Cybersecurity Exam Questions and Answers _ a ri Mr Chrisfred DamboPREFaceE ABOUT THE SUBJECT Cyber Security refi FeSOUFCES SUCH as efi inereased due to the files and other useful inf oe information ean be fulfilled by variety of tools nethods and laws rioesimnc ae sews : Than TE lata st ae used to minimize the cybercrme are dicussed in detail. Among the available ‘ation Technology) Act is considered as a major step in avoiding cyber crime. ABOUT THE BOOK ‘The book entitled ‘€, ‘yber Security’ is designed for B.Com I!I-Year VI-Semester students. The content Provided in this book is strictly as per the latest syllabus prescribed by Osmania Univers Tae? Concert is explained in a simple manner with sufficient number of examples so as to facilitate Fo string and easy lesming ina shorter span of time. Keeping in view the examination pattern of B.Com students, this book provides the following features, “+ Exclusively Prepared as per the Latest (2019-20) Syllabus (CBCS) Prescribed by the University: + Unit-wise List of Definitions are Provided. %» Every unit is structured into two main sections viz., Short Questions (Part-A) and Essay Questions (Part-B) and answers. * — Unit-wise Internal Assessment (Internal Exam) Pattem is attached with every unit. + Important Questions (IQs) are Provided. ‘Three Model Papers are provided in order to help the students to understand the paper pattern in the end examination, An attempt has been made through this book to present theoretical knowledge of “Cyber Security”. This book is especially prepared for undergraduate students. ‘The table below illustrates the complete idea about the subject, which will be helpful to plan and score good marks in the end cxaminations. Introduction to Cyber Security, Cyber Security Vulnerabilities and Cyber Security Safeguards This unit covers the topics: Introduction to Cyber Security: Overview| ‘of Cyber Security, Internet Governance — Challenges and Constraints, Cyber Threats: Cyber Warfare — Cyber Crime ~ Cyber Terrorism — Cyber Espionage, Need for 2 Comprehensive Cyber Security Policy, ‘Need for a Nodal Authority, Need for an International Convention on Cyberspace. Cyber Security Vulnerabilities: Overview, Vulnersbilities in Software, System Administration, Complex Network Architectures, Open Access to Organizational Data, Weak Authentication, Unprotected Broadband Communications, Poor Cyber Security ‘Awareness, Cyber Security Safeguards: Overview, Access Control, ‘Audit, Authentication, Biometrics, Cryptography, Deception, Denial of Service Filters, Ethical Hacking, Firewalls, Intrusion Detection! Systems, Response, Scanning, Security Policy, Threat Management. © Scanned with Oken ScannerSecuring, Web Application, Services and Servers a 2, Intrusion Detection and Prevention Po 4, | Cryptography and Network Security This unit covers the tops: Itoduction, Basic gy NY fon Applications and Sevies, Basie Security for sag ‘rtp Sevens, idemity Management and Web Services, Autor en» security Considerations, Challenges The wi covers the oe: Inion, Psa Tag, rrvges, Unatoried NeCess By Oude, sr fe Intrusion Detection and Prevention Techniques, Ariapyy Software, Network-based Intrusion Detection Systems, ma based Intrusion Provention Systems, Hoste eying Prevention Systems, Security Information Management, Nena ‘on Analysis, System Integrity Validation. “This unit covers the topics: Introduction to Cryprography| symmetric Key Cryptography, Asymmetric Key Cryptography, Message Authentication, Digital Signatures, Applications of Ceyplography. Overview of Firewalls ~Types of Firewalls, User Management, VPN Security, Security Protocols: Security a the ‘Application Layer ~ PGP and S/MIME, Security at Transpo Layer ~ SSL and TLS, Security at Network Layer ~ IPSec. 5, | Cyberspace and the Law, Cyber Forensics ‘This it covers the topics: Cyberspace and the Law: Introduction, Cyber Security Regulations, Roles of International Law, The Sta and Private Sector in Cyberspace, Cyber Security Standards. The INDIAN Cyberspace, National Cyber Security Policy 2013.03 Forensics: Introduction to Cyber Forensics, Handling relimina? Investigations, Controlling an Investigation, Conducting Disk- based Analysis, Investigating, Information-hiding, Seratnizing Validating E-mail Header Information, Tracing Ines E-mai ‘Access, Tracing Memory in Real-time. It is sincerely hoped that this book Will satisfy the expectations of students and at the same time ‘helps them to score maximum marks in exams, Suggestions for improvement ofthe book from our esteemed readers will be highly appreciated and incorporated in our forthcoming editions, @ Scanned with Oken ScannerCysBer SECURITY, B.Com, I-Your Vi-demoster (OU) (DBF-60%b}) (Computer Apptications) CON TENT SS rvcccssnncceememnenimnmnnnnnt SYLLABUS (As por 2019-20 Currlculum) LST OF IMPORTANT DEFINITIONS maa UNIT-WISE SHORT 6 EGBAY TYPE QUESTIONS WITH ANSWERS UNIT-1 INTRODUCTION TO CYBER 55 CURITY, CYBER SECURITY VULNERABILITIES AND CYBER SECURITY SAFEGUARDS 1-20 Parl-A SHORT QUESTIONS AND ANSWERS a - aio 2-3 Part-B ESSAY QUESTIONS AND ANSWERS: ai. aa 4-17 1.1 Introduction to Cyber Security 4 1.1.1 Overview of Cyber Security Qit- Qi2z 4 1.1.2 Internet Governance ~ Challenges and Constraints ais 5 1.1.3 Cyber Threats - Cyber Wartare, Cyber Crime, Cyber Terrorism, Cyber Esplonage au 5 1.1.4 Need fora Comprehensive Cyber Security Polley ais ‘ 1.1.5 Need for a Nodal Authorlty, Need for an International Convention on Cyberspace Qs - Qi? ‘ 1.2 Cyber Security Vuinerabilliies r 1.2.1 Overview, Vulnerabilities In Software ais 7 1.2.2 System Administration ay - a20 7 1.2.3 Complex Network Architectures a21 - a2 8 1.2.4 Open Access to Organizational Data 923 ’ 1.2.5 Weak Authentication 24 ’ 1.2.6 Unprotected Broadband Communications, Poor Cyber Security Awarer 25 - a2 10 © scanned with Oken Scannerds urily Soteguar ye jew, Access Contra! aay F 1 Overview, aa 5 ‘audl, Authenticatlon 29 . 1.32 Et @30 ‘i mount of Service ception, Denial rad Cryptography, De mag ‘. Fitters 13.6 Ethical Hacking aos i ‘ 136 Fuewalls, Intrusion Detection Systems a ji ay Response, Scanning Q36 - Q37 fs 3 038 - 13.8 secuilly Policy, Threat Management a39 5s 18-20 INTERNAL ASSESSMENT/EXAM ‘SECURING WEB APPLICATIO! SERVICES AND SERVERS 21 - 3g Ql - a 2.2 Parl-A SHORT QUESTIONS AND ANSWERS Qo - Q2% 24-35 Porl:B ESSAY QUESTIONS AND ANSWERS 2.1 Introduction atm 22 Basle Seeutty for HTTP Applications and Services eer. a 2.3. Boslc Security for SOAP Services ail - @i4 28 24 — Identity Management and Web Services Qis - aig 27 2.5 Authorization Patlems 20 - a2 30 25 Secutty Considerations, Challenges 23 - Q26 2 INTERNAL ASSESSMENT/EXAM 36-38 UNI INTRUSION DETECTION AND PREVENTION 39 - 56 Port-A SHORT QUESTIONS AND ANSWERS Ql - Qa 40-41 Part-B ESSAY QUESTIONS AND ANSWERS. Qe - Qi 42-53 3.1 intrusion a 42 3.2 Physical Theft, Abuse of Privileges io a 3.3 Unauthorized Access by Outsider au “ 3.4 Malware Infection @i2 “4 3.5 Intrusion Detection and Prevention Techniques ais 45 3.6 Antl-malware Software ara a7 3.7 Network Based intrusion Detection Systems as a © scanned with Oken Scanner38 Network Based intrusion Prevention Systems, Host Based intrusion Prevention Systems as SL 39 Security Information Management ay = 3:10 Network Session Analysis, System Integrity Validation ais 53 INTERNAL ASSESSMENT/EXAM S88 UNIT-IV _ CRYPTOGRAPHY AND NETWORK SECURITY 57-104 Part-A SHORT QUESTIONS AND ANSWERS Qi - Qo 58-60 Par-B ESSAY QUESTIONS AND ANSWERS Qil - @47 61-101 4.1 Introduction to Cryptography ail 41 “42 symmetic Key Cryptography, Asymmetric Key Cryptography Qi2 - Qi4 41 4.3 Message Authentication Qs - Qi7 “4 44’ Digital Signatures aig - Q20 70 4.5 Applications of Cryptography ai n 4&6 Overview of Firewalls - Types of Firewalls Q22 - Q23 72 AJ User Management, VPN Secutily 24 - G2 74 AB Security Protocols 78 4.8.1 Securty at the Application Layer - PGP and S/MIME @27 - axe 78 4.8.2 Security atthe Transport Layer-SSLandTIS. @37 - Qai 92 4.8.3 Secutily at Network Layer— IPSec Qa2 - @a7 96 INTERNAL ASSESSMENT/EXAM. 102 - 104 UNIT-V _CYBERSPACE AND THE LAW, CYBER FORENSICS 105 - 134 Part-A SHORT QUESTIONS AND ANSWERS Ql - @i0 106-107 Part-B ESSAY QUESTIONS AND ANSWERS. Q11 - Q38 108-131 5.1 Cyberspace and the Law 108 5.1.1 Introduction, Cyber Security Regulations QI - QI2_ 108 5.1.2 Roles of infemational Law a3 109 5.1.3 The State and Private Sector in Cyberspace au os 5.1.4 Cyber Security Standards as ous 5.1.5 The Indian Cyberspace Qe- ae 15 5.1.6 National Cyber Security Policy 2013 © Scanned with Oken Scanner ay 11652 Cyber Forensics 521 522 5.23 5.24 5.2.5 5.2.6 527 5.2.8 529 Introduction to Cyber Forensics Handling Preliminary Investigations Controlling an investigation Conducting Disk-based Analysis Investigating Information Hiding Scrutintzing E-Mail Validating E-Mail Header Information racing Internet Access Tracing Memory In Real-time INTERNAL ASSESSMENT/EXAM ©@ scanned with Oken Scanner a2 - 23 - q277 - @ai - @35 - 37 - 22 25 026 30 32 Q33 34 Q36 Q3e uz WwW Ww WwW 120 123 126 127 128 129 132-134<= UNIT - IV CRYPTOGRAPHY AND NETWORK SECURITY Introduction to Cryptography, Symmetric Key Cryptography, Asymmetric Kay CHpIogpny Message Authentication, Digital Signatures, Applications of Cryptography. Overviow ch Firayay, ~ Types of Firewalls, User Management, VPN Security, Security Protocols: Security a he Application Layer - PGP and S/MIME, Security at Transport Layer - SSL and TLS, Seeury at Network Layer — IPSec. UNIT-V CYBERSPACE AND THE LAW, CYBER FORENSICS Cyberspace and the Law: Introduction, Cyber Security Regulations, Roles of International Law, The State and Private Sector in Cyberspace, Cyber Security Standards. The INDIAN Cyberspace, National Cyber Security Policy 2013. Cyber Forensics: Introduction to Cyber Forensics, Handling Preliminary Investigations, Controlling an Investigation, Conducting Disk-based Analysis, Investigating Information-hicing, Scrutinizing E-mail, Validating E-mail Header Information, Tracing Internet Access, Tracing Memory in Real-time. © scanned with Oken Scanner10. We 12. 