Future Institute of Engineering and Management

College Code: 148

P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

Department of Computer Science and

Engineering

Session: 2023-2024
Semester: 7th
Subject Name: Cyber Security
Subject Code: PEC-CS702E
Prerequisite knowledge:
1. Basic knowledge of Computer Networks
2. Algorithm Design
3. Basics of Network Security
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

1. Vision of the Institute:

To be a centre of excellence in education and research to produce globally competent professional minds

with human values and ethics to serve the society by taking part in industrial, scientific, innovation,

academic and entrepreneurship activities within the country and abroad

Mission of the Institute:

1. To impart quality education to achieve excellence in teaching learning and research.

2. To provide skill oriented training to meet the need of the industry and society.

3. To undertake collaborative projects with academia and industries.

4. To create an environment conducive to creativity, innovation, team-spirit and entrepreneurial

leadership.

5. To facilitate effective interactions of students, faculty and management with industry personnel,

alumni, academicians of premier Institutions and other stake holders.

2. Vision of the Department:

To empower the students of Computer Science & Engineering department to be technologically adept,

innovative, self-motivated and responsible global citizen possessing human values and contribute

significantly towards high quality technical education with ever changing world.

Mission of the Department:

The department of Computer Science and Engineering strives to prepare students for professional career

and higher studies by providing conductive teaching-learning, research environment and

entrepreneurship with leadership skills, enabling them to serve the engineering profession and society.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

3. Program Educational Objectives (PEOs):

• The educational objectives of an engineering degree program are the statements that describe the
expected achievements of graduates in their career, and also in particular, what the graduates are
expected to perform and achieve during the first few years after graduation.
• The PEOs, may be guided by global and local needs, vision of the Institution, long term goals etc.
• For defining the PEOs the faculty members of the program must continuously work with all
Stakeholders: Local Employers, Industry, Students and the Alumni

PEO1:
Graduate will compete on a global platform to pursue their professional career in Computer Science
and Engineering and allied disciplines.
PEO2:
Graduates will pursue higher education and/or engage in continuous up gradation of their
professional skills.
PEO3:
Graduate will communicate effectively and will demonstrate professional behaviour while working
in diverse team.
PEO4:
Graduates will demonstrate concern for society and environment.
PEO5:
Studying computer science will give a strong foundation in problem-solving, logical knowledge, and
critical thinking.
PEO6:
Pursue higher education for professional development
PEO7:
Exhibit leadership qualities with demonstrable attributes in lifelong learning to contribute to the
societal needs.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

4. Program Outcomes (POs):

• PO1. Engineering Knowledge: Apply knowledge of mathematics, science, engineering fundamentals and
an engineering specialization to the solution of complex engineering problems.
• PO2. Problem Analysis: Identify, formulate, research literature and analyse complex engineering problems
reaching substantiated conclusions using first principles of mathematics, natural sciences and engineering
sciences.
• PO3. Design/ Development of Solutions: Design solutions for complex engineering problems and design
system components or processes that meet specified needs with appropriate consideration for public health
and safety, cultural, societal and environmental considerations.
• PO4. Conduct investigations of complex problems: Use research-based knowledge and research methods
including design of experiments, analysis and interpretation of data and synthesis of information to provide
valid conclusions.
• PO5. Modern Tool Usage: Create, select and apply appropriate techniques, resources and modern
engineering and IT tools including prediction and modelling to complex engineering activities with an
understanding of the limitations.
• PO6. The Engineer and Society: Apply reasoning informed by contextual knowledge to assess societal,
health, safety, legal and cultural issues and the consequent responsibilities relevant to professional
engineering practice.
• PO7. Environment and Sustainability: Understand the impact of professional engineering solutions in
societal and environmental contexts and demonstrate knowledge of and need for sustainable development.
• PO8. Ethics: Apply ethical principles and commit to professional ethics and responsibilities and norms of
engineering practice.
• PO9. Individual and Team Work: Function effectively as an individual, and as a member or leader in
diverse teams and in multi-disciplinary settings.
• PO10. Communication: Communicate effectively on complex engineering activities with the engineering
community and with society at large, such as being able to comprehend and write effective reports and
design documentation, make effective presentations and give and receive clear instructions.
• PO11. Project Management and Finance: Demonstrate knowledge and understanding of engineering and
management principles and apply these to one’s own work, as a member and leader in a team, to manage
projects and in multidisciplinary environments.
• PO12. Life-long Learning: Recognize the need for and have the preparation and ability to Engage in
independent and life- long learning in the broadest context of technological Change.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

5. Program Specific Outcomes (PSO)

• PSO1: The Computer Science and Engineering graduates are able to analyze, design, develop, test
and apply skills on the basis of mathematical and programming foundations in the development of
computational solutions to design software and hardware.

• PSO2: Work with and communicate effectively with professionals in inter-disciplinary fields and
pursue lifelong professional development in computing and identify research gaps and hence to
provide solution to new ideas and innovations to satisfy the environmental and social issues.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

6. CBCS Curriculum and Syllabus (Session 2022 - 23)

Program B.Tech. (CSE)
Course Code Course Name L T P C
PEC-CS702E Cyber Security 3 3
Year & Semester 4th Year 7th Sem Contact hour per week
Prerequisite Course To get started with Cyber Security you 4
must be familiar with the following
concepts:

1. Computer Networks
2. Internet
3. Network Security
4. Cyber Technologies

Course Objective 1. Learn the foundations of Cyber security and threat landscape.
2. To equip students with the technical knowledge and skills needed to
protect and defend against cyber threats.
3. To develop skills in students that can help them plan, implement, and
monitor cybersecurity mechanisms to ensure the protection of
information technology assets.
4. To expose students to governance, regulatory, legal, economic,
environmental, social and ethical contexts of cyber security.
5. To expose students to responsible use of online social media
networks.
6. To systematically educate the necessity to understand the impact of
cybercrimes and threats with solutions in a global and societal
context.
7. To select suitable ethical principles and commit to professional
responsibilities and human values and contribute value and wealth for
the benefit of the society.
Course After successful completion of course, the students will be able to Knowledge
Outcomes Level, KL
CO1: Understand the various tools and methods used in cybercrime. K2

CO2: Identify risk management processes, risk treatment methods, K5

organization of information security.
CO3: Classify cyber security solutions and information assurance. K4

CO4: Examine software vulnerabilities and security solutions to reduce K1, K3

the risk of exploitation.

CO5: Analyze the cyber security needs of an organization. K3

(write 5 to 7 COs per course).

KL – Bloom’s Knowledge Level
(K1 – Remember, K2 – Understand, K3 – Apply, K4 – Analyze, K5 – Evaluate, K6 – Create)
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

PSO PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO PO PO PSO1 PSO2
10 11 12

COs
CO1 2 2 1 1 3 3 1 3 - 1 - 3 2 2
CO2 2 2 1 1 - 3 2 3 - 1 - 3 1 3
CO3 2 2 1 1 - 3 1 3 - 1 - 3 - 3
CO4 2 2 1 1 3 3 1 3 - 1 - 3 3 2
CO5 2 2 1 1 - 3 1 3 - 1 - 3 - 3
Average 2 2 1 1 1.2 3 1.2 3 - 1 - 3 1.2 2.6
CORRELATION 1 – LOW (40%<Achievement<50%);
LEVEL: 2 - MEDIUM (50%< Achievement <60%); 3 - HIGH (60%< Achievement)
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

7. Class Time Table & Faculty Time Table

Class Time Table
5th Sem

7th Sem
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

Faculty Time Table

FIEM CSE Routine, 2023 TC

MONDAY

9.40- 11.20- 12.30-

TIME 10.30 10.30-11.20 12.10 1.20 1:20-2.10 2.10-3.00 3.00-3.50 3.50-4.40 4.40-5.30

CSE1 BREAK

CSE2
CSE3

TUESDAY

9.40- 11.20- 12.30-

TIME 10.30 10.30-11.20 12.10 1.20 1:20-2.10 2.10-3.00 3.00-3.50 3.50-4.40 4.40-5.30
CSE1 PEC-CS702E (Sec 2)(TC)
BREAK
CSE2

CSE3

WEDNESDAY

9.40- 11.20- 12.30-

TIME 10.30 10.30-11.20 12.10 1.20 1:20-2.10 2.10-3.00 3.00-3.50 3.50-4.40 4.40-5.30

PCC-CS 503 (TC) PCC-CS 593 (Gr-A)(TC+SP)

CSE1
BREAK
CSE2

CSE3

THURSDAY

9.40- 11.20- 12.30-

TIME 10.30 10.30-11.20 12.10 1.20 1:20-2.10 2.10-3.00 3.00-3.50 3.50-4.40 4.40-5.30
PEC-CS702E (Sec
CSE1 2)(TC)(R/T)(1P)
BREAK
CSE2

CSE3

FRIDAY

9.40- 11.20- 12.30-

TIME 10.30 10.30-11.20 12.10 1.20 1:20-2.10 2.10-3.00 3.00-3.50 3.50-4.40 4.40-5.30

PCC-CS 503 (TC) (R/T)(1P) PCC-CS 593(Gr-B)(TC+SP)

CSE1 BREAK
CSE2

CSE3
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

8. Course handouts/Lecture schedule

LESSION PLAN OF TC
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

LESSION PLAN OF MKS

 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

9. Assignments/Tutorial question papers with solutions

Module 1
Long answer type questions -

1. What are the advantages of cyber security?

Answer - Benefits of cyber security are as follows:

• It protects the business against ransomware, malware, social engineering, and phishing.
• It protects end-users.
• It gives good protection for both data as well as networks.
• Increase recovery time after a breach.
• Cybersecurity prevents unauthorized users.

