UNIT V CYBER CRIMES AND CYBER SECURITY

Cyber Crime and Information Security – classifications of Cyber Crimes – Tools and
Methods – Password Cracking, Keyloggers, Spywares, SQL Injection – Network Access
Control – Cloud Security – Web Security – Wireless Security

5.1 Cybercrime and Information Security

• Lack of information security tends to cybercrimes
• Cyber security means protecting information, equipment, devices, Computer,
ComputerResource stored from unauthorized access, disclosure and modification
• Cybercrime occupies an important space in information security
• Financial losses to the Organization and Insider crimes such as Leaking
customer data,may not be detected by the Organization
• Online Gambling is illegal in many countries. E.g. Online Poker
• Online gambling is any kind of gambling (also known as betting)
conducted onthe internet.
• Awareness about Data Privacy tends to be low in Organizations

• The above figure 5.24 Shows several categories of incidents – virus, insider
 abuse, laptoptheft and unauthorized access to the system.
• Typical Network misuses for Internet Radio/ Streaming Audio, Streaming
Video, Filesharing, Instant messaging

Table : Cyber crime trend over the years (1999-2008)

5.2 Classifications of Cyber crime
• Crime is defined as an act or the commission of act that is forbidden, or the omission
of a duty that is commanded by public law and makes the offender liable to
punishment by that law
• Cybercrimes are classified as follows:
1. Cybercrime against individual
✓ Electronic Mail Spoofing
✓ Phishing
✓ Spamming
✓ Cyber Defamation
✓ Cyber Stalking & Harassment
✓ Computer Sabotage
✓ Pornographic Offenses
✓ Password Sniffing
2. Cyber crime against Property
✓ Credit Card Fraud
✓ Intellectual Property Crime
✓ Internet Time Theft
3. Cyber crime against Organization
✓ Unauthorized accessing of computer
✓ Deniel of Service attacks
 ✓ Virus Attack
✓ E-mail Bombing
✓ Salami attack
✓ Trojan Horse
✓ Data Diddling
4. Cyber crime against Society
✓ Web Jacking
5. Cyber ctrime emanating from usenet newsgroup
✓ Posting that have been mislabeled
5.2.1. Email Spoofing
• It appears to originate from one source but actually has been sent from another source
• Spoofing refers to a form of identity theft where someone uses the identity of a real
user.
• Email spoofing is a form of cyber attack in which a hacker sends an email that
has beenmanipulated to seem as if it originated from a trusted source
• For example, an attacker might create an email that looks like it comes from PayPal
5.2.2 . Spamming
• Spamming is the use of electronic messaging systems like e-mails and other
digitaldelivery systems to send unwanted bulk messages randomly.

• The term spamming is also applied to other media like in mobile text
messaging, socialnetworking spam. Example, sending unwanted email messages
• Spamming is an alteration of a document with the intent to deceive an electronic
catalog
5.2.3. Cyber Defamation
• The offense of injuring a person's character, fame, or reputation by false and
malicious statements.
• In the case of cyber defamation not only includes verbal or written
communications butalso includes statements made in cyberspace through the
internet.
• Libel is written defamation and Slander is Oral defamation.
• The law on defamation attempts to create a workable balance between two
 equallyimportant human rights: Unimpaired Reputation & rights to freedom of
expressions.
• For example, Posting morphed photos on Social Networking Websites
5.2.4. Internet Time Theft
• Unauthorized person use Internet hours paid by another person
• Internet Theft comes under hacking, because the person get access to someone
else userID and Password
• It access the internet without other person’s knowledge
• One can identify time theft if the internet has to be recharged often For
example, whenemployees use internet for non purpose
5.2.5 Salami Attack
• A salami attack is a method of cybercrime that attackers or a hacker typically
used tocommit financial crimes.
• These attacks can be difficult to detect
• The goal of this type of attack is to steal small amounts of money from each
account overa long period of time
• For example, a thief might modify a financial application in order to round
down theamount of money being transferred from one account to another.
5.2.6 Data Diddling
• This Attack involves altering raw data before it is processed by a computer.
• Then changing it back after the process is completed.
• For example, Orging, misrepresenting, failure to enter data.
5.2.7 Forgery
• The term forgery usually describes a message related attack
against acryptographic digital signature scheme
• To fabricate a digital signature for a message without having access to the
respectivesigner's private signing key
• For example, Outside many colleges soliciting the sale of fake Certificates
and marksheets
5.2.8 Web Jacking
• It occurs when someone forcefully takes control of a website.
 • By cracking the password and later changing it.
• For example, the site abc.com has move on another address.
5.2.9 Newsgroup Scam
• Newsgroup spam is a type of spam where the targets are Usenet(Use
network)newsgroups.
• Spamming of Usenet newsgroups pre-dates e-mail spam.
• Usenet convention defines spamming as "excessive multiple posting", that is,
therepeated posting of a message
• For example, Usenet Spam titled: this world history is coming to end
5.2.10 Industrial Spying
• It refers to the illegal and unethical theft of business trade secrets for use by a
competitorto achieve a competitive advantage
• This activity is often done by an insider or an employee, intends towards
spying andstealing information for a competitor
• Theft of intellectual property, such as manufacturing processes, chemical
formulas,recipes, techniques, or ideas.
5.2.11 Hackers
• Hackers use or write readymade computer programs to attack target computers.
• Their desire is to destruct the computer/network
• Hackers hack for personal monetary gains, such as stealing information,
transferringamount from various account to their own.
• For example, NASA site was hacked by SQL Injection
5.2.12 Online Frauds
• The Purpose of this website is to make the user to enter personal information for
accessing business and bank account
• Fraudsters are increasingly turning to E-Mail to generate traffic to these websites.
• Customers who receive such Emails usually contains a link to Spoof website,
misleaduser to enter ids & Passwords
• For example, Online fraud in banking and Financial Sector
5.2.13 Pornographic Offenses
• Any photograph that to be considered as an obscene
 • Computer generated video or image of sexually explicit conduct
• Child Pornography is considered as offense
• For example, chatting with a fifteen-year-old girl over the Internet, then
suggesting ameeting is illegal conduct
5.2.14 Software Piracy
• Software Piracy is the illegal approach of copying, distributing, modifying,
selling, orusing the software which is legally protected.
• Software piracy is the act of stealing legal software in an illegal way.
• This software piracy refers to the unauthorized copy and use of legal software.
• For example, Hard disk loading, Client-server overuse.
5.2.15 Computer Sabotage
• Sabotage is the deliberate damage to equipment
• The use of internet to hinder the normal functioning of a computer system
through theintroduction of worms or Virus.
• To promote the illegal activities of a terrorists or steal data.