13. 14, 15. 16. 17. 18. 19. 20. 21. Inlernet Governance; tntemet governance can be defined as a set of rules, policies, standards and Practices that coordinate and shape global cyberspace Cyber Threat: Cyber threat can be viewed as damage caused to a computer, technology dependent enterprises and networks by an unauthorized third party Cyber Warfare: Cyber warfare refers toa conflict based on intern. It includes malicious attacks on information and information systems Cyber Crime: A eyber crime can be defined as a criminal activity doing using computer. Cyber Terrorism: Cyber tern sm is an internet based attack that involves terrorist activities. Cyber Espionage: Cyber espionage can be defined as an attack that thefts the sensitive information of the competitor companies or organizations inorder to obtain the advantage over them. Cyber Security Policy: Cyber security policy can be defined as a set of rules that are implemented inorder to secure its sensitive and confidential data from unauthorized users. Software Vulnerability: Software vulnerability can be defined as a software defect that helps the attacker to gain the control over a system, System Administration: System Administration refers to the management of one or more systems such as software, hardware, servers or workstations. Weak Authentication: Weak authentication can be defined as.a process that involves the authentication either through a password or through a simple question that should be answered by the user. Cyber Secutity Safeguards: Cyber security safeguards can be defined as the various protective measures and controls introduced inorder to achieve the security requirements of a system. Security Audit: Security Andit can be defined as a process of reviewing and examining the various records and activities of the system. Fingerprint Scan: Fingerprint scan is a technique used for performing user identification based on the patterns found on the fingertips of every human. Faclal Feature Scan: Facial feature scan is a natural biometric technology used for identification of an individual. Deception: Deception can be defined as a process of creating false perception for the attacker. Honey Pots: Honey pots can be defined as the decay systems that are used to distract the attention of potential attackers from the critical systems. Denial of Service Filters: Denial of Service (DoS) Filters can be defined as a defense mechanism that can be used to prevent the DoS attacks. Intrusion Detection Systems: An Intrusion Detection System (IDS) is a defensive tool which is used for detecting malicious attacks that can affect the security features of a system. Incident Response: Incident response can be defined as a process /plan which is implemented by the organization on the occurrence of any event or incident, Scanning: Scanning can be defined as a phase where the collected data is examined thoroughly. Threat Management: Threat management can be defined as a process that is used by cyber security professionals in order to detect and prevent the cyber attacks. Waring KoroPhotocopying of tis hook ia CRIMINAL ac Anrone found ply ABLE tfece LEGAL proceed) @ Scanned with Oken Scanner—— CYBER 13, Policy Information Poin (py SEC uRiry UNIT - II ie ¥y that provides a ¢ PIP ig peal aie policies based on a reat input int ‘ 1. Web Service: Web service is defined a5 © fom te py collection of istribuled system overanewor’ | 44, RESOUICE: Resource is an on to produce a system. which the clients can access the ae ‘hough 2 It is @ simple Vices 2 Basle Authentication: i sreareendva | 15 Vulnerability Assessmeny: , 7 authentication process in which client s id ulna ‘request message to the server in order tomccess assessment refers to determining wh ie resoutee, security poliey hasbeen corey ingen : Fo. cd 3, SOAP: SOAP (Simple Object Access Protocol) = isdefined asa simple XML web based protocol ‘sbich permits application to exchange XML ; UNIT - iit based messages over computer network using HET? (typer Tex Tran potooa) 1. Inkusion: tntsion refs tothe stv ot 4 program or netwi 4. Identity Management: Identity Pieetal OF network Ue 0 ener a system A : without having authorization wy management is an automated process that deals " ch Violates ‘with identification of individuals in a system. the integrity, confidentiality and availa . of resource, % 5, WS-Security: WS-Security is a security standard that enables secured exchange of | 2, Intruder: An intruder i a person who tries tp messages thereby providing authentication and gain aceess to the system in an unauthorized confidentiality. way by violating its security. 4, WS-Trust: WS-Trust is a seourity standard | 3, masquerader: A mascuerader i that handles different aspects of secure token in me ‘services such as the way of requesting a token wo Goes not have any rights to access pate va cr seing hetepeted ebor the system or its resources. Even though axed nays masquerader is not authorized to use the 7. Open Authentication (OAuth): Open system, he still succeeds in gaining all the authentication isan open protocol which allows Sceees comtfold ot aysiem authorization using a secure API. 4. Misfeasor: A misfeasor is an authentic person 8 Access Control: Access control refers to an, ‘who can access those data, program or system ability of either allowing or disallowing a user resources, from accessing particular Ae 5. Clandestine User: Clandestine user is a 9 Client: Client is also referred as access person who can reside inside or outside the requester that initiates an access request, system, 10. Policy Enforcement Point (PEP): PEP is i See re ae ‘san | 6, Physical Theft: Physical theft refers to an environment that sends the requests from client Activity where an unauthorized person (or an to the resources. attacker) gains physical access of an authorized 11. Polley Decision Point (PDP): PDP is an | _“S*" EY Sealing his/her computer system, cotity that perfoos policy evaluation based | 7. Abuse of Prvllege: Abuse of privilege ena eae —— source and makes ‘can be defined as a situation when authorized or therimen aos te i to be granted person may misuse his/her privilege and 12. Poley a 7 perform unauthorized tasks like distributing fone satel Polat (PAPI: Pap confidential files to unauthorized persons. is an ent es the configuri monitoring the applicable accere cena, | & OUlsider: An outsider can be defined 0 2 policies, Person who does not have any authorized ( Access to the system oF its resouroes 4S SIA PUBLISHERS AND DISTRIBUTORS PVT.LTD. ) © scanned with Oken ScannerList of Important Definitions 10. nu. 12. 13. lara: Malware refers to malicious san, rogram that is intentionally attached with a legitimate program in order to cause damage to system’s confidential data or resources, Virus: A virus is a software progeam that creates duplicate copy of itself and infects another computer without the knowledge of user. Trojan Horse: A trojan horse ean be defined 8.4 computer program containing hidden code, which results in harmful functioning afer execution, Antimalware Software: Anti-malware Software can be defined as a computer program that examines the files and programs to detect the known signature or behavior patterns of the data, Security Information Management System: Sccurity Information Management System (SIMS) is defined as a centralized Tepository that is used to store, organize and analyze the huge data generated by various security logs such as firewalls, antimalware systems, servers ete, Cryptography: Cryptography refers to the technique of transforming usable information into a form that is readable only by the autho- rized users. Encryption: Encryption is a mechanism that provides message confidentiality (ie., protect the information that is being transmitted between source and destination). Message Authentication: Message authentication refers to the process of protecting the data/message from active attacks like corruption of data and transactions, Digital Signature: A digital signature is one of the methods of encryption used to provide authentication. The main intent of the digital signature is to protect the message or data from modifications. 10. n 2s 13. 14, 15. 16, 7. L3 Flrewall: A firewall san information security program located at a network gateway server to protce! the confidential information present in the network from being intercepted by intruders or by other insecure networks. User Management: User Management (UM) can be defined as a administrative process that manages the users and their accounts by providing access to individual computer resources, applications, data and services. Authentication: Authentication is a mechanism that authenticates the user or system identity. Authorization: Authorization isa mechanism that allows the user or system to determine the privileges as soon as the identity is verified. Auditing: Auditing is a process of exami ‘or checking the authentication and authorization records and verifying the ability of system controls Virtual Private Network (VPN): VPN is 2 technique used to establish a connection to a private network via public network. Secure Socket Layer: Secure socket layer is a protocol developed by Netscape communication to ensure the security of data transmission over the internet. SSL Session State: SSL session state simply refers to the time duration in which both client and server exchange information with each other. Session Identifier: A session identifier is a byte sequence which is randomly selected by a server to identify which session state is ‘currently running with a chosen client. Peer Certificate: Peer Centficate refers to the X509.V3 centficate associated with a peer entity. Compression Method: Compression Method is an algorithm to compress data before