2. What is the CIA triad?

Answer -
• Ongoing validation processes involving all employees in an organization
• A mandatory security framework involving the selection of appropriate controls
• A foundational security model used to set up security policies and systems
• A set of security controls used to update systems and networks

The CIA triad is a foundational security model used to set up security policies and systems. The core
principles of the model are confidentiality, integrity, and availability.

3. Define Cybersecurity?
Cybersecurity refers to the protection of internet-connected systems such as software, hardware,
electronic data, etc., from cyber attacks. In computing text, it is referred to as protection against
unauthorized access.

4. What is the difference between Threat, Vulnerability, and Risk?

● Threat: Someone with the potential to cause harm by damaging or destroying the official data of a
system or organization.
Ex: Phishing attack
● Vulnerability: It refers to weaknesses in a system that makes threat outcomes more possible and
even more dangerous.
Ex: SQL injections, cross-site scripting
● Risk: It refers to a combination of threat probability and impact/loss. In simple terms, it is related to
potential damage or loss when a threat exploits the vulnerability.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

Threat probability * Potential loss = Risk

5. List the common types of cybersecurity attacks.

The following are the most common types of cybersecurity attacks:

● Malware
● SQL Injection Attack
● Cross-Site Scripting (XSS)
● Denial-of-Service (DoS)
● Man-in-the-Middle Attacks
● Credential Reuse
● Phishing
● Session Hijacking

6. What is the difference between IDS and IPS?

IDS is Intrusion Detection System and it only detects intrusions and the administrator has to take care
of preventing the intrusion. Whereas, in IPS i.e., Intrusion Prevention System, the system detects the
intrusion and also takes actions to prevent the intrusion.

Multiple choice questions

1. Which element of the CIA triad specifies that only authorized users can access specific information?
a. Confirmation
b. Confidentiality
c. Integrity
d. Access
Answer : Confidentiality
2. A security analyst discovers that certain data is inaccessible to authorized users, which is preventing
these employees from doing their jobs efficiently. The analyst works to fix the application involved in
order to allow for timely and reliable access. Which element of the CIA triad does this scenario
describe?
a. Availability
b. Capacity
c. Applicability
d. Integrity
Answer : Availability
3. Which of the following is a type of cyber security?

a) Cloud Security
b) Network Security
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

c) Application Security
d) All of the above
Answer : All of the above

4. Which of the following is a type of cyber attack?

a) Phishing
b) SQL Injections
c) Password Attack
d) All of the above
Answer : All of the above

Module 2
Long answer type questions -

1. State the difference between hackers and crackers.

Answer : The person who is skilled in Hacking are divided into 2 categories:

I. Hackers: Hackers are kind of good people who do hacking for a good purpose and to obtain
more knowledge from it. They generally find loopholes in the system and help them to cover the
loopholes. Hackers are generally programmers who obtain advanced knowledge about operating
systems and programming languages. These people never damage or harm any kind of data.

II. Crackers: Crackers are kind of bad people who break or violate the system or a computer
remotely with bad intentions to harm the data and steal it. Crackers destroy data by gaining
unauthorized access to the network. Their works are always hidden as they are doing illegal
stuff. Bypasses passwords of computers and social media websites, can steal your bank details
and transfer money from the bank.

The Difference between Hackers and Crackers:

Hacker Cracker
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

The good people who hack for knowledge The evil person who breaks into a system for
purposes. benefits.

They are skilled and have advanced

They may or may not be skilled, some crackers
knowledge of computers OS and
just know a few tricks to steal data.
programming languages.

They work in an organization to help

These are the person from which hackers
protect their data and give them expertise
protect organizations.
in internet security.

Hackers share the knowledge and never If they found any loophole they just delete the
damages the data. data or damages the data.

Crackers are unethical and want to benefit

Hackers are the ethical professionals.
themselves from illegal tasks.

Hackers program or hacks to check the Crackers do not make new tools but use
integrity and vulnerability strength of a someone else tools for their cause and harm the
network. network.

Hackers have legal certificates with them Crackers may or may not have certificates, as
e.g CEH certificates. their motive is to stay anonymous.

They are known as White hats or saviors. They are known as Black hats or evildoers.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

2. What is network sniffing?

Network sniffing is a tool used for analyzing data packets sent over a network. This can be done by
the specialized software program or hardware equipment. Sniffing can be used to:
• Capture sensitive data such as password.
• Eavesdrop on chat messages
• Monitor data package over a network

Multiple choice questions -

1. Which of the following is a Stuxnet?
a) Trojan
b) Antivirus
c) Worm
d) Virus
ANSWER : c

2. Which of the following is an internet scam done by cyber-criminals where the user is convinced
digitally to provide confidential information?
a) MiTM attack
b) Phishing attack
c) Website attack
d) DoS attack
ANSWER : b

Module 3
Long answer type questions -

1. What is ethical hacking?

Answer - Ethical hacking is also known as penetration testing or intrusion testing where the person
systematically attempts to penetrate/intrude into a computer system, application, network, or some
other computing resources on behalf of its owner and finds out threats and vulnerabilities that a
malicious hacker could potentially exploit. The main objective of ethical hacking is to improve the
security of the system or network and fix the vulnerabilities found during the testing. Ethical
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

hackers employ the same tools and techniques adopted by malicious hackers to improve security
and protect the system from attacks by malicious users with the permission of an authorized entity.

2. What are the tools used for ethical hacking?

The most popular ethical hacking tools are listed below:

● John the Ripper

● Metasploit
● Nmap
● Acunetix
● Wireshark
● SQLMap
● OpenVAS
● IronWASP
● Nikto
● Netsparker

3. What is the difference between virus and worm?

Virus: It is a type of malware that spreads by embedding a copy of itself and becomes a part of other
programs. Viruses spread from one computer to another while sharing the software or document they are
attached to using a network, file sharing, disk, or infected email attachments.

Worm: These are similar to viruses and cause the same type of damage. They replicate functional copies
of themselves and do not require a host program or human help to propagate. Advanced worms leverage
encryption, ransomware, and wipers to harm their targets.

4. Explain social engineering attacks.

Ans. Social engineering refers to a variety of malicious activities used to manipulate and trick users
into making security mistakes and giving away sensitive information. In social engineering, a
hacker manipulates a target using normal communication medium like calls, texts, and emails and
fetches the sensitive information without any technical expertise. Some of the examples of social
engineering are phishing, whaling attack, spear phishing, water holing, baiting, quid pro quo,
vishing, pretexting, and tailgating.

5. What is social engineering?

Social engineering is the term used for a broad range of malicious activities accomplished through
human interactions. It uses psychological manipulation to trick users into making security mistakes
or giving away sensitive information.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

Social engineering attacks happen in one or more steps. A perpetrator first investigates the intended
victim to gather necessary background information, such as potential points of entry and weak
security protocols, needed to proceed with the attack. Then, the attacker moves to gain the victim’s
trust and provide stimuli for subsequent actions that break security practices, such as revealing
sensitive information or granting access to critical resources.