5.2.16 Email Bombing

• Email bomb is a form of net abuse that sends large volumes of email to an
address tooverflow the mailbox
 • It tends to Denial-of-service (DoS) attack
• The aim is to fill up the recipient's disk space on the server or overload a server
to stop itfrom functioning.
• For example, to inhibit a server by sending a massive number of emails to a
specificperson or system.
5.2.17 Computer Network Intrusion
• Hackers can break into computer systems from anywhere in the world and steal data
• The Cracker (Hacker) bypass existing password protection by creating a
program tocapture logon IDs and password.
• For Example, Man in the Middle Attack
5.2.18 Password Sniffing
• Password sniffing is an attack on the Internet that is used to steal user
names andpasswords from the network
• It monitors and record the name and password of user from the network as they login
• For example, Sniffer can then act like an authorized user and login to access
restricteddocuments.

5.2.19 Credit Card Fraud

• Credit card processing is a tremendously new service that will enable an individual
to process credit cards electronically
• Credit card fraud can take place when cards are misplaced or stolen, mails are
diverted bymeans of criminals, employees of a commercial enterprise steal some
consumer information.
• For example, Paper-based fraud is whereby a criminal makes use of stolen or faux
files such as utility payments and financial institution statements
5.2.20 Identity Theft
• Identity theft occurs when criminals steal a victim's personal information to commit
criminal acts
• The goal of many cyber-attacks is to steal enough information about a victim to
assume their identity to commit fraudulent activity
5.3 Tools and Methods
5.3.1 Introduction
• Various tools and methods proposed to laugh attack against target.
• Computer is an indispensable tool for almost all cybercrimes.
• Network Attack incidents reveal that attackers are very systematic in launching the
attacks.
• The basics stages of an attacker compromise a network are:
1. Initial Uncovering two steps, First step is called reconnaissance, the attacker
gather information about the target, searching the information on Internet by
Googling social network. Second step, the attacker uncovers a information on
company’s internal network such as Internet domain, Machine names
2. Network Probe the attacker uses more invasive techniques to scan the
information. Pink sweep of a network IP addresses to seek out targets, Port scanning
to discover whichservices are running on target system. An abnormal activity on
the network can be classified as intrusion.
3. Crossing the line toward electronic crime attacker exploits the holes on the
target system and to gain access to the system. Programming errors can be used by
attackers to compromise, include vulnerabilities in Common Gateway Interface
to gain an entry by

checking for default login, attacker are able to access a user account without
privileges, attempts to get an administrator or root access
 Table : Website and Tools used for finding vulnerabilities
4. Capturing the Network the attacker aims to own the network, the attacker install
set of tools that replace existing files or services with Trojan horse that have a
backdoorpassword. There are number of hacking tools that can clean login files,
Such tool provides copies of system file that act and look like a real thing makes
the attacker backdoor entry into a system and hide the process be running on the
system. The attackercapture the network and gain access to the system.
5. Grab the Data the attacker capture the network and takes advantage of position
to steal confidential data (Credit card information), alter processes and launch
attacks at other sites from the network, causing an embarrassing situation for an
Organization.

6. Covering Tracks It is the last step in any cyber attacks, refers to activity taken
 by the attacker to extend the misuse of system without being detected. The attacker
remains undetected and remove evidence of hacking , avoid legal action.
SI.NO Website Description
1. http://www.ibt.ku.dk/jesper/ELSave/ ELSave: Tool used to save
and/or clear an NT Event
Log. The executable is
available on Weblink
2. http://ntsecuriy.nu/toolbox/winzapper/ WinZapper: Tool enables to
erase event records. This
program corrupts even logs
3. http://www.eveidence- Evidence Eliminator: PC
eliminator.com/ Cleaning Program.
Evidence eliminator
permanently wipes out
evidence
4. http://www.traceless.com/computer- Traceless: Privacy Cleaner
forensics/ for Internet
Explorer(IE)that can delete
common Internet
Tracks(Cache, History)
5. http://www.acesoft.net/ Tracks Eraser Pro: Deletes
cookies of IE,Opera,
Internet History files, IE
Plugins

