Unit 1: Introduction to Electronic Commerce

Concept of ecommerce
E-commerce, or electronic commerce, refers to the buying and selling of
goods and services over the internet. It involves the use of electronic
platforms, such as websites, mobile applications, and social media, to
conduct transactions between businesses and consumers or between
businesses. E-commerce has revolutionized the way businesses operate and
has created new opportunities for entrepreneurs and consumers alike.
One of the primary benefits of e-commerce is that it offers a more
convenient and efficient way to conduct business. Consumers can browse
and purchase products from the comfort of their own homes, while
businesses can reach a global audience without the need for a physical
storefront. E-commerce has also enabled businesses to streamline their
operations by automating many of the tasks involved in the sales process,
such as inventory management, order processing, and shipping.
E-commerce has continued to grow in popularity and importance,
particularly in light of the COVID-19 pandemic, which has led to a surge in
online shopping as people seek to minimize in-person interactions. As a
result, businesses that are able to adapt to the e-commerce landscape are
likely to have a competitive advantage in the years to come.

Types of E-commerce model:

There are types of e-commerce models that can describe almost every
transaction that takes place between consumers and businesses.
1. Business to Consumer (B2C): When a good or service is sold to
an individual consumer by a business, e.g., we buy a pair of shoes
from an online retailer.
2. Business to Business (B2B): When a good or service is sold by a
business to another business, e.g., a software-as-a-service is sold
by a business for other businesses to use.
3. Consumer to Consumer (C2C): When a good or service is sold by
a consumer to another consumer, e.g., we sell our old furniture on
eBay to another consumer.
4. Consumer to Business (C2B): When a consumer’s own products
or services is sold to a business or organization, e.g., an authority
offers exposure to their online audience in exchange for a fee or a
photographer licenses their photo for a business to use.
 5. Business-to-government (B2G): In this model, businesses sell
products or services to government agencies through online
portals or marketplaces.
6. Government-to-business (G2B): In this model, government
agencies sell products or services to businesses through online
portals or marketplaces.
7. Government-to-consumer (G2C): In this model, government
agencies provide products or services directly to consumers
through online portals or marketplaces.
Advantages of E-commerce:
• E-commerce enables fast and secure shopping.
• It is making digitalized world.
• E-commerce also enables to choose different goods and services
according to your choice.
• It is a simple way of selling and buying products and services.
• E-commerce replaced the paper work as all transactions are
through internet today.
• It provides better management system, as it has a centralized
database.
• E-commerce via internet covers a large number of customers
worldwide.
• E-commerce has several payment modes.
Disadvantages of E-commerce:
• E-commerce has no universal standard for quality and reliability.
• E-commerce works through internet; it is possible that navigation
on internet itself may be slow.
• Strong security is required in e-commerce as all transactions are
through internet.
• There is high risk of buying unsatisfactory products through e-
commerce.
• It uses public key infrastructure which is not safe.
• Customers also trap in banking fraud which is quite frequent.
• Hackers also try to get access of data or to destroy data in e-
commerce.

Aims of ecommerce
Increasing Sales in Ecommerce Store.
One needs to improve on the conversion rates. A high rate of
conversion means that more people are clicking through from the
 homepage to make a purchase. This can be attained by creating
attractive content and making sure that the site is easy to navigate.

Another objective of ecommerce might be that one have to increase the

average order value. This can be done by offering exclusive deals and
discounts, as well as creating an engaging customer service
experience. Customers who make a purchase once will also be likely to
spend more money on future purchases.
Increasing Brand Awareness.
One of the most common reasons businesses opt to use online
marketing is to enhance brand awareness. When customers, through
online channels, are introduced to a company or product, it creates a
stronger connection between them and the brand.
This can steer you towards sales opportunities, as well as enhanced
loyalty among customers. Hence, for online marketing campaigns to be
effective, businesses must comprehend their goals and objectives. This
serves as another objective of ecommerce.

Attracting more Visitors.

A variety of methods can be employed to increase traffic to a website,
such as developing user profiles that target specific demographics,
optimizing the site for search engine optimization (SEO), and creating
attractive content. Increased conversions can be attained by
implementing effective marketing campaigns and offering customers
with the best possible buying experience. Attracting more visitors to
your website poses another objective of ecommerce.
Improving Customer Satisfaction.
There are a few objectives that can assist with this, such as offering a
good customer experience, fulfilling customer needs, and reducing
complaints.
Satisfying customer needs, one objective of ecommerce, includes
ensuring that the products and services provided fulfills the
requirements of the customer. This can be done through making sure of
accuracy in product information, providing useful guides and tutorials,
and responding quickly to questions.
Reducing Shopping Cart Abandonment.
One common objective of ecommerce businesses is to reduce shopping
cart abandonment. There are a number of ways to reduce shopping
 cart abandonment, and each business will have its own preferences
and methods.
Some common methods involve providing useful tutorials or videos on
how to use the site, offering easy access to returns and refunds, and
making it comfortable for customers to find what they’re looking for. By
implementing certain effective strategies, ecommerce businesses can
help in improving their customer retention rates.
Increasing Conversion Rates.
The primary objective of ecommerce businesses is to increase the
conversion rates. One way to do it is to ensure that the website has a
simple, effective design, pages load quickly and it is easy to navigate,
along with it a compelling content and effective marketing strategies in
place.
Attracting Repeat Customers.
Establish a loyal customer base by offering unique products and
services and by providing excellent customer service. Product prices
should be competitive and your customers should be provided with
value for their money.
Improving the User Experience.
The primary objective of ecommerce site is to offer a great user
experience for its customers. This means making sure that the site is
easy to operate and that all features are accessible without difficulty.
It also means ensuring that the website looks and feels good, both on
desktop and mobile devices. Finally, it means offering help and support
to customers, if needed. By improving the user experience, the
conversion rates can be increased and attract more repeat customers
to your ecommerce business.
E-Commerce Framework
 • E-Commerce applications will be built on the existing technology
infrastructure
• A myriad of computers Communication networks Communication
software
• Common business services for facilitating the buying and selling
process
• Messaging & information distribution as a means of sending and
retrieving information
• Multimedia content & network publishing, for creating a product
& a means to communicate about it
• The information superhighway- the very foundation-for
providing the highway system along which all e-commerce must
travel
• The two pillars supporting all e-commerce applications &
infrastructure
• Any successful e-commerce will require the I-way infrastructure
in the same way that regular commerce needs
• I-way will be a mesh of interconnected data highways of many
forms: Telephone, wires, cable TV wire, and Radio-based
wireless-cellular & satellite
• Movies=video + audio
• Digital games=music + video + software
• Electronic books=text + data + graphics + music + photographs +
video
• In the electronic ‘highway system’ multimedia content is stored
in the form of electronic documents
• These are often digitized
• On the I-way messaging software fulfills the role, in any no. of
forms: e-mail, EDI, or point-to-point file transfers
• Encryption & authentication methods to ensure security
• Electronic payment schemes developed to handle complex
transactions
• These logistics issues are difficult in long-established
transportation
E-Commerce Consumer Applications:
I. Entertainment
II. Financial Services and Information
III. Essential Services
IV. Education and Services
Entertainment Movies on Demand, Video
 Cataloging, Interactive Ads,
Multi-usergames, On-line discussion
Financial Services and Information Home Banking, Financial Services,
Information.
Essential Services and remote Home Shopping, Electronic catalogs,
diagnostics telemedicine.

Education and Training Interactive education, multiusers

conferencing, on-line databases. games, video.

E-Commerce Organizational Applications:

Introduction to M-commerce
M-commerce (mobile commerce) is the buying and selling of goods and
services through wireless handheld devices such as smartphones and
tablets. M-commerce is a form of e-commerce that enables users to access
online shopping platforms without the use of a desktop computer.
Over time, content delivery through wireless devices has become faster,
more secure and scalable. As a result, mobile commerce has grown rapidly.
M-commerce encompasses three major approaches to mobility and business.
Examples of m-commerce include in-app purchasing; mobile banking virtual
marketplace apps, such as the Amazon mobile app; and digital wallets, such
as Apple Pay, Google Pay and Samsung Wallet.

Types of m-commerce
Mobile shopping enables customers to buy a product using a mobile device
with an application such as Amazon or a web app. A subcategory of mobile
shopping is app commerce, which is a transaction that takes place over
a native app.
Mobile banking is online banking designed for handheld technology. It
enables customers to access accounts and brokerage services, conduct
financial transactions, pay bills and make stock trades. This is typically done
through a secure, dedicated app provided by the banking institution. Mobile
banking services may use SMS or chatbots and other conversational app
platforms to send out alerts and track account activities. For example, the
WhatsApp chatbot lets customers view their account balance, transfer funds,
review loans and conduct other transactions in real time through WhatsApp.
Mobile payments are an alternative to traditional payment methods, such as
cash, check, credit and debit cards. They enable users to buy products in
person using a mobile device. Digital wallets, such as Apple Pay, let
customers buy products without swiping a card or paying with cash. Mobile
payment apps, such as PayPal, Venmo serve the same purpose and are
popular options. Mobile consumers also use QR codes to pay for things on
their mobile phones. With mobile payments, users send money directly to the
recipient's cell phone number or bank account.
 Unit 2: Network Infrastructure of e-Com , Payment and Security
Concepts of Information Way:
Electronic commerce needs a network infrastructure to transport the content
data, audio, visual, text, animation and so on. This network infrastructure is
provided by what is known as the I-way or information super highway. The
information super highway may be defined as a high capacity, electronic
pipeline to a consumer or business premise that is capable of simultaneously
supporting a large number of e-commerce applications and providing
interactive connectivity between users and services. The I-way has emerged
as the basic network infrastructure for all types of e-commerce activities due
to its capability to provide integrate voice, data and video services.
Components of I-Way:
It consists of various components which can be broadly categorized as;
1. Network access equipment
2. Access media
3. Global information distribution networks
1. Network access equipment: - which is at the consumer end and enables the
consumer to access the network. It consists of the hardware such as
computers, modems, routers, switches for computer networks, set-top boxes
for television networks and software platforms such as browsers and
operating systems.

2. Access Road or media: - The access roads are the way in which the
consumer homes and work places are linked with the backbone of the
network infrastructure for e-commerce. These can be categorized into four
major types;

1. Telecom based
2. Cable TV based
3. Wireless based
4. Internet
intranet and extranet based Each of these access media has its own benefits
and limitations and is faced with a number of challenges in this fast-growing
world e-commerce.

1. Telecom based
The telecom industry provides both long distance and local telephone
services for e-commerce applications. The telecom companies provide a
high-speed pipeline capable for carrying high volumes of interactive voice,
data and video to homes and businesses connect these to the global
information distribution networks, the backbone of the i-way. The telecom
networks have become the primary foundation for the I-way mainly for two
reasons: It is capable of handling millions of simultaneous calls. It provides
accurate usage tracking and billing. However, they have two limitations: Lack
of digital transmission capability uneven capacity distribution

2. Cable TV based
The cable TV network provides a popular media for pushing high speed data
to homes. Statistics have shown that cable runs through 90 percent of the US
homes today and still has a lot of unutilized capacity. The cable TV based
networks may be wired or wireless.

3. Wireless based
The wireless operators are typically radio based i.e. cellular, paper and
specialized mobile radio (SMR) based. The wireless-based systems have
revolutionized the ways of thinking about information delivery. Technology is
the most important factor. The rapid growth in technology has impacted the
wireless industry in a number of ways: o Apart from the voice calls, the
cellular technology today has also facilitated short messaging services (SMS)
using alphanumeric display and the multimedia services. o Internet
connectivity using the cellular networks has been made possible. the cellular
networks using the analog technology are now upgrading to digital networks
to provide greater capacity at lower costs as well as increase the quality and
functionality of the cellular network. o Applications have been developed to
facilitate mobile workers to exchange messages and data from their offices
while on the road.

4. The internet
The internet forms a well-known component of the global information
distribution network. It targets a wide range of e-commerce applications such
as video on demand, home shopping, e-mail, EDI, information publishing,
information retrieval, video conferencing and many more. All the components
of the I-way together provide a network infrastructure for the e-commerce
activities. This requires the use of common standards and installing gateways
between various networks. A final requirement is the hardware and software
to move huge amounts of data effortlessly over the complex network.
3. Global information distribution networks:
Providing the infrastructure for connecting across the countries and
continents. They include such networks as the long-distance telephone lines,
the satellite networks and internet. Consumer access equipment [CAE] The
customer access equipment or customer premises equipment or the terminal
equipment consists of the equipment that the customer uses to connect to
the network. This may consist of the TV set-top boxes or the TV signal
descramblers, the computer and the modem, pagers and cellular phones etc.
Global information distribution networks the global information distribution
networks consist of the infrastructure crossing the countries and continents.
They include the long-distance telephone lines, satellite networks, and the
internet. Long distance networks long distance telephone connectivity is
provided through cable by the interexchange carriers. Long distance cellular
networks are using the wireless technologies to connect the consumers
worldwide. Satellite networks It play a vital role in the communication
industry. They have advantages over the terrestrial networks in that: a. They
are accessible from any point of the globe. b. They can provide broad band
digital services to many points without the cost of acquiring wire/cable
installation. c. They can add receiving and sending sites without significant
additional costs.

Transaction Models:
B2C (Business-to-consumer).
B2C businesses sell directly to their end-users. Anything you buy in an online
store as a consumer — from wardrobe and household supplies to
entertainment — is done as part of a B2C transaction.

The decision-making process for a B2C purchase is much shorter than a

business-to-business (B2B) purchase, especially for lower-value items.
Because of this shorter sales cycle, B2C businesses typically spend less
marketing dollars to make a sale while having a lower average order value
and fewer recurring orders than their B2B counterparts.

B2C includes both products and services as well. B2C innovators have
leveraged technology like mobile apps, native advertising and remarketing to
market directly to their customers and make their lives easier.
B2B (Business-to-business).
In a B2B business model, a business sells its product or service to another
business. Sometimes the buyer is the end-user, but often the buyer resells to
the consumer. B2B transactions generally have a longer sales cycle, but
higher-order value and more recurring purchases.