encryption. Master Secret: Master secret is a 48 byte data which is shared between both client and server in order to communicate. IS Resumable: 1S Resumable is a flag which is used to indicate that whether the new connections can be established or not. (Waring :Xerox/Photocopying of tla books « CRIMINAL act Anyone found guilty Is LIABLE to face LEGAL proceedings.) © scanned with Oken Scannerif 10. CYBER secyp Cyberspace can be defined as the virtual world of internet The various laws asp, j i 5 eyber laws. x Cyr seeuiy regulations can be defined a8 a St of rules io "ett Cyber Space: with eyber space are called 2 cyber Securlly Regulations: the data, and information of an organization treaty kaw: Treaty law ean be defined as a formal eyber Inw agreement among various sate ‘countries. . Customary Intemational Law: Customary intemationa aw ean be, defined a eyer atta be followed out of the sense: -of obligation. Cyber Security Standards: Cyber security standards can be defined 25 techniques that ere used secure the cyber environment of an organization. » Cyber Forensics: Cyber forensics technology is scientific process of identifying, analyzing ang reconstructing evidence from a eyber crime. Computer Forensics: Computer forensics is a technique of examining various sectors of comp, media soas to obtain the evidences, which are useful in dealing with criminal cases, civil disputes, hhuman resources, “ Incident: Incident can be defined as an event that is not allowed by the policies of an organization, Tracing Internet Access: Tracing intemet access refers to knowing the path that an attacker enter into a system. “sto Auditing Internet Surfing: Auditing internet surfing ity ing is the if sit aie: process of verifying the visited websivs SUA PUBLISHERS AND DISTRIBUTORS PVT. LTD. 2) © Scanned with Oken ScannerIntroduction to Cyber Seeurity: Overview of Cyber Security, Internet Governance — Cake et Constraints, Cyber Threats: Cyber Warfare — Cyber Crime ~ Cyber Terrorism — Cyber Espionage, Somat for a Comprehensive Cyber Security Policy, Need for a Nodal Authority, Need for an Internati ‘Convention on Cyberspace. Cyber Security Vulnerabilities: Overview, Vulnerabilities in Software, Stes Aaeiaioraon Comte ‘Network Architectures, Open Access to Organizational Data, Weak Authentication, Unprotected Bi Communications, Poor Cyber Security Awareness. (Cyber Security Safeguards; Overview, Access Control, Audit, Authentication, Biometrics, Cryptography, Deception, Denial of Service Filters, Ethical Hacking, Firewalls, Intrusion Detection Systerns, Response, Scanning, Security Policy, Threat Management. Introduction to Cyber Security and Intemet Governance The Various Cyber Threats ‘Need for Cyber Security Policy, Nodal Authority and Intemational Convention on Cyberspace Introduction to Various Cyber Security Vulnerabilities The Concept of Cyber Security Awareness Introduction to Access Control, Audit and Authentication. ‘The Concepts of Cryptography, Deception, DoS Filters and Biometrics ‘The Various Intrusion Detection Systems Managing the Cyber Security Threats. SSNS SE KES Cyber security is also referred to as information technology security and computer security. This security is designed to provide protection to information, equipment devices, computer, computer resources communication devices, confidential information stored on computers and data transmission access networks against unauthorized access, vulnerabilities and attacks caused by eyber eriminals, 4 ‘Software vulnerability can be defined as a software defect that helps the attacker to gain the control over! ‘a system, The reason for the existence of software defects may be either the software design or the code’ used while implementing software. 5 CCyber security safeguards can be defined as the various protective measures and controls introdicad_ inorder to achieve the security requirements of a system. These safeguards consist of varias seth features, management constraints, security of physical structures and architectures, © scanned with Oken Scanner2 CYBER SECURITY a. ine urity.. GE, Bet cyber securly. a et: Spal Co information technology security and computer security. Thig Syber security is also referred to as information scart anl comester see. Th ‘communication devices, confidential information stored on SET aminaise \etwoirks, against unauthorized access, vulnerabilities and attacks caused by cy ee Hence, the eyer security is needed in order to protect the users business and personal information against complex cyber attacks. i. coat tothe study conducted by deloitter and manufacturers alliance for productivity and innovation (MAPI) about 40% manufacturing companies were getting affected by eyber thes sine tat 12 months, ‘These eyber threats with almost all eyber breaches have resulted in over $1 million damages. in order to protect the technologies from the threats, supply chain executives are focusing on data protection technologies and strategies. @2. What are the challenges of internet governance? Answer: Model Poper-1, a1 ‘Some of the various challenges of internet governance are as follows, The pace and changing nature of the internet. ‘The internet as part of digitalization. The concentration of digital power. ‘The shifts in digital geopolitics ie., environment. ‘The co-ordination and shaping of digital future. ‘The future of regulations. ‘The participation in taking the managerial decisions. Q3. Write short note on cyber threats. Answer: Cyber threat Cyber threat can be viewed as damage caused to a computer, technology dependent enterprises and networks by an unauthorized third party. The attackers make use of malicious code to make changes in organization's computer code, logic or data resulting in comprising the information security of an organization. Various Cyber Threats Some of the various cyber threats are as follows, 1. Cyber Warfare 2 Cyber Crime 3. Cyber Terrorism 4. Cyber Espionage, Q4. _Ust the common software vulnerabilities. Answer: Some of the common software vulnerabilities are as follows, 1, Broken Access Control: This type of software vulnerability occurs when the user restrictions are not applied properly, 2. — Cryptographic Fallures: The sensitive data like username, passwords, and account numbers must be secured carefully. Otherwise, the attackers usc the vulnerabilities to gain the access. Injection: This occurs when the unauthorized content sent as query to the system. ‘de SIA PUBLISHERS AND DISTRIBUTORS PVT. LTD. @ scanned with Oken Scanner5. Write short notes on password-based authentication, " - Answer: Password-based authentication is the most common and widely used method for e-commerce transaction. In this method, the user is provided a user name and log in password. Only the genuine end user knew the correct combination of log in name and password. Before accessing the paymem gateway, the system asks for user name and password. If it is correctly entered, it is authenticated that the user is the genuine party and not a cyber criminal. The intelligent people may guess the password easily and can use them further to theft the confidential information of user, futher to theft the confidential information of user. Q6. What ae the various consequences or tisks associated with poor cyber security awareness? ‘Answer: Model Papert, Qt ____ The various consequences or risks associated with poor cyber security awareness are as follows, % Identity Theft: Identity theft refers toa crime where an unauthorized person tries to use some other person's idemtity for his illegal purpose. * Malware Attacks: Malwares are also type of viruses that enter the device through e-mails, web browsing, infected storage media and social networking sites. When users install malwares on their systems, the device undergoes with denial of service attack or masquerade attack. Loss of Sensitive Data: Due to the poor cyber security awareness, cyber criminal theft the sensitive data of an organization. Q7. Write about mandatory access control. Answer: ‘Mandatory access control is an access control which is designed to overcome the problems faced by discretionary access control. In this access control only system administrator alone is responsible for managing security oriented attributes that are assigned to the users and the resources of the system. These security attributes are fixed ie., these attributes cannot be modified or changed by users other than system administrator. He is the one who has the authority of defining the usage and security policy, which are not dependent on the users’s compliance. This access control is responsible for performing following activities. (Assigning a security clearance level to all the ‘system’s users. (ii) Assigning a classification level to all the object resources. Ensuring that the users can access only that data for which they have been assigned security clearance. (iii) Cyber Security Vuln 3 QB. Define security audit, Ust Its advantages. Answer : Model Poper.a2 Security Audit Security Audit can be defined as a process of reviewing and examining the various records and activities of the system. It ensures that various policies, procedures and security controls of the system are working effectively. The main purpose of security audit is to provide a checklist for validating, the security controls of system. Advantages Some of the advantages by implementing the security audit are as follows, 1. Ithelps to identify the gaps in the security. 2, It provides assurance to vendors, employees and clients, 3. Itimproves the security standards and policies. 