Multiple choice questions -

1.What is the main goal of ethical hacking?

a) To cause damage to a system
b) To gain unauthorized access to a system
c) To identify and fix security vulnerabilities
d) To steal sensitive information
Answer: c

2. The legal risks of ethical hacking include lawsuits due to __________ of personal data.
a) stealing
b) disclosure
c) deleting
d) hacking
ANSWER : b

3. What is the difference between ethical hacking and malicious hacking?

a) Ethical hacking is legal and sanctioned, while malicious hacking is illegal and unsanctioned.
b) Ethical hacking only involves finding vulnerabilities, while malicious hacking involves
exploiting them.
c) Ethical hacking is done with the permission of the system owner, while malicious hacking is
done without permission.
d) There is no difference between ethical hacking and malicious hacking.

Answer: d
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

Module 4
Long answer type questions -

1. Distinguish between HMAC and MAC.

HMAC stands for hash-based message authentication code. It is a specific type of MAC. It contains
cryptographic hash functions and a secret cryptographic key. HMAC is capable of verifying data
integrity and authentication of a message at the same time. Generally, the cryptographic strength of
HMAC depends on the cryptographic strength of the underlying hash function, size of the hash
output and the size and quality of the key.

HMAC uses two passes of has computation. The secret key helps to find the inner and outer keys.
In other words, the first pass of the algorithm generates an internal hash derived from the message
and the inner key. Furthermore, the second pass generates the final HMAC code obtained from the
inner hash result and the outer key. Overall, the algorithm is capable of providing immunity against
length extension attacks.

MAC stands for Message Authentication Code. It is a small piece of information that helps to
authenticate a message. Moreover, it ensures that the message came from the stated sender. The
MAC value protects both a message’s data integrity as well as its authenticity. It helps to figure out
any changes to the message content.

MAC is a short piece of information used to authenticate a message. In contrast, HMAC is a

specific type of MAC that involves a cryptographic hash function and a secret cryptographic key.

2. Identify Security Associations with the help of three Parameters.

The concept of a security association is germane to IPsec. Security protocols make use of Security
Associations (SAs) as they provide security services (the main responsibility of key management is to
establish and manage SAs). An SA is a relationship between two entities that defines how they are
going to use security services to secure their communications. It includes information on
authentication and/or encryption algorithms, cryptographic keys and key lengths as well as the
Initialization Vectors (IVs) that are shared between the entities. An SA is unidirectional; so, typically
two SAs are needed for a bidirectional flow of traffic – one for inbound (read) traffic and one for
outbound (write) traffic. An SA is uniquely identified by the following three items:

• Security Parameter Index (SPI);

• destination IP address;
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

• security protocol (either AH or ESP).

The management of SAs involves two databases: the SPD and the SAD. The SPD contains the
policies by which all inbound and outbound traffic is categorized on a host or a security gateway. The
SAD is a container for all active SAs and related parameters. A set of selectors – IP layer and upper
layer (e.g., TCP and UDP) protocol field values – is used by the SPD to map traffic to a specific SA.

Multiple Choice Questions

1. What is a vulnerability assessment?

A. A process to identify vulnerabilities in a system or network
B. A process to exploit vulnerabilities in a system or network
C. A process to fix vulnerabilities in a system or network
D. A process to steal sensitive information from a system or network
Answer: A

2. An unauthorized individual enters a building following an employee through the employee entrance
after the lunch rush. What type of breach has the individual just performed?
A. Reverse Social Engineering
B. Tailgating
C. Piggybacking
D. Announced
Answer: B

3. If an attacker uses the command SELECT*FROM user WHERE name = ‘x’ AND userid IS NULL;
–‘; which type of SQL injection attack is the attacker performing?
A. End of Line Comment
B. UNION SQL Injection
C. Illegal/Logically Incorrect Query
D. Tautology
Answer: A

4. Which of the following options represents a conceptual characteristic of an anomaly-based IDS over
a signature-based IDS?
A. Produces less false positives
B. Can identify unknown attacks
C. Requires vendor updates for a new threat
D. Cannot deal with encrypted network traffic
Answer: B
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

Module 4

Long Answer type questions

1. What is the difference between cyber forensics and digital forensics?

Ans - Digital evidence from cybercrime, like harmful software, computer viruses, and
cyberbullying, is the focus of cyber forensics. On the contrary, the recovery and analysis of digital
evidence from any form of digital devices, including computers, phones, tablets, and digital
cameras, is the focus of digital forensics. Cyber forensics is employed in cases involving fraud,
intellectual property theft, and other cyber security concerns, whereas digital forensics is frequently
used throughout criminal investigations.

2. What is the importance of preserving digital evidence?

Ans - Digital evidence needs to be preserved for a number of explanations. It can offer concrete
evidence of criminal activity or other illegal behavior, serve as proof in court, and enable the
prosecution of individuals who committed the crime. Furthermore, keeping track of digital
evidence might aid in finding those who have been the victims of internet scams, cyberbullying, or
other types of digital abuse. Lastly, digital evidence can assist organizations in defending
themselves against future legal concerns or responsibilities.

3. What is the role of a cyber forensic investigator?

Ans - A cyber forensic investigator is in charge of looking through digital proof of crimes using
computers and networks. To locate, gather, and examine digital evidence, they employ a range of
strategies and instruments. They could also offer professional testimony in court. To adequately
examine and analyze digital evidence, cyber forensics investigators need to be technically and
legally knowledgeable.

4. How do you handle and analyze mobile device data in a cyber forensic investigation?

Adapting the following steps, I can simply handle and analyze mobile device data in a cyber
forensic investigation:

• Collecting the Data

• Analyzing the Data
• Analyzing the Evidence
• Presenting the Results
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

Multiple choice type questions

1. Which of the following is an objective of network security?
a) Confidentiality
b) Integrity
c) Availability
d) All of the above
Answer : d

2. Which of the following is not a cybercrime?

a) Denial of Service
b) Man in the Middle
c) Malware
d) AES
Answer : d

3. Which of the following is a component of cyber security?

a) Internet Of Things
b) AI
c) Database
d) Attacks
Answer : a

4. Which of the following actions compromise cyber security?

a) Vulnerability
b) Attack
c) Threat
d) Exploit
Answer : c
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

Module 5
Multiple choice questions -

1. In which year India’s IT Act came into existence?

a) 2000

b) 2001

c) 2002

d) 2003

Ans : a

2. Under which section of IT Act, stealing any digital asset or information is written a cyber-crime.
a) 65

b) 65-D

c) 67

d) 70

Ans : a

3. Which of the following is an example of intellectual property?

a) Patent
b) Trade marks
c) Copyright
d) All of the above
Answer : d

4. Which Section deals with cyber terrorism ?

(a) 66 C

(b) 66 B

(c) 66 D

(d) 66F

Answer : d
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

5. The following Section draws a presumption that a secure electronic record has not been altered
since the point of time to which the secure status relates:
a. Section 85 B of the Indian Evidence Act, 1872
b. Section 3 of the I.T. Act, 2000
c. Section 192 of the Indian Penal Code, 1860
d. Section 200 of Cr. P. C.
Answer : a

6. Data theft includes:

a. unauthorized attempts to bypass the security mechanisms of an information system or network.
b. use of information and communication technologies to support hostile behaviour
c. a form of fraud or cheating of another persons’ identity
d. without the permission of the person who is in charge of the computer, to download, copy or
extract any data, computer data base or information from computer.
Answer : d
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

10. Class test, Mid, End semester exam question papers with solutions
CA-1 Question Paper
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

For Answers, refer Standard Text Book as prescribed in Lesson Plan and also refer to the Lecture
Notes.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

CA-2 Question Paper

 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

For Answers, refer Standard Text Book as prescribed in Lesson Plan and also refer to the Lecture
Notes.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

CA-3 Question Paper

For Answers, refer Standard Text Book as prescribed in Lesson Plan and also refer to the Lecture
Notes.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

11. Lecture notes

Cyber Security Introduction - Cyber Security Basics:

Cyber security is the most concerned matter as cyber threats and attacks are overgrowing.
Attackers are now using more sophisticated techniques to target the systems. Individuals,
small-scale businesses or large organization, are all being impacted. So, all these firms
whether IT or non-IT firms have understood the importance of Cyber Security and focusing
on adopting all possible measures to deal with cyber threats.

What is cyber security?

"Cyber security is primarily about people, processes, and technologies working together to
encompass the full range of threat reduction, vulnerability reduction, deterrence, international
engagement, incident response, resiliency, and recovery policies and activities, including
computer network operations, information assurance, law enforcement, etc."
OR
Cyber security is the body of technologies, processes, and practices designed to protect
networks, computers, programs and data from attack, damage or unauthorized access.

• The term cyber security refers to techniques and practices designed to protect digital
data.