Table: Tools used to cover tracks

5.3.2 Proxy Servers and Anonymizers

• It is a server (a computer system or an application) that acts as an

intermediary forrequests from clients seeking resources from other servers

• A client connects to the proxy server, requesting some service, such as a file,
 connection, web page, or other resource available from a different server and the
proxy serverevaluates the request as a way to simplify and control its complexity.
• Using a proxy server attacker can hide ID.
• The Proxy server has following Purposes:
✓ Keep the system behind the curtain
✓ Speedup access to resource
✓ Used to filter unwanted content such as Advertisements
✓ It can used as IP address multiplexer to connect number of
computers onthe Internet
Advantages:
• In Proxy server the cache memory serve all users.
• If one or more website are requested frequently by different users to be in
proxy’s cachememory.
• Special Servers available known as Cache
Servers.List of free proxy servers can found:
1. https://www.proxy4free.co
m 2.https://www.proxz.com
3.https://www.surf24h.com
4.https://www.publicproxyser
ver.com
Anonymizer
• Attempts to make activity on the Internet is untraceable.
• It protects personal information by hiding the source computer’s identifying
information.
• Used to make web surfing anonymous by utilizing a website that act as a proxy
server forthe web client.
• The Anonymizer removes all the identifying information from user’s computer
while theuser surfs on the internet.
• Listed are few websites where more information about the anonymizer:
1. https://www.anonymizer.com
2. https://www.anonymize.net
 3. https://www.anonymouse.ws
5.3.3 Phishing
• User finds a message from the bank threatening to close the bank accounts if
does notreply immediately.
• The message seems to be suspicious from the contents of the message, it is
difficult toconclude that it is a fake E - mail.
• In addition to steal the data, also infect the system with viruses.
• The messages look authentic and reveal their personal information.
• For example, the user may find some messages like the lottery winner. When the
user clicks on the attachment the malicious code activates that can access sensitive
information details.
How Phishing works?
1. Planning: Phishers (Criminals) decide the target and determine how to get the E
– mailaddress of that target. It uses Mass mailing and address collection techniques as
spammers.
2. Setup: Once phishers knows which business to spoof, they will create methods for
deliveringmessages and to collect data about the target.
3. Attack: The phisher sends a phony message that appears to be from a reputable source.
4.Collection: Phishers record the information of victims entering into webpages or
pop – upwindows.
5. Identify Theft and Fraud: Phishers use the information that they have gathered to
commitfraud.

5.4 Password Cracking

• Password cracking is a process of recovering passwords from data that have been
stored in or transmitted by a computer system. Usually, an attacker follows a
common approach repeatedly making guesses for the password. The purpose of
password cracking is as follows:
1. To recover a forgotten password,
2. As a preventive measure by system administrators to check for easily
crackablepasswords.
 3. To gain unauthorized access to a system.
• Manual password cracking is to attempt to logon with different passwords. The
attackerfollows the following steps:

1. Find a valid user account such as an Administrator or

Guest.

2.create a list of possible passwords;

3. Rank the passwords from high to low probability:
4. Key-in each password:
5.Try again until a successful password is found.
• Passwords can be guessed sometimes with knowledge of the user's personal
information
.Examples of guessable passwords
include:1.Blank (none);
2.The words like "password," " passcode" and
"admin3.User's name or login name
4.Name of user's friend/relative/pet
• An attacker can also create a script file (i.e., automated program) which will be
executed to try each password in a list. This is still considered manual cracking, is
time-consumingand not usually effective.
• Passwords are stored in database and password verification process is established
into thesystem. when a user attempts to login or access a restricted resource.
• To ensure confidentiality-of password the password verification data is usually not
storedin a clear text format. For example, one-way function applied to the password
possibly in combination with other data, and the resulting value is stored.
• Password cracking attacks can be classified under three categories as follows:
1. Online attacks;
2. Offline attacks;
3. Non-electronic attacks
5.4.1 Online Attacks
• An attacker can create a script file (i.e., automated program) that will be
executed to trycatch password in a list and when matches, an attacker can gain
 access to the system.
• The most popular online attack is man-in-the middle (MITM) attack, also
termed as"bucket-brigade attack" or sometimes "Janus attack”.
• It is the form of active eaves dropping"in which the attacker establishes
connectionbetween victim and the server to which the victim is connected.

• When a victim client connects to the fraudulent server, the MITM server intercepts
the call, hashes the password and passes the connection to the victim server (e.g.,
an attacker within reception range of an unencrypted Wi-Fi wireless access point
can insert himselfas a man-in-the-middle).
• This type of attack is used to obtain the passwords for E-Mail accounts on public
websites such as Yahoo, Hotmail and Gmail and can also used to get the passwords
for financial websites that would like to gain the access to banking websites.
 Table: Password Cracking Tools
5.4.2 Offline Attacks

• Mostly offline attacks are performed from a location other than the target
where thesepasswords reside or are used.

• Offline attackers usually require physical access to the computer and copying
thepassword file on to the removable media.
• Different types of offline password attacks are described and Few tools listed
in Tablealso use these techniques to get the password in the clear text format.