4. Tt provides an analysis of the current security practices. @¥._ White short notes on the types of DoS fillers. Answer : The following are the two types of DoS filters, Ingress Filters: Ingress filters are used to examine the incoming packets in the network in order to prevent any suspicious attack to enter the network. These filters behave as checkpost at the network borders and search forany spoofing attacks in the incoming traffic. Egress Filters: Egress filters are used to examine the outgoing packets of the network in order to prevent any suspicious attack to enter another network. These filters are placed at the exit point of the network and helps in finding the origin of the attack by keeping wack of the outbound traffic. Q10. Write about threat management. Answer: Model Paper-il, Q2 ‘Threat management ean be defined as a process that is used by cyber security professionals in order to detect and prevent the cyber attacks. It makes use of a framework established by National Institute of Standards and Technology (NIST). ‘Threat management is mainly used to protect the organization's data from data breaches. It also informs that the organization need to face the cyber risks but at a low level. It minimizes the damage and the cost associated with the data breach. According to a survey conducted by Ponemon Institute report, threat ‘management in organization saves more than | million dollars (when the breach available in an organization). ‘The concept of threat management frameworks ‘enhances the interaction between the people, processes and technology and helps the organization to detect. and react to the cyber security incidents, (a) (b) (Cera rnp fs nbs ERHINAL oe oe nd uty CABLE te LEGAL SSC) © scanned with Oken ScannerANSWERS Q1\, Discuss briefly about cyber security. Answer : Cyber security is also referred to as information technology security and computer security. Thi, security is designed to provide protection to information, equipment devices. computer, computer resources comnunication devices, confidential information stored on computers and data transmission access network, against unauthorized access, vulnerabilities and attacks caused by cyber criminals. Hence, the eyber security is needed in order to protect the users business and personal information against complex cyber attacks. loere Iliance for productivity and innovat According to the study conducted by deloitter and manufacturers a vity and innovation (MAPI) about 40% manufacturing companies were getting affected by cyber threats since last 12 months. These cyber threats with almost all cyber breaches have resulted in over $1 million damages. In order to protect te technologies from the threats, supply chain executives are focusing on data protection technologies and stategicy It refers to the branch of computer science that describes the application of ‘secure’ behavior on the operation of computers, Hence, with the advancements in computer science, the requirement for securing files and other useful information by using a variety of automated tools. This type of security is more prevalent in case of shared systems such as time-sharing systems. Thus, the technique of employing a wite variety of tools for protecting data and preventing hackers from accessing the data is called ‘computer secur’. It refers to the branch of computer science that describes the application of ‘secure’ behavior an the opersioa of computers. Hence, with the advancements in computer science, the requirement for protecting and securing files and other useful information by using a variety of automated tools. This type of security is more prevalert incase of shared systems such as time-sharing systems. Thus, the technique of employing a wide variety of tools for protecting data and preventing hackers from accessing the data is called ‘computer security’. Q12. What are the objectives of cyber security? Answer: ‘The objectives of cyber security are as follows, For building an efficient system with which trust and confidence in using cyberspace for various transactions can be improved To ensure security of the system by improving its regulatory framework. 4 To provide a platform with which protection can be provided at all times (24 % 7) with appropriate security mechanisms that can be operated all the time. % Todevelopan effective system for providing feedback in reply to queries related to prevention, protection and response/recovery. % — Tomake the services and products associated with Information and Communication Technologies (C1) more visible with use of security validation and testing. With appropriate training for improving skills of professionals, a workforee of around 5 lakh members to be built. ‘To facilitate the organizations which are employing standard security practices with fiscal benefits Toprovide adequate amount of protection to the private information of the individuals thereby minimizine the theft of data and cyber crime. ‘Imposing various laws for illegal activities involved in eyberspace systems. + To improve cooperation among public and private partnership to make the system globally adopts 4 SIA PUBLISHERS AND DISTRIBUTORS PVT. LTD. sie at) @ scanned with Oken Scanner oeUNIT-1: Introduction to Cyhor Sscurity, @ — Tomake the orga Information: ations adopt or elect a Chief rity Officer (CISO) whe handles allie security thie gece mee aise cecil wih To asset the on ° plement certain sccuity related policce That are te be followed in all the aspects of system for providing better security. en To make the onzonizations to invest sufficient amount on cyber security system ander c response sytem. mn anemernency % To adopt an upgraded infrastructure and regularly check for updates for strengthening the cyber security, __ Ghallonges an Q13. Define intemet governance. What are its challenges and constraints? Answer: ‘Model Paper-1, @9(a) Internet Governance Internet governance can be defined as a set of rules, policies, standards and practices that coordinate and shape global cyberspace. ‘The unique structure of the intemet has raised several judicial concerns. While grounded in physical computers and other electronic devices, the internet is independent of any geographic location. While real individuals connect to the internet and interact with others, it is possible for them to withhold personal information and make their real identities anonymous. If there are laws that could govern the internet, then jit appears that such laws would be fundamentally different from laws that geographic nations use today. Challenges of Internet Governance Some of the various challenges of internet governance are as follows, 1. The pace and changing nature of the internet, 2. The internet as part of digitalization. 3. The concentration of digital power. 4, Theshifis in digital geopolitics ic.,environment, 5. Theco-ordination and shaping of digital futur. 6. The future of regulations. 7. The participation in taking the managerial decisions. Constraints of Internet Governance 1. Privacy End user privacy must also be ensured, Whenever an end user participates in a transaction with a government agency, he/she discloses personal details which may include security for such data © scanned with Oken Scanner Cyber Security Vulnerabili and Cybar Security Safeguards 5 should be provided in order to maintain the end-user privacy. This security can be provided. hy making use of secure transmission channels, firewalls, preventing unauthorized access ete Authentication Authentication is another issue that must be considered while providing the government services. In other words, the government agency must ensure that the services are provided only to the legitimate users. This can be done by using digital signatures. However, it incurs an additional cost and overhead. High Setup Costs and Technical Difficutties Government agencies must also consider the financial status of the end user because. internet access and PC awareness is rare in certain locations. Therefore, a framework for delivery of e-services to the poor and uneducated people must also be designed. Q14, Define cyber threat. Explain the various cyber threats. Answer: Medel Paper-t, 29%) Cyber Threat Cyber threat can be viewed as damage caused to a computer, technology dependent enterprises and networks by an unauthorized third party. The attackers make use of m>licious code to make changes in organization’s computer code, logic or eta resulting in comprising the information security of an organization. Various Cyber Threats Some of the various cyber threats are as follows, 1. Cyber Warfare 2. Cyber Crime 3. Cyber Terrorism 4, Cyber Espionage. Cyber Warfare: Cyber warfare refers to a conflict based on internet. Itincludes malicious attacks on information and information systems. The cyber warfare attacks are capable of disabling official websites and networks and disrupting essential services.2. Cyber Crime: A cyber erime can be defined as ‘A criminal activity doing using computer, They make use of computer technology inorder tosteat the personal infimation af the user, business ttade seerets or other malicious purpose, They cota this infivermation by backing, spamming and phishing to. Apart from this, the illegal person also tses computers for communication, document or data storage purpose. 3. Cyber Terrorism: Cyber terrorism is an internet based altack that involves terror activities. It is a controversial term and referred to as a deliberate usage of computer ‘networks and public internet inorder to aff the personal objectives by using tools such as computer virus, These objectives include political or ideological inthe form of terrorism. 