• The data that is stored, transmitted or used on an information system.

OR
Cyber security is the protection of Internet-connected systems, including hardware, software,
and data from cyber attacks.
It is made up of two words one is cyber and other is security.
• Cyber is related to the technology which contains systems, network and programs or
data.

• Whereas security related to the protection which includes systems security, network
security and application and information security.

Why is cyber security important?

Listed below are the reasons why cyber security is so important in what’s become a
predominant digital world:

• Cyber attacks can be extremely expensive for businesses to endure.

• In addition to financial damage suffered by the business, a data breach can also inflict
untold reputational damage.
• Cyber-attacks these days are becoming progressively destructive. Cybercriminals are
using more sophisticated ways to initiate cyber attacks.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

• Regulations such as GDPR are forcing organizations into taking better care of the
personal data they hold.

Because of the above reasons, cyber security has become an important part of the
business and the focus now is on developing appropriate response plans that minimize
the damage in the event of a cyber attack.

But, an organization or an individual can develop a proper response plan only when
he has a good grip on cyber security fundamentals.

Cyber security Fundamentals – Confidentiality:

Confidentiality is about preventing the disclosure of data to unauthorized parties.

It also means trying to keep the identity of authorized parties involved in sharing and holding
data private and anonymous.

Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle

(MITM) attacks, disclosing sensitive data.

Standard measures to establish confidentiality include:

• Data encryption
• Two-factor authentication
• Biometric verification
• Security tokens

Integrity

Integrity refers to protecting information from being modified by unauthorized parties.

Standard measures to guarantee integrity include:

• Cryptographic checksums
• Using file permissions
• Uninterrupted power supplies
• Data backups

Availability

Availability is making sure that authorized parties are able to access the information when
needed.

Standard measures to guarantee availability include:

 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

• Backing up data to external drives

• Implementing firewalls
• Having backup power supplies
• Data redundancy

Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to

alter computer code, logic or data and lead to cybercrimes, such as information and identity
theft.

Cyber-attacks can be classified into the following categories:

1) Web-based attacks
2) System-based attacks

Web-based attacks

These are the attacks which occur on a website or web applications. Some of the important
web-based attacks are as follows-

1. Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting
traffic to the attackers computer or any other computer. The DNS spoofing attacks can go on
for a long period of time without being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have
access to all of the user data.

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a
trustworthy entity in electronic communication.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

5. Brute force

It is a type of attack which uses a trial and error method. This attack generates a large number
of guesses and validates them to obtain actual data like user password and personal
identification number. This attack may be used by criminals to crack encrypted data, or by
security, analysts to test an organization's network security.

6. Denial of Service

It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a
crash. It uses the single system and single internet connection to attack a server. It can be
classified into the following-

Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in bit per second.

Protocol attacks- It consumes actual server resources, and is measured in a packet.

Application layer attacks- Its goal is to crash the web server and is measured in request per
second.

7. Dictionary attacks

This type of attack stored the list of a commonly used password and validated them to get
original password.

8. URL Interpretation

It is a type of attack where we can change the certain parts of a URL, and one can make a
web server to deliver web pages for which he is not authorized to browse.

9. File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of
the include functionality.

10. Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read, insert
and modify the data in the intercepted connection.

System-based attacks
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows-

1. Virus

It is a type of malicious software program that spread throughout the computer files without
the knowledge of a user. It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed. It can also execute
instructions that cause harm to the system.

2. Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected

computers. It works same as the computer virus. Worms often originate from email
attachments that appear to be from trusted senders.

3. Trojan horse

It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It
appears to be a normal application but when opened/executed some malicious code will run
in the background.

4. Backdoors

It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes.

5. Bots

A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they
receive specific input. Common examples of bots program are the crawler, chatroom bots,
and malicious bots.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

The 7 layers of cyber security should centre on the mission critical assets you are seeking to
protect.

1. Mission Critical Assets – This is the data you need to protect

2. Data Security – Data security controls protect the storage and transfer of data.
3. Application Security – Applications security controls protect access to an application,
an application’s access to your mission critical assets, and the internal security of the
application.
4. Endpoint Security – Endpoint security controls protect the connection between
devices and the network.
5. Security – Network security controls protect an organization’s network and prevent
unauthorized access of the network.
6. Perimeter Security – Perimeter security controls include both the physical and digital
security methodologies that protect the business overall.
7. The Human Layer – Humans are the weakest link in any cyber security posture.
Human security controls include phishing simulations and access management
controls that protect mission critical assets from a wide variety of human threats,
including cyber criminals, malicious insiders, and negligent users.

Vulnerability, threat, Harmful acts

As the recent epidemic of data breaches illustrates, no system is immune to attacks. Any
company that manages, transmits, stores, or otherwise handles data has to institute and
enforce mechanisms to monitor their cyber environment, identify vulnerabilities, and close up
security holes as quickly as possible.
Before identifying specific dangers to modern data systems, it is crucial to understand the
distinction between cyber threats and vulnerabilities.

Cyber threats are security incidents or circumstances with the potential to have a negative
outcome for your network or other data management systems.
Examples of common types of security threats include phishing attacks that result in the
installation of malware that infects your data, failure of a staff member to follow data
protection protocols that cause a data breach, or even a tornado that takes down your
company’s data headquarters, disrupting access.

Vulnerabilities are the gaps or weaknesses in a system that make threats possible and tempt
threat actors to exploit them.

Types of vulnerabilities in network security include but are not limited to SQL injections,
server misconfigurations, cross-site scripting, and transmitting sensitive data in a non-
encrypted plain text format.
When threat probability is multiplied by the potential loss that may result, cyber security
experts, refer to this as a risk.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

SECURITY VULNERABILITIES, THREATS AND ATTACKS –

Categories of vulnerabilities
• Corrupted (Loss of integrity)

• Leaky (Loss of confidentiality)

• Unavailable or very slow (Loss of availability)

– Threats represent potential security harm to an asset when vulnerabilities are exploited
- Attacks are threats that have been carried out
• Passive – Make use of information from the system without affecting system
resources

• Active – Alter system resources or affect operation

• Insider – Initiated by an entity inside the organization

• Outsider – Initiated from outside the perimeter

Computer criminals
Computer criminals have access to enormous amounts of hardware, software, and data; they
have the potential to cripple much of effective business and government throughout the
world. In a sense, the purpose of computer security is to prevent these criminals from doing
damage.
We say computer crime is any crime involving a computer or aided by the use of one.
Although this definition is admittedly broad, it allows us to consider ways to protect
ourselves, our businesses, and our communities against those who use computers maliciously.
One approach to prevention or moderation is to understand who commits these crimes and
why. Many studies have attempted to determine the characteristics of computer criminals. By
studying those who have already used computers to commit crimes, we may be able in the
future to spot likely criminals and prevent the crimes from occurring.

CIA Triad

The CIA Triad is actually a security model that has been developed to help people think
about various parts of IT security.

CIA triad broken down:

Confidentiality

It's crucial in today's world for people to protect their sensitive, private information from
unauthorized access.

Protecting confidentiality is dependent on being able to define and enforce certain access
levels for information.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

In some cases, doing this involves separating information into various collections that are
organized by who needs access to the information and how sensitive that information actually
is - i.e. the amount of damage suffered if the confidentiality was breached.

Some of the most common means used to manage confidentiality include access control lists,
volume and file encryption, and Unix file permissions.

Integrity

Data integrity is what the "I" in CIA Triad stands for.

This is an essential component of the CIA Triad and designed to protect data from deletion or
modification from any unauthorized party, and it ensures that when an authorized person
makes a change that should not have been made the damage can be reversed.

Availability

This is the final component of the CIA Triad and refers to the actual availability of your data.
Authentication mechanisms, access channels and systems all have to work properly for the
information they protect and ensure it's available when it is needed.

Understanding the CIA triad

The CIA Triad is all about information. While this is considered the core factor of the
majority of IT security, it promotes a limited view of the security that ignores other important
factors.

For example, even though availability may serve to make sure you don't lose access to
resources needed to provide information when it is needed, thinking about information
security in itself doesn't guarantee that someone else hasn't used your hardware resources
without authorization.

It's important to understand what the CIA Triad is, how it is used to plan and also to
implement a quality security policy while understanding the various principles behind it. It's
also important to understand the limitations it presents. When you are informed, you can
utilize the CIA Triad for what it has to offer and avoid the consequences that may come along
by not understanding it.