Recent B2B innovators have made a place for themselves by replacing

catalogs and order sheets with ecommerce storefronts and improved
targeting in niche markets.

In 2021, 60% of B2B buyers were millennials — nearly double the amount
from 2012. As younger generations enter the age of making business
transactions, B2B selling in the online space is becoming more important.

B2B2C (Business-to-business-to-consumer).
B2B2C stands for Business-to-Business-to-Consumer. It is a business model
where a company sells its product or service in partnership with another
organization to an end customer.

Unlike when you white label a product — where a company rebrands an item
to present it as its own — the end customer understands that they are buying
a product or using a service from the original company.

B2G (Business-to-government).
Business-to-government (B2G) is an ecommerce model where a business
sells and markets its products to government entities or public
administrations — whether local, county, state or federal.

This model relies on the successful bidding of government contracts. A

government agency will typically put up a request for proposal (RFP) and
ecommerce businesses will have to bid on these projects.

While a more secure business model, B2G differs from other businesses or
consumers. The bureaucratic nature of government agencies often leads to a
much more glacial pace, which can limit potential revenue streams.

C2B (Consumer-to-business).
C2B businesses allow individuals to sell goods and services to companies. In
this ecommerce model, a site might enable customers to post the work they
want to be completed and have businesses bid for the opportunity. Affiliate
marketing services would also be considered C2B.
The C2B ecommerce model’s competitive edge is in pricing for goods and
services. This approach gives consumers the power to name their prices or
have businesses directly compete to meet their needs.

Recent innovators have used this model creatively to connect companies to

social media influencers to market their products.

D2C (Direct-to-consumer).
A direct-to-consumer business sells its own product directly to its end
customers, without the help of third-party wholesalers or online retailers.

As opposed to other business models such as B2B2C, there is no middle man

between the consumer and a business.

C2C (Consumer-to-consumer).
C2C ecommerce businesses — sometimes referred to as online marketplaces
— connect consumers to exchange goods and services and typically make
their money by charging transaction or listing fees.

C2C businesses benefit from self-propelled growth by motivated buyers and

sellers, but face a key challenge in quality control and technology
maintenance.

Online businesses like Craigslist, Walmart, Alibaba and eBay pioneered this
model in the early days of the internet.

E-Commerce Payments and Security Issues

Electronic payments system:
With the rapid development of the computer, mobile, and network
technology, e-commerce has become a routine part of human life. In e-
commerce, the customer can order products at home and save time for doing
other things. There is no need of visiting a store or a shop. The customer can
select different stores on the Internet in a very short time and compare the
products with different characteristics such as price, colour, and quality.

The electronic payment systems have a very important role in e-commerce.

E-commerce organizations use electronic payment systems that refer to
paperless monetary transactions. It revolutionized the business processing by
reducing paperwork, transaction costs, and labor cost. E-commerce
processing is user-friendly and less time consuming than manual processing.
Electronic commerce helps a business organization expand its market reach
expansion. There is a certain risk with the electronic payments system.
The Risk of Fraud
An electronic payment system has a huge risk of fraud. The computing
devices use an identity of the person for authorizing a payment such as
passwords and security questions. These authentications are not full proof in
determining the identity of a person. If the password and the answers to the
security questions are matched, the system doesn't care who is on the other
side. If someone has access to our password or the answers to our security
question, he will gain access to our money and can steal it from us.

The Risk of Tax Evasion

The Internal Revenue Service law requires that every business declare their
financial transactions and provide paper records so that tax compliance can
be verified. The problem with electronic systems is that they don't provide
cleanly into this paradigm. It makes the process of tax collection very
frustrating for the Internal Revenue Service. It is at the business's choice to
disclose payments received or made via electronic payment systems. The IRS
has no way to know that it is telling the truth or not that makes it easy to
evade taxation.

The Risk of Payment Conflicts

In electronic payment systems, the payments are handled by an automated
electronic system, not by humans. The system is prone to errors when it
handles large amounts of payments on a frequent basis with more than one
recipient involved. It is essential to continually check our pay slip after every
pay period ends in order to ensure everything makes sense. If it is a failure to
do this, may result in conflicts of payment caused by technical glitches and
anomalies.

E-cash
E-cash is a paperless cash system which facilitates the transfer of funds
anonymously. E-cash is free to the user while the sellers have paid a fee for
this. The e-cash fund can be either stored on a card itself or in an account
which is associated with the card. The most common examples of e-cash
system are transit card, PayPal, Google Pay, Paytm, etc.

eCash is known as Electronic Cash which is a digital currency technique from

which transactions can be achieved anywhere through the internet. It is an
easier form of payment, it is based on the principles of blockchain
technology (Digital Signatures) among the Peer-to-Peer network. All
transactions and dealings are stored in specific digital databases. It is the
alternate payment system to pay for bills, products, and services without the
use of paper or coin currency. Applications of electronic or digital cash are
digital cash, debit cards, electronic cases, electronic check, and credit cards.

E-cash has four major components-

1. Issuers - They can be banks or a non-bank institution.
2. Customers - They are the users who spend the e-
cash.
3. Merchants or Traders - They are the vendors who
receive e-cash.
4. Regulators - They are related to authorities or
state tax agencies.

Features of Electronic Cash:

1. Decentralized: This shows that it is managed by a centralized
organization by distributed ledgers. It reduces the trust issues as the
user may not need to trust anybody. It improves performance and
consistency. It makes transactions irreversible.
2. Transparency: This means that all transactions are visible and clear,
and nothing will be hidden from the participants. This enhances the
trust and faith in electronic cash.
Examples of eCash
Famous cryptocurrencies Bitcoin and Ethereum are based on the principles of
cryptography and blockchain, making them decentralized, and secure, and
removing the third party from involvement with transactions. They are not
authorized/backed by any organization properly or legally.

• Cryptocurrencies: It is referred to as the digital currency which is

developed using cryptography technology and is very much
decentralized by its properties. The main advantage of
cryptocurrency is it is a faster money transfer and is secured with
transparency. But the cost of mining is higher and the fluctuations in
cryptocurrency are quite unstable.
• Central Bank Digital Currencies: It is referred to as fiat currency
which is fully authorized by the legal party. It doesn’t hide the
transactions of payment like other digital currencies do. It is directly
proportional to the country’s financial economy.
 • Stablecoins: Stablecoins are the coins that are totally stable
according to the currency rate of a specific country, such as Tether,
TrueUSD, Binance USD, Dai, etc. Its currency rate is fixed to the fiat
currency of a country like the USA. Its main demand is in the time of
high investments as it is very much safe.
Advantages of Digital Money
Below are some of the advantages of eCash:
• Higher Flexibility and ability: Transaction through eCash can be
done flexibly from anywhere around the globe easily. It removes all
the difficulties which take place during transactions through the
ordinary method.
• High Security: It is highly secured as it is traveling in the peer-to-
peer network which involves cryptography keys. It is fully encrypted
and can’t be modified without a decryption algorithm.
• Time Efficient: It saves the user time in the procedure of payment,
the user can easily make payments with just a single click from its
mobile or PC, just requiring internet service.
• No hard copy is required: No hard copy is required as the medium or
as the prop it digitally travels from one system to another system.

Risk of Digital Money

The risk of using eCash is as follows:
• Higher Cyber Attacks: The probability of cyber-attacks and scams is
more as it entirely depends on the internet, various attacks such as
Phishing, Man-In-the-Middle attack, etc can easily occur.
• Space for infrastructure and databases is required: The transactions
data are stored in databases so it requires big space and hardware
infrastructure to keep the ledger data.
• Network issues can lead to unsuccessful transactions: Minor network
issues can lead to the failure of the payment and sometimes the
payment is deducted from one’s account but not received by the
receiver accounts.
In e-cash, we stored financial information on the computer, electronic device
or on the internet which is vulnerable to the hackers. Some of the major
threats related to e-cash system are-
Backdoors Attacks
It is a type of attacks which gives an attacker to unauthorized access to a
system by bypasses the normal authentication mechanisms. It works in the
background and hides itself from the user that makes it difficult to detect and
remove.
Denial of service attacks
A denial-of-service attack (DoS attack) is a security attack in which the
attacker takes action that prevents the legitimate (correct) users from
accessing the electronic devices. It makes a network resource unavailable to
its intended users by temporarily disrupting services of a host connected to
the Internet.

Direct Access Attacks

Direct access attack is an attack in which an intruder gains physical access to
the computer to perform an unauthorized activity and installing various types
of software to compromise security. These types of software loaded with
worms and download a huge amount of sensitive data from the target
victims.

Eavesdropping
This is an unauthorized way of listening to private communication over the
network. It does not interfere with the normal operations of the targeting
system so that the sender and the recipient of the messages are not aware
that their conversation is tracking.

Credit/Debit card fraud

A credit card allows us to borrow money from a recipient bank to make
purchases. The issuer of the credit card has the condition that the cardholder
will pay back the borrowed money with an additional agreed-upon charge.

A debit card is of a plastic card which issued by the financial organization to

account holder who has a savings deposit account that can be used instead
of cash to make purchases. The debit card can be used only when the fund is
available in the account.

Some of the important threats associated with the debit/credit card are-

ATM (Automated Teller Machine)

It is the favorite place of the fraudster from there they can steal our card
details. Some of the important techniques which the criminals opt for getting
hold of our card information is:

Skimming
It is the process of attaching a data-skimming device in the card reader of the
ATM. When the customer swipes their card in the ATM card reader, the
information is copied from the magnetic strip to the device. By doing this, the
criminals get to know the details of the Card number, name, CVV number,
expiry date of the card and other details.

Unwanted Presence
It is a rule that not more than one user should use the ATM at a time. If we
find more than one people lurking around together, the intention behind this
is to overlook our card details while we were making our transaction.

Vishing/Phishing
Phishing is an activity in which an intruder obtained the sensitive information
of a user such as password, usernames, and credit card details, often for
malicious reasons, etc.

Vishing is an activity in which an intruder obtained the sensitive information

of a user via sending SMS on mobiles. These SMS and Call appears to be
from a reliable source, but in real they are fake. The main objective of vishing
and phishing is to get the customer's PIN, account details, and passwords.

Online Transaction
Online transaction can be made by the customer to do shopping and pay
their bills over the internet. It is as easy as for the customer, also easy for the
customer to hack into our system and steal our sensitive information. Some
important ways to steal our confidential information during an online
transaction are-

o By downloading software which scans our keystroke and steals our

password and card details.
o By redirecting a customer to a fake website which looks like original
and steals our sensitive information.
o By using public Wi-Fi.

What is an Ecommerce SSL certificate?

An ecommerce SSL certificate is a simple certificate which shows that your
website has an encrypted connection between the users on your site and the
server. It certifies that their data is safe and protected.
“SSL Certificates are small data files that digitally bind a cryptographic key to
an organization’s details. When installed on a web server, it activates the
padlock and the https protocol and allows secure connections from a web
server to a browser.”

SSL certificates are not only limited to websites dealing with financial
transactions. All websites that store user data in some way or the other
must use SSL certificates for data encryption. Social media websites like
Facebook, YouTube, Twitter use SSL certificates to bar users with malicious
intent from intercepting transactions and user search queries from websites.

Different Types of Ecommerce SSL Certificates

i. Domain Validated (DV) SSL Certificate
A domain validated SSL certificate offers a low level of encryption for the
website. It is useful for blogs, business pages, and websites that don’t store
information. The domain level certificates require verification of the site
through an email or a phone call made to the site owner. This SSL certificate
is the least expensive and fastest to obtain. It is a low-cost option for those
who want an HTTPS layer and a padlock on their website. Reasons for
getting a DV SSL can range from getting higher rankings in search engines,
to acting as an authority in the niche or industry.

ii. Organization Validated (OV) SSL Certificate

The OV SSL certificates encrypt user data during transactions. It offers a
higher level of SSL encryption than DV SSL. It also displays business
information along with the website information in the certificate. OV SSL can
help distinguish secure websites from malicious websites. All organizations
must obtain an OV-level SSL certificate. Before granting an OV SSL, the
certificate authority investigates the business to check who is the rightful
owner of the business and the website. It can ask for business documents,
bank statements, and domain information from the provider. Once the
business information is obtained, the certificate will be available in the
browser’s address bar.

iii. Extended Validated (EV) SSL Certificate

Extended Validation (EV) SSL certificates are the best for ecommerce stores.
There’s a comprehensive verification process, and these certificates also
show the green padlock and HTTPS protocol before the website name.
Cloud ways offers a free Let’s Encrypt SSL certificate for its users, offering
their websites greater protection and security.
 Unit-3: Introduction to Cyber Crimes
Category of Cyber Crimes
The number of Cyber Crimes committed is increasing with each passing day,
and it is very difficult to find out as to what is actually a cybercrime and what
is the conventional crime. However, to deal with this challenge, the most
common cybercrimes can be categorized and discussed under the following
heads:

1. Cyber Crime Against Person.

2. Cyber Crime Against Property.
3. Cyber Crime Against Government;
4. Cyber Crime Against Society.

Cyber Crime Against Person:

There are certain offences which affect the personality of an individual and
can be defined as:
(i) Harassment via E-Mails: It is a very common type of Cyber
Crime - Law and Practice 11 harassment done through
letters, attachments of files & folders, i.e., via e-mails. At
present, harassment is common with the increase in the
usage of social networking sites, like Facebook.com,
Twitter.com, etc.
(ii) Cyber-Stalking: It means expressed or implied a physical
threat that creates fear through the use to computer
technology such as internet, e-mail, phones, text messages,
webcam, websites or videos.
(iii) Dissemination of Obscene Material: It includes Indecent
exposure/ Pornography (basically child pornography), hosting
of website containing these prohibited materials. These
obscene matters may cause harm to the mind of the
adolescent and tend to deprave or corrupt their mind
(iv) Malware: Malware is software that takes control of any
individual’s computer to spread a bug to other people’s
devices or social networking profiles. Such software can also
be used to create a ‘bot net’— a network of computers
controlled remotely by hackers, known as ‘herders,’ — to
spread spam or viruses.
 (v) Defamation: It is an act of imputing any person with intent to
lower down the dignity of the person by hacking his mail
account and sending some mails with vulgar language to
unknown persons mail account.
(vi) Hacking: It means unauthorized control/access over computer
system and act of hacking completely destroys the whole
data as well as computer programs. Hackers usually hack
telecommunication and mobile network.
(vii) Cracking: It is amongst the gravest cyber-crimes known till
date. It is a dreadful feeling to know that a stranger has
broken into your computer systems without your knowledge
and consent and has tampered with precious confidential
data and information.
(viii) E-Mail Spoofing: A spoofed e-mail may be said to be one,
which misrepresents its origin. It shows its origin to be
different from which actually it originates.
(ix) SMS Spoofing: Spoofing is a blocking through spam which
means the unwanted uninvited messages. Here an offender
steal identity of another in the form of mobile phone number
and sending SMS via internet and receiver gets the SMS from
the mobile phone number of the victim. It is very serious
cyber-crime against any individual.
(x) Carding: It means false ATM cards, i.e., Debit and Credit cards
used by criminals for their monetary benefits through
withdrawing money from the victim’s bank account. There is
always unauthorized use of ATM cards in this type of cyber-
crimes.
(xi) Cheating & Fraud: It means the person who is doing the act of
cyber-crime i.e. stealing password and data storage has done
it with wrongful intention which leads to fraud and cheating.