4, Cyber Esplonage: Cyber espionage can be defined as an attack that thefts the sensitive information of the competitor companics or organizations inorder to obtain the advantage over them, Generally, this type of attacks aims for government and large organizations, So Cyber Secu QI15. Define cyber security policy. What Is the need for comprehensive security policy? Answer: Cyber Security Policy ‘Cyber security policy can be defined as a set of rules that are implemented inorder to secure its sensitive and confidential data from unauthorized users. Need for Comprehensive Security Policy According to the software professional’s point of view, the intent of the comprehensive security policies should be to safeguard the company’s integrity, confidentiality and availability of information. As the sensitive information is an asset and property of organization, the management must implement necessary controls for protecting the resources, Furthermore, every organization must assure comprehensive security policies as a component of its overall asset security. Technically, the policies are neither designed to fulfill the security requirements nor to provide requirements to concerning audit. A typical security program includes security policies, standards and procedures. Thus, the security policies of organizations are similar to business and mission requirements of organization. Some other necds of comprehensive security policies are as follows, 1 ‘They are used to enhance the efficiency, 2. They are used to create and end a business deal with the customers, 3. They provide awareness of security among the users, C & SIA PUBLISHERS AND DISTRIBUTORS PVT. LID. © scanned with Oken Scanner CYBER SECURy 1.5 Need for a Nodal Authorig =f Need for an Internationaj Convention on Cyberspace G16, What Is he need for a nodal authoriy, Answer : Nodal authority of an organization is y respond {0 computer security incident when ip cour in realtime. For example, consider the ICEgs (Indian Computer Emergency Response Team) CERT-in is the nodal authority that is responsibe 2 a computer security incident. It is used to pert, various operations. Some of them are as follows, J. Itis used to gather, examine and distribute information on cyber security incidents, 2. Itisused to predict and alert the cyber sec incidents to the team 3, It is used to enable emergency measures 4g manage the cyber security incidents 4, Itisused to coordinate the various activities of cyber security response team. 5. It is used to provide a set of rules, guidelines and standards related to information security policies, procedures, methods, prevention techniques, response and reporting of cyber security incidents. QI7. Explain the need for an infemational convention on cyberspace. Answer: * International convention on cyberspace is introduced by Microsoft. The Microsoft gathered all the govemments globally to work together inorder to protect the cyberspace from various atacks. This can be achieved and managed by the various private companies. Budapest convention or Council of Europe's (CoE) cybercrime conventions was introduced in 2004. It combines all the international multilateral treaty laws on cybercrime legally. It helps in coordinating the cybercrime investigations among ‘Yarious countries and criminalizes the cybercrime conducts, The Budapest convention is considered as a criminal justice treaty that is used to provide the following, 1, Various procedural tools to investigate the crime and store the electronic evidence securely, * 2. Intemational police and judicial cooperation ‘on cyber crime and digital evidences. 3. The criminalization of various attacks against the computers. For remaining answer refer Unit-V, Page No- 109, QNo. 13, se) Sed tg the rity| 4.2.1 Overview, Vulnerabii Software les In etal about software 18. Explain in dj vulnerability Answer > Mode! Mi ode! Papert, @9(a() Software Vulnerability “™ Software vulnerability can he defined as a software defect that helps the control over a system, The reason fi forthe existence of software defects may be either the sofiware design ‘or the code used while implementing software The software vulnerabilities are _The ies are used by the attackers” inorder to theft or modify the sensitive information, to install backdoor, to send any type of mahwares into the systems, ‘Common Software Vulnerabilities ‘Some of the common software vulnerabilities are as follows, 1. Broken Access Control: This type of software vulnerability occurs when the user restrictions are not applied properly. 2. Cryptographic Failures: The sensitive data like usemame, passwords, and account numbers must be secured carefully, Otherwise, the attackers use the vulnerabilities to gain theaccess 3. __ Injection: This occurs when the unauthorized content sent as query to the system. The best and efficient way to prevent software vulnerabilities is to use high standard coding to provide the security standards, altacker to gain the 19. Discussinbriefabout System Administration. Answer: System Administration refersto the management of one or more systems such as software, hardware, servers or workstations. The main aim of System Administration is to ensure that the systems are ‘working properly and effectively. The duties in system administration varies based on the type of computer system being used. ‘The duties in system administration are mainly about the technical side of a system like the architecture, construction and optimization of the collaborating parts and assisting the user, deploying a system ete. System administration deals with the system as a whole and the individual components are treated as black boxes that are opened whenever required practically. It does not take the user tools design into consideration nor it tries to enhance the existing software. This exclusion is mainly due to the reason that, the user-software is not open to local changes. nd Cybor Security Safeguards 7 “All these tasks are carried out by a person called system Administrator” o "Sysadmin" The basie nck ineluded in System Administration are system paste by avsucinin, choosing un tevel to start, system tion files and performance monitoring. The slmirstrative processes are loorely classified like the pravesses which perform various fictions for peneral irelfare of the user community. These functions Jnclude disk formatting, creation of new file systems, repair of damaged filesystems, kemel debugging te ve ate handled by the system administrator's or These ate hay the [T experts of an organization. her the computer systems as well. more generally by the T They ensure mainly whet well as related services are worki Q20. List out the roles and respons! System Administrator. Answer: Roles and Responsibilities of System Administrator System administrator is a person who performs the management tasks and is responsible Tor maintaining multi-user computing environment like LAN. The main responsibilities of System ‘Administrator are as follows, Installing and configuring the new system software and hardware. + — Maintaining (adding, deleting or updating) the user account information and resetting passwords. © Checking whether the peripherals (like mouse, Keyboard, printer ete) are working properly or not. + Arranging the repairs for hardware in case of any failures, Maintaining and monitoring the performance of the system. * Examining the system logs and recognizing the critical issues with in computer systems. ‘Incorporating new technologies into already existing data center environments. % Providing technical support to the users by answering technical queries, Providing security to the systems. Inserting, deleting and configuring filesystems. Maintaining and monitoring the communication between the systems of a network. Providing security policies for users. Creating backup and recovery policies. Documenting the system’s configuration, Installing and updating the operating system with new OS. eee eee (ringers arbors CRMONA Et Ap nd a ABLE Ts RGR pore) @ scanned with Oken ScannerCYBER SEcY Q21. Describe the model for network security with neat sketch. Answer : Network Security Model Generally, the data which is in the form of @ stream or a block can be transmitted over network between the two communicating parties. The entity ‘hich is responsible for transmitting the data is called ‘a sender and the entity which receives the data (from the sender) is called a receiver. Both the parties must have certain level of coordination between them in ‘order to exchange the data. Ifthe sender and receiver are linked through connection-oriented means then they must use a connection-oriented protocol like ‘TCPAP for transmitting the data. During the process of data transmission, some unauthorized interruption from intruders occur which can be avoided by providing security tothe transmitting data, The model for the network security is shown below, ae MESSAGE securrry.reuaTen_| SECRET “TRANSFORMATION TRUSTED "THR PARTY Figure: Model for the Network Security Following are the two components for providing security, () Some security-related information must be sent along with the actual information i.e, a message. Example of the additional information is an encrypted text which encodes the original message in such a way that it becomes unreadable for the opponent. Some secret information is shared among only sender and receiver where the opponent is unaware of it. An example of such an information is the encryption key along with the transformation for scrambling the message prior to its transmission and unscrambling it upon reception, Ue Wansthissiog trusted third party is needed for distibuting ihe ont ® information and to resolve the conflicts hee ee between the sender and the receiver, seg The network security model shown ayy describes the four tasks in designing a specific gov" service, * 1. Designing an Algorithm: An must be designed for doing all the seat” related transformations in such a way that opponent is unable to fail is intent >" 2. Generating Secret information: So secret information to be used along with ge algorithm must be generated, 3 Developing Various Disi Methods: Various methods for and sharing of secret informat developed or evolved, 4. Specitying a Protocol: A protocol which employs the security algorithm for achieving security service must be used by both sender and the rece te —— Sentra te recelven 22, Draw and explain the network acces; security model. Answer: tibution