Cyber seCurity(105713)

solved by deepak kr pyq solution 2021

q.1. Choose the correct answer of from any seven of the following :
(a) An attempt to harm, damage or cause threat to a system or network is
broadly termed as :-
(i) Cyber crime
(ii) Cyber attack
(iii) system hijacking
(iv) digital crime
Correct answer is (ii)
(b) Which one of the following algorithms is not used in asymmetric
cryptography?
(i) RSA algorithm
(ii) Diffie-Hellman algorithm
(iii) Electronic code book algorithm
(iv) DSA algorithm
Correct answer is (iii)
(c) Trojan horse is
(i) A program that performs legitimate function that is known to an
operating system or its user and also has a hidden component that can be
used for nefarious purposes like attacks on message security or
impersonation key
(ii) a program that spreads to other computer systems by exploiting security
holes like weaknesses in facilities for creation of remote processes
(iii) All of the above
(iv) None of the above
Correct answer is (iii)
(d) What are the elements of cyber security?
(i) Network security
(ii) Operational security
(iii) Application security
(iv) All of the above
Correct answer is (iv)
(e) What is unauthorized movement of data?
(i) Data cracking
(ii) Data exfiltration
(iii) Data infiltration
(iv) Database hacking
Correct answer is (ii)
(f) Related to information security, confidentiality is the opposite of which
of the following?
(i) Closure
(ii) Disclosure
(iii) Disaster
(iv) Disposal
Correct answer is (ii)
(g) Which of the following is a proper acquisition technique?
(i) Disk to image
(ii) Disk to disk
(iii) Sparse acquisition
(iv) All of the above
Correct answer is (iv)
(h) Traditional crimes that became easier or more widespread
because of telecommunication networks and powerful PCs
include all of the following, except
(i) money laundering
(ii) illegal drug distribution
(iii) DoS attacks
(iv) child pornography
Correct answer is (iii)
(i) When a forensic copy is made, in what format are the
contents of the hard drive stored?
(i) As bootable files
(ii) As executable files
(iii) As operating system files
(iv) As compressed images
Correct answer is (iv)
(j) Which of the following is not a type of peer-to-peer cyber
crime?
(i) MITM
(ii) Injecting Trojans to a target victim
(iii), Credit card details leak in the deep web
(iv) Phishing
Correct answer is (i)
 2- (a) Differentiate between vulnerability, threat and attack
with the use of suitable examples for each.
Ans:- There are the following difference between vulnerability, threat and attack.
Aspect Vulnerability Threat Attack
Weakness or flaw in a Potential danger that Actual action or attempt to
system's security could exploit a exploit a vulnerability in a
defences that could be vulnerability to breach system or network to
exploited by a threat security and cause compromise security or
Definition actor. harm. cause damage.
Malware, hackers,
Unpatched software, disgruntled Phishing emails, SQL
misconfigured settings, employees, natural injection, DDoS attacks,
Example weak passwords. disasters. ransomware.
Passive state, inherent Active, external to the Active, malicious intent
to the system or system but poses a risk aimed at exploiting
Nature process. to it. vulnerabilities.
Could lead to Represents the Results in security
unauthorized access, possibility of harm if a breaches, data theft,
data breaches, or vulnerability is system compromise, or
Outcome system failures. exploited. disruption of services.
Patching software, Risk assessment, Intrusion detection
implementing security threat modelling, systems, firewalls, antivirus
protocols, regular implementing security software, security
Mitigation security audits. controls. awareness training.
Identifying and
prioritizing Assessing the
vulnerabilities based on likelihood and Developing response plans,
severity and potential potential impact of incident handling, and
Management impact. threats on the system. recovery procedures.
Understanding Recognizing threats
vulnerabilities helps in allows organizations to Defending against attacks
proactively securing anticipate and is crucial to maintaining the
systems and preventing mitigate risks integrity and availability of
Importance breaches. effectively. systems and data.
2.(b) Explain with the help of example the information gathering
(social engineering, foot printing and scanning).

Ans:- Information gathering is the initial phase of many cyberattacks.

Attackers use various techniques to learn about their target before launching
an assault. Here's a breakdown of three common methods with examples:

1. Social Engineering:

 Description: Manipulating people to reveal confidential information or

perform actions that compromise security.
 Example: An attacker calls a company employee, pretending to be from
IT support. They trick the employee into revealing their login credentials
by claiming to diagnose a network issue.