Table: Types of Password cracking attacks

5.4.3 Strong, Weak and Random Passwords

➢ A weak password :
o A weak password is one, which could be easily guessed, short, common and
a system default password that could be easily found by executing a brute
force attack such as words in the dictionary, proper names and words based
on the username or common variations on these themes.
o Passwords that can be easily guessed by acquaintances of the netizens (such
as date of birth,pet's name and spouse’s name) are considered to be, very
weak. Here are some of the examples of "weak passwords"
1.Susan; Common personal
name; 2.aaaa: repeated letters,
can be guessed;3.abe123: can
be easily guessed:
4.rover: common name for a pet, also a
dictionary word;5.admin: can be easily guessed;
 6.1234: can be easily guessed:
➢ A strong password
o A strong password is long enough, random or otherwise difficult to
guess -producible only by the user who chooses it.
o Here are some examples of strong passwords:
Convert_£100 to Euros: Such phrases are long, memorable and contain
an extended symbol to increase the strength of the password.
o 2, 382465304H: It is mix of numbers and a letter at the end, usually used on
mass user accounts and such passwords can be generated randomly , for
example, in schools and business
o 4 pRtelai@3: It is not a dictionary word; however it has cases of alpha
along withnumeric and punctuation characters.
5.4.2 Random Passwords
• Passwords are generally most difficult to remember, Password is stronger
if it includes a mix of upper and lowercase letters, numbers and other
symbols, when allowed, for the same number of characters.
• The difficulty in remembering such a password increases the chance that
the user will write down the password, which makes it more vulnerable to
a different attack
• One of these type of password is 26845. The imposition of strong random
passwords may encourage the users t to write down passwords, store them
in personal digital: assistants (PDAS) of cell phones and. share them with
others against memory failure, increasing the risk of disclosure.
The general guidelines applicable to the password policies, which can be
implemented organization-wide,are as follows:

1.Passwords and user logon identities (Ds) should be unique to each authorized
users.
2.Passwords should consist of a minimum of eight alphanumeric characters.
3. There should be computer-controlled lists of prescribed password rules and
periodic testing (eg. Letter,phrases and number sequences, character repetition,
initials, common words and standard names) to identity any password weaknesses.
 4. Passwords should be kept private, that is, not shared with friends, colleagues etc.
Similarly, netizens should practice password guidelines to avoid being victim of getting their
personal E-Mail accounts hacked/attacked by the attackers.
1. Passwords used for business EMail accounts, personal EMail accounts
(Yahoo/Hotmail/Gmail) and banking financial user accounts (eg, online banking/
securities trading accounts) should be kept separate.

2. Passwords should be of minimum light alphanumeric characters (common

namesor phrases should be phrased).
3. Passwords should be changed every 30/45 days
4. Passwords should not be shared with relatives and/ot friends.
5. Password used previously should not be used while renewing the Password.
6. Passwords of personal. E Mail accounts (Yahoo/Hotmail/Gmail) and
bankingfinancial user should be changed from secured couple of days, if these E-Mail
accounts has been accessed from public Internet facilities such as cyber
cafes/hotels/libraries.
7. Passwords should not be stored under mobile phones/ PDAs, as these devices
are also prone to cyber attacks.
8. In the case of receipt of an E-Mail from banking/financial institutions,
instructing to change the passwords, before clicking the weblinks displayed in the
Email.
9. Similarly, in Case of receipt of SMS from banking/financial institutions.
instructing to change the passwords, legitimacy of the EMail should be ensured avoid
being victim at Simishing attacks.
10. In case a EMail accounts/user accounts have been hacked,respective
agencies/institutes should be contacted immediately.
5.5 Keyloggers and Spywares
• Keystroke logging, often called keylogging, is the practice of noting (or logging)
the keys struck on a keyboard ,typically in a covert manner so that the person using
the keyboard unaware that such actions are being monitored.
• Keystroke logger or keylogger is quicker and easier way of capturing the passwords
and monitoring the victims IT savvy behavior.It can be classified as,
 ➢ Software Keyloggers
➢ Hardware Keyloggers
5.5.1 Software Keyloggers
• Software keyloggers are software programs installed on the computer systems
which usually are located between the OS and the keyboard hardware, and every
keystroke is recorded.
• Software keyloggers are installed on a computer system by Trojans or viruses
without theknowledge of the user.

• Cybercriminals always install such tools on the insecure computer systems

available in public places (i.c., cybercafes, library ) and can obtain the required
information about the victim very easily.
• A keylogger usu ally consists of two files that get installed in the same directory: a
dynamic link library (DLL) file and an EXEcutable (EXE) file that installs the DLL
file and triggers it to work.DLL does all the recording of keystrokes .
5.5.2 Hardware Keyloggers
• To install these keyloggers, physical access to the computer system is required.
Hardwarekeyloggers are small hardware devices.
• These are connected to the PC and/or to the keyboard and save every keystroke
into a fileor in the memory of the hardware device.
• Cybercriminals install such devices on ATM machines to captured ATM
Cards PINs,Each keypress on the keyboard of the ATM gets registered by these
keyloggers.
• These keyloggers look like an integrated part of such systems; hence, bank
customers areunaware of their presence.
Listed are few websites where more information about hardware keyloggers
can be found:http://www.kcyghost.com, http://www.keelog.com3,
http://www.keydevil.com4, http://www.keykatcher.com.
5.5.3 Anti keylogger
• Anti Keylogger is a tool that can detect the keylogger installed on the computer
system and also remove the tool.
Advantages of using anti keylogger are as follows:
 1. Firewalls cannot detect the installations of keyloggers on the systems.
2. This software does not require regular updates of signature bases to work
effectivelysuch as other antivirus and anti spy programs.
3. Prevents Internet banking frauds. Passwords an be easily gained with the help
ofinstalling keyloggers.
4. It prevents ID theft (we will discuss it more in
Chapter 5).5.It secures E-Mail and instant
messaging/chatting.