distributing ion must be ‘There are many threats tothe information system, One of the important ones is hacking which tries o penetrate the information system. Another threat isthe placement cof some logic that affects various application and urlty Programs in the computer system. ‘The inserted code can affect the application programs in two ways. They are, (Information Access Threats: These threas are responsible for modifying data on behalf of the unauthorized users, (il) Service Threats: These threats produce various faults pertaining to services and prevent the legitimate users to utilize the system services effectively. The security mechanisms for preventing unauthorized access is divided into two categories. They are as follows, 1. Placing a gatekeeper function which includes a password-based login method that provides access to only authorized users thereby detecting and rejecting worms, viruses et. 2. An internal control which suontos Co = system activities, analyzes the stored inform and detects the presence of unauthorized ust" intruders, if any. © Scanned with Oken ScannerUNIT-1: Introduction to Cyber Security ann nei Tckery Yo Svat fx vin, wm _4 + Tafermstion yates ‘Acces Chant tps Monae 1) & Prvenes © Scheu Telornaio Scary Conia Figure: Network Accoss Security Model 23. What Is the effect of enabling open ‘access fo an organizational data? Answer: ____Indigital world, connecting a digital device to intemet enables the possibility of an attacker to attack or theft the sensitive information of an organization. ‘The eyber crimes have been rapidly increasing in this generation. Mostly, some organizations enable their data to be accessed by the users, Dueto the open access of data in an organization feature, the cyber terrorism gains popularity. It is conducted against organizations and governments. In doing so, the attacker makes use of various computer tools and Internet facilities to get secret access to private information of the citizen. Apart from this, it also destroys the programs, files, plant programs to acquire the access of complete network. According to a survey i.e., Cyber security breaches survey 2018 concluded that 43% of businesses and 19% of charities have encountered a cyber attack. It also concluded that, 38% of small seale businesses do nothing to secure themselves from cyber attacks, The common types of cyber criminal activities include sending corrupted messages, malicious e-mails and fraudulent links. Procedure At first the attacker determines the weak points or vulnerabilities in the target. They do this by using Various methods or tools and the target is usually an individual or an organization. In principle, the attacker makes use of two attacks namely active attack and passive attack. The former one make changes to the Cyber Security Vulnerabilities and Cyber Security Safequards 9 system making the bad impact on the availability, integrity and authenticity of the data. On the other hand, his passive attack is used to obtain information regarding the target. Thus, affecting the confidentiality ‘ofthe network, Moreover, there also exist other attacks which can be categorized as inside or outside. % Inside Attack: If the attack is initiated by a person working within the organization is called inside attack. % Outside Attack: If the attack is initiated by any outside source and lies outside out of the security perimeter of the organization is called outside attack. Q24. Discuss In detall about weak authentication. Answer: Weak Authentication ‘Weak authentication can be defined as a process that involves the authentication cither through password or through a simple question that should be answered by the user. It may provide inefficient and incomplete results. The two different classes of weak authentication schemes are as follows, Model Paper-i, a9(b) 1. Password-based Authentication 2. _ PIN-based Authentication. 1. Password-based Authentication: Password-based authentication is the most common and widely used method for ‘e-commerce transaction. In this method, the user is provided a user name and log in password. Only the genuine end user knew the correct combination of log in name and password. Before accessing the payment gateway, the system asks for user name and password. If it is correctly entered, it is authenticated that the user is the genuine arty and not a eyber criminal, The intelligent People may guess the password casily and can use them further to theft the confidential information of user. 2, PIN-based Authentication: Pin-bases authentication can be used in banking transactions such as a 4-digit password for ATM card, This Pin can be identified or cracked by the attackers easily. Cranes aetrenscaygof oa both CWRATUEAapis a pane ieal TERE) @ scanned with Oken Scannercreek SECU, 10 — - 2:8 Unprotected Broadbent |, CYBER SECURITY Sar oN Fe Cmmonications Fenn CHP" [TABBAL Overview, Acceds Cong, Secu \wareness) a7, Define eyber secutly safeguards g Q25, Write short notes on unprotected broadband communications. Answer: Unprotected Broadband Communications Broadband communication is a huge ‘enhancement over voice band Bomar involving broadband channels with data cies & several Mbps. These channels possess better reliability ‘nd efficiency, The communication using these ‘connections is considered as unprotected because it leads to cyber attacks. Some of the different “unprotected broadband communication technologies are as follows, 1, Cable Modem Connection: Cable modems are used to interface analog components of a cable TV provider (CATV) with televisions. It is prone to hackers as itis connected 24 x 7 to the internet. 2. Public Wi-Fi Network Connections: Connecting to the public Wi-Fi connections leads to information theft by the hackers! ——_stiackers 2%, Write about poor cyber security awareness. Answer: Cyber security awareness involves the people ‘knowing about the information security and different ‘ways to protect the information from attacks, If the staff in an organization do not much involve in the security awareness program thea they said to have poor eyber security awareness. Risks of Poor Cyber Security Awareness The various consequences or risks associated with poor cyber security awareness are as follows, 4 Identity Theft: Idenity theft refers to crime where an unauthorized person tries touse some other person’s identity for his illegal purpose, % Malware Attacks: Malwares are also type of viruses that enter the device through e-mails, web browsing, infected storage ‘media and social networking sites. When users install malwarcs on their systems, the device undergoes with denial of service attack or ‘masquerade attack. ‘Loss of Sensitive Data: Due to the poor cyber security awareness, cyber criminal theft the sensitive data of an organization in detall about understanding «Sy control ety Answer: Cyber Security Safeguards Cybersecurity safeguards can be dfing various protective measures and controls in inorde to achieve the security requiemeny a system, These safeguards consis of various segs features, management constraints, security of phys. structures and architectures, and personnel secu, ‘Access Control avg, edu Access control refers to an ability of ci, allowing or disallowing a user from access, particular resource, There are many mechanisms hy exist and which are employed for performing acces, control. Such mechanism not only manages physic logical resources but are also capable of managing digital resources. ‘Access control systems incorporates the following, ())_ File Permissions: I is an access contol th ccan be used by the users for creating, reading, editing or deleting a file server. (il) Program Permissions: Iris an access coo! that can be used by the users for executing program on an application server. (il) Data Rights Permissions: It is an access control that can be used for retrieving axé ‘updating the information in a database bythe users. Identification Verses Authentication Identification isa process of identifying wes by using some sort of identification information Tike name or account number. On the other hand, authentication is a process of verifying the users identity ie, it is a process of verifying whether the user is authentic or unauthentic, Authentication (Single Rule Based Facto’) ‘and Authorization Single Rule Based Factor Authorization he fundamental form of authentication which evaluaés single value of asetat time by using the combinst—? ‘of username and password. 