2. Footprinting:

 Description: Gathering information about a target organization or

network passively (without interacting with it) or actively (through
interactions that don't reveal malicious intent).
 Example (Passive): An attacker searches the company website, social
media profiles, and news articles to learn about its employees,
departments, and security practices.
 Example (Active): An attacker uses online tools to discover the
company's IP address range, identify active servers, and potentially map
out the network structure.

3. Scanning:

 Description: Using automated tools to actively probe a target network or

system for vulnerabilities.
 Example: An attacker launches a port scan to identify open ports on the
target network, which might reveal services running and potential
weaknesses. They might also use vulnerability scanners to find known
security holes in specific software versions.
How these Techniques Work Together:

Imagine a thief planning a heist:

1. Social Engineering: They might call the bank, pretending to be a

customer, to gather information about security procedures and
employee names.
2. Footprinting: They might visit the bank's website to learn about its
layout, cameras, and access points.
3. Scanning: They might use tools to scan the bank's security system for
weaknesses or try to find unlocked doors with electronic scanners.

By combining these techniques, attackers build a comprehensive picture of

their target, making it easier to find and exploit vulnerabilities.

3. Describe some working of the following tools with the help of examples :

(a) Nmap

(b) Zenmap

(c) Port scanner

Ans:- (a) Nmap: Nmap (Network Mapper) is a powerful open-source tool used
for network discovery and security auditing. It is designed to scan networks,
discover hosts, services running on those hosts, and various information
related to network configuration. Here's how Nmap works and an example of
its usage:

Working of Nmap:

1. Host Discovery: Nmap begins by sending ICMP echo requests (ping) to

determine which hosts are online. It also uses other methods like ARP
requests and TCP SYN scans.
2. Port Scanning: After identifying live hosts, Nmap proceeds to scan the
ports on those hosts to determine which services are running and which
ports are open or closed.
3. Service Version Detection: Nmap probes the open ports to determine
the version of services running on those ports. This helps in identifying
vulnerabilities associated with specific service versions.
 4. Operating System Detection: Nmap can also attempt to identify the
operating system of the target hosts based on various characteristics
observed during the scan.

Example: nmap -v -sS 192.168.1.1

This command performs a TCP SYN scan (-sS) on the host with IP address
192.168.1.1, displaying verbose output (-v).

(b) Zenmap: Zenmap is the graphical frontend for Nmap. It provides an

intuitive interface for users to perform network scans and visualize the results
obtained from Nmap. Zenmap offers various features that simplify the process
of network discovery and analysis.

Working of Zenmap:

1. User Interface: Zenmap provides a user-friendly graphical interface for

configuring and launching Nmap scans. It allows users to specify scan
options, target hosts, and scan types using dropdown menus and
checkboxes.
2. Scan Profiles: Zenmap offers predefined scan profiles for common
scanning tasks, such as Quick Scan, Intense Scan, and Ping Scan. Users
can choose a profile based on their requirements and customize it as
needed.
3. Scan Results Visualization: Zenmap displays the results of Nmap scans in
an organized and visually appealing manner. It presents information
such as open ports, services, operating systems, and scan statistics in
tabular and graphical formats.
4. Interactive Map: Zenmap includes a network topology map that
visualizes the relationships between hosts and their interconnectedness.
This map helps users understand the layout of the network and identify
potential security issues.

Example: After launching Zenmap, users can input the target IP addresses or
ranges, select scan options and profiles, and initiate the scan with a single click.
The results are then displayed in the interface, allowing users to analyse the
findings and take appropriate actions.

(c) Port Scanner: A port scanner is a software tool used to identify open ports
on a target system or network. It works by sending network packets to specific
port numbers on a target host and analysing the responses received. Port
scanners are commonly used for security auditing, network monitoring, and
troubleshooting network connectivity issues.

Working of Port Scanner:

1. Port Range Specification: Port scanners allow users to specify a range of

port numbers to scan. This range can be customized based on the user's
requirements, such as scanning all ports, a specific range of ports, or
common ports associated with certain services.
2. Connection Establishment: The port scanner attempts to establish a
connection with each port in the specified range by sending TCP SYN,
TCP connect, or UDP packets, depending on the scanning technique
used.
3. Response Analysis: Upon receiving a response from a port, the port
scanner analyses the response to determine whether the port is open,
closed, or filtered by a firewall. Open ports indicate that a service is
actively listening for connections on that port.
4. Reporting: Port scanners generate reports summarizing the results of
the scan, including a list of open ports, their associated services, and
additional information such as service banners and version numbers.