Spywares
• Spyware is a type of malware that is installed on computers which collects
information about users without their knowledge.
• The presence of Spyware is typically hidden from the user; it is secretly installed
on the user's personal computer.
• It is clearly understood from the term Spyware that secretly monitors the user. The
features and such Spywares are beyond simple monitoring,
• Spyware programs collect personal information about the victim, such as the
Internet surfing habits/patterns and websites visited.
• The Spyware may also have an ability to change computer settings, showing of
response time chat may result into user complaining about the Internet speed
connection with Interact Service Provider (ISP).
• Various Spyware are available in the marker and the one chat are popular are listed
in Table
5.6 SQL Injection
• SQL Injection is a code-based vulnerability that allows an attacker to read and
access sensitive data from the database.
• Attackers can bypass security measures of applications and use SQL queries to
modify, add, update, or delete records in a database.
• A successful SQL injection attack can badly affect websites or web applications
using relational databases such as MySQL, Oracle, or SQL Server.
• Attackers target the SQL servers common database servers used by many
organizations to store confidential data.
 • The prime objective behind SQL injection attack is to obtain the information while
accessing a database table that may contain personal information such as credit card
numbers, social security numbers or passwords.
• During an SQL injection attack, Malicious Code is inserted into a web formfield or
the website's code to make a system execute a command shell or other arbitrary
commands.
• Just as a legitimate user enters queries and additions to the SQL database via a web
form, the attacker can insert commands to the SQL server through the same web
form field.

• For example, an arbitrary command from an attacker might open a command

prompt or display a table from the database. This makes an SQL server a high-value
target and therefore a system seems to be very attractive to attackers.
• The attacker determines whether a database and the tables residing into it are
vulnerable, before launching an attack. Many webpages take parameters from web
user and make SQL query to the database.
• For example, when a user logs in with username and password, an SQL query is
sent to the database to check if a user has valid name and password.
• With SQL injection, it is possible for an attacker to send crafted username and/or
password field that will change the SQL query.
5.6.1 Steps for SQL Injection Attack
Following are some steps for SQL injection attack:
1. The attacker looks for the webpages that allow submitting data, that is, login page,
search page. feedback, etc. The attacker also looks for the webpages that display the HTML
commands such as POST or GET by checking the site's source code.
2. To check the source code of any website, right click on the webpage and click on "view
source" (if you are using IE- Internet Explorer) - source code is displayed in the notepad.
The attacker checks the source code of the HTML, and look for "FORM" tag in the HTML
code. Everything between the <FORM> and </FORM> have potential parameters that
might be useful to find the vulnerabilities,
<FORM action-Search/search.asp method=post>
<input type-hidden name-A value=C>
</FORM>
3.The attacker inputs a single quote under the text box provided on the webpage to accept
the user- name and password. This checks whether the user-input variable is sanitized or
interpreted literally by the server. If the response is an error message such as use "a" "a"
(or something similar) then the website is found to be susceptible to an SQL injection
attack.
4. The attacker uses SQL commands such as SELECT statement command to retrieve data
from the database or INSERT statement to add information to the database.
Here are few examples of variable field text the attacker uses on a webpage to test for SQL
vulnerabilities:

1. Blah' or 1-1-
2. Login:blah' or 1-1-
3. Password::blah or 1=1-
4. http://search/index.asp?id=blah or 1-1-
Similar SQL commands may allow bypassing of a login and may return many rows in a
table or even an entire database table because the SQL server is interpreting the terms
literally. The double dashes near the end of the command tell SQL to ignore the rest of the
command as a comment.
Blind SQL Injection
• Blind SQL injection is used when a web application is vulnerable to an SQL
injection butthe results of the injection are not visible to the attacker.
• The page with the vulnerability may not be the one that displays data: however, it
will display differently depending on the results of a logical statement injected into
thelegitimate SQL statement called for that page.
• This type of attack can become time-intensive because a new statement must be
crafted for each bit recovered.
• There are several tools that can automate these attacks once the locationof the
vulnerability and the target information have been established.
Additional Useful Web References, Further Reading to know about white
paper.In summary, using SQL injections, attackers can:
1. Obtain some basic information if the purpose of the attack is reconnaissance
 ✓ To get a directory listing: Blah' exec master..xp_cmdshell "dir c:\".
/s
>c:\directory.txt";
✓ To ping an IP address: Blah' ;exec master..xp_cmdshell "pi
ng192.168.1.1".
2. May gain access to the database by obtaining username and their password
✓ To get a user listing: SELECT FROM users WHERE name =
"OR 'I'="T".""
3. Add new data to the database
✓ Execute the INSERT command: This may enable selling
politicallyincorrect items on an E-Commerce website.