Crimes against Persons’ Property:

As there is rapid growth in the international trade where businesses and
consumers are increasingly using computers to create, transmit and to store
information in the electronic form instead of traditional paper documents.
There are certain offences which affect person’s properties which are as
follows:
(i) Intellectual Property Crimes: Intellectual property consists of a
bundle of rights. Any unlawful act by which the owner is deprived
completely or partially of his rights is an offence. The common form
of IPR violation may be said to be software piracy, infringement of
copyright, trademark, patents, designs and service mark violation,
theft of computer source code, etc.
(ii) Software piracy: Many people do not consider software piracy to be
theft. They would never steal a rupee from someone but would not
think twice before using pirated software. There is a common
perception amongst normal computer users to not consider
software as “property”. This has led the software piracy to become
a flourishing business. The software pirate sells the pirated
software in physical media (usually CD ROMs) through a close
network of dealers. The suspect uses high speed CD duplication
equipment to create multiple copies of the pirated software. This
software is sold through a network of computer hardware and
software vendors
(iii) Cyber Squatting: It means where two persons claim for the same
Domain Name either by claiming that they had registered the name
first on by right of using it before the other or using something
similar to that previously. For example, two similar names, i.e.,
www.yahoo.com and www.yaahoo.com.
(iv) Cyber Vandalism: Vandalism means deliberately destroying or
damaging property of another. Thus, cyber vandalism means
destroying or damaging the data when a network service is stopped
or disrupted. It may include within its purview any kind of physical
harm done to the computer of any person. These acts may take the
form of the theft of a computer, some part of a computer or a
peripheral attached to the computer.
(v) Hacking Computer System: Hacktivism attacks those included
Famous Twitter, blogging platform by unauthorized access/control
over the computer. Due to the hacking activity, there will be loss of
data as well as computer. Also research especially indicates that
those attacks were not mainly intended for financial gain too and to
diminish the reputation of particular person or company.
(vi) Transmitting Virus: Viruses are programs that attach themselves to a
computer or a file and then circulate themselves to other files and to
 other computers on a network. They usually affect the data on a
computer, either by altering or deleting it. Worm attacks plays
major role in affecting the computerize system of the individuals.
(vii) Packet Sniffing: This is used by hackers and forensic experts. Data
travels in the form of packets and vary in size depending on the
network bandwidth and amount of data. The hacker intercepts the
transmission between computer A and B. All the hacker needs are
the IP address from one of the computers and any data can be
stolen. The data is not stolen because sniffers don’t do that. Instead,
they copy the hex and translate it into original Cyber Crime - Law
and Practice 17 data. This is why it is hard for firewalls to detect
this because they only provide application-level security.
(viii) Cyber Trespass: It means to access someone’s computer without the
right authorization of the owner and does not disturb, alter, misuse,
or damage data or system by using wireless internet connection.
(ix) Salami Attack: Those attacks are used for the commission of financial
crimes. The key here is to make the alteration so insignificant that in
a single case it would go completely unnoticed. e.g., a bank
employee inserts a program into bank’s servers, that deducts a
small amount from the account of every customer.
(x) Internet Time Thefts: Basically, Internet time theft comes under
hacking. It is the use by an unauthorized person, of the Internet
hours paid for by another person. The person who gets access to
someone else’s ISP user ID and password, either by hacking or by
gaining access to it by illegal means, uses it to access the Internet
without the other person’s knowledge. You can identify time theft if
your Internet time has to be recharged often, despite infrequent
usage.
(xi) Trojan and Rats: Trojan horses are programs that appear to be doing
what the user wants while they are actually doing something else
such as deleting files or formatting disks. All the user sees are the
interface of the program that he wants to run. RATs are remote
access Trojans that provide a backdoor into the system through
which a hacker can snoop into your system and run malicious code.
(xii) Data Diddling: Data diddling involves changing data prior or during
input into a computer. In other words, information is changed from
the way it should be entered by a person typing in the data, a virus
 that changes data, the programmer of the database or application,
or anyone else involved in the process of having information stored
in a computer file. The culprit can be anyone involved in the process
of creating.

Cybercrimes Against Government:

There are certain offences done by group of persons intending to threaten
the international governments by using internet facilities. It includes:

(i) Cyber Terrorism: Cyber terrorism is a major burning issue in

the domestic as well as global concern. The common form of
these terrorist attacks on the Internet is by distributed denial
of service attacks, hate websites and hate e-mails, attacks on
sensitive computer networks etc. Cyber terrorism activities
endanger the control and integrity of the nation.
(ii) Web defacement: Website defacement is usually the
substitution of the original home page of a website with
another page (usually pornographic or defamatory in nature)
by a hacker. Religious and government sites are regularly
targeted by hackers in order to display political or religious
beliefs. Under the scenario, the homepage of a website is
replaced with a pornographic or defamatory page. In case of
Government websites, this is most commonly done on
symbolic days (e.g., the Independence Day of the country).
The defacer may exploit the vulnerabilities of the operating
system or applications used to host the website. This will
allow him to hack into the web server and change the home
page another pages. Alternatively, he may launch a brute
force or dictionary attack to obtain the administrator
passwords for the website. He can then connect to the web
server and change the Webpages.
(iii) Cyber Warfare: It refers to politically motivated hacking to
conduct disruption and observation. It is a form of information
warfare sometimes seen as analogous to conventional
warfare although this analogy is controversial for both its
accuracy and its political motivation.
(iv) Use of Internet and Computers by terrorists: Many terrorists are
using virtual as well as physical storage media for hiding
 information and records of their unlawful business. They also
use emails and chat rooms to communicate with their
counterparts around the globe. The suspects carry laptops
wherein information relating to their activities is stored in
encrypted and password protected form. They also create
email accounts using fictitious details. In many cases, one
email account is shared by many people. E.g., one terrorist
composes an email and saves it in the draft folder. Another
terrorist logs into the same account from another city /
country and reads the saved email. He then composes his
reply and saves it in the draft folder. The emails are not
actually sent. This makes email tracking and tracing almost
impossible. For committing this crime, the terrorists purchase
small storage devices with large data storage capacities. They
also purchase and use encryption software. The terrorists
may also use free or paid accounts with online storage
providers.
(v) Distribution of pirated software: It means distributing pirated
software from one computer to another intending to destroy
the data and official records of the government.
(vi) Possession of Unauthorized Information: It is very easy to
access any information by the terrorists with the aid of
internet and to possess that information for political, religious,
social, ideological objectives.
Cybercrimes Against Society at large:

An unlawful act done with the intention of causing harm to the cyberspace
will affect large number of persons. These offences include:

(i) Child Pornography: It involves the use of computer networks to

create, distribute, or access materials that sexually exploit underage
children. It also includes activities concerning indecent exposure and
obscenity.
(ii) Cyber Trafficking: It may be trafficking in drugs, human beings, arms
weapons etc. which affects large number of persons. Trafficking in
the cyberspace is also a gravest crime.
(iii) Online Gambling: Online fraud and cheating is one of the most
lucrative businesses that are growing today in the cyber space.
 There are many cases that have come to light are those pertaining
to credit card crimes, contractual crimes, offering jobs, etc.
(iv) Financial Crimes: This type of offence is common as there is rapid
growth in the users of networking sites and phone networking
where culprit will try to attack by sending bogus mails or messages
through internet. Ex: Using credit cards by obtaining password
illegally.
(v) Forgery: It means to cheat large number of persons by sending
threatening mails as online business transactions are becoming the
usual need of today’s life style.

Technical Aspects of Cyber Crimes

Unauthorized access & Hacking
Unauthorized access occurs when individuals gain access to an organization’s
networks, systems, applications, data, or devices without permission. This
typically involves a network security breach that can compromise network
integrity or lead to data loss. Common causes include weak passwords,
phishing attacks, and inadequate physical security. To prevent unauthorized
access, it’s essential to implement strong security measures such as robust
password policies, multi-factor authentication, regular software updates,
employee training on security awareness, and effective physical security
practices.

Other common causes of unauthorized access

➢ Weak passwords selected by users, or passwords shared across

services
➢ Social engineering attacks, primarily phishing, in which attackers send
messages impersonating legitimate parties, often with the aim of
stealing user credentials
➢ Compromised accounts – attackers often seek out a vulnerable system,
compromise it, and use it to gain access to other, more secure systems
➢ Insider threats – a malicious insider can leverage their position to gain
unauthorized access to company systems
➢ Zeus malware – uses botnets to gain unauthorized access to financial
systems by stealing credentials, banking information and financial data
➢ Cobalt strike – a commercial penetration testing tool used to conduct
spear-phishing and gain unauthorized access to systems
 (i) Trojan, Virus and Worm Attacks

What is Virus?
A virus is a computer program that connects to another computer software or
program to harm the system. When the legitimate program runs, the virus
may execute any function, like deleting a file. The main task of a virus is that
when an infected software or program is run, it would first run the virus and
then the legitimate program code will run. It may also affect the other
programs on the computer system.

After damaging all files on the current user's computer, the virus spreads and
sends its code via the network to the users whose e-mail addresses are
stored on the current user's computer system. Specific events may also
trigger a virus. Several types of viruses include parasitic, polymorphic,
stealth, boot sector, memory resident, and metamorphic viruses. Infection
with a virus can be avoided by blocking the entry of a virus.

What is Worm?
A worm is a form of a malicious program (virus) that replicates itself as it
moves from one system to another and leaves copies of itself in the memory
of each system. A worm discovers vulnerability in a computer and spreads
like an infection throughout its related network, continuously looking for
more holes. E-mail attachments spread the worms from reliable senders.
Worms are spread to a user's contacts through an address book and e-mail
account.

Some worms reproduce before going dormant, while others cause harm. In
such circumstances, the code of the worm's virus is known as the payload.

What is a Trojan horse?

The Trojan horse gets its name from the well-known story of the Trojan War.
It is a malicious piece of code with the ability to take control of the system. It
is intended to steal, damage, or do some other harmful actions on the
computer system. It attempts to deceive the user into loading and running
the files on the device. Once it executes, it permits cybercriminals to execute
various tasks on the user's system, like modifying data from files, deleting
data from files, etc. The trojan horse cannot replicate itself, unlike many
viruses or worms.
Features Virus Worm Trojan horse

Definition Viruses are A worm is a malware A Trojan Horse is a

computer program similar to a virus type of malware that
programs that that doesn't interact with steals sensitive data
connect to other other system applications from a user's system
software or but instead multiplies and and delivers it to a
programs to executes itself to slow different location on
harm the system. down and harm the the network.
system's performance.

Replication It replicates itself. It also replicates itself. It doesn't replicate

itself.

Execution It relies on the It replicates itself without It is downloaded as

transfer. human action and utilizes a software and
network to embed itself in executed.
other systems.

Remotely A virus could not It may be remotely It may also be

Controlled be remotely controlled. remotely controlled.
controlled.

Infection Viruses spread Worms take advantage of The Trojan horse runs
through system flaws. as a program and is
executable files. interpreted as utility
software.

Rate of Viruses spread at Worms spread at a quicker In addition, the

Spreading a moderate rate. rate than viruses and spread rate of Trojan
Trojan horses. horses is slower than
that of viruses and
worms.

Purpose It is primarily These are utilized to It may be utilized to

utilized to modify excessive using system steal user data to
or erase system resources and slow it obtain access to the
data. down. user's computer
system.
A Trojan virus spreads by spamming a huge number of users' inboxes with
genuine-looking e-mails and attachments. If cybercriminals induce users to
download malicious software, it may affect the users' devices. Malicious
malware could be hidden in pop-up ads, banner adverts, or website links.
E-Mail related Crimes: Spoofing, Spamming, Bombing:

Spoofing: Email spoofing is a technique used in spam and phishing attacks

to trick users into thinking a message came from a person or entity they know
or trust. In spoofing attacks, the sender forges email headers so that client
software displays the fraudulent sender address, which most users take at
face value. Users don’t realize the sender is forged unless they inspect the
header more closely. If it’s a name they recognize, they’re more likely to trust
it. So they’ll click malicious links, open malware attachments, send sensitive
data, and even wire corporate funds.

Email spoofing is possible due to how email systems are designed. The client
application assigns a sender address to outgoing messages, so outgoing
email servers cannot identify whether the sender address is legitimate or
spoofed.

Recipient servers and antimalware software can help detect and filter
spoofed messages. Unfortunately, not every email service has security
protocols in place. Still, users can review each message’s email header to
determine whether the sender address is forged.