Assets and Threat

What is an Asset: An asset is any data, device or other component of an organization’s

systems that is valuable – often because it contains sensitive data or can be used to access
such information.

For example: An employee’s desktop computer, laptop or company phone would be

considered an asset, as would applications on those devices. Likewise, critical infrastructure,
such as servers and support systems, are assets. An organization’s most common assets are
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

information assets. These are things such as databases and physical files – i.e. the sensitive
data that you store

What is a threat: A threat is any incident that could negatively affect an asset – for
example, if it’s lost, knocked offline or accessed by an unauthorized party.

Threats can be categorized as circumstances that compromise the confidentiality, integrity or

availability of an asset, and can either be intentional or accidental.

Intentional threats include things such as criminal hacking or a malicious insider stealing
information, whereas accidental threats generally involve employee error, a technical
malfunction or an event that causes physical damage, such as a fire or natural disaster.

Motive of Attackers

The categories of cyber-attackers enable us to better understand the attackers' motivations

and the actions they take. As shown in Figure, operational cyber security risks arise from
three types of actions: i) inadvertent actions (generally by insiders) that are taken without
malicious or harmful intent; ii) deliberate actions (by insiders or outsiders) that are taken
intentionally and are meant to do harm; and iii) inaction (generally by insiders), such as a
failure to act in a given situation, either because of a lack of appropriate skills, knowledge,
guidance, or availability of the correct person to take action Of primary concern here are
deliberate actions, of which there are three categories of motivation.

1. Political motivations: examples include destroying, disrupting, or taking control of

targets; espionage; and making political statements, protests, or retaliatory actions.
2. Economic motivations: examples include theft of intellectual property or other
economically valuable assets (e.g., funds, credit card information); fraud; industrial
espionage and sabotage; and blackmail.
3. Socio-cultural motivations: examples include attacks with philosophical, theological,
political, and even humanitarian goals. Socio-cultural motivations also include fun,
curiosity, and a desire for publicity or ego gratification.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

Types of cyber-attacker actions and their motivations when deliberate

Active attacks: An active attack is a network exploit in which a hacker attempts to make changes
to data on the target or data en route to the target.

Types of Active attacks:

Masquerade: in this attack, the intruder pretends to be a particular user of a system to gain
access or to gain greater privileges than they are authorized for. A masquerade may be
attempted through the use of stolen login IDs and passwords, through finding security gaps in
programs or through bypassing the authentication mechanism.

Session replay: In this type of attack, a hacker steals an authorized user’s log in information
by stealing the session ID. The intruder gains access and the ability to do anything the
authorized user can do on the website.

Message modification: In this attack, an intruder alters packet header addresses to direct a
message to a different destination or modify the data on a target machine.

In a denial of service (DoS) attack, users are deprived of access to a network or web
resource. This is generally accomplished by overwhelming the target with more traffic than it
can handle.

In a distributed denial-of-service (DDoS) exploit, large numbers of compromised systems

(sometimes called a botnet or zombie army) attack a single target.

Passive Attacks:Passive attacks are relatively scarce from a classification perspective, but
can be carried out with relative ease, particularly if the traffic is not encrypted.

Types of Passive attacks:

Eavesdropping (tapping): the attacker simply listens to messages exchanged by two entities.
For the attack to be useful, the traffic must not be encrypted. Any unencrypted information,
such as a password sent in response to an HTTP request, may be retrieved by the attacker.

Traffic analysis: the attacker looks at the metadata transmitted in traffic in order to deduce
information relating to the exchange and the participating entities, e.g. the form of the
exchanged traffic (rate, duration, etc.). In the cases where encrypted data are used, traffic
analysis can also lead to attacks by cryptanalysis, whereby the attacker may obtain
information or succeed in unencrypting the traffic.

Software Attacks: Malicious code (sometimes called malware) is a type of software

designed to take over or damage a computer user's operating system, without the user's
knowledge or approval. It can be very difficult to remove and very damaging. Common
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

malware examples are listed in the following table:

Attack Characteristics
Virus A virus is a program that attempts to damage a computer system and replicate itself
to other computer systems. A virus:

• Requires a host to replicate and usually attaches itself to a host file or a

hard drive sector.
• Replicates each time the host is used.
• Often focuses on destruction or corruption of data.
• Usually attaches to files with execution capabilities such as .doc, .exe, and
.bat extensions.
• Often distributes via e-mail. Many viruses can e-mail themselves to
everyone in your address book.
• Examples: Stoned, Michelangelo, Melissa, I Love You.

Worm A worm is a self-replicating program that can be designed to do any number of

things, such as delete files or send documents via e-mail. A worm can negatively
impact network traffic just in the process of replicating itself. A worm:

• Can install a backdoor in the infected computer.

• Is usually introduced into the system through a vulnerability.
• Infects one system and spreads to other systems on the network.
• Example: Code Red.

Trojan A Trojan horse is a malicious program that is disguised as legitimate software.

horse Discretionary environments are often more vulnerable and susceptible to Trojan
horse attacks because security is user focused and user directed. Thus the
compromise of a user account could lead to the compromise of the entire
environment. A Trojan horse:

• Cannot replicate itself.

• Often contains spying functions (such as a packet sniffer) or backdoor
functions that allow a computer to be remotely controlled from the
network.
• Often is hidden in useful software such as screen savers or games.
• Example: Back Orifice, Net Bus, Whack-a-Mole.

Logic A Logic Bomb is malware that lies dormant until triggered. A logic bomb is a
Bomb specific example of an asynchronous attack.

• A trigger activity may be a specific date and time, the launching of a

specific program, or the processing of a specific type of activity.
• Logic bombs do not self-replicate.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

Hardware Attacks:
Common hardware attacks include:

• Manufacturing backdoors, for malware or other penetrative purposes; backdoors

aren’t limited to software and hardware, but they also affect embedded radio-
frequency identification (RFID) chips and memory

• Eavesdropping by gaining access to protected memory without opening other

hardware

• Inducing faults, causing the interruption of normal behaviour

• Hardware modification tampering with invasive operations

• Backdoor creation; the presence of hidden methods for bypassing normal computer
authentication systems
• Counterfeiting product assets that can produce extraordinary operations and those
made to gain malicious access to systems.
Cyber Threats-Cyber Warfare:Cyber warfare refers to the use of digital attacks -- like
computer viruses and hacking -- by one country to disrupt the vital computer systems of
another, with the aim of creating damage, death and destruction. Future wars will see
hackers using computer code to attack an enemy's infrastructure, fighting alongside
troops using conventional weapons like guns and missiles.
Cyber warfare involves the actions by a nation-state or international organization to
attack and attempt to damage another nation's computers or information networks
through, for example, computer viruses or denial-of-service attacks.

Cyber Crime:
Cybercrime is criminal activity that either targets or uses a computer, a computer
network or a networked device.Cybercrime is committed by cybercriminals or hackers
who want to make money. Cybercrime is carried out by individuals or organizations.
Some cybercriminals are organized, use advanced techniques and are highly technically
skilled. Others are novice hackers.

Cyber Terrorism:
Cyber terrorism is the convergence of cyberspace and terrorism. It refers to unlawful
attacks and threats of attacks against computers, networks and the information stored
therein when done to intimidate or coerce a government or its people in furtherance of
political or social objectives.
Examples are hacking into computer systems, introducing viruses to vulnerable
networks, web site defacing, Denial-of-service attacks, or terroristic threats made via
electronic communication.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

Cyber Espionage:
Cyber spying, or cyber espionage, is the act or practice of obtaining secrets and
information without the permission and knowledge of the holder of the information
from
individuals, competitors, rivals, groups, governments and enemies for personal,
economic, political or military advantage using methods on the Internet
.

Security Policies:
Security policies are a formal set of rules which is issued by an organization to ensure that
the user who are authorized to access company technology and information assets comply
with rules and guidelines related to the security of information.

A security policy also considered to be a "living document" which means that the document
is never finished, but it is continuously updated as requirements of the technology and
employee changes.

We use security policies to manage our network security. Most types of security policies are
automatically created during the installation. We can also customize policies to suit our
specific environment.

Need of Security policies-

1) It increases efficiency.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

2) It upholds discipline and accountability

3) It can make or break a business deal

4) It helps to educate employees on security literacy

There are some important cyber security policies recommendations describe below-

Virus and Spyware Protection policy:

• It helps to detect threads in files, to detect applications that exhibits suspicious

behavior.
• Removes, and repairs the side effects of viruses and security risks by using signatures.