4. Modify data currently in the database

✓ Execute the UPDATE command: May be used to have an expensive
item suddenly be deeply "discounted."

Table : Tools used for SQL Server Penetration

5.6.2 How to Prevent SQL Injection Attacks
SQL injection attacks occur due to poor website administration and coding. The
following steps can be taken to prevent SQL injection.
1. Input validation
✓ Replace all single quotes (escape quotes) to two single quotes.
✓ Sanitize the input: User input needs to be checked and cleaned of
any characters or strings that could possibly be used maliciously.
For example, character Numeric values should be checked while
accepting a query string value. Function-Is Numeric() for Active
Server Pages (ASP) should be used to check these numeric values.
✓ Keep all text boxes and form fields as short as possible to limit the
length of user input.

1. Modify error reports:

✓ SQL errors should not be displayed to outside users and to avoid
this. the developer should handle or configure the error reports very
carefully.
✓ These errors some time display full query pointing to the syntax
error involved and the attacker can use it for further attacks
2. Other preventions:
• The default system accounts for SQL server 2000 should never be
used. Isolate database server and web server. Both should reside on
different machines.
• Most often attackers may make use of several extended stored
procedures such as xp_cmdshell and xp grant login in SQL injection
attacks.
• In case such extended stored procedures are not used or have unused
triggers, stored procedures, user-defined functions, etc., then these
should be moved to an isolated server.
These are the minimum countermeasures that can be implemented to prevent SQL
injectionattack.
5.7 Network Access Control
• Network access control (NAC), also known as network admission control, is the
process of restricting unauthorized users and devices from gaining access to a
corporate or privatenetwork.
• NAC ensures that only users who are authenticated and devices that are authorized
and compliant with security policies can enter the network.
• It handles network management and security that implements security policy,
compliance, and management of access control to a network.
• NAC works on wired and wireless networks by identifying different devices
that areconnected to the network.
• Administrators will determine the protocols that will decide how devices and
users areauthorized for the right level of authorization.
• Access rules are generally based on the criterion such as device used, the location
accessed from, the access rights of various individuals.

5.7.1 Components of Network Control Access Scheme

✓ Restricted Access: It restricts access to the network by user authentication and
authorization control. For example, the user can’t access a protected network
resource without permission to access it.
✓ Network Boundary Protection: It monitors and controls the connectivity of
networks with external networks. It includes tools such as controlled interfaces,
intrusion detection. It is also called perimeter defense. For example, the firewall
5.7.2 Types of Network Access Control
1. Pre-admission: It happens before access to the network is granted on
initializationof request by user or device to access the network. It evaluates the
access attempt and only allows the access if the user or device is compliant
with organization security policies and authorized to access the network.
2. Post-admission: It happens within the network when the user or device
attempts to access the different parts of the network. It restricts the lateral
movement of the device within the network by asking for re-authentication
for each request to access a different part of the network.
Steps to Implement NAC Solutions:
 ✓ Gather Data: Perform an exhaustive survey and collect information about every
device, user, and server that has to interface with the network resources.
✓ Manage Identities: Verify user identities within the organization by authentication
and authorization.
✓ Determine Permissions: Create permission policies stating different access levels
for identified user groups.
✓ Apply for Permissions: Apply permission policies on identified user groups and
register each user in the NAC system to trace their access level and activity within
the network.
✓ Update: Monitor security operations and make adjustments to permission
policies based on changing requirements of the organization with time.
Importance of Network Access Control:
• There has been exponential growth in the number of mobile devices accessing
private networks of organizations in the past few years.

• Some tools are required that can provide the visibility, access control, and
compliancecapabilities to strengthen the network security infrastructure.
• A NAC system can deny network access to non-compliant devices or give
them onlyrestricted access to computing resources.
Responsibilities:
• It allows only compliant, authenticated devices to access network resources
andinfrastructure.
• It controls and monitors the activity of connected devices on the network.
• It provides the availability of network resources of private organizations.
• It regulates the access of network resources to the users.
Benefits:
• Users can be required to authenticate via multi-factor authentication, which is
muchmore secure than identifying users based on IP addresses or username and
password combinations.
• It provides additional levels of protection around individual parts of the network.
Limitations:

• It has low visibility in IoT devices and devices with no specific users associated with
 it.
• It does not protect from threats present inside the network.
• It may not work for organizations if it is not compatible with existing security
controls.
5.16.2 Principle Elements of NAC (Network Access Control):
There are mainly three principle elements of NAC which are:

Figure 5.26: Principle Elements

of NAC
1.Access
Requestor(AR).
2.Policy Servers.
3. Network Access Servers(NAS).
Three Principle Elements of NAC (Network Access Control).
1. Access Requestor(AR):
✓ Determine from the name that it is someone attempting to gain access by requesting
it.
✓ This access can be granted to any entity, such as a device, person, or process.
✓ This entity attempts to get access to network resources.
✓ It might be any device handled by the NAC system, such as servers, cameras,
printers,and other IP-enabled devices.
2. Policy Server:
✓ The policy server analyzes what access should be provided to AR based on the
AR’s identity, permission level, attempted request, and an organization’s
established access policy.
 ✓ The policy server frequently relies on backend services, such as antivirus, patch
management, or a user directory, to function.
✓ The policy server helps to determine the host’s state. An organization creates
different access policies to clearly authorize or reject such access.
✓ If the AR follows the organization’s policy, the policy server gives access based on
the requestor’s permission; otherwise, the AR will not be permitted access based
on its permission.
3. Network Access Server(NAS):
✓ Users connecting to an organization’s internal network from distant locations
utilize theNAS as an access control point.
✓ These often serve as VPNs and give users access to the company’s internal
network.These days, NAS functionality is frequently included in policy server
systems.
✓ Remote employees can connect to the company’s internal network via NAS,
whichserves as an access point for them.
✓ This allows the company and its employees to create a secure connection
and grantauthorized access to the network.