4 SIA PUBLISHERS AND DISTRIBUTORS PVT. LTI we) @ scanned with Oken ScannerUNIT-1: Introduction to Cyber Security, Mandatory Access Conirol Mandatory access control is an access control whioh sdesized to overcome the problem Bed iy Aisretionary access control. inthis access contol nly system administrator alone is responsible er managing security oriented atributes that are signed o the tery and theresources othe sytem, These security atten are fied i.c., these atributes eannot be meolified op changed by users other than system administrator He isthe one who has the authority of defining the usage and security poliey, which are not dependent on the users's compliance. ‘This access contol is responsible for performing following activities (i) Assigning a security clearance level to all the system's users, Gi) Assigninga classification level to all he object resources. (iii) Ensuring that the users ean access only that data for which they have been assigned security clearance. Discretionary Access Control Discretionary access control is considered as one of the oldest and most widely used class of access control. It is an access control system that allows the users to specify which entities (people, processes, devices) arc authorized for accessing thir files. Here, the users themselves havc the privilege of either allowing or restricting other users from accessing their files. Discretionary access control can be well understood by considering an authorization matrix consisting of rows that signifies system resources and columns that signifies system users. The value within the cell specifies the action privileges that arc assigned toa user inaccordance to the resoutces. | Sam SrS | User | User2 | User3 Userd ate Peer Arend e Elder [Ber | Ear | Far | ier Saini Program 2 wal te: read Rendvouce P ‘code only Figure: Authorization Matrix System administrator alone has the authority of either adding new users/resources or deleting the existing users ‘resources ofthe system. Apart from system, administrator other users are even responsible foradding, or deleting the programs of files that are created or owned by those users. Such nsers also have the authority of assigning action privileges to other users. These action Privileges specifies whether a user wants other users 10 ‘share their files or restrict them from being accessed. Cyber Security Vulneral 4.3.2 ‘Audit, Authentication 28, What Is Security Audit? Explain the areas In which audit Is performed. Answer: Security Audit Security Audit can be defined as @ process of reviewing and examining the various records and activities of the system, It ensures that various policies, procedures and security controls of the system are working effectively. The main purpose of security audit is to provide a checklist for validating the security controls of system. Cyber security audit evaluates/reviews the following areas, 1, Operational Security: In this area, the system policies, procedures and security controls are reviewed. 2. Data Security: In this arca, network access control, encryption technique used for preventing security breaches and theft are reviewed. 3. Physical Security: In this area, disk encryption, role-based access controls, jiometric data, and multifactor authentication are reviewed. 4. Network Security: In this area, network & security controls, SOC, anti-virus configurations and security monitoring capabilities are reviewed 5. System Security: In this area, hardening processes, patching processes, privileged account management and role-based access are reviewed. Advantages Some of the advantages by implementing the security audit are as follows, 1.” Ithelps to identify the gaps in the security. 2. It provides assurance to vendors, employees and clients. 3. __Itimproves the security standards and policies. 1 provides an analysis of the current security practices. 429. Whats authentication? Explain its types. Answer > Authentication Authentication refer to the process of assuring that the communication is authentic. In case ofa single message transmission, its funetion is to ensure the recipient that the message is from the intended source. For an ongoing interaction, such as the terminal to host connection, two perspectives are involved. ‘Warning : Xerox Photocopying of thls book isa CRIMINAL act.Anyone found gullty is LIABLE ta face LEGAL proceedings, & Scanned with Oken Scanner sesso12 (Initially, atthe time of connect the authentication service authenticity ofthe two conn involved, The authentication service must assure that the connection between the two hosts 1s hot interrupted by any third party which is pretending to be as one ofthe two authorized hosts. types of Authentication Two types of authentication services are defined. They are as follows, fion establishment, must ensure the anicating parties co) (i) Peer entity authentication Gi) Data origin authentication. () Peer Entity Authentication: This type of authentication is used to verify the identities of the peer entities involved in communication. It is also used for providing authentication at the time of connection establishment and during the process of data transmission. (i) Data Origin Authentication: It is used for ensuring the authenticity of the source ata without providing protection against the alterations or replications of the data units. It is primarily used for the applications that do rot require prior interactions between the two communicating parties (such as electronic mail. What is Biometric Authentication? Explain the biometric techniques. ‘Model Papert, GMb) 30. Answer: Biometric Authentication Biometric devices are the most commonly used authentication method of modem technology. It considers various human characteristics including finger print retina, voice, face ete. The most basic ‘among these ‘methods is finger print authentication. It {s nothing but an application to provide access to the system by verifying the proof of identity. Types of Blomettics J The following are the different emerging biometric techniques used for performing user identification and authentication, 1, Fingerprint scan 2. Irisretina sean 3. Facial feature scan. € 42 SIA PUBLISHERS AND DISTRIBUTORS PVT. LTD. @ scanned with Oken Scanner CYBER SECURIT 7, Fingerprint Scan Fingerprint scan is a technique used f, ing user identification based om the Pater, found on the fingertips of every human. These are the pavtern tat remain same throughout the lie of Fadividual, The main reason of selecting fingrprin, an identification technique isthe diference between the ridge patterns of every individual is unique. Working of Finger Print Scan ‘An electronic device called a fingerprint sens, is employed so as to perform line scan, wherein the image of the fingerprint pattem is captured ing disitized form. This captured image is processed in order 10 create a biometric template. The processing done by maintaining the information about the different ridge patterns along with different prin, pattems. The created template is provessed either as ‘image or as a computer algorithm that is in encoded format, Once the processing is done, the image is compared with the other fingerprint records. This comparison is performed by initially determining the position of minutiae points on the finger and then searching the similar information regarding the ‘minutiae within the database. This search is performed by implementing, an algorithm that is capable of ‘encoding the information in character format so that the time required for searching the match can be reduced. Uses It is used in investigating criminal cases ‘Fingerprint reader is used for authorizing the users at ATMs. 4 Fingerprint scan is used by vendors so as 1¢ automatically identify whether the credit card or debit account of a user is authentic or not Advantages « — Itisusersfiiendly ic, the process of fingerprint sean can be easily understood with little training, + Itprovides high performance, thereby making it the most accurate identification technology: — Itisaneasy way of authenticating person since numerous people have legible fingerprin's Disadvantages % — Itis very intrusive ie, it is not preferred bY ‘many people (not socially accepted). Its error-prone especially when there is dit or dryness om the finger’s skin. performUNIT-1: Introduction to Cybor Securit 3, __ Itls/Retinal Scan Iris/retinal an is technique which is preferred of irises i, no two irs beings. This technique of identif the iris does not change throuyghevt th ofa human ais neither susceptiniets anyic acco naman ptibleto any inju is identification is done based on the pattern af ke vessels present af the buck of reting, on Working of Retina Scan A biometric identifier called ret eyed for seaming the unspent ea idual retina, The light emitted by a ight emitting evice is easily absorbed by the blood vessels within the retina and the pattems are identified with appropriate lighting. A low-intensity infared light is used for performing retinal scan which is casted within the eye of @ person when they lock through the eyepiece of the scanner, Uses 4 Itis used in prisons for identity verification + It is used by state agencies so as to sto unskilled person in obiaining license. Advantages % Ibis highly accurate since the false acceptance rate of this technique is below 0.001%. % — Itisa reliable and stable techniques the blood vessel patterns are unique and remain same for the entire life period of an individual. + It is very difficult to recreate or replicate the details of retinal patterns. ~ It performs the verification process at a very high speed. Disadvantages 4 Itis not very user friendly and is an expensive technique because of highly expensive equipment, 4 The result may vary because of poor infrared light and vulnerability to degenerative diseases. % — It is highly invasive (spread quickly) and requires user involvement. 