Firewall Policy:

• It blocks the unauthorized users from accessing the systems and networks that
connect to the Internet.
• It detects the attacks by cybercriminals and removes the unwanted sources of
network traffic.

Intrusion Prevention policy:

• This policy automatically detects and blocks the network attacks and browser attacks.
• It also protects applications from vulnerabilities and checks the contents of one
or more data packages and detects malware which is coming through legal ways.

Application and Device Control:

• This policy protects a system's resources from applications and manages the
peripheral devices that can attach to a system.
• The device control policy applies to both Windows and Mac computers
whereas application control policy can be applied only to Windows clients.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

CYBERSPACE AND THE LAW & CYBER FORENSICS

CYBERSPACE
Cyberspace can be defined as an intricate environment that involves interactions between
people, software, and services. It is maintained by the worldwide distribution of information
and communication technology devices and networks.
With the benefits carried by the technological advancements, the cyberspace today has
become a common pool used by citizens, businesses, critical information infrastructure,
military and governments in a fashion that makes it hard to induce clear boundaries among
these different groups. The cyberspace is anticipated to become even more complex in the
upcoming years, with the increase in networks and devices connected to it.

REGULATIONS
There are five predominant laws to cover when it comes to cybersecurity:
Information Technology Act, 2000 The Indian cyber laws are governed by the Information
Technology Act, penned down back in 2000. The principal impetus of this Act is to offer
reliable legal inclusiveness to eCommerce, facilitating registration of real-time records with
the Government.
But with the cyber attackers getting sneakier, topped by the human tendency to misuse
technology, a series of amendments followed.
The ITA, enacted by the Parliament of India, highlights the grievous punishments and
penalties safeguarding the e-governance, e-banking, and e-commerce sectors. Now, the
scope of ITA has been enhanced to encompass all the latest communication devices.
The IT Act is the salient one, guiding the entire Indian legislation to govern cybercrimes
rigorously:
Section 43 - Applicable to people who damage the computer systems without permission
from the owner. The owner can fully claim compensation for the entire damage in such
cases.
Section 66 - Applicable in case a person is found to dishonestly or fraudulently committing
any act referred to in section 43. The imprisonment term in such instances can mount up to
three years or a fine of up to Rs. 5 lakh.
Section 66B - Incorporates the punishments for fraudulently receiving stolen
communication devices or computers, which confirms a probable three years imprisonment.
This term can also be topped by Rs. 1 lakh fine, depending upon the severity.
Section 66C - This section scrutinizes the identity thefts related to imposter digital
signatures, hacking passwords, or other distinctive identification features. If proven guilty,
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

imprisonment of three years might also be backed by Rs.1 lakh fine.

Section 66 D - This section was inserted on-demand, focusing on punishing cheaters doing
impersonation using computer resources.

Indian Penal Code (IPC) 1980

Identity thefts and associated cyber frauds are embodied in the Indian Penal Code (IPC),
1860 - invoked along with the Information Technology Act of 2000.
The primary relevant section of the IPC covers cyber frauds:
Forgery (Section 464)
Forgery pre-planned for cheating (Section 468)
False documentation (Section 465)
Presenting a forged document as genuine (Section 471)
Reputation damage (Section 469)
Companies Act of 2013
The corporate stakeholders refer to the Companies Act of 2013 as the legal obligation
necessary for the refinement of daily operations. The directives of this Act cements all the
required techno-legal compliances, putting the less compliant companies in a legal fix.
The Companies Act 2013 vested powers in the hands of the SFIO (Serious Frauds
Investigation Office) to prosecute Indian companies and their directors. Also, post the
notification of the Companies Inspection, Investment, and Inquiry Rules, 2014, SFIOs has
become even more proactive and stern in this regard.
The legislature ensured that all the regulatory compliances are well-covered, including
cyber forensics, e-discovery, and cybersecurity diligence. The Companies (Management
and Administration) Rules, 2014 prescribes strict guidelines confirming the cybersecurity
obligations and responsibilities upon the company directors and leaders.

NIST Compliance
The Cybersecurity Framework (NCFS), authorized by the National Institute of Standards
and Technology (NIST), offers a harmonized approach to cybersecurity as the most reliable
global certifying body.
NIST Cybersecurity Framework encompasses all required guidelines, standards, and best
practices to manage the cyber-related risks responsibly. This framework is prioritized on
flexibility and cost-effectiveness.
It promotes the resilience and protection of critical infrastructure by: Allowing better
interpretation, management, and reduction of cybersecurity risks – to mitigate data loss,
data misuse, and the subsequent restoration costs Determining the most important activities
and critical operations - to focus on securing them Demonstrates the trust-worthiness of
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

organizations who secure critical assets Helps to prioritize investments to maximize the
cybersecurity ROI Addresses regulatory and contractual obligations Supports the wider
information security program By combining the NIST CSF framework with ISO/IEC 27001
- cybersecurity risk management becomes simplified. It also makes communication
easier
throughout the organization and across the supply chains via a common cybersecurity
directive laid by NIST.
Final Thoughts As human dependence on technology intensifies, cyber laws in India and
across the globe need constant up-gradation and refinements. The pandemic has also pushed
much of the workforce into a remote working module increasing the need for app security.
Lawmakers have to go the extra mile to stay ahead of the impostors, in order to block them
at their advent.
Cybercrimes can be controlled but it needs collaborative efforts of the lawmakers, the
Internet or Network providers, the intercessors like banks and shopping sites, and, most
importantly, the users. Only the prudent efforts of these stakeholders, ensuring their
confinement to the law of the cyberland - can bring about online safety and resilience.
ROLE OF INTERNATIONAL LAWS
In various countries, areas of the computing and communication industries are regulated by
governmental bodies λ There are specific rules on the uses to which computers and
computer networks may be put, in particular there are rules on unauthorized access, data
privacy and spamming λ There are also limits on the use of encryption and of equipment
which may be used to defeat copy protection schemes λ There are laws governing trade on
the Internet, taxation, consumer protection, and advertising λ There are laws on censorship
versus freedom of expression, rules on public access to government information, and
individual access to information held on them by private bodies λ Some states limit access
to the Internet, by law as well as by technical means.
INTERNATIONAL LAW FOR CYBER CRIME
Cybercrime is "international" that there are ‘no cyber-borders between countries’ λ The
complexity in types and forms of cybercrime increases the difficulty to fight back  fighting
cybercrime calls for international cooperation λ Various organizations and governments
have already made joint efforts in establishing global standards of legislation and law
enforcement both on a regional and on an international scale

THE INDIAN CYBERSPACE

Indian cyberspace was born in 1975 with the establishment of National Informatics Centre
(NIC) with an aim to provide govt with IT solutions. Three networks (NWs) were set up
between 1986 and 1988 to connect various agencies of govt. These NWs were, INDONET
which connected the IBM mainframe installations that made up India’s computer
infrastructure, NICNET (the NIC NW) a nationwide very small aperture terminal (VSAT)
NW for public sector organisations as well as to connect the central govt with the state
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

govts and district administrations, the third NW setup was ERNET (the Education and
Research Network), to serve the academic and research communities.

New Internet Policy of 1998 paved the way for services from multiple Internet service
providers (ISPs) and gave boost to the Internet user base grow from 1.4 million in 1999 to
over 150 million by Dec 2012. Exponential growth rate is attributed to increasing
Internet
access through mobile phones and tablets. Govt is making a determined push to increase
broadband penetration from its present level of about 6%1. The target for broadband is 160
million households by 2016 under the National Broadband Plan.
NATIONAL CYBER SECURITY POLICY
National Cyber Security Policy is a policy framework by Department of Electronics and
Information Technology. It aims at protecting the public and private infrastructure from
cyberattacks. The policy also intends to safeguard "information, such as personal
information (of web users), financial and banking information and sovereign data". This
was particularly relevant in the wake of US National Security Agency (NSA) leaks that
suggested the US government agencies are spying on Indian users, who have no legal or
technical safeguards against it. Ministry of Communications and
Information Technology (India) defines Cyberspace as a complex environment
consisting of interactions between people, software services supported by worldwide
distribution of information and communication technology.
VISION
To build a secure and resilient cyberspace for citizens, business, and government and also
to protect anyone from intervening in user's privacy.
MISSION
To protect information and information infrastructure in cyberspace, build capabilities to
prevent and respond to cyber threat, reduce vulnerabilities and minimize damage from
cyber incidents through a combination of institutional structures, people, processes,
technology, and cooperation.
OBJECTIVE
Ministry of Communications and Information Technology (India) define objectives as
follows:

• To create a secure cyber ecosystem in the country, generate adequate trust and
confidence in IT system and transactions in cyberspace and thereby enhance
adoption of IT in all sectors of the economy.
• To create an assurance framework for the design of security policies and promotion
and enabling actions for compliance to global security standards and best practices
by way of conformity assessment (Product, process, technology & people).
• To strengthen the Regulatory Framework for ensuring a SECURE CYBERSPACE
ECOSYSTEM.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

• To enhance and create National and Sectoral level 24X7 mechanism for obtaining
strategic information regarding threats to ICT infrastructure, creating scenarios for
response, resolution and crisis management through effective predictive, preventive,
protective response and recovery actions.