5.8 Cloud Security

• Cloud security is a discipline of cyber security dedicated to securing cloud
computingsystems.
• This includes keeping data private and safe across online-based
infrastructure,applications, and platforms.
• Securing these systems involves the efforts of cloud providers and the clients
that usethem, whether an individual, small to medium business, or enterprise
uses.
• Cloud providers host services on their servers through always-on internet
connections.Since their business relies on customer trust, cloud security
methods are used to keep client data private and safely stored.
• However, cloud security also partially rests in the client’s hands as well.
Understandingboth facets is pivotal to a healthy cloud security solution.
• At its core, cloud security is composed of the following categories:
 ✓ Data security
✓ Identity and access management (IAM)
✓ Governance (policies on threat prevention, detection, and mitigation)
✓ Data retention (DR) and business continuity (BC) planning
✓ Legal compliance
• Clients must focus mostly on proper service configuration and safe use habits.
Additionally, clients should be sure that any end-user hardware and networks are
properly secured.
Responsibilities:
✓ Physical networks — routers, electrical power, cabling, climate controls, etc.
✓ Data storage — hard drives, etc.
✓ Data servers — core network computing hardware and software
✓ Computer virtualization frameworks — virtual machine
software, hostmachines, and guest machines
✓ Operating systems (OS) — software that houses
✓ Middleware — application programming interface (API) management,
✓ Runtime environments — execution and upkeep of a running program
✓ Data — all the information stored, modified, and accessed
✓ Applications — traditional software services (email, tax software,
productivitysuites, etc.)
✓ End-user hardware — computers, mobile devices, Internet of Things
(IoT)devices, etc.
5.17.1 How does cloud security work?
• Every cloud security measure works to accomplish one or more of the following:
✓ Enable data recovery in case of data loss
✓ Protect storage and networks against malicious data theft
✓ Deter human error or negligence that causes data leaks
✓ Reduce the impact of any data or system compromise
Data security
• It is an aspect of cloud security that involves the technical end of threat prevention.
Toolsand technologies allow providers and clients to insert barriers between the
 access and visibility of sensitive data.
• Among these, encryption is one of the most powerful tools available. Encryption
scrambles your data so that it's only readable by someone who has the encryption
key.
• If your data is lost or stolen, it will be effectively unreadable and meaningless.
• Data transit protections like virtual private networks (VPNs) are also emphasized
in cloud networks.
Identity and access management (IAM)
• Pertains to the accessibility privileges offered to user accounts. Managing
authenticationand authorization of user accounts also apply here.
• Access controls are pivotal to restrict users — both legitimate and malicious
— fromentering systems.
• Password management, multi-factor authentication, and other methods fall in
the scopeof IAM.
Governance
• Focuses on policies for threat prevention, detection, and mitigation, aspects like
threat intel can help with tracking and prioritizing threats to keep essential systems
guarded carefully.

• However, even individual cloud clients could benefit from valuing safe user
behavior policies and training.
Data retention (DR) and business continuity (BC) planning
• Involve technical disaster recovery measures in case of data loss. Central to any DR
and BC plan are methods for data redundancy such as backups.
• Additionally, having technical systems for ensuring uninterrupted operations can
help. Frameworks for testing the validity of backups and detailed employee
recovery instructions are just as valuable for a thorough BC plan.
Legal compliance
• Revolves around protecting user privacy as set by legislative bodies.
• Governments have taken up the importance of protecting private user information
from being exploited for profit.
• One approach is the use of data masking, which obscures identity within data via
 encryption methods.
5.17.2 Cloud security risks
✓ Risks of cloud-based infrastructure including incompatible legacy IT
frameworks, and third-party data storage service disruptions.
✓ Internal threats due to human error such as misconfiguration of user access controls.
✓ External threats caused almost exclusively by malicious actors,
suchas malware, phishing, and DDoS attacks.
✓ Misconfiguration Cloud settings keep growing as providers add more services
over time.Many companies are using more than one provider.
5.17.3 How to Secure the Cloud
• Encryption is one of the best ways to secure your cloud computing systems. There
are several different ways of using encryption, and they may be offered by a cloud
provideror by a separate cloud security solutions provider:
✓ Communications encryption with the cloud in their entirety.
✓ Particularly sensitive data encryption, such as account credentials.
✓ End-to-end encryption of all data that is uploaded to the cloud.
• Configuration is another powerful practice in cloud security. Many cloud data
breaches come from basic vulnerabilities such as misconfiguration errors. By
preventing them, youare vastly decreasing your cloud security risk.
• Here are a few principles you can follow:
▪ Never leave the default settings unchanged. Using the default
settings gives a hacker front-door access. Avoid doing this to
complicate a hacker’s path into your system.
▪ Never leave a cloud storage bucket open. An open bucket could
allow hackers to see the content just by opening the storage bucket's
URL.
▪ If the cloud vendor gives you security controls that you can
switch on, use them. Not selecting the right security options can put
you at risk.
• if you want to be as secure as possible online:
a. Use strong passwords. Including a mix of letters, numbers and special
 characters will make your password more difficult to crack. The more
random your strings are, the better.
b. Use a password manager. You will be able to give each application,
database, and service you use separate passwords, with a strong primary
password.
c. Protect all the devices you use to access your cloud data, including
smartphones and tablets. If your data is synchronized across numerous
devices, any one of them could be a weak link putting your entire digital
footprint at risk.
d. Back up your data regularly cloud outage or data loss at your cloud
provider, you can restore your data fully. That backup could be on your
home PC, on an external hard drive, or even cloud-to-cloud.
e. Modify permissions to prevent any individual or device from having access
to allyour data unless it is necessary. If you have a home network, use guest
networks for your children, for IoT devices, and for your TV.
f. Protect yourself with anti-virus and anti-malware software. Hackers
can access your account easily if malware makes its way into your system.
g. Avoid accessing your data on public Wi-Fi, particularly if it doesn't use
strong authentication. However, use a virtual private network (VPN) to
protect yourgateway to the cloud.