Spamming:
Spamming in cybersecurity is the act of sending unsolicited messages, often
with commercial or malicious purposes, to a large number of people. E-mails,
texts & instant messages can be used as forms of communication. Spamming
can be used to spread malware, steal personal information, or promote
scams & phishing schemes. It can also be used to overload networks &
servers, causing them to crash. It is important for individuals to be cautious
when opening emails or messages from unknown senders, & to avoid clicking
on suspicious links or providing personal information.

Bombing:
Email bombing is a form of cyber-crime consisting of sending huge volumes
of email to an address in order to overflow the mailbox or overwhelm the
server where the email address is hosted. This results in the server crashing
there by disrupting the website or web portal and its online functioning.

Denial of Service Attacks:

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine
or network, making it inaccessible to its intended users. DoS attacks
accomplish this by flooding the target with traffic, or sending it information
that triggers a crash. In both instances, the DoS attack deprives legitimate
users (i.e. employees, members, or account holders) of the service or resource
they expected.

There are two general methods of DoS attacks: flooding services or crashing
services. Flood attacks occur when the system receives too much traffic for
the server to buffer, causing them to slow down and eventually stop. Popular
flood attacks include:

Buffer overflow attacks – the most common DoS attack. The concept is to
send more traffic to a network address than the programmers have built the
system to handle. It includes the attacks listed, in addition to others that are
designed to exploit bugs specific to certain applications or networks

ICMP flood – leverages misconfigured network devices by sending spoofed

packets that ping every computer on the targeted network, instead of just
one specific machine. The network is then triggered to amplify the traffic. This
attack is also known as the Smurf attack or ping of death.

SYN flood – sends a request to connect to a server, but never completes

the handshake. Continues until all open ports are saturated with requests
and none are available for legitimate users to connect to.

Other DoS attacks simply exploit vulnerabilities that cause the target system
or service to crash. In these attacks, input is sent that takes advantage of
bugs in the target that subsequently crash or severely destabilize the system,
so that it can’t be accessed or used.

Distributed Denial of Service Attack:

Distributed Denial of Service (DDoS) attack. A DDoS attack occurs when
multiple systems orchestrate a synchronized DoS attack to a single target.
The essential difference is that instead of being attacked from one location,
the target is attacked from many locations at once. The distribution of hosts
that defines a DDoS provide the attacker multiple advantages:

➢ He can leverage the greater volume of machine to execute a seriously

disruptive attack
 ➢ The location of the attack is difficult to detect due to the random
distribution of attacking systems (often worldwide)
➢ It is more difficult to shut down multiple machines than one
➢ The true attacking party is very difficult to identify, as they are
disguised behind many (mostly compromised) systems.

Various crimes:
Infringement Of Intellectual Property Rights (IPR) Of E-Commerce Platforms
The rapid growth of e-commerce platforms has revolutionized the way we
shop and conduct business. However, along with the benefits, this digital
age has also brought about challenges in protecting intellectual property
rights (IPR). E-commerce platforms provide a global marketplace where
counterfeit products, trademark infringement, copyright violations, and
patent infringements thrive. This article aims to explore the various forms
of IPR infringement on e-commerce platforms and analyses relevant case
laws to understand the legal landscape surrounding these issues.

Trademark Infringement:
Trademark infringement occurs when a third party uses a mark that is
identical or similar to a registered trademark in connection with goods or
services without permission from the trademark owner. E-commerce
platforms often face challenges in preventing the sale of counterfeit
products bearing well-known trademarks. The burden lies on the platforms
to implement robust measures to identify and remove infringing listings.

Copyright Infringement:
Copyright infringement involves the unauthorized use of copyrighted
works, such as images, text, music, or videos, without the owner's consent.
E-commerce platforms face challenges in detecting and removing listings
that infringe upon copyrighted content.
Patent Infringement:
Patent infringement occurs when a product or process is made, used, or
sold without the patent owner's permission. E-commerce platforms face
challenges in monitoring the sale of patented products and preventing the
infringement of patented methods or technologies.
Theft of Computer source code:
Source Code theft is a severe and unspoken problem that is faced by
almost all software companies. Generally, source code & trade secrets are
stolen by the rouge employees mainly software developers or engineers of
any organization or company. Two types of organizations suffer most- One
is Indian businesses who operate in IT development themselves & another
is the burgeoning IT outsourcing sector. The problem of source code theft is
about the reuse of large portions of code that is specifically used to create
a product any company uses or sells.
The main reason of Source Code Theft is attaining illegal financial benefits.
Generally, this source code is sold by the offender to the competitor
company or organization that surely impacts the business & ideas of the
victim company.
India registered its first case of Source Code Theft in year 2002. An
employee, Shekhar Verma, who was fired from his job at Geometric
Software Solutions Ltd. (GSSL) offered to sell stolen source code to
someone who was actually a federal agent in the FBI’s cyber-crime unit.
The stolen source code belonged to SolidWorks, an American computer
aided design software company. They had outsourced development work
to GSSL. Shekar Verma was later prosecuted.
Cyber Squatting:
Cybersquatting is a form of cybercrime where the perpetrator buys or
registers a domain name that is identical or similar to existing domain with
the intention of profiting from a recognizable trademark, company name, or
personal name. Crucially, the act is illegal because of the bad faith intent of
the squatter. Due to its nature, domain squatting can be considered a form
of trademark infringement, though there are differences between the two.
There are several types of cybersquatting, and attacks may be carried out
with different goals in mind.
In many cases, squatters register domains with the intention of later selling
them to established businesses or brand owners for a significant profit.
However, some cyber squatters are more malicious and engage in web
squatting with more nefarious intent. For example, they may use similar
domains to create phishing page, scams, or even fake surveys to collect
user data.
Convinces visitors to download and launch malware on their computers.
Cybersquatting can have wide-ranging implications for legitimate
businesses. It can result in fraud, data breaches, and damage to their public
reputations.
Cyber Smearing:
Cyber-smearing refers to an intentional effort waged to damage the
reputation of an individual or a corporation using the Internet as a medium
(Workman, 2012). Examples of cyber-smearing, include writing untrue
negative content on a blog or fake negative reviews on a review site, with
the intent to cause harm to individuals or corporation's reputation.
Likewise, posting offensive content with personal attacks or content that
encourages illegal actions against individuals or a corporation fall under
cyber -smearing activities. Many reports have pointed to the rise of cyber -
smearing targeting business. In many instances, small companies have
been costly impacted by cyber-smearing, and large corporations as well
(Workman, 2012). Cyber-smearing has been also well-documented in
press papers and public media reporting many cases of lawsuits alleging
cyber defamation and cyber-smearing, several of which have resulted from
unhappy customers who have purportedly posted a false and defamatory
statement against the corporation or its employees, through tweets, blogs,
online reviews, and social media, that could quickly and easily cause
widespread damage to a company’s reputation.
Cyberstalking:
Cyberstalking is a crime committed when someone uses the internet and
other technologies to harass or stalk another person online. Even though
cyberstalking is a broad term for online harassment, it can include
defamation, false accusations, teasing, and even extreme threats. Often
these connections will not end even though the receiver requests the
person to stop. The content addressed at the target is frequently improper
and, at times, disturbing, leaving the individual beginning to feel fear.
Financial Crimes:
When criminals intercept a business transaction on an e-commerce store to
gain a personal or financial advantage, this is referred to as e-commerce
fraud. It's criminal conduct in which scammers take money from either the
client, the business, or both. It's also known as payment fraud.
ATM card skimming
Skimming devices are installed in ATM machines by fraudsters who take
data from the customer's card. According to the RBI release, “Fraudsters
may also install a dummy keypad or a small / pinhole camera, well-hidden
from plain sight to capture ATM PIN Sometimes, fraudsters pretending to
be other customer standing near-by gain access to the PIN when the
customer enters it in an ATM machine. This data is
 Unit-4
What is cybersecurity?
Cybersecurity is a practice organization engage in to protect their
information, systems and devices from unwanted attacks and digital
threats. Also called information technology security, efforts to prevent
cyberattacks are extremely important because they can help organizations
protect sensitive data, prevent losses from system downtime and save
money on breach responses. Having a robust and comprehensive
cybersecurity strategy is incredibly important for businesses, especially
those responsible for protecting sensitive customer information.

1. The confidentiality, integrity and availability (CIA) triad

Confidentiality, integrity and availability (CIA) are three key tenants of
cybersecurity. Becoming familiar with each of these branches of the
practice can help organizations and their employees develop
comprehensive protection systems. Many exams and certifications require
cybersecurity professionals to understand these concepts. Here's a closer
look at the three elements of the triad:

• Confidentiality: Confidentiality refers to processes organizations

take to protect data from unauthorized viewing or use. This can help
keep sensitive information secure and safe and improve customer
trust.
• Integrity: The second element of the triad, integrity, has to do with
maintaining accurate and complete information by protecting it from
unauthorized alterations.
• Availability: The last element of the triad, availability, covers data's
accessibility to authorized viewers. This means that those who have
the authority to view or change information can do so.

2. Cyberattacks
Another concept that's important for cybersecurity professionals to
understand is cyberattacks. Learning to protect against different attacks
can help organizations prepare effective defensives and expect threats.
Here's a breakdown of five of the most common cyberattack types:

• Malware: Malware is a type of software created to disrupt a system,

bypass information authorization requirements, leak information or
 prevent authorized access attempts. To protect against socially
engineered malware, cybersecurity professionals often use anti-
malware programs along with end-user education efforts.
• Phishing: Phishing attacks often strive to get login information using
spam emails or false information. Two-factor authentication is one
method organizations can use to protect against these attacks.
• Social media: social media often poses many security threats, too.
Malignant friend requests or application downloads could carry
hacking dangers.
• Persistent: Advanced persistent threats (APT) are enduring and
sophisticated attacks that usually rely on phishing or socially
engineered malware to work. They can be challenging to anticipate
and protect against.
• Software patches: Patches, or vulnerabilities, are security lapses
that pose opportunities for cyberattacks. Prioritizing patchless
software and protection measures can reduce vulnerabilities and
reduce unwanted threats.

3. Identify access management (IAM)

IAM is a popular policy framework for managing online user identities.
Access is based on specific IT systems. The goal of IAM is to connect users
with the correct level of access they need so they can execute their system
functions successfully.
4. Incident response (IR)
A company's IR protocols are the steps it follows after it detects an
intrusion. Establishing organized protocols can help organizations mitigate
risks associated with attacks, breaches and intrusions. It's important to
establish protocols for each type of threat so personnel and systems can
react appropriately.
5. Security information and event management (SIEM)
SIEM is an essential component of building a successful Security
Operations Center (SOC). It aims to centralize all log data related to
security. To do this, organizations must use software that's compatible with
all their data sources so that it can undergo analysis systematically and
continuously.
6. Managed security service provider (MSSP)
An MSSP is a support provider that monitors and maintains consistent
security measures. Often, companies pay a monthly fee for this service.
Endpoint detection software and monitoring firewalls are two examples of
MSSPs companies can use to mitigate threats.
7. Security operations center (SOC)
SOC is the name many companies give to their security efforts and
departments. It typically includes the organization's cybersecurity
employees, records of established processes and security technology.
Some smaller companies might choose to outsource their security
processes, but larger companies might have an in-house SOC.
8. Cloud access security brokers (CASB)
CASB refers to policy plans cloud service providers have with their users.
Plans often include standard enforcement procedures like encryptions,
alerts and authentication practices. A strong policy can help create trusting
relationships that adequately meet cloud service users' needs.
9. User and entity behavior analytics (UEBA)
UEBA is a thorough analysis meant to identify user behavior that deviates
from normal use. Comprehensive analytics can help security teams and
software predict and understand user behavior. Ultimately, this can reduce
log session noise.
10. Indicator of compromise (IOC)
IOCs are network intrusion signals. Triggered by data, it's often possible to
detect IOCs during log data analysis. Differentiations from normal patterns,
like geographic irregularities, unusual outbound site traffic, or unfamiliar
activity, are some common examples of IOCs.
11. Distributed denial of service (DDoS)
Hackers sometimes use DDoS to divert security measures during an attack.
It could be a disruption to a web services' operations or hackers might
create multiple IP addresses to flood a site. These efforts can make a web
service unusable and especially vulnerable to compromise.
Types of Threats:
A security threat is a threat that has the potential to harm computer
systems and organizations. The cause could be physical, such as a
computer containing sensitive information being stolen. It’s also possible
that the cause isn’t physical, such as a viral attack.
1. Physical Threats: A physical danger to computer systems is a potential
cause of an occurrence/event that could result in data loss or physical
damage. It can be classified as:
• Internal: Short circuit, fire, non-stable supply of power, hardware
failure due to excess humidity, etc. cause it.
• External: Disasters such as floods, earthquakes, landscapes, etc. cause
it.
• Human: Destroying of infrastructure and/or hardware, thefts,
disruption, and unintentional/intentional errors are among the
threats.
2. Non-physical threats: A non-physical threat is a potential source of an
incident that could result in:
• Hampering of the business operations that depend on computer
systems.
• Sensitive – data or information loss
• Keeping track of other’s computer system activities illegally.
• Hacking id & passwords of the users, etc.
• The non-physical threads can be commonly caused by:
(i) Malware: Malware (“malicious software”) is a type of computer
program that infiltrates and damages systems without the users’
knowledge. Malware tries to go unnoticed by either hiding or not
letting the user know about its presence on the system. You may
notice that your system is processing at a slower rate than usual.
(ii) Virus: It is a program that replicates itself and infects your
computer’s files and programs, rendering them inoperable. It is a type
of malware that spreads by inserting a copy of itself into and
becoming part of another program. It spreads with the help of
software or documents. They are embedded with software and
documents and then transferred from one computer to another using
the network, a disk, file sharing, or infected e-mail. They usually
appear as an executable file.
(iii) Spyware: Spyware is a type of computer program that tracks,
records, and reports a user’s activity (offline and online) without their
permission for the purpose of profit or data theft. Spyware can be
acquired from a variety of sources, including websites, instant chats,
and emails. A user may also unwittingly obtain spyware by adopting
a software program’s End User License Agreement.
 Adware is a sort of spyware that is primarily utilized by advertising.
When you go online, it keeps track of your web browsing patterns in
order to compile data on the types of websites you visit.