INTRODUCTION: CYBER FORENSICS

CYBER FORENSICS:
Computer forensics is the application of investigation and analysis techniques to gather and
preserve evidence.
Forensic examiners typically analyze data from personal computers, laptops, personal
digital assistants, cell phones, servers, tapes, and any other type of media. This process can
involve anything from breaking encryption, to executing search warrants with a law
enforcement team, to recovering and analyzing files from hard drives that will be critical
evidence in the most serious civil and criminal cases.

The forensic examination of computers, and data storage media, is a complicated and highly
specialized process. The results of forensic examinations are compiled and included in
reports. In many cases, examiners testify to their findings, where their skills and abilities are
put to ultimate scrutiny.

DIGITAL FORENSICS:

Digital Forensics is defined as the process of preservation, identification, extraction, and

documentation of computer evidence which can be used by the court of law. It is a science
of finding evidence from digital media like a computer, mobile phone, server, or network. It
provides the forensic team with the best techniques and tools to solve complicated digital-
related cases.

Digital Forensics helps the forensic team to analyzes, inspect, identifies, and preserve the
digital evidence residing on various types of electronic devices.

Digital forensic science is a branch of forensic science that focuses on the recovery and
investigation of material found in digital devices related to cybercrime.

THE NEED FOR COMPUTER FORENSICS

Computer forensics is also important because it can save your organization money From a
technical standpoint, the main goal of computer forensics is to identify, collect, preserve,
and analyze data in a way that preserves the integrity of the evidence collected so it can be
used effectively in a legal case.

CYBER FORENSICS AND DIGITAL EVIDENCE:

Digital evidence is information stored or transmitted in binary form that may be relied on in
court. It can be found on a computer hard drive, a mobile phone, among other places.
Digital evidence is commonly associated with electronic crime, or e-crime, such as child
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

pornography or credit card fraud. However, digital evidence is now used to prosecute all
types of crimes, not just e-crime. For example, suspects' e-mail or mobile phone files might
contain critical evidence regarding their intent, their whereabouts at the time of a crime and
their relationship with other suspects. In 2005, for example, a floppy disk led investigators
to the BTK serial killer who had eluded police capture since 1974 and claimed the lives of
at least 10 victims.

In an effort to fight e-crime and to collect relevant digital evidence for all crimes, law enforcement
agencies are incorporating the collection and analysis of digital evidence, also known as computer
forensics, into their infrastructure. Law enforcement agencies are challenged by the need to train officers
to collect digital evidence and keep up with rapidly evolving technologies such as computer operating
systems.

FORENSICS ANALYSIS OF EMAIL:

E-mail forensics refers to the study of source and content of e-mail as evidence to identify
the actual sender and recipient of a message, data/time of transmission, detailed record of e-
mail transaction, intent of the sender, etc. This study involves investigation of metadata,
keyword searching, port scanning, etc. for authorship attribution and identification of e-mail
scams.

Various approaches that are used for e-mail forensic are:

• Header Analysis – Meta data in the e-mail message in the form of control
information i.e. envelope and headers including headers in the message body
contain information about the sender and/or the path along which the message has
traversed. Some of these may be spoofed to conceal the identity of the sender. A
detailed analysis of these headers and their correlation is performed in header
analysis.

• Bait Tactics – In bait tactic investigation an e-mail with http: “<imgsrc>” tag
having image source at some computer monitored by the investigators is send to the
sender of e-mail under investigation containing real (genuine) e-mail address. When
the e-mail is opened, a log entry containing the IP address of the recipient (sender of
the e-mail under investigation) is recorded on the http server hosting the image and
thus sender is tracked. However, if the recipient (sender of the e-mail under
investigation) is using a proxy server then IP address of the proxy server is
recorded. The log on proxy server can be used to track the sender of the e-mail
under investigation. If the proxy server’s log is unavailable due to some reason, then
investigators may send the tactic e-mail containing a) Embedded Java Applet that
runs on receiver’s computer or b) HTML page with Active X Object. Both aiming to
extract IP address of the receiver’s computer and e-mail it to the investigators.

• Server Investigation – In this investigation, copies of delivered e-mails and server

logs are investigated to identify source of an e-mail message. E-mails purged from
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

the clients (senders or receivers) whose recovery is impossible may be requested

from servers (Proxy or ISP) as most of them store a copy of all e-mails after their
deliveries. Further, logs maintained by servers can be studied to trace the address of
the computer responsible for making the e-mail transaction. However, servers store
the copies of e-mail and server logs only for some limited periods and some may not
co-operate with the investigators. Further, SMTP servers which store data like credit
card number and other data pertaining to owner of a mailbox can be used to identify
person behind an e-mail address.

• Network Device Investigation – In this form of e-mail investigation, logs

maintained by the network devices such as routers, firewalls and switches are used
to investigate
the source of an e-mail message. This form of investigation is complex and is used
only when the logs of servers (Proxy or ISP) are unavailable due to some reason,
e.g. when ISP or proxy does not maintain a log or lack of co-operation by ISP’s or
failure to maintain chain of evidence.

• Software Embedded Identifiers – Some information about the creator of e-mail,

attached files or documents may be included with the message by the e-mail
software used by the sender for composing e-mail. This information may be
included in the form of custom headers or in the form of MIME content as a
Transport Neutral Encapsulation Format (TNEF). Investigating the e-mail for these
details may reveal some vital information about the senders e-mail preferences and
options that could help client side evidence gathering. The investigation can reveal
PST file names, Windows logon username, MAC address, etc. of the client
computer used to send e- mail message.

• Sender Mailer Fingerprints – Identification of software handling e-mail at server

can be revealed from the Received header field and identification of software
handling e-mail at client can be ascertained by using different set of headers like “X-
Mailer” or equivalent. These headers describe applications and their versions used at
the clients to send e-mail. This information about the client computer of the sender
can be used to help investigators devise an effective plan and thus prove to be very
useful.

EMAIL FORENSICS TOOLS

Erasing or deleting an email doesn’t necessarily mean that it is gone forever. Often emails
can be forensically extracted even after deletion. Forensic tracing of e-mail is similar to
traditional detective work. It is used for retrieving information from mailbox files.

• MiTec Mail Viewer – This is a viewer for Outlook Express, Windows

Mail/Windows Live Mail, Mozilla Thunderbird message databases, and single EML
files. It displays a list of contained messages with all needed properties, like an
ordinary e-mail client. Messages can be viewed in detailed view, including
attachments and an HTML preview. It has powerful searching and filtering
capability and also allows extracting email addresses from all emails in opened
folder to list by one click. Selected messages can be saved to eml files with or
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

without their attachments. Attachments can be extracted from selected messages by

one command.

• OST and PST Viewer – Nucleus Technologies’ OST and PST viewer tools help
you view OST and PST files easily without connecting to an MS Exchange server.
These tools allow the user to scan OST and PST files and they display the data
saved in it including email messages, contacts, calendars, notes, etc., in a proper
folder structure.

• eMailTrackerPro – eMailTrackerPro analyses the headers of an e-mail to detect

the IP address of the machine that sent the message so that the sender can be tracked
down. It can trace multiple e-mails at the same time and easily keep track of them.
The geographical location of an IP address is key information for determining the
threat level or validity of an e-mail message.

• EmailTracer – EmailTracer is an Indian effort in cyber forensics by the Resource

Centre for Cyber Forensics (RCCF) which is a premier centre for cyber forensics in
India. It develops cyber forensic tools based on the requirements of law enforcement
agencies.

DIGITAL FORENSICS LIFECYCLE:

Collection: The first step in the forensic process is to identify potential sources of data and
acquire data from them.
Examination:After data has been collected, the next phase is to examine the data, which
involves assessing and extracting the relevant pieces of information from the collected data.
This phase may also involve bypassing or mitigating OS or application features that obscure
data and code, such as data compression, encryption, and access control mechanisms.
Analysis: Once the relevant information has been extracted, the analyst should study and
analyze the data to draw conclusions from it. The foundation of forensics is using a
methodical approach to reach appropriate conclusions based on the available data or
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

determine that no conclusion can yet be drawn.