Example: nmap -p 1-100 192.168.1.1

This command performs a port scan on the host with IP address 192.168.1.1,
scanning ports 1 to 100. The output will display the status of each scanned
port, indicating whether it is open, closed, or filtered.

4.(a) Describe how a man-in-the-middle attack may be performed

on a Wi-Fi network and the consequences of such an attack.

Ans:- A man-in-the-middle attack on a Wi-Fi network disrupts the usual

communication flow, allowing an attacker to eavesdrop on data or manipulate
it in transit. Here's a breakdown of how it works:

The Setup:
 1. Malicious Hotspot: The attacker creates a fake Wi-Fi network with a
name similar to a legitimate one (e.g., "Coffee Shop Free Wi-Fi_2"). This
entices unsuspecting users to connect.
2. Traffic Interception: Once a user connects to the fake hotspot, the
attacker's device acts as a middleman between the user's device and the
real internet. All data traffic (web browsing, emails, messages) flows
through the attacker's device.

The Deception:

1. Packet Sniffing: The attacker uses tools to capture data packets traveling
between the user's device and the internet. These packets might contain
sensitive information like login credentials, credit card details, or
personal messages.
2. HTTPS Spoofing (Optional): For secure websites using HTTPS, the
attacker might attempt to fool the user's device by presenting a fake SSL
certificate. This creates a false sense of security while the attacker
intercepts encrypted data (though decryption is more complex).

Consequences of a MitM Attack:

 Data Theft: Login credentials, credit card details, emails, and other
sensitive information can be stolen from intercepted packets.
 Session Hijacking: If the attacker captures a valid session cookie, they
might be able to hijack the user's session on a website or application,
impersonating the user and potentially gaining access to accounts.
 Malware Injection: The attacker might inject malicious code into
websites or data streams, infecting the user's device with malware when
they access the compromised content.

Protecting Yourself from MitM Attacks:

 Avoid untrusted Wi-Fi networks: Especially public Wi-Fi hotspots with

weak security.
 Use a VPN: A Virtual Private Network encrypts your internet traffic,
making it unreadable even if intercepted on a compromised network.
 Look for HTTPS: When accessing websites, ensure the address bar
displays "HTTPS" and a valid security certificate to verify a secure
connection.
  Use strong passwords and two-factor authentication: This adds an extra
layer of security to prevent unauthorized access even if credentials are
compromised.

By being aware of MitM attacks and taking precautions, you can significantly
reduce the risk of falling victim to these deceptive tactics.

4.(b) Describe how a one-way hash function may be used for

message authentication.
Ans:- A one-way hash function is a cryptographic algorithm that takes an input
(or message) and generates a fixed-size string of characters, known as the hash
value or digest. One of the key properties of a one-way hash function is that it
is computationally infeasible to reverse the process and obtain the original
input from the hash value. This property makes one-way hash functions useful
for message authentication.

Here's how a one-way hash function can be used for message authentication:

1. Generating a Hash Value: The sender of a message calculates the hash

value of the message using a one-way hash function. The resulting hash
value is typically a fixed size, regardless of the size of the original
message.
2. Sending the Message and Hash Value: The sender transmits both the
original message and the hash value to the recipient. This can be done
through various communication channels, such as email, network
transmission, or physical delivery.
3. Verification by the Recipient: Upon receiving the message and hash
value, the recipient independently calculates the hash value of the
received message using the same one-way hash function used by the
sender.
4. Comparison of Hash Values: The recipient compares the hash value
calculated from the received message with the hash value received from
the sender. If the two hash values match, it indicates that the received
message has not been altered during transmission.
5. Message Authentication: If the hash values match, the recipient can
trust the integrity of the message and authenticate its origin. The
 matching hash values provide assurance that the message has not been
tampered with or modified in transit.

