inspection (SMLI) Firewalls
o Next-generation Firewalls (NGFW)
o Threat-focused NGFW
o Network Address Translation (NAT) Firewalls
o Cloud Firewalls
o Unified Threat Management (UTM) Firewalls
Packet-filtering Firewalls
A packet filtering firewall is the most basic type of firewall. It acts like a management program
that monitors network traffic and filters incoming packets based on configured security rules.
These firewalls are designed to block network traffic IP protocols, an IP address, and a port
number if a data packet does not match the established rule-set.

While packet-filtering firewalls can be considered a fast solution without many resource
requirements, they also have some limitations. Because these types of firewalls do not prevent
web-based attacks, they are not the safest.

Circuit-level Gateways
Circuit-level gateways are another simplified type of firewall that can be easily configured to
allow or block traffic without consuming significant computing resources. These types of
firewalls typically operate at the session-level of the OSI model by verifying TCP
(Transmission Control Protocol) connections and sessions. Circuit-level gateways are
designed to ensure that the established sessions are protected.

Typically, circuit-level firewalls are implemented as security software or pre-existing firewalls.

Like packet-filtering firewalls, these firewalls do not check for actual data, although they inspect
information about transactions. Therefore, if a data contains malware, but follows the
correct TCP connection, it will pass through the gateway. That is why circuit-level gateways are
not considered safe enough to protect our systems.

Application-level Gateways (Proxy Firewalls)

Proxy firewalls operate at the application layer as an intermediate device to filter incoming
traffic between two end systems (e.g., network and traffic systems). That is why these firewalls
are called 'Application-level Gateways'.

Unlike basic firewalls, these firewalls transfer requests from clients pretending to be original
clients on the web-server. This protects the client's identity and other suspicious information,
keeping the network safe from potential attacks. Once the connection is established, the proxy
firewall inspects data packets coming from the source. If the contents of the incoming data
packet are protected, the proxy firewall transfers it to the client. This approach creates an
additional layer of security between the client and many different sources on the network.

Stateful Multi-layer Inspection (SMLI) Firewalls

Stateful multi-layer inspection firewalls include both packet inspection technology
and TCP handshake verification, making SMLI firewalls superior to packet-filtering firewalls or
circuit-level gateways. Additionally, these types of firewalls keep track of the status of
established connections.
In simple words, when a user establishes a connection and requests data, the SMLI
firewall creates a database (state table). The database is used to store session
information such as source IP address, port number, destination IP address, destination
port number, etc. Connection information is stored for each session in the state table.
Using stateful inspection technology, these firewalls create security rules to allow
anticipated traffic.

In most cases, SMLI firewalls are implemented as additional security levels. These types
of firewalls implement more checks and are considered more secure than stateless
firewalls. This is why stateful packet inspection is implemented along with many other
firewalls to track statistics for all internal traffic. Doing so increases the load and puts
more pressure on computing resources. This can give rise to a slower transfer rate for
data packets than other solutions.

Next-generation Firewalls (NGFW)

Many of the latest released firewalls are usually defined as 'next-generation firewalls'.
However, there is no specific definition for next-generation firewalls. This type of firewall
is usually defined as a security device combining the features and functionalities of
other firewalls. These firewalls include deep-packet inspection (DPI), surface-level
packet inspection, and TCP handshake testing, etc.

NGFW includes higher levels of security than packet-filtering and stateful inspection
firewalls. Unlike traditional firewalls, NGFW monitors the entire transaction of data,
including packet headers, packet contents, and sources. NGFWs are designed in such a
way that they can prevent more sophisticated and evolving security threats such as
malware attacks, external threats, and advance intrusion.

Threat-focused NGFW
Threat-focused NGFW includes all the features of a traditional NGFW. Additionally, they
also provide advanced threat detection and remediation. These types of firewalls are
capable of reacting against attacks quickly. With intelligent security automation, threat-
focused NGFW set security rules and policies, further increasing the security of the
overall defense system.

In addition, these firewalls use retrospective security systems to monitor suspicious

activities continuously. They keep analyzing the behavior of every activity even after the
initial inspection. Due to this functionality, threat-focus NGFW dramatically reduces the
overall time taken from threat detection to cleanup.
Network Address Translation (NAT) Firewalls
Network address translation or NAT firewalls are primarily designed to access Internet
traffic and block all unwanted connections. These types of firewalls usually hide the IP
addresses of our devices, making it safe from attackers.

When multiple devices are used to connect to the Internet, NAT firewalls create a unique
IP address and hide individual devices' IP addresses. As a result, a single IP address is
used for all devices. By doing this, NAT firewalls secure independent network addresses
from attackers scanning a network for accessing IP addresses. This results in enhanced
protection against suspicious activities and attacks.

In general, NAT firewalls works similarly to proxy firewalls. Like proxy firewalls, NAT
firewalls also work as an intermediate device between a group of computers and
external traffic.

Cloud Firewalls
Whenever a firewall is designed using a cloud solution, it is known as a cloud firewall
or FaaS (firewall-as-service). Cloud firewalls are typically maintained and run on the
Internet by third-party vendors. This type of firewall is considered similar to a proxy
firewall. The reason for this is the use of cloud firewalls as proxy servers. However, they
are configured based on requirements.

The most significant advantage of cloud firewalls is scalability. Because cloud firewalls
have no physical resources, they are easy to scale according to the organization's
demand or traffic-load. If demand increases, additional capacity can be added to the
cloud server to filter out the additional traffic load. Most organizations use cloud
firewalls to secure their internal networks or entire cloud infrastructure.

Unified Threat Management (UTM) Firewalls

UTM firewalls are a special type of device that includes features of a stateful inspection
firewall with anti-virus and intrusion prevention support. Such firewalls are designed to
provide simplicity and ease of use. These firewalls can also add many other services,
such as cloud management, etc.