5.9 Wireless Security

• Wireless security is the prevention of unauthorized access or damage to
computers ordata using wireless networks, which include Wi-Fi networks.
• The term may also refer to the protection of the wireless network itself from
adversaries seeking to damage the confidentiality, integrity, or availability of the
network.
• the password it uses can often be cracked in a few minutes with a basic laptop
computerand widely available software tools.
• WPA2 uses an encryption device that encrypts the network with a 256-bit key.
• Enterprises often enforce security using a certificate-based system to
authenticate theconnecting device, following the standard 802.11X.
 • Hackers have found wireless networks relatively easy to break into, and even use
wireless technology to hack into wired networks
• However, there are many security risks associated with the current wireless
protocols and encryption methods
• Hacking has also become much easier and more accessible with easy-to-use
Windows-or Linux-based tools being made available on the web at no charge.
• A hacker could sit out in the parking lot and gather information from it through
laptops and/or other devices,
• unencrypted wireless network can "sniff", or capture and record, the traffic,
gainunauthorized access to internal network resources as well as to the internet.
• If router security is not activated or if the owner deactivates it for convenience, it
creates a free hotspot.
• Modern operating systems such as Linux, macOS, or Microsoft Windows make
it fairlyeasy to set up a PC as a wireless LAN "base station" using Internet
Connection Sharing.
• If an employee (trusted entity) brings in a wireless router and plugs it into an
unsecuredswitchport, the entire network can be exposed to anyone within range of
the signals.
Threats and Vulnerabilities in an industrial
• Due to its availability and low cost, the use of wireless communication technologies
increases in domains beyond the originally intended usage areas, e.g. M2M
communication in industrial applications.

• Such industrial applications often have specific security requirements.

• Hence, it is important to understand the characteristics of such applications and
evaluatethe vulnerabilities bearing the highest risk in this context.
Advantages
• Wireless networks are very common, both for organizations and individuals.
• Many laptop computers have wireless cards pre-installed. The ability to enter a
networkwhile mobile has great benefits.
• Hackers have found wireless networks relatively easy to break into, and even use
wireless technology to hack into wired networks.
• As a result, it is very important that enterprises define effective wireless security
policies that guard against unauthorized access to important resources.
5.18.1 Modes of Unauthorized Access
• The modes of unauthorized access to links, to functions and to data is as variable
as therespective entities make use of program code.
• To extent the prevention relies on known modes and methods of attack and
relevantmethods for suppression of the applied methods.
• Each new mode of operation will create new options of threatening. Hence
preventionrequires a steady drive for improvement.
• The described modes of attack are just a snapshot of typical methods and
scenarios whereto apply.
• The various modes of Association are
❖ Accidental association - Violation of the security perimeter of a
corporate network can come from a number of different methods and
intents. One of thesemethods is referred to as accidental association.
❖ Malicious Association - Malicious associations are when wireless
devices can be actively made by attackers to connect to a company
network through their laptop instead of a company access point (AP).
These types of laptops areknown as “soft APs” and are created
when a cybercriminal runs some software that makes their wireless
network card look like a legitimate access point.

❖ Ad hoc networks - Ad hoc networks are defined as [peer to peer]

networks between wireless computers that do not have an access point in
between them. While these types of networks usually have little
protection.
❖ Identity theft (MAC spoofing) - Identity theft (or MAC spoofing) occurs
whena hacker is able to listen in on network traffic and identify the MAC
address of acomputer with network privileges. Most wireless systems
allow some kind of MAC filtering to allow only authorized computers
with specific MAC IDs to gain access and utilize the network.
❖ Man-in-the-middle attacks - A man-in-the-middle attacker entices
computers to log into a computer which is set up as a soft AP (Access
Point). Once this is done, the hacker connects to a real access point
through another wireless card offering a steady flow of traffic through the
transparent hacking computer to the real network. The hacker can then
sniff the traffic. One type of man-in-the- middle attack relies on security
faults in challenge and handshake protocols to execute a “de-
authentication attack”.