5."Having proper employee hiring practices, security clearance and

employee termination practices can enhance the security of the IT
infrastructure of a company and its information." Do you agree with
this statement? Justify your answer by explaining why the
statement is correct or incorrect.
Ans:- Yes, I agree with the statement that having proper employee hiring
practices, security clearance, and employee termination practices can enhance
the security of the IT infrastructure of a company and its information. Here's
why:

1. Employee Hiring Practices: Proper employee hiring practices involve

screening candidates thoroughly to ensure they possess the necessary
skills, qualifications, and ethical standards for their roles. By selecting
employees who are trustworthy and committed to security,
organizations can reduce the risk of insider threats and malicious
behaviour.
For example, a company hires a network administrator after conducting
comprehensive background checks, verifying qualifications, and assessing
the candidate's knowledge of security best practices. The network
administrator is responsible for configuring and managing the company's
network infrastructure securely, reducing the risk of unauthorized access or
breaches.
2. Security Clearance: Implementing security clearance processes ensures
that employees have appropriate access levels based on their job roles
and responsibilities. By granting access only to authorized personnel,
organizations can mitigate the risk of unauthorized access and data
breaches.
For example, a government agency requires employees handling classified
information to undergo security clearance procedures to determine their
trustworthiness and suitability for accessing sensitive data. Employees with
the necessary clearance levels are granted access to classified information,
while others are restricted from accessing such data.
 3. Employee Termination Practices: Proper employee termination
practices involve promptly revoking access to company systems and
resources when an employee leaves the organization. Failure to
terminate access in a timely manner can pose significant security risks,
as former employees may retain access credentials and potentially
misuse them.
For example, when an employee resigns or is terminated, the organization
immediately disables their user accounts, revokes access privileges, and
retrieves company-owned devices. This prevents former employees from
accessing confidential information or systems after leaving the
organization, reducing the risk of data breaches or unauthorized activities.

In summary, incorporating proper employee hiring practices, security

clearance procedures, and employee termination practices into an
organization's security framework can significantly enhance the security of its
IT infrastructure and information. These practices help mitigate the risk of
insider threats, unauthorized access, and data breaches, ultimately
safeguarding the confidentiality, integrity, and availability of sensitive data and
resources.

6.(a) Explain the security threats raised by remote user

authentication and propose a method to counter such threats.
Ans:- Remote user authentication, which involves verifying the identity of
users accessing a system or network from remote locations, presents several
security threats that need to be addressed.
Some of the key security threats raised by remote user authentication
include:

 Increased Attack Surface: With users accessing systems from

various locations and potentially unsecured networks, the overall
attack surface for potential breaches expands.
 Weak Authentication Methods: Overreliance on passwords or
simple two-factor authentication (2FA) methods like SMS
verification can be vulnerable to phishing attacks or password
breaches.
 Unsecured Devices: Employees using personal devices for work
might have weaker security measures compared to company-issued
 laptops, increasing susceptibility to malware or unauthorized
access.
 Unmonitored Network Activity: Companies have less control
over the network security of remote user connections, making
it harder to detect suspicious activity.

Countering Security Threats with Multi-Factor Authentication (MFA):

Multi-factor Authentication (MFA) significantly strengthens remote user

authentication by requiring multiple verification factors beyond just a
password. Here's how it helps:

1. Stronger Authentication: MFA goes beyond passwords, adding

factors like fingerprint scans, hardware tokens, or one-time codes
generated by authenticator apps. This makes unauthorized access
much more difficult.
2. Reduced Phishing Risk: Even if attackers steal a user's password
through phishing, they likely won't have access to the additional
verification factors needed for MFA, preventing unauthorized
logins.
3. Enhanced Security Posture: By implementing MFA, companies
demonstrate a commitment to robust security, deterring potential
attackers and promoting user confidence in remote access
procedures.

Additional Security Measures:

 Enforce Strong Password Policies: Mandate complex passwords

with regular changes to minimize password cracking risks.
 Educate Employees on Security Awareness: Train employees to
identify phishing attempts, maintain secure devices, and report
suspicious activity.
 Utilize Endpoint Security Software: Deploy solutions that monitor
and protect devices used for remote access, including firewalls and
anti-malware software.
 Implement Network Access Control (NAC): Implement NAC
solutions to restrict access to corporate resources only from
authorized devices with appropriate security configurations.
 By combining MFA with these additional measures, companies can
significantly mitigate the security threats associated with remote
user authentication and create a more secure remote work
environment.

6.(b) Differentiate between Discretionary Access Control (DAC) and

Mandatory Access Control (MAC)
Ans:- There are the following difference between Discretionary Access Control
(DAC) and Mandatory Access Control (MAC).