3. Facial Feature Scan Facial feature scan is a natural biometric technology used for identification of an individual, This technique is inherent in every individual since it is possible to distinguish a person from other persons just by looking at their face. The facial identification process performs the following two subprocesses, (a) Detection (b)_ Recognition. nother user identification because of the uniqueness ‘Similar among human ication is very roluist ng ‘Warning :Xerox/Photoc: @ scanned with Oken Scanner 'Y. Cybor Security Vulnorabilities and Cyber Security Safoguards 13 Detection In this subprocess, a human face is located within the captured images and is then isolated from the remaining, faces captured within the same image. The facial software scans the isolated face so as to determine the facial structure and measures the dimension (geometry) of each facial feature. Once the image is constructed, the software creates a binary mask of the image by cropping the unnecessary background details (b) (a) Recognition In this subprocess, a comparison is performed between the captured face and the other faces present in a database, The most commonly used recognition technology consists of eigen features or eigen faces approaches. ‘The eigen feature approach computes eigen vector values from the captured image by determining the distance between different facial features (like nose, mouth, eyebrows). Once the eigen vectors are known, then a comparison is performed wherein the computed eigen vectors are compared against the eigen vectors stored within the database. The eigen face approach represents the facial image as 2D-set of light and dark area patterns. “These patterns are converted and are represented as ‘a computer algorithm. This algorithm is stored as 2 combination of eigen faces, which are then compared against the eigen faces saved in a database. Working of Facial Recognition The following steps are considered while performing facial recognition process. Step 1 - Capture Image: In this step, the existing photograph of an individual is digitally scanned so as to generate a line picture of the respective individual. Step 2-Locate Face: Facial detection software is used to find the face from among the different faces within the captured image. Step 3 - Extract Feature: The feature of the identified face is extracted by facial recognition software, This is done by determining the spatial geometry of different facial features. Spatial geometry refers to the process of measuring the features in accordance to peaks and valleys (nodal points). The nodal points are then used in generating a template. Step 4 - Compare Template: The generated template is compared against the template saved in the database. Step 5 - Declare Match: After performing the comparison, the system declares the match only ifthe generated template is similar to the saved template. poring ofthis bok a CRIMINAL actAnyone found gully Is IABLE t fice LEGAL proceeding14 Uses : 4 {tisused in airport for protecting against terror attacks. 4 It is used in multinational organizations for preventing unauthorized people from obta fake identification cards 4 ILisused for surveillance purposes such as to find criminals, terrorists etc. & Wis used Advantages — Itisa non-intrusive, non-expensive technique. © Itmakes use of legacy database and integrates with current surveillance technique. Jaw enforcement areus. Disadvantages + The result may get affected by change in age, hairstyle + It imposes many restrictions on the way the images are to be captured. acme Cryptography, D Denial of Service Filt Discuss in brief about Cryptography. Answer: For answer refer Unit-IV, Page No. 61, Q.No. 32. Explain about the following, () Deception (il) Denial of Service Fillers. Answer; ‘Model Paper-lil, @9(b) () Deception Deception can be defined as a process of creating false perception for the attacker, The main objective of implementing this is to divert/change the route of attackers towards already failure system. With this, it lowers the risk and improves the security posture of organization, One of the most commonly used deception technique is Honey pots. Honey Pots Honey pots can be defined asthe decay systems: that are used to distract the attention of potential attackers from the critical systems. The purpose of designing honey pots is, 1, To distract the attacker while using critical systems. 2. To gather information about the activities performed by the attackers, ‘To inspire the attacker to stay for long time on the systems so that the admin can tespond to the system, C ‘ie SIA PUBLISHERS AND DISTRIBUTORS PVT LID. © scanned with Oken Scanner CYBER SECUR, The honey pot systems ate designed ing, \way that itappears as valuable information only gn? attacker but not to the authentic users. These cy consist of sensitive monitors and event loggers help in detecting the access as well as other being performed by the attackers. When the ata tiesto acvessthe system, the admin nthe mean ig retrivesinformation about the attackers osatig a activities. Itracks the attacker without disclosing effective system. (li) Denial of Service Filters Denial of Service (DoS) Filters canbe define asa defense mechanism that can be used to preverg the DoS attacks. These attacks interrupt the norma) usage of various facilites provided by system fy network. Types of DoS Filters The following are the two types of DoS filters, Ingress Filters: Ingress filters are used tg examine the incoming packets in the network in order to prevent any suspicious attack 19 enter the network. These filters behave as checkpost at the network borders and search for any spoofing attacks in the incoming traffic Egress Fillers: Bgress filters are used to ‘examine the outgoing packets of the network in order to prevent any suspicious attack to enter another network. These filters are placed athe exit point of the network and helps in finding the origin of the attack by keeping track of the outbound traffic. lich Activities (a) (b) Answer: Ethical Hacking Hacking is an illegal act, which destroys the important computer files of affected persons. Hacking is also used for some desired purposes such 4s identifying the loop holes of a system or process. ‘When hacking is performed for some legal purpose, it is known as “Ethical Hacking’. Ethical hacking tends to identify the weaknesses of a computer system rather than destroying the operations of computer system. Ethical hacking is performed by professional ‘and computer network experts who are also termed as “White Hat Hackers”, “Ethical Hackers” or “Good us”, They are enriched with professional soundness and posses a variety of skills relating to programming; networking, operating systems, hardware and software Security, knowledge of web etc. These hackers follow the same methods and techniques which are followed ¢ ) 4UNIT-1: Introduction to Cyber Securit by unethical hackers. The only diffrence i, a hackersaimsat identifying the loophoienr sat unethical hackers aims at taking ndvantore fe loopholesand attacking the systems for fulllfge lopolevend at ing their It is to be noticed that while ethical hacking. itis important ty chen ethical hacker. Because the se information is vital to the information is misused in any way, it will axre affect the decisions of company. One of the ara, is to select the well known experts of this ficld he, ethical hacking activity. Well-known experts secre to be more trustworthy and they understand the importance of their client's sensitive information, Following are some ofthe as a“ ‘ pects, which will be considered by ethical hackers while performing hacking activity. + Identifying the locations through which unwanted Persons can access to secret information, Identifying the areas which needs high protection, + Ifanumwanted person gain accessto information what can be the consequences, How soon will be the access of unwanted person get noticed to the owners? % Finalizing the required amount of resources which ensures the appropriate security of overall computer systems. Thus ethical hacking is a legal activity performed by professional hackers on the desire of owners. It is also termed as “Penetration Testing”, “Red teaming”, “Vulnerability Scanning” and “Intrusion Testing”. implementing Se appropriate "sitive or confidential organization. If this Q34. Describe in brief about Firewalls. Answer: For answer refer Unit-lV, Page No. 72, Q.No.22. Q35. Explain about Intrusion detection systems, Answer: Intrusion Detection Systems An Intrusion Detection System (IDS) defensive tool which is used for detecting malicious attacks that can affect the security features of a system. Itisasoftware program installed ata higher level ofan operating system. These systems (IDSs) are employed not only forthe early detection of attacks but also for Preventing the attacks. The size and scope of IDSs depend upon the internal networks and sensitive information stored in an organized form. Y. Cyber Socurity Vulnerabilities and Cyber Security Safeguards 15 There are two types of intrusion detection (i) Network-based intrusion detection System (ii) Host-based intrusion detection System. (i) Network-based Intrusion Detection System For answer refer Unit-III, Page No. 47, Q.No. 15. Host-based Intrusion Detection System Host-based Intrusion Detection Systems (HIDSs) is located on a specific computer network designed to monitor and detect the actions. It also responds to attacks occurred on the respective host system. On the other hand, it monitors the packets entering into the server including inbound and outbound traffic. Later on, information about malicious attacks is transformed to the database administrator available on its own server. HIDS scnutinizes different regions ina system totrack malicious attacks. It then approaches log files which include kernel, system, server, network, firewall and compares the logfiles with the intemal signature database to track the attacks where as other HIDSS like UNIX and Linux utilizes the syslog. These logged files are segregated based on their severity level. Therefore, the actions performed by a HIDS includes filtering. analyzing logs, re-tagging the malicious messages. HIDSs verifies the data integrity of the major and executable files. Apart from this, it also verifies database with sensitive files, checksum of all the files. Therefore, checksum of cach file need to be same as its original file. If not, then signals are sent to the administrator in relative to the malicious attacks. In general, HIDSs are associated with the respective operating system. The characteristics of a HIDS are given below, 1, It monitors the privileges of users. 2. It offers an efficient method to detect the malicious attacks, Advantages ‘The advantages of HIDS are given as follows, L ‘The success or failure of an attack is verified through the logs. 2. It monitors the actions performed by cach user and administrator when connected with a network. It also monitors and detects the modifications performed on the kernal system files and executables. Apart from NIDS, it detects and aborts the implementation of ‘Trojanhorses and backdoors. & It detects the attacks occurred due to critical server which go undetected by NIDS. qi) (Gearing RarouPhotocopying of tis book na CRIMINAL act Aryoe found pul W LIABLE‘o fee LEGAL proceedings) © scanned with Oken Scanner