(iv) Worms: Computer worms are similar to viruses in that they

replicate themselves and can inflict similar damage. Unlike viruses,
which spread by infecting a host file, worms are freestanding
programs that do not require a host program or human assistance to
proliferate. Worms don’t change programs; instead, they replicate
themselves over and over. They just eat resources to make the
system down.
(v) Trojan: A Trojan horse is malicious software that is disguised as a
useful host program. When the host program is run, the Trojan
performs a harmful/unwanted action. A Trojan horse, often known as
a Trojan, is malicious malware or software that appears to be legal
yet has the ability to take control of your computer. A Trojan is a
computer program that is designed to disrupt, steal, or otherwise
harm your data or network.
(vi) Denial Of Service Attacks: A Denial-of-Service attack is one in
which an attacker tries to prohibit legitimate users from obtaining
information or services. An attacker tries to make a system or
network resource unavailable to its intended users in this attack. The
web servers of large organizations such as banking, commerce,
trading organizations, etc. are the victims.
(vii) Phishing: Phishing is a type of attack that is frequently used to
obtain sensitive information from users, such as login credentials and
credit card details. They deceive users into giving critical information,
such as bank and credit card information, or access to personal
accounts, by sending spam, malicious Web sites, email messages,
and instant chats.
(viii) Key-Loggers: Keyloggers can monitor a user’s computer activity
in real-time. Keylogger is a program that runs in the background and
records every keystroke made by a user, then sends the data to a
hacker with the intent of stealing passwords and financial
information.
• How to make your system secure:
• In order to keep your system data secure and safe, you should take
the following measures:
1. Always keep a backup of your data.
2. Install firewall software and keep it updated every time.
3. Make use of strong and difficult to crack passwords (having capital &
small alphabets, numbers, and special characters).
4. Install antivirus/ anti-spyware and keep it updated every time.
5. Timely scan your complete system.
6. Before installing any program, check whether it is safe to install it (using
Antivirus Software).
7. Take extra caution when reading emails that contain attachments.
8. Always keep your system updated.

Advantages of Cyber Security

1. Protection of Sensitive Data

Cyber security actions shield sensitive data from unsanctioned access,
aiding in maintaining privacy and averting identity theft.
2. Business Continuity
By preventing cyber-attacks, organizations can ensure the availability of
their systems and services, minimizing downtime and potential losses.
3. Compliance with Regulations
Adhering to cyber security standards and regulations can protect
businesses from legal issues and potential fines.
4. Enhanced Customer Trust
One of the major benefits of cyber security is building customer trust. A
strong cyber security posture helps organizations build trust with their
customers, partners, and stakeholders.
5. Competitive Benefit
Companies with robust cyber security measures in place are less
vulnerable to cyber-attacks and can gain a competitive edge over
competitors who may not prioritize security.
6. Early Detection and Response
Proactive cyber security measures can help organizations detect threats
early and respond effectively, minimizing potential damage and
disruption.
7. Intellectual Property Protection
Robust cyber security helps protect intellectual property (IP), such as
patents, trade secrets, and copyrighted material, ensuring the
organization’s competitive advantage is maintained.
8. Reputation Protection
 A strong cyber security posture helps organizations avoid reputational
damage caused by data breaches and other cyber incidents, which can
lead to loss of customer trust and decreased business opportunities.
9. Enhanced Collaboration
Secure communication platforms and tools enable teams to collaborate
effectively and share sensitive information without worrying about
unauthorized access or data leaks.
10. Remote Work Security
As remote work becomes increasingly common, cyber security measures
ensure the secure access and use of organizational resources,
maintaining productivity while reducing risks associated with remote
work environments.

Basic Terminologies:

IP Address: An IP address represents an Internet Protocol address. A

unique address that identifies the device over the network. It is almost like
a set of rules governing the structure of data sent over the Internet or
through a local network. An IP address helps the Internet to distinguish
between different routers, computers, and websites. It serves as a specific
machine identifier in a specific network and helps to improve visual
communication between source and destination.

MAC Address: MAC address is the physical address, which uniquely

identifies each device on a given network. To make communication
between two networked devices, we need two addresses: IP address
and MAC address. It is assigned to the NIC (Network Interface card) of
each device that can be connected to the internet.
It stands for Media Access Control, and also known as Physical address,
hardware address, or BIA (Burned in Address).
It is globally unique; it means two devices cannot have the same MAC
address. It is represented in a hexadecimal format on each device, such
as 00:0a:95:9d:67:16.
It is 12-digit, and 48 bits long, out of which the first 24 bits are used
for OUI (Organization Unique Identifier), and 24 bits are for NIC/vendor-
specific.
It works on the data link layer of the OSI model.
It is provided by the device's vendor at the time of manufacturing and
embedded in its NIC, which is ideally cannot be changed.
 The ARP protocol is used to associate a logical
address with a physical or MAC address.
Domain name Server (DNS): The Domain Name
System (DNS) is the phonebook of the Internet.
Humans access information online
through domain names, like nytimes.com or
espn.com. Web browsers interact
through Internet Protocol (IP) addresses. DNS translates domain names
to IP addresses so browsers can load Internet resources.

DHCP: Dynamic Host Configuration Protocol (DHCP) is a network

management protocol used to dynamically assign an IP address to
device, or node, on a network so they can communicate using IP (Internet
Protocol). DHCP automates and centrally manages these configurations.
There is no need to manually assign IP addresses to new devices.
Therefore, there is no requirement for any user configuration to connect
to a DHCP based network.
DHCP can be implemented on local networks as well as large enterprise
networks. DHCP is the default protocol used by the most routers and
networking equipment.
Router: The router is a physical or virtual internetworking device that is
designed to receive, analyze, and forward data packets between computer
networks. A router examines a destination IP address of a given data
packet, and it uses the headers and forwarding tables to decide the best
way to transfer the packets.
➢ A router is used in LAN (Local Area Network) and WAN (Wide Area
Network) environments. For example, it is used in offices for
connectivity, and you can also establish the connection between
distant networks such as from Bhopal to
➢ It shares information with other routers in networking.
➢ It uses the routing protocol to transfer the data across a network.
➢ Furthermore, it is more expensive than other networking devices like
switches and hubs.

A router works on the third layer of the OSI model, and it is based on the IP
address of a computer. It uses protocols such as ICMP to communicate
between two or more networks. It is also known as an intelligent device as
it can calculate the best route to pass the network packets from source to
the destination automatically.
A virtual router is a software function or software-based framework that
performs the same functions as a physical router. It may be used to
increase the reliability of the network by virtual router redundancy protocol,
which is done by configuring a virtual router as a default gateway. A virtual
router runs on commodity servers, and it is packaged with alone or other
network functions, like load balancing, firewall packet filtering, and wide
area network optimization capabilities.
Bots:
Bots typically imitate or replace human user behavior. Because they are
automated, they operate much faster than human users. They carry out
useful functions, such as customer service or indexing search engines, but
they can also come in the form of malware – used to gain total control over
a computer.

Common Types of Attacks:

Distributed Denial of Service: Distributed Denial of Service (DDoS) is a type of
DOS attack where multiple systems, which are trojan infected, target a
particular system which causes a DoS attack.
A DDoS attack uses multiple servers and Internet connections to flood the
targeted resource. A DDoS attack is one of the most powerful weapons on
the cyber platform. When you come to know about a website being
brought down, it generally means it has become a victim of a DDoS attack.
This means that the hackers have attacked your website or PC by imposing
heavy traffic. Thus, crashing the website or computer due to overloading.
Man in the Middle:
A MITM attack is a form of cyber-attack where a user is introduced with
some kind of meeting between the two parties by a malicious individual,
manipulates both parties and achieves access to the data that the two
people were trying to deliver to each other. A man-in-the-middle attack
also helps a malicious attacker, without any kind of participant recognizing
till it's too late, to hack the transmission of data intended for someone else
and not supposed to be sent at all. In certain aspects, like MITM, MitM, MiM
or MIM, MITM attacks can be referred.
If an attacker puts himself between a client and a webpage, a Man-in-the-
Middle (MITM) attack occurs. This form of assault comes in many different
ways.
For example, In order to intercept financial login credentials, a fraudulent
banking website can be used. Between the user and the real bank
webpage, the fake site lies "in the middle."
Email Attack:
Phishing
Phishing is a form of fraud. Cybercriminals use email, instant messaging, or
other social media to try to gather information such as login credentials by
masquerading as a reputable person. Phishing occurs when a malicious
party sends a fraudulent email disguised as being from an authorized,
trusted source. The message’s intent is to trick the recipient into installing
malware on his or her device or into sharing personal or financial
information. Spear phishing is a highly targeted phishing attack. While
phishing and spear-phishing both use emails to reach the victims, spear-
phishing sends customized emails to a specific person. The criminal
researched the target’s interests before sending the email. Phishing attacks
involve sending emails that appear to come from a trusted source, such as
a bank or an online retailer, to trick users into revealing sensitive
information, such as passwords or credit card numbers. One advantage of
this attack is that it can be easily carried out using basic social engineering
techniques, without the need for sophisticated tools or technical skills.

Vishing
The Vishing is phishing using voice communication technology. Criminals
can spoof calls from authorized sources using voice-over IP technology.
Victims may also receive a recorded message that appears authorized.
Criminals want to obtain credit card numbers or other information to steal
the victim’s identity. Vishing takes advantage of the fact that people trust
the telephone network. Spear phishing is a targeted version of phishing
that involves sending customized emails to a specific individual or group of
individuals. These emails are designed to look like they come from a
trusted source and are personalized to increase the likelihood of the victim
falling for the attack. One advantage of this attack is that it can be highly
effective, as the attacker has done research on the victim to make the email
seem more legitimate.
Smishing
Smishing is phishing using text messaging on mobile phones. Criminals
impersonate a legitimate source in an attempt to gain the trust of the
victim. For example, a smishing attack might send the victim a website link.
When the victim visits the website, malware is installed on the mobile
phone.
Whaling
The Whaling is a phishing attack that targets high-profile targets within an
organization such as senior executives. Additional targets include
politicians or celebrities. Whaling is a type of spear phishing attack that
targets high-level executives or other high-value targets within an
organization. These emails are designed to look like they come from a
senior executive, such as the CEO or CFO, and often involve requests for
money transfers or other sensitive information. One advantage of this
attack is that it can be highly lucrative for the attacker, as they can
potentially steal large sums of money or valuable information.

Pharming
Pharming is the impersonation of an authorized website in an effort to
deceive users into entering their credentials. Pharming misdirects users to a
fake website that appears to be official. Victims then enter their personal
information thinking that they are connected to a legitimate site.
Spyware
Spyware is software that enables a criminal to obtain information about a
user’s computer activities. Spyware often includes activity trackers,
keystroke collection, and data capture. In an attempt to overcome security
measures, spyware often modifies security settings. Spyware often bundles
itself with legitimate software or with Trojan horses. Many shareware
websites are full of spyware.
Scareware
Scareware persuades the user to take a specific action based on fear.
Scareware forges pop-up windows that resemble operating system
dialogue windows. These windows convey forged messages stating that
the system is at risk or needs the execution of a specific program to return
to normal operation. In reality, no problems exist, and if the user agrees
and allows the mentioned program to execute, malware infects his or her
system.
Adware
Adware typically displays annoying pop-ups to generate revenue for its
authors. The malware may analyze user interests by tracking the websites
visited. It can then send pop-up advertising relevant to those sites. Some
versions of software automatically install Adware.
Spam
Spam (also known as junk mail) is an unsolicited email. In most cases, spam
is a method of advertising. However, spam can send harmful links,
malware, or deceptive content. The end goal is to obtain sensitive
information such as a social security number or bank account information.
Most spam comes from multiple computers on networks infected by a virus
or worm. These compromised computers send out as many bulk email as
possible.
Password Attack:
Phishing attacks
A phishing attack is by far the most common type of password attack. It
uses a social engineering approach in which the hacker masquerades as a
trustworthy site by giving the victim a malicious link. The victim assumes
they are authenticating to a legitimate web server and clicks the link,
supplying the attacker with their account details.
Brute-force password attacks
The brute-force attack uses trial-and-error approaches to guess a user's
login details. Hackers use automated scripts to run through as many
permutations as possible to guess the user's password successfully. While
this is an old method that involves a lot of patience and effort, a brute force
attack is still used in account breach attempts. This is because it is
automated and relatively simple.
Dictionary password attacks
The dictionary password attack technique employs a prepared list of terms
most likely to be used as passwords by a given target network. The list is
prepared by analyzing a user's behavior patterns and passwords retrieved
from prior data breaches. The lists are generated by altering common word
combinations by case, adding numeric suffixes and prefixes, and employing
common phrases. These lists are then fed into an automate d application,
which attempts to authenticate against a database of known usernames.
Password spraying attack
In password spraying, the hacker attempts to authenticate using the same
password on multiple accounts before resetting the password. This is
effective because most website users use easy passwords, and the practice
doesn't break lockout regulations because it uses many accounts. Attackers
typically orchestrate password spraying on websites where administrators
specify a uniform default password for new users and unregistered
accounts.
Keylogging
During a keylogging attack, a hacker installs monitoring tools on the user's
computer to record the keys the user presses secretly. A keylogger collects
all information that users enter into input fields, and transfers it to a
malicious third party. While keyloggers are often used in workplace
settings, attackers utilize them maliciously to acquire information such as
login credentials for unauthorized access.

Malware Attack:
Malware attacks are any type of malicious software designed to cause
harm or damage to a computer, server, client or computer network and/or
infrastructure without end-user knowledge.

• Virus: When a computer virus is executed, it can replicate itself by

modifying other programs and inserting its malicious code. It is the
only type of malware that can “infect” other files and is one of the
most difficult types of malware to remove.
• Worm: A worm has the power to self-replicate without end-user
involvement and can infect entire networks quickly by moving from
one machine to another.
• Trojan: Trojan malware disguises itself as a legitimate program,
making it one of the most difficult types of malware to detect. This
type of malware contains malicious code and instructions that, once
executed by the victim, can operate under the radar. It is often used
to let other types of malware into the system.
• Hybrid malware: Modern malware is often a “hybrid” or combination
of malicious software types. For example, “bots” first appear as
Trojans then, once executed, act as worms. They are frequently used
to target individual users as part of a larger network-wide cyber-
attack.
• Adware: Adware serves unwanted and aggressive advertising (e.g.,
pop-up ads) to the end-user.
 • Spyware: Spyware spies on the unsuspecting end-user, collecting
credentials and passwords, browsing history and more.
• Ransomware: Ransomware infects machines, encrypts files and holds
the needed decryption key for ransom until the victim pays.
Ransomware attacks targeting enterprises and government entities
are on the rise, costing organizations millions as some pay off the
attackers to restore vital systems. Cyptolocker, Petya and Loky are
some of the most common and notorious families of ransomware.

Hackers:
A hacker is an individual who uses computer, networking or other skills to
overcome a technical problem. The term also may refer to anyone who uses
their abilities to gain unauthorized access to systems or networks in order
to commit crimes. A hacker may, for example, steal information to hurt
people via identity theft or bring down a system and, often, hold it hostage
in order to collect a ransom.
The term hacker has historically been a divisive one, sometimes being used
as a term of admiration for individuals who exhibit a high degree of skill
and creativity in their approach to technical problems. However, the term is
also commonly applied to individuals who use this skill for illegal or
unethical purposes.
Hacker was first used in the 1960s to describe a programmer or an
individual who, in an era of highly constrained computer capabilities, could
increase the efficiency of computer code in a way that removed, or hacked,
excess machine code instructions from a program. It has evolved over the
years to refer to someone with an advanced understanding of computers,
networking, programming or hardware.
What is a vulnerability in cybersecurity?
A vulnerability in cybersecurity is a weakness in a host or system, such as a
missed software update or system misconfiguration, that can be exploited
by cybercriminals to compromise an IT resource and advance the attack
path.
Identifying cyber vulnerabilities is one of the most important steps
organizations can take to improve and strengthen their overall
cybersecurity posture.
Common Types of Cyber Vulnerabilities:
When reviewing your company’s cybersecurity posture and approach, it’s
important to realize that cybersecurity vulnerabilities are within the control
of the organization — not the cybercriminal. This is one aspect of the
cybersecurity landscape that enterprises can proactively address and
manage by taking the appropriate action and employing the proper tools,
processes and procedures.

1.Misconfigurations:
Misconfigurations are the single largest threat to both cloud and app
security. Because many application security tools require manual
configuration, this process can be rife with errors and take considerable
time to manage and update.
In recent years, numerous publicly reported breaches started with
misconfigured S3 buckets that were used as the entry point. These errors
transform cloud workloads into obvious targets that can be easily
discovered with a simple web crawler. The absence of perimeter security
within the cloud further compounds the risk associated with
misconfigurations.
To that end, it is important for organizations to adopt security tooling and
technologies and automate the configuration process and reduce the risk of
human error within the IT environment.

2. Unsecured APIs
Another common security vulnerability is unsecured application
programming interfaces (APIs). APIs provide a digital interface that enables
applications or components of applications to communicate with each other
over the internet or via a private network.
APIs are one of the few organizational assets with a public IP address. If
not properly and adequately secured, they can become an easy target for
attackers to breach.
As with misconfigurations, securing APIs is a process prone to human error.
While rarely malicious, IT teams may simply be unaware of the unique
security risk this asset possesses and rely on standard security controls.
Conducting a security awareness training to educate teams on security best
practices specific to the cloud — such as how to store secrets, how to
rotate keys and how to practice good IT hygiene during software
development — is critical in the cloud, just as in a traditional environment.
3. Outdated or Unpatched Software
Software vendors periodically release application updates to either add
new features and functionalities or patch known cybersecurity
vulnerabilities. Unpatched or outdated software often make for an easy
target for advanced cybercriminals. As with system misconfigurations,
adversaries are on the prowl for such weaknesses that can be exploited.
While software updates may contain valuable and important security
measures, it is the responsibility of the organization to update their network
and all endpoints.
Unfortunately, because updates from different software applications can be
released daily and IT teams are typically overburdened, it can be easy to
fall behind on updates and patching, or miss a new release entirely. Failing
to update even one machine can have potentially disastrous consequences
for the organization, providing an attack path for ransomware, malware and
a host of other security threats
To help address this issue, organizations should develop and implement a
process for prioritizing software updates and patching. To the extent
possible, the team should also automate this activity so as to ensure
systems and endpoints are as up to date and secure as possible.

4. Zero-day Vulnerabilities
A zero-day vulnerability refers to a security flaw that has been discovered
by a threat actor but is unknown to the enterprise and software vendor.
The term “zero-day” is used because the software vendor was unaware of
their software vulnerability, and they’ve had “0” days to work on a security
patch or an update to fix the issue; meanwhile it is a known vulnerability to
the attacker.
Zero-day attacks are extremely dangerous for companies because they can
be very difficult to detect. To effectively detect and mitigate zero-day
attacks, a coordinated defense is needed — one that includes both
prevention technology and a thorough response plan in the event of a
cyberattack. Organizations can prepare for these stealthy and damaging
events by deploying a complete endpoint security solution that combines
technologies including next-gen antivirus (NGAV), endpoint detection and
response (EDR) and threat intelligence.
5. Weak or Stolen User Credentials
Many users fail to create unique and strong passwords for each of their
accounts. Reusing or recycling passwords and user IDs creates another
potential avenue of exploitation for cybercriminals.
Weak user credentials are most often exploited in brute force attacks when
a threat actor tries to gain unauthorized access to sensitive data and
systems by systematically trying as many combinations of usernames and
guessed passwords as possible. If successful, the actor can enter the
system and masquerade as the legitimate user; the adversary can use this
time to move laterally, install back doors, gain knowledge about the system
to use in future cyberattacks, and, of course, steal data.
To address this particular cybersecurity vulnerability, organizations should
set and enforce clear policies that require the use of strong, unique
passwords and prompt users to change them regularly. Organizations
should also consider implementing a multifactor authentication (MFA)
policy, which requires more than one form of identification, such as both a
password and a fingerprint or a password and a one-time security token, to
authenticate the user.

6. Access Control or Unauthorized Access

Companies often grant employees more access and permissions than
needed to perform their job functions. This increases identity-based threats
and expands access to adversaries in the event of a data breach.
To address this issue, organizations should implement the principle of least
privilege (POLP), a computer security concept and practice that gives users
limited access rights based on the tasks necessary to their job. POLP
ensures only authorized users whose identity has been verified have the
necessary permissions to execute jobs within certain systems, applications,
data and other assets.
POLP is widely considered to be one of the most effective practices for
strengthening the organization’s cybersecurity posture, in that it allows
organizations to control and monitor network and data access.

7. Misunderstanding the “Shared Responsibility Model” (i.e., Runtime Threats)

Cloud networks adhere to what is known as the “shared responsibility
model.” This means that much of the underlying infrastructure is secured
by the cloud service provider. However, the organization is responsible for
everything else, including the operating system, applications and data.
Unfortunately, this point can be misunderstood, leading to the assumption
that cloud workloads are fully protected by the cloud provider. This results
in users unknowingly running workloads in a public cloud that are not fully
protected, meaning adversaries can target the operating system and the
applications to obtain access.
Organizations that are using the cloud or shifting to a cloud or hybrid work
environment must update their cybersecurity strategy and tooling to ensure
they are protecting all areas of risk across all environments. Traditional
security measures do not provide security in a cloud environment and must
be supplemented to provide enhanced protection from cloud-based
vulnerabilities and threats.

Injection Attack:
An injection attack is a form of cyberattack in which information is sent to
alter the system’s interpretation of commands. An attacker sends harmful
information to the interpreter during an injection attack. An injection attack
can be done on data from many different places, like environment
variables, parameters, online services, and user types, but not just those.

Types of Injection attacks

Attack type Attack description

Allows an attacker to use an error page returned by the database

Blind SQL server to ask a series of True and False questions using SQL
Injection statements in order to gain total control of the database or
execute commands on the system.
Allows an attacker who does not know the structure of an XML
Blind XPath
document to use methods that attempt to determine the
Injection
structure of the document.
Alters the flow of an application by overwriting parts of memory.
Buffer
Reference: See Buffer overflow attacks for more information
Overflow
about this type of attack.
Alters the flow of an application by using string formatting
Format library features to access other memory space.
String Attack
In this type of attack, data provided by users might be used as
Attack type Attack description

formatting string input for certain C/C++ functions (for

example: fprintf, printf, sprintf, setproctitle, syslog).

Exploits web sites that construct LDAP (Lightweight Directory

Access Protocol) statements from data provided by users.

LDAP
In this type of attack, an attacker might modify LDAP statements
Injection
using a local proxy in order to execute arbitrary commands
(granting permissions to unauthorized queries) or modify the
content of the LDAP tree.
Exploits web sites by injecting an operating system command through an
HTTP request to the web application.
OS
Commanding
In this type of attack, an attacker might upload malicious programs or obtain
passwords.
Takes advantage of the SQL syntax to inject commands that can read or
modify a database, or compromise the meaning of the original SQL query.
SQL Injection
In this type of attack, an attacker can spoof identity; expose, tamper,
destroy, or make existing data unavailable; become the Administrator of the
database server.
Allows an attacker to send code to a web application, which will later be
executed locally by the web server.
SSI Injection
In this type of attack, an attacker exploits the failure of the web application
to filter data provided by users before it inserts that data into a server -side
interpreted HTML file.
Exploits web sites that allow an attacker to inject data into an application in
order to execute XPath queries. (XPath is a query language that describes
how to locate specific elements, such as attributes or processing
XPath
instructions in an XML document.)
Injection
In this type of attack, the attacker might be able to bypass authentication or
access information without needing proper authorization.

What is sensitive data exposure?

Sensitive data exposure refers to the accidental or deliberate disclosure of
critical information such as personally identifiable information (PII),
payment card information (PCI), electronic protected health information
(ePHI), and intellectual property (IP). Organizations with inadequate data
protection measures create vulnerabilities within the system, leading to
sensitive data exposure.
Sensitive data exposure differs from a data breach, where malicious entities
exploit vulnerabilities to carry out attacks intended to steal, misuse, or
destroy sensitive personal data.
What causes sensitive data exposure?
Regardless of whether the data is in storage or in transit, its exposure can
always be traced back to one of the following root causes:

1. No encryption or weak encryption

Applications, NAS devices, database servers, and other repositories that
are unencrypted or have weak encryption protocols are vulnerable to data
exposure. In such cases, attackers can view vital information readily or
crack the weak encryption in place easily.

2. Insecure passwords
When user credentials are stored as plain-text documents without being
hashed and salted, they can be easily misused. Hashing and salting convert
passwords to cipher texts that are difficult to decipher.

3. Unsecure webpages
Web applications and cloud storage with misconfigured SSL/HTTPS
security protocols can lead to data being uploaded or downloaded without
any encryption. Such unencrypted data in transit can be easily intercepted
and exposed.

4. Poor access controls

Providing excessive permissions to users who don't need them and a lack
of visibility into who has access to what files, empowers users to access
and share data without any accountability.

5. Misconfiguration errors
Applications' default permissions settings are meant for maximum
usability, not security. When administrators fail to update the settings
according to their data security requirements or miss security updates, it
can lead to data exposure.

Breach in authentication protocol

There is a growing demand for different types of user Authentication
"Technologies" is the correct spelling of the word. Please let me know if
you have any questions or if you need further assistance. for both online
and in physical stores the motivation to authenticate users ranges from
access control reasons to business development purposes like adding e-
commerce elements. Organizations need to understand that passwords are
not the only way to authenticate users. There is a wide variety of
authentication technologies and an even greater range of activities that
require authentication methods.
Authentication protocols form the backbone of secure systems, ensuring
that only authorized users gain access to sensitive information or resources.
However, despite their fundamental role, these protocols are not immune
to vulnerabilities. Breaches in authentication protocols pose significant risks
to data integrity, confidentiality, and system reliability. This article delves
into the intricacies of authentication protocol breaches, their implications,
common vulnerabilities, and strategies to mitigate such risks.

Authentication Protocols:
Authentication protocols serve as the gatekeepers that validate a user's
identity before granting access. These protocols encompass various
methods such as passwords, biometrics, tokens, multi-factor authentication
(MFA), and cryptographic keys. The primary goal is to ensure that
individuals accessing a system are who they claim to be.

Common Types of Authentication Protocol Breaches:

Password-Based Attacks: Brute-force attacks, dictionary attacks, and
phishing are common methods used to breach password-based
authentication. Weak passwords, password reuse, and inadequate
password management exacerbate this vulnerability.

Man-in-the-Middle (MITM) Attacks: Attackers intercept communication

between two parties and can manipulate or eavesdrop on the
authentication process. This allows them to steal credentials or inject
malicious code.

Replay Attacks: In this scenario, an attacker intercepts valid authentication

data and reuses it to gain unauthorized access. These attacks exploit
weaknesses in protocols that don’t use measures to prevent reused data.

Credential Stuffing: Attackers leverage leaked username-password

combinations obtained from other breaches to gain unauthorized access to
other systems, exploiting users who reuse credentials across platforms.

Implications of Authentication Protocol Breaches

The consequences of authentication protocol breaches can be severe,
leading to:

Data Breaches: Unauthorized access can compromise sensitive information,

leading to data leaks or theft, resulting in financial losses and reputational
damage.

Service Disruption: Breaches can disrupt services or operations, causing

downtime and affecting user trust and satisfaction.

Regulatory Non-Compliance: Breaches may violate data protection laws and

regulations, leading to legal consequences and penalties.

Types of Hackers:

White hat: A white hat hacker refers to a person who uses their hacking
ability to find security vulnerabilities in software, hardware, or networks.
A white hat hacker is different from a black hat hacker. Both black and
white hats hack systems, but white hat hackers do it solely for the
purposes of benefiting the organization for which they work.

What is White Hat Hacking?

White hat hackers engage in ethical hacking because they use their skills to
help improve cybersecurity. White hat markets are alive and well because
these hackers are in demand. White hats are often referred to as security
researchers and act as independent contractors to help an organization
tighten its cybersecurity. Some companies employ white hat hackers to
work within their company to constantly try to hack their system, exposing
vulnerabilities and preventing more dangerous attacks.
White hat hackers also take on the role of penetration testers as they test
how easily a system can be infiltrated by a black hat hacker. This may
involve looking for encryption backdoors that hackers could use to bypass
encryption meant to protect the network or its communications.
A white hat hacker can also be considered an IT security engineer or a
network security analyst because they help conceive and implement
security solutions.

Black hat: A black hat is a computer hacker who violates laws or typical
ethical standards for nefarious purposes, such as cybercrime, cyberwarfare
or malice.
Black hat hackers are criminals who break into computer networks with
malicious intent. They may also release malware that destroys files, holds
computers hostage, or steals passwords, credit card numbers, and other
personal information.
Black hats are motivated by self-serving reasons, such as financial gain,
revenge, or simply to spread havoc. Sometimes their motivation might be
ideological, by targeting people they strongly disagree with.

What is Black Hat Hacking?

Black hat hacking refers to the intrusion into an IT system for malicious
reasons. These are the bad guys you imagine hacking into mainframes on
TV. However, it’s less entertaining in reality.
Black hat hacking makes use of ransomware, malware, and other tactics to
break through a system’s defenses. The black hat hackers can then access,
steal, and leverage the data found. Some of their techniques involve social
engineering, botnets, DDoS attacks, spyware, and more.
The data is usually sold on the dark web, used to extort a ransom, or
simply destroyed. Hacking has become a global issue as technology
evolved. The tools and techniques used in black hat hacking have become
sophisticated and difficult to detect – let alone defend against.
 Unit :5
Ethical Hacker
Ethical hackers Also known as “white hats,” ethical hackers are security
experts that perform these security assessments. The proactive work they
do helps to improve an organization's security posture. With prior approval
from the organization or owner of the IT asset, the mission of ethical
hacking is opposite from malicious hacking.

Ethical Hacker Roles and Responsibilities:

Ethical Hackers Responsibilities Role:
• In-depth Knowledge of Security: Ethical hackers should be well
versed with potential threats and vulnerabilities that can hack
organizational systems. Ethical hackers are hired by organizations
for their expertise skills and quick resolution to security
vulnerabilities. They should be cyber security professionals having
knowledge of the computer systems, network and security.
• Think like Hackers: The primary role of Ethical hackers is to attack
the system like hackers, without adopting authorized methods.
They are supposed to think like hackers who want to steal
confidential data /information. Ethical hackers look for areas that
are most likely to be attacked and the different ways in which
attack can take place.
• In-depth Knowledge of the Organization they intend to provide
Service: Ethical hackers should be well versed with the services of
the functional working of the organization they are associated
with. It should have the knowledge about the information that is
extremely safe and needs to be protected. Ethical hackers should
be capable of finding the attack methods for accessing the
sensitive content of the organization.
Ethical Hackers Responsibilities:
• Hacking their own Systems: Ethical hackers hack their own systems
to find potential threats and vulnerabilities. They are hired to find
vulnerabilities of the system before they are discovered by
hackers.
• Diffuse the intent of Hackers: Ethical hackers are hired as a
Precautional Step towards Hackers, who aim at breaching the
security of computers. Vulnerabilities when detected early can be
fixed and safe confidential information from being exposed to
hackers who have malicious intentions.
 • Document their Findings: Ethical hackers must properly document
all their findings and potential threats. The main part of the work
they are hired by the organizations is proper reporting of bugs and
vulnerabilities which are threat to the security.
• Keeping the Confidential Information Safe: Ethical hackers must
oblige to keep all their findings secure and never share them with
others. Under any kind of situation, they should never agree to
share their findings and observations.
• Sign Non-Disclosure Agreements: They must sign confidential
agreements to keep the information they have about the
organizations safe with them. This will prevent them to give -out
confidential information and legal action will be taken against
them if they indulge in any such acts.
• Handle the loopholes in Security: Based on their observations,
Ethical hackers should restore/ repair the security loopholes. This
will prevent hackers from breaching the security of the
organization from attacks.
Benefit of Ethical Hacking:
Ethical hackers are well recognized in their profession for their job of
protecting the system. Below are the advantages of being an ethical
hacker:
• Prevent harmful cyber-attacks.
• Prevent penetration attacks of intruders.
• Find loopholes in the system and repair them with their
expertise.
• Establish security and safety measures within the system.
• Prevent cyber terrorism and hacks from taking place.
Skills require to become Ethical hacker:
Ethical hackers are professionals having immense tech-knowledge about
security and safety of computer systems, operating systems, networking.
They are required to have excellent hacking skills and prevent threats
from harming the computer systems. Some of basic skills that must every
hacker have include:
• Knowledge about Networking
• Expert in Scripting
• Good hands-on programming
• Exposure to multiple operating systems: Windows, Linux
• Knowledge of the backend database
• Experience with servers and search engines
• Well-versed with available tools in market
Penetration testing concepts:
Penetration testing (or pen testing) is a security exercise where a cyber -
security expert attempts to find and exploit vulnerabilities in a computer
system. The purpose of this simulated attack is to identify any weak spots in a
system’s defenses which attackers could take advantage of.
Phases of Ethical hacking:

The process of legal and authorized attempts to discover and successfully

exploiting the computer system in an attempt to make the computer
system more secure is called Ethical Hacking. This process includes a
probe for vulnerability and providing proof of concept (POC) attacks to
visualize that vulnerabilities are actually present in the system. A Good
Penetration tester always provides a specific recommendation to remove
the flaws in the system discovered during the penetration test.
Penetration testing is also known by some other terms like
• Penetration testing
• PT
• Hacking
• Pen Testing
• White Hat Hacking
There is a term called Vulnerability Assessment which is quite similar to
Penetration Testing. Vulnerability Assessment means reviewing services
and systems for security issues. Many people use pen testing and
vulnerability assessment interchangeably for each other but they are not
the same. The penetration testing process is a step ahead of vulnerability
assessment. Vulnerability Assessment only discovers flaws in the system
but PT provides a way to remove those flaws as well.
1. Reconnaissance: This is the first phase where the Hacker tries to collect
information about the target. It may include Identifying the Target, finding
out the target’s IP Address Range, Network, DNS records, etc. Let’s
assume that an attacker is about to hack a websites’ contacts.
He may do so by using a search engine like maltego, researching the
target say a website (checking links, jobs, job titles, email, news, etc.), or a
tool like HTTPTrack to download the entire website for later enumeration,
the hacker is able to determine the following: Staff names, positions, and
email addresses.
2. Scanning: This phase includes the usage of tools like dialers, port
scanners, network mappers, sweepers, and vulnerability scanners to scan
data. Hackers are now probably seeking any information that can help
them perpetrate attacks such as computer names, IP addresses, and user
accounts. Now that the hacker has some basic information, the hacker
now moves to the next phase and begins to test the network for other
avenues of attacks. The hacker decides to use a couple of methods for this
end to help map the network (i.e. Kali Linux, Maltego and find an email to
contact to see what email server is being used). The hacker looks for an
automated email if possible or based on the information gathered he may
decide to email HR with an inquiry about a job posting.
3. Gaining Access: In this phase, the hacker designs the blueprint of the
network of the target with the help of data collected during Phase 1 and
Phase 2. The hacker has finished enumerating and scanning the network
and now decides that they have some options to gain access to the
network.
For example, say a hacker chooses a Phishing Attack. The hacker decides
to play it safe and use a simple phishing attack to gain access. The hacker
decides to infiltrate the IT department. They see that there have been
some recent hires and they are likely not up to speed on the procedures
yet. A phishing email will be sent using the CTO’s actual email address
using a program and sent out to the techs. The email contains a phishing
website that will collect their login and passwords. Using any number of
options (phone app, website email spoofing, Zmail, etc) the hacker sends
an email asking the users to log in to a new Google portal with their
credentials. They already have the Social Engineering Toolkit running and
have sent an email with the server address to the users masking it with a
bitly or tinyurl.
Other options include creating a reverse TCP/IP shell in a PDF
using Metasploit ( may be caught by spam filter). Looking at the event
calendar they can set up an Evil Twin router and try to Man in the Middle
attack users to gain access. A variant of Denial of Service attack, stack-
based buffer overflows, and session hijacking may also prove to be great.
4. Maintaining Access: Once a hacker has gained access, they want to keep
that access for future exploitation and attacks. Once the hacker owns the
system, they can use it as a base to launch additional attacks.
In this case, the owned system is sometimes referred to as a zombie
system. Now that the hacker has multiple e-mail accounts, the hacker
begins to test the accounts on the domain. The hacker from this point
creates a new administrator account for themselves based on the naming
structure and tries and blends in. As a precaution, the hacker begins to
look for and identify accounts that have not been used for a long time.
The hacker assumes that these accounts are likely either forgotten or not
used so they change the password and elevate privileges to an
administrator as a secondary account in order to maintain access to the
network. The hacker may also send out emails to other users with an
exploited file such as a PDF with a reverse shell in order to extend their
possible access. No overt exploitation or attacks will occur at this time. If
there is no evidence of detection, a waiting game is played letting the
victim think that nothing was disturbed. With access to an IT account, the
hacker begins to make copies of all emails, appointments, contacts,
instant messages and files to be sorted through and used later.
5. Clearing Tracks (so no one can reach them): Prior to the attack, the attacker
would change their MAC address and run the attacking machine through
at least one VPN to help cover their identity. They will not deliver a direct
attack or any scanning technique that would be deemed “noisy”.
Once access is gained and privileges have been escalated, the hacker
seeks to cover their tracks. This includes clearing out Sent emails,
clearing server logs, temp files, etc. The hacker will also look for
indications of the email provider alerting the user or possible unauthorized
logins under their account.
Most of the time is spent on the Reconnaissance process. Time spend gets
reduced in upcoming phases. The inverted triangle in the diagram
represents a time to spend in subsequent phases that get reduced.

Areas of penetration testing:

• Network Services:
The main purpose is to identify the most exposed vulnerabilities and
security weaknesses in the network infrastructure (servers, firewalls,
switches, routers, printers, workstations, and more) of an organization
before they can be exploited.
Why Should You Perform A Network Service Penetration Test?
Network penetration tests should be performed to protect your business from
common network-based attacks including:

• Firewall Misconfiguration and Firewall Bypass

• IPS/IDS Evasion Attacks
• Router Attacks
• DNS Level Attacks:
• Zone Transfer Attacks
• Switching Or Routing Based Attacks
• SSH Attacks
• Proxy Server Attacks
• Unnecessary Open Ports Attacks
• Database Attacks
• Man In The Middle (MITM) Attacks
• FTP/SMTP Based Attacks

Given that a network provides mission-critical services to a business, it is

recommended that both internal and external network penetration tests
be performed at least annually. This will provide your business with
adequate coverage to protect against these attack vectors.

• Web Application:
Web application penetration testing is used to discover vulnerabilities or
security weaknesses in web-based applications. It uses different
penetration techniques and attacks with aims to break into the web
application itself.
The typical scope for a web application penetration test includes web
based applications, browsers, and their components such as ActiveX,
Plugins, Silverlight, Scriptlets, and Applets.

These types of tests are far more detailed and targeted and therefore are
considered to be a more complex test. In order to complete a successful
test, the endpoints of every web-based application that interacts with the
user on a regular basis must be identified.

This requires a fair amount of effort and time from planning to executing
the test, and finally compiling a useful report.

The techniques of web application penetration testing are continuously

evolving with time due to the increase in threats coming from web
applications day by day. This threat has expanded greatly since the
outbreak of COVID-19, resulting a 600% increase in cybercrime.

Why Should You Perform A Web Application Penetration Test?

A key reason to perform a web application penetration test is to identify

security weaknesses or vulnerabilities within the web based applications
and its components like Database, Source Code, and the back-end
network.

It also helps by prioritizing the determined weaknesses or vulnerabilities

and provides possible solutions to mitigate them.
In software application development it’s considered best practice to
continuously improve the codebase. Deploying a secure and agile code is
the phrase often used to describe this practice.

Agile code deployment is the preferred method over large batch

deployments, as the more variables introduced into the code in a single
deployment, the more opportunities there are to create bugs or errors
leading to security vulnerabilities.
As a result, technical debt forms, where developers gradually spend more
time implementing fixes to problems then they do develop new features
or updates.

In contrast, agile methodologies use a sandbox environment (a duplicate

copy of the codebase) to test code functionality and usability prior to
launching into production. If the deployment is unsuccessful, developers
can easily single out the change and roll the code back to previous version
history.

The trick is balancing daily code deployment with security in mind.

It’s not uncommon for enterprise software companies to employ pen

testers to continuously test their code. Google, as well as other tech
giants, offer a reward for finding and reporting on vulnerabilities within
their applications.

• Client Side:
Client side penetration testing is used to discover vulnerabilities or
security weaknesses in client side applications.