Discretionary Access Control

Aspect (DAC) Mandatory Access Control (MAC)
Access control model where access rights
Access control model where are determined by a central authority
access rights are determined by based on security labels assigned to
Definition the owner of the resource. subjects and objects.
Central authority (e.g., system
Owners of resources have the administrator) has the authority to set
authority to set access access permissions based on security
Decision Authority permissions for their resources. policies and classifications.
Provides flexibility as access Offers less flexibility as access rights are
rights can be set and modified by centrally controlled and cannot be
Flexibility resource owners. modified by individual users.
Typically provides finer-grained
control over access permissions, Often provides coarser-grained control,
allowing owners to specify access with access permissions being based on
Granularity for individual users or groups. broader security classifications or labels.
The military classification system assigns
A file owner on a Unix system security labels (e.g., top secret, secret,
can specify who can read, write, confidential) to documents, and access to
or execute the file using chmod documents is restricted based on the
Example commands. clearance level of users.
Commonly used in environments with
Often used in environments stringent security requirements, such as
where user autonomy is valued, government agencies, military
Common such as personal computers or organizations, or critical infrastructure
Implementations small networks. systems.
 Often more complex to implement and
Generally simpler to implement manage, as access control decisions are
and manage, as access control centralized and require careful planning
Complexity decisions are decentralized. and configuration.
Unix-like operating systems (e.g., Trusted operating systems (e.g., SELinux,
Example Linux, macOS) commonly use Trusted Solaris) often implement MAC for
Operating System DAC for file permissions. enforcing security policies.
7.Shivi loves old Hindi movie songs and has a large collection of such songs
which she wants to share with anyone who is interested. She comes up with
the idea of converting the songs into MP3 format and putting up a website
where she will list the titles of the songs. Each user can then request her for
specific song(s) which he wants. Shivi can then specifically permit copying of
that song to the user's hard disk. Shivi approaches Shivesh who agrees to
develop the software and host the website to execute the idea. Do Shivi and
Shivesh have any legal liability if they implement this idea? Discuss. If this not
legal liability, then define the name of computer crime happen. This crime is
come under in which cyber law section?
Ans:- Shivi and Shivesh could potentially face legal liability depending on
various factors related to the implementation of their idea. Let's discuss some
potential legal issues and liabilities:

1. Copyright Infringement: Converting old Hindi movie songs into MP3

format and distributing them without proper authorization from the
copyright holders could constitute copyright infringement. Even if Shivi
owns the physical copies of the songs, she may not have the right to
distribute them in digital format without obtaining permission from the
copyright owners, which are typically the music labels or production
companies associated with the movies. By hosting a website where users
can request and download these songs, Shivi and Shivesh could be
facilitating copyright infringement, leading to potential legal
consequences.
2. Digital Millennium Copyright Act (DMCA): In many jurisdictions,
including the United States, there are laws such as the DMCA that
impose obligations on internet service providers and website operators
to respond to copyright infringement notices and take down infringing
content upon notification. If Shivi and Shivesh ignore or fail to comply
with DMCA takedown requests related to copyrighted songs on their
website, they could face legal action under the DMCA.
 3. Licensing and Royalties: Even if Shivi were to obtain licenses or
permissions to distribute the songs legally, she would need to ensure
compliance with the terms of those licenses, including payment of
royalties to the copyright owners. Failure to properly license the songs
or pay royalties could result in legal liabilities for copyright infringement
or breach of contract.
4. Privacy and Data Protection: If the website collects personal
information from users (such as email addresses or payment details),
Shivi and Shivesh would need to comply with relevant data protection
laws and ensure that user privacy is protected. Failure to secure user
data or obtain proper consent for data processing could lead to legal
liabilities related to data breaches or privacy violations.

In summary, Shivi and Shivesh could potentially face legal liability for copyright
infringement, DMCA violations, breach of licensing agreements, and privacy
violations if they implement their idea without proper authorization and
compliance with applicable laws and regulations.

If this activity were to occur without legal authorization or compliance, it could

be considered as "Online Piracy" or "Copyright Infringement," which is a
computer crime. This crime typically falls under the purview of cyber laws
related to intellectual property rights and copyright infringement. In many
jurisdictions, such as the United States, copyright infringement is addressed
under the Digital Millennium Copyright Act (DMCA) or similar legislation.

8. You get a call from a high school student named Mohan who claims he has
just received an e-mail from another student threatening to commit suicide.
Mohan isn't Sure where the student sent the e-mail from. Write a brief
report on how you should proceed, including what you should do first in this
situation.