Reporting: The process of preparing and presenting the information resulting from the
analysis phase. Many factors affect reporting, including the following:
a. Alternative Explanations:When the information regarding an event is incomplete,
it may not be possible to arrive at a definitive explanation of what happened. When
an event has two or more plausible explanations, each should be given due
consideration in the reporting process. Analysts should use a methodical approach to
attempt to prove or disprove each possible explanation that is proposed.

b. Audience Consideration. Knowing the audience to which the data or information

will be shown is important.

c. Actionable Information. Reporting also includes identifying actionable

information gained from data that may allow an analyst to collect new sources of
information

FORENSICS INVESTIGATION:
Forensics are the scientific methods used to solve a crime. Forensic investigation is the
gathering and analysis of all crime-related physical evidence in order to come to a
conclusion about a suspect. Investigators will look at blood, fluid, or fingerprints, residue,
hard drives, computers, or other technology to establish how a crime took place. This is a
general definition, though, since there are a number of different types of forensics.
TYPES OF FORENSICS INVESTIGATION

• Forensic Accounting / Auditing

• Computer or Cyber Forensics
• Crime Scene Forensics
• Forensic Archaeology
• Forensic Dentistry
• Forensic Entomology
• Forensic Graphology
• Forensic Pathology
• Forensic Psychology
• Forensic Science
• Forensic Toxicology

CHALLENGES IN COMPUTER FORENSICS

Digital forensics has been defined as the use of scientifically derived and proven methods
towards the identification, collection, preservation, validation, analysis, interpretation, and
presentation of digital evidence derivative from digital sources to facilitate the
reconstruction of events found to be criminal.But these digital forensics investigation
methods face some major challenges at the time of practical implementation. Digital
forensic challenges are categorized into three major heads as per Fahdi, Clark, and Furnell
are:
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

• Technical challenges
• Legal challenges
• Resource Challenges

TECHNICAL CHALLENGES

As technology develops crimes and criminals are also developed with it. Digital forensic
experts use forensic tools for collecting shreds of evidence against criminals and criminals
use such tools for hiding, altering or removing the traces of their crime, in digital forensic
this process is called Anti- forensics technique which is considered as a major challenge in
digital forensics world.

Anti-forensics techniquesare categorized into the following types:

S. No. Type Description

1 Encryption
2 Data hiding in storage space
3 Covert Channel
It is legitimately used for ensuring the privacy of
information by keeping it hidden from an
unauthorized user/person. Unfortunately, it can also
be used by criminals to hide their crimes
Criminals usually hide chunks of data inside the
storage medium in invisible form by using system
commands, and programs.
A covert channel is a communication protocol
which allows an attacker to bypass intrusion
detection technique and hide data over the network.
The attacker used it for hiding the connection
between him and the compromised system.

Other Technical challenges are:

• Operating in the cloud

• Time to archive data
• Skill gap
• Steganography

LEGAL CHALLENGES

The presentation of digital evidence is more difficult than its collection because there are
many instances where the legal framework acquires a soft approach and does not recognize
every aspect of cyber forensics, as in Jagdeo Singh V. The State and Ors case Hon’ble High
Court of Delhi held that “while dealing with the admissibility of an intercepted telephone
call in a CD and CDR which was without a certificate under Sec. 65B of the Indian
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

Evidence Act, 1872 the court observed that the secondary electronic evidence without
certificate u/s. 65B of Indian Evidence Act, 1872 is not admissible and cannot be looked
into by the court for any purpose whatsoever.” This happens in most of the cases as the
cyber police lack the necessary qualification and ability to identify a possible source of
evidence and prove it. Besides, most of the time electronic evidence is challenged in the
court due to its integrity. In the absence of proper guidelines and the nonexistence of proper
explanation of the collection, and acquisition of electronic evidence gets dismissed in itself.

Legal Challenges

S.No. Type Description

1 Absence of guidelines and
standards
2 Limitation of the Indian The Indian Evidence Act, 1872 have limited
Evidence Act, 1872
In India, there are no proper guidelines for the
collection and acquisition of digital evidence. The
investigating agencies and forensic laboratories are
working on the guidelines of their own. Due to this,
the potential of digital evidence has been destroyed.
approach, it is not able to evolve with the time and
address the E-evidence are more susceptible to
tampering, alteration, transposition, etc. the Act is
silent on the method of collection of e-evidence it
only focuses on the presentation of electronic
evidence in the court by accompanying a certificate
as per subsection 4 of Sec. 65B[12]. This means no
matter what procedure is followed it must be proved
with the help of a certificate

Other Legal Challenges

• Privacy Issues
• Admissibility in Courts
• Preservation of electronic evidence
• Power for gathering digital evidence
• Analyzing a running computer

Resource Challenges

As the rate of crime increases the number of data increases and the burden to analyze such
huge data is also increasing on a digital forensic expert because digital evidence is more
sensitive as compared to physical evidence it can easily disappear. For making the
investigation process fast and useful forensic experts use various tools to check the
authenticity of the data but dealing with these tools is also a challenge in itself.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

Types of Resource Challenges are:

• Change in technology

Due to rapid change in technology like operating systems, application software and
hardware, reading of digital evidence becoming more difficult because new version
software’s are not supported to an older version and the software developing companies did
provide any backward compatible’s which also affects legally.

• Volume and replication

The confidentiality, availability, and integrity of electronic documents are easily get
manipulated. The combination of wide-area networks and the internet form a big network
that allows flowing data beyond the physical boundaries. Such easiness of communication
and availability of electronic document increases the volume of data which also create
difficulty in the identification of original and relevant data.

CYBERCRIMES: MOBILE AND WIRELESS

INTRODUCTION. Why should mobile devices be protected? Every day, mobile devices
are lost, stolen, and infected. Mobile devices can store important business and
personal information, and are often be used to access University systems, email, banking

Proliferation of mobile and wireless devices:

people hunched over their smartphones or tablets in cafes, airports, supermarkets
and even at bus stops, seemingly oblivious to anything or anyone around them.
They play games, download email, go shopping or check their bank balances on
the go.
They might even access corporate networks and pull up a document or two on their mobile
gadgets
Today, incredible advances are being made for mobile devices. The trend is for smaller
devices and more processing power. A few years ago, the choice was between a wireless
phone and a simple PDA. Now the buyers have a choice between high-end PDAs with
integrated wireless modems and small phones with wireless Web-browsing capabilities. A
long list of options is available to the mobile users. A simple hand-held mobile device
provides enough computing power to run small applications, play games and music, and
make voice calls. A key driver for the growth of mobile technology is the rapid growth of
business solutions into hand-held devices.
As the term "mobile device" includes many products. We first provide a clear distinction
among the key terms: mobile computing, wireless computing and hand-held devices. Figure
below helps us understand how these terms are related. Let us understand the concept of
mobile computing and the various types of devices.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

Mobile computing is "taking a computer and all necessary files and software out into the
field." Many types of mobile computers have been introduced since 1990s. They are as
follows:
1. Portable computer: It is a general-purpose computer that can be easily moved from one
place to another, but cannot be used while in transit, usually because it requires some
"setting-up" and an AC power source.
2. Tablet PC: It lacks a keyboard, is shaped like a slate or a paper notebook and has
features of a touchscreen with a stylus and handwriting recognition software. Tablets may
not be best suited for applications requiring a physical keyboard for typing, but are
otherwise capable of carrying out most tasks that an ordinary laptop would be able to
perform.
3. Internet tablet: It is the Internet appliance in tablet form. Unlike a Tablet PC, the
Internet tablet does not have much computing power and its applications suite is limited.
Also it cannot replace a general-purpose computer. The Internet tablets typically feature an
MP3 and video player, a Web browser, a chat application and a picture viewer.
4. Personal digital assistant (PDA): It is a small, usually pocket-sized, computer with
limited functionality. It is intended to supplement and synchronize with a desktop computer,
giving access to contacts, address book, notes, E-Mail and other features.
5. Ultramobile (PC): It is a full-featured, PDA-sized computer running a general-purpose
operating system (OS).
6. Smartphone: It is a PDA with an integrated cell phone functionality. Current
Smartphones have a wide range of features and installable applications.
7. Carputer: It is a computing device installed in