These could be a program or applications such as Putty, email clients,

web browsers (i.e. Chrome, Firefox, Safari, etc.), Macromedia Flash, and
others. Programs like Adobe Photoshop and the Microsoft Office Suite are
also subject to testing.
Why Should You Perform A Client-Side Penetration Test?
Client-side tests are performed to identify specific cyber-attacks including:
• Cross-Site Scripting Attacks
• Clickjacking Attacks
• Cross-Origin Resource Sharing (CORS)
• Form Hijacking
• HTML Injection
• Open Redirection
 • Malware Infection
• Wireless

Wireless penetration tests are typically performed onsite as the pen

tester needs to be in range of the wireless signal to access it.
Alternatively, a NUC and WiFi Pineapple can be deployed onsite to
remotely perform the test.
Why Should You Perform A Wireless Penetration Test?
Wireless communications are an invisibly running service that allows data
to flow in and out of the network. Therefore, this wireless network must
be secured from any weaknesses like unauthorized access or data
leakage.

Before performing a wireless penetration test you should consider the

following:

• Have all access points been identified and how many use poor encryption
methods?
• Is the data flowing in and out of the network encrypted and if so, how?
• Are there monitoring systems in place to identify unauthorized users?
• Is there any possibility the IT team could have misconfigured or duplicated a
wireless network?
• What are the current measures in place to protect the wireless network?
• Are all wireless access points using WPA protocol?

• Social Engineering:
Social engineering penetration testing is where a malicious actor attempts
to persuade or trick users into giving them sensitive information, such as a
username and password.
Common types of social engineering attacks used by pen testers include:
• Phishing Attacks
• Vishing
• Smishing
• Tailgating
• Imposters (i.e. Fellow Employees, External Vendors, or
Contractors)
• Name Dropping
• Pre-texting
• Dumpster Diving
• Eavesdropping
• Gifts
Why Should You Perform Social Engineering Tests?
According to recent statistics, 98% of all cyber-attacks rely on social
engineering. This is because internal users are one of the biggest threats
to a network’s security and due to how lucrative the scams are.
Social engineering tests and awareness programs have proven to be one
of the most effective methods of mitigating an attack.
For example, KnowBe4, the popular email phishing platform, simulates an
email phishing attack. When the user clicks on the link, they’re taken to a
page that informs them that it was a phishing test.
• Physical Penetration Testing:
Physical penetration testing simulates a real-world threat whereby a pen
tester attempts to compromise physical barriers to access a business’s
infrastructure, building, systems, or employees.

Why Should You Perform A Physical Penetration Test?

Physical barriers are often an afterthought for most businesses, however,
if a malicious actor is able to gain physical access to your server room
then they could own your network. Imagine the impact that might have on
your business, on your customers, as well as business partnerships.

The primary benefit of a physical penetration test is to expose

weaknesses and vulnerabilities in physical controls (locks, barriers,
cameras, or sensors) so that flaws can be quickly addressed. Through
identifying these weaknesses proper mitigations can be put in place to
strengthen the physical security posture.

Are you ready to work together? Get a no-obligation consultation to meet

your penetration testing needs.
SQL Injection:
SQL injection is a code injection technique that might destroy your
database. SQL injection is one of the most common web hacking
techniques. SQL injection is the placement of malicious code in SQL
statements, via web page input.
Concepts of SQL Injection:
SQL injection is a technique used to extract user data by injecting web
page inputs as statements through SQL commands. Basically, malicious
users can use these instructions to manipulate the application’s web
server.
1. SQL injection is a code injection technique that can compromise your

database.
 2. SQL injection is one of the most common web hacking techniques.
3. SQL injection is the injection of malicious code into SQL statements
via web page input.

Types of SQL Injection:

1. Error-Based SQL Injections:

Error-based SQL Injections obtain information about the database
structure from error messages issued by the database server. In rare
circumstances, an attacker may enumerate an entire database using only
error-based SQL injection.
Example:
In SQL Injections labs, if you type ?id=1 in the URL and press enter, it
gives you the login name and password.
2. Union-Based SQL Injections:
Union-based SQL Injections use the UNION SQL operator to aggregate
the results of two or more SELECT queries into a single result, which is
subsequently returned as part of the HTTP response.
Query:
SELECT EMP_ID, EMP_DOJ FROM EMP
UNION SELECT dept_ID, dept_Name FROM dept;
This SQL query will produce a single result set with two columns,
including values from EMP columns EMP_ID and EMP_DOJ and dept
columns dept_ID and dept_Name.
Two important needs must be met for a UNION query to function:
o Each query must return the same number of columns.
o The data types must be the same, i.e., it is not changed after
query execution.
To determine the no of columns required in an SQL injection UNION
attack, we will Inject a sequence of ORDER BY clauses and increment the
provided column index until an error is encountered.

3. Blind Boolean-based SQL Injections:

Boolean-based SQL Injection works by submitting a SQL query to the
database and forcing the application to produce a different response
depending on whether the query returns TRUE or FALSE.
Example:
In SQL Injections LABS if we type ?id=1 in the browser URL, the query
that will send to the database.
When an attacker tries to use a comma (‘) ?id=1’ to break this query, he
will not be able to find an error notice using any other method also.
Furthermore, if the attacker attempts to inject an incorrect query, as
illustrated in the figure, the yellow text will vanish.
The attacker will next use blind SQL injection to ensure that the inject
query returns a true or false result.
As a result, it confirms that the web application is vulnerable to blind SQL
injection. We will get database information using true and false
conditions.
Now, we will inject the following query, which will question whether the
length of the database string is equal to 1, and it will respond by
returning TRUE or FALSE via the text “you are in.”

4. Blind Time-Based SQL Injections:

Time-based SQL Injection works by sending a SQL query to the database
and forcing it to wait for a predetermined length of time (in seconds)
before answering. The response time will tell the attacker if the query
result is TRUE or FALSE.
Depending on the outcome, an HTTP response will either be delayed or
returned immediately. Even though no data from the database is returned,
an attacker can determine if the payload used returned true or false.
Because an attacker must enumerate a database character by character,
this attack is often slow (particularly on big databases).
Concepts of Firewall:
A Firewall is a network security device that monitors and filters incoming
and outgoing network traffic based on an organization's previously
established security policies. At its most basic, a firewall is essentially the
barrier that sits between a private internal network and the public
Internet.
A firewall decides which network traffic is allowed to pass through and
which traffic is deemed dangerous. Essentially, it works by filtering out
the good from the bad, or the trusted from the untrusted. However, before
we go into detail, it helps to understand the structure of web-based
networks.
Firewalls are intended to secure private networks and the endpoint
devices within them, known as network hosts. Network hosts are devices
that ‘talk’ with other hosts on the network. They send and receive
between internal networks, as well as outbound and inbound between
external networks.
Computers and other endpoint devices use networks to access the
internet and each other. However, the internet is segmented into sub-
networks or 'subnets' for security and privacy. The basic subnet segments
are as follows:
1. External public networks typically refer to the public/global internet or
various extranets.
2. Internal private network defines a home network, corporate intranets,
and other ‘closed’ networks.
3. Perimeter networks detail border networks made of bastion hosts —
computer hosts dedicated with hardened security that are ready to
endure an external attack. As a secured buffer between internal and
external networks, these can also be used to house any external-
facing services provided by the internal network (i.e., servers for
web, mail, VoIP, etc.). These are more secure than external
networks but less secure than internal. These are not always
present in simpler networks like home networks but may often be
used in organizational or national intranets.
Types of Firewall:
Different types of firewalls incorporate varied methods of filtering. While
each type was developed to surpass previous generations of firewalls,
much of the core technology has passed between generations.
Firewall types are distinguished by their approach to:
 1. Connection tracking
2. Filtering rules
3. Audit logs
Each type operates at a different level of the standardized
communications model, the Open Systems Interconnection model
(OSI). This model gives a better visual of how each firewall interacts with
connections.
Static Packet-Filtering Firewall
Static packet-filtering firewalls, also known as stateless inspection
firewalls, operate at the OSI network layer (layer 3). These offer basic
filtering by checking all individual data packets sent across a network,
based on where they're from and where they're attempting to go. Notably,
previously accepted connections are not tracked. This means each
connection must be re-approved with every data packet sent.
Filtering is based on IP addresses, ports, and packet protocols. These
firewalls, at the bare minimum, prevent two networks from directly
connecting without permission.
Rules for filtering are set based on a manually created access control list.
These are very rigid and it is difficult to cover unwanted traffic
appropriately without compromising network usability. Static filtering
requires ongoing manual revision to be used effectively. This can be
manageable on small networks but can quickly become difficult on larger
ones.
Inability to read application protocols means the contents of a message
delivered within a packet cannot be read. Without reading the content,
packet-filtering firewalls have a limited quality of protection.
Circuit-Level Gateway Firewall
Circuit-level gateways operate on the session level (layer 5). These
firewalls check for functional packets in an attempted connection, and —if
operating well—will permit a persistent open connection between the
two networks. The firewall stops supervising the connection after this
occurs.
Aside from its approach to connections, the circuit-level gateway can be
similar to proxy firewalls.
The ongoing unmonitored connection is dangerous, as legitimate means
could open the connection and later permit a malicious actor to enter
uninterrupted.

Stateful Inspection Firewall

Stateful inspection firewalls, also called dynamic packet-filtering
firewalls, are unique from static filtering in their ability to monitor ongoing
connections and remember past ones. These began by operating on the
transport layer (layer 4) but nowadays, these firewalls can monitor many
layers, including the application layer (layer 7).
Like the static filtering firewall, stateful inspection firewalls allow or block
traffic based on technical properties, such as specific packet protocols, IP
addresses, or ports. However, these firewalls also uniquely track, and
filter based on the state of connections using a state table.
This firewall updates filtering rules based on past connection events
logged in the state table by the screening router.
Generally, filtering decisions are often based on the administrator's rules
when setting up the computer and firewall. However, the state table
allows these dynamic firewalls to make their own decisions based on
previous interactions it has ‘learned’ from. For example, traffic types that
caused disruptions in the past would be filtered out in the future. Stateful
inspection's flexibility has cemented it as one of the most ubiquitous types
of shields available.
Proxy Firewall
Proxy Firewalls, also known as application-level firewalls (layer 7), are
unique in reading and filtering application protocols. These combine
application-level inspection, or ‘deep packet inspection (DPI),’ and stateful
inspection.
A proxy firewall is as close to an actual physical barrier as it's possible to
get. Unlike other types of firewalls, it acts as an additional two hosts
between external networks and internal host computers, with one as a
representative (or ‘proxy’) for each network.
Filtering is based on application-level data rather than just IP addresses,
ports, and basic packet protocols (UDP, ICMP) like in packet-based
firewalls. Reading and understanding FTP, HTTP, DNS, and other
protocols allow for more in-depth investigation and cross-filtering for
many different data traits.
Similar to a guard at a doorway, it essentially looks at and evaluates
incoming data. If no problem is detected, the data is allowed to pass
through to the user.
The downside to this kind of heavy security is that it sometimes interferes
with incoming data that isn't a threat, leading to functionality delays.
Next-Generation Firewall (NGFW)
Evolving threats continue to demand more intense solutions, and next-
generation firewalls stay on top of this issue by combining the features of
a traditional firewall with network intrusion prevention systems.
Threat-specific next-generation firewalls are designed to examine and
identify specific threats, such as advanced malware, at a more granular
level. More frequently used by businesses and sophisticated networks,
they provide a holistic solution to filtering out threats.
Hybrid Firewall
As implied by the name, hybrid firewalls use two or more firewall types in
a single private network.
Working, Advantages and Importance of Firewall
How Does a Firewall Work?
As mentioned previously, firewalls filter the network traffic within a
private network. It analyses which traffic should be allowed or restricted
based on a set of rules. Think of the firewall like a gatekeeper at your
computer’s entry point which only allows trusted sources, or IP addresses,
to enter your network.
A firewall welcomes only those incoming traffic that has been configured
to accept. It distinguishes between good and malicious traffic and either
allows or blocks specific data packets on pre-established security rules.
These rules are based on several aspects indicated by the packet data,
like their source, destination, content, and so on. They block traffic coming
from suspicious sources to prevent cyberattacks.
For example, the image depicted below shows how a firewall allows good
traffic to pass to the user’s private network.

However, in the example below, the firewall blocks malicious traffic from
entering the private network, thereby protecting the user’s network from
being susceptible to a cyberattack.
This way, a firewall carries out quick assessments to detect malware and
other suspicious activities.
There are different types of firewalls to read data packets at different
network levels. Now, you will move on to the next section of this tutorial
and understand the different types of firewalls.
Why Are Firewalls Important?
Firewalls are designed with modern security techniques that are used in a
wide range of applications. In the early days of the internet, networks
needed to be built with new security techniques, especially in the client-
server model, a central architecture of modern computing. That's where
firewalls have started to build the security for networks with varying
complexities. Firewalls are known to inspect traffic and mitigate threats to
the devices.
Key Uses of Firewalls
➢ Firewalls can be used in corporate as well as consumer settings.
➢ Firewalls can incorporate a security information and event
management strategy (SIEM) into cybersecurity devices concerning
modern organizations and are installed at the network perimeter of
organizations to guard against external threats as well as insider
threats.
➢ Firewalls can perform logging and audit functions by identifying
patterns and improving rules by updating them to defend the
immediate threats.
➢ Firewalls can be used for a home network, Digital Subscriber Line
(DSL), or cable modem having static IP addresses. Firewalls can
easily filter traffic and can signal the user about intrusions.
➢ They are also used for antivirus applications.
➢ When vendors discover new threats or patches, the firewalls update
the rule sets to resolve the vendor issues.
➢ In-home devices, we can set the restrictions using
Hardware/firmware firewalls.
Advantages of Using Firewalls
Now that you have understood the types of firewalls, let us look at the
advantages of using firewalls.
➢ Firewalls play an important role in the companies for security
management. Below are some of the important advantages of using
firewalls.
➢ It provides enhanced security and privacy from vulnerable services.
It prevents unauthorized users from accessing a private network
that is connected to the internet.
➢ Firewalls provide faster response time and can handle more traffic
loads.
➢ A firewall allows you to easily handle and update the security
protocols from a single authorized device.
➢ It safeguards your network from phishing attacks.