Ans:- Date: 22/04/2024

Reported by: Deepak Kumar

Contact no: 6204324345

Description of Incident: I received a call from a high school student named
Mohan, who reported receiving an email from another student threatening to
commit suicide. Mohan expressed concern about the authenticity of the threat
and was unsure about the origin of the email.

Immediate Action Taken:

1. Ensure Safety: The first priority is to ensure the safety and well-being of
the individual who sent the threatening email. If there is an immediate
risk of harm, contact emergency services (police, paramedics)
immediately.
2. Engage in Dialogue: Engage in a supportive and non-judgmental
dialogue with Mohan to gather more information about the email,
including any specific details provided by the sender.
3. Verify Information: Attempt to verify the identity of the sender and the
credibility of the threat. If possible, ask Mohan to provide any additional
information or context about the sender and their circumstances.
4. Contact School Authorities: Inform school authorities, such as the
principal, guidance counsellor, or school psychologist, about the
situation. Provide them with relevant details and collaborate on a
response plan.
5. Involve Parents or Guardians: If appropriate, involve the parents or
guardians of both Mohan and the student who sent the threatening
email. Inform them about the situation and seek their support in
addressing the issue.
6. Assess Risk: Assess the level of risk posed by the threat based on the
information available. Consider factors such as the content of the email,
the sender's history or behaviour, and any known risk factors for suicide.
7. Report to Authorities: If deemed necessary, report the incident to local
law enforcement or child protective services. Provide them with all
available information and cooperate with any investigations.
8. Provide Support and Resources: Offer support and reassurance to
Mohan, emphasizing the importance of taking threats of self-harm
seriously and seeking help from trusted adults or mental health
professionals. Provide information about available resources, such as
hotlines or counselling services, for individuals experiencing suicidal
thoughts.
9. Document Incident: Document all relevant information, including details
of the threatening email, actions taken, and communication with Mohan
 and school authorities. Maintain confidentiality and adhere to privacy
laws and policies.

Conclusion: Immediate action was taken to address the threatening email

received by Mohan, prioritizing the safety and well-being of all individuals
involved. The incident was reported to school authorities, parents, and, if
necessary, local authorities, and appropriate support and interventions were
provided. Follow-up will be conducted to monitor the situation and ensure
continued support and intervention as needed.

Deepak Kumar

Student of Sityog Institute of Technology

22/04/2024

9.Write short notes on the following:

(a) Mobile and IoT security

Ans:- Mobile Security:

 Mobile security refers to the protection of mobile devices, such as

smartphones and tablets, from threats and vulnerabilities that could
compromise their integrity, confidentiality, and availability.
 With the increasing reliance on mobile devices for personal and business
purposes, mobile security has become a critical concern.
 Common threats to mobile security include malware, phishing attacks,
device theft or loss, insecure Wi-Fi connections, and app vulnerabilities.
 To enhance mobile security, users and organizations can implement
various measures such as:
 Using strong passwords or biometric authentication methods to
lock devices.
 Keeping operating systems and apps up to date with the latest
security patches.
 Installing reputable antivirus and anti-malware software.
 Avoiding downloading apps from unofficial or untrusted sources.
 Encrypting sensitive data stored on the device.
 Enabling remote wipe or tracking features in case of theft or loss.
 Educating users about mobile security best practices.
IoT (Internet of Things) Security:

 IoT security refers to the protection of Internet-connected devices and

systems, including smart home devices, wearables, industrial sensors,
and other embedded systems, from cyber threats.
 IoT devices are vulnerable to various security risks due to factors such as
limited processing power, lack of built-in security features, and
heterogeneous communication protocols.
 Common IoT security threats include unauthorized access, data
breaches, device tampering, botnets, and distributed denial-of-service
(DDoS) attacks.
 Ensuring IoT security requires a multi-layered approach that addresses
vulnerabilities at the device, network, and application levels. Key
measures include:
 Implementing strong authentication and access controls to
prevent unauthorized access to IoT devices.
 Encrypting data in transit and at rest to protect against
eavesdropping and data breaches.
 Regularly updating device firmware and software to patch security
vulnerabilities.
 Securing communication channels between IoT devices and
backend systems using secure protocols such as TLS/SSL.
 Monitoring IoT device behaviour for signs of abnormal activity or
potential security breaches.
 Employing network segmentation and firewalls to isolate IoT
devices from critical systems and prevent lateral movement of
threats.
 Conducting regular security assessments and penetration testing
to identify and address security weaknesses in IoT deployments.

In summary, both mobile and IoT security are essential aspects of overall
cybersecurity, requiring proactive measures to protect devices, data, and
systems from evolving threats in an increasingly interconnected world.

9.(b) Types of malware :- Malware, short for malicious software,

encompasses a diverse range of programs designed to harm computer systems
and steal data. Here's a quick rundown of some common types:
  Viruses: Self-replicating programs that spread to other devices, infecting
them and potentially causing damage. Think of them like a digital flu that
jumps from device to device.
 Worms: Similar to viruses, they spread rapidly but don't necessarily
modify files. They often exploit network vulnerabilities to infect multiple
devices quickly. Imagine them like fast-moving parasites slithering across
a network.
 Trojan Horses: Disguised as legitimate software, they trick users into
installing them. Once installed, they can steal data, install other
malware, or disrupt system functions. Think of them like wolves in
sheep's clothing.
 Spyware: Secretly monitors user activity, capturing data like keystrokes,
browsing history, and financial information. Think of them like hidden
cameras stealing your digital privacy.
 Ransomware: Malicious software that encrypts a user's files, making
them inaccessible. The attacker then demands a ransom payment to
decrypt the files. Imagine them like digital kidnappers holding your data
hostage.
 Adware: Floods users with unwanted advertisements, often intrusive
and potentially redirecting them to malicious websites. Think of them
like relentless salespeople bombarding you with digital pop-ups.
 Rootkits: Grant attackers privileged access to a computer system,
allowing them to install other malware, steal data, or take control of the
system. Think of them like master keys giving criminals complete access
to your digital home.

9.(c) Open web application Security project(OWASP)

Ans:- The Open Web Application Security Project (OWASP) is a nonprofit
organization dedicated to improving the security of software. OWASP provides
resources, tools, and guidelines to help organizations develop, deploy, and
maintain secure web applications and APIs. The organization operates as a
community-driven initiative, with volunteers from around the world
contributing to its projects and initiatives.

Key aspects of OWASP include:

1. Top Ten Project: OWASP releases a list of the top ten most critical web
application security risks, known as the OWASP Top Ten. This list helps
organizations prioritize their efforts to mitigate common security
vulnerabilities.
 2. Documentation: OWASP provides comprehensive documentation, guides, and best
practices on various aspects of web application security. This includes topics such as
secure coding practices, authentication and authorization mechanisms, input
validation, and security testing methodologies.
3. Tools and Projects: OWASP hosts a wide range of open-source tools and projects
aimed at improving web application security. These tools cover areas such as
vulnerability scanning, penetration testing, code analysis, and security automation.
4. Community Engagement: OWASP fosters a vibrant and active community of security
professionals, developers, researchers, and enthusiasts who collaborate on various
projects, share knowledge, and contribute to the advancement of web application
security.

9(d)Ddos attack :- A Distributed Denial of Service (DDoS) attack is a malicious attempt to

disrupt the normal functioning of a targeted server, service, or network by overwhelming it
with a flood of internet traffic. In a DDoS attack, multiple compromised devices, often
referred to as botnets, are coordinated to send an excessive volume of requests or data
packets to the target, causing it to become inaccessible or slow to respond to legitimate
users.

Key Characteristics:

1. Volume: DDoS attacks generate a massive amount of traffic or requests, often far
beyond the target's capacity to handle, leading to service disruption or downtime.
2. Distributed Nature: DDoS attacks involve multiple sources, making it challenging to
identify and mitigate the attack. Botnets consisting of compromised devices, such as
computers, IoT devices, or servers, are often used to distribute the attack traffic.
3. Variety of Attack Vectors: DDoS attacks can exploit various vulnerabilities and
protocols to overwhelm the target. Common attack vectors include UDP floods, SYN
floods, HTTP floods, and DNS amplification attacks.
4. Intent: DDoS attacks may be launched for various reasons, including financial
extortion, political activism, competitive advantage, or simply as a form of vandalism
or sabotage.
5. Impact: DDoS attacks can have significant financial, operational, and reputational
consequences for organizations. They can disrupt online services, cause revenue
loss, damage brand reputation, and impact customer trust and satisfaction.

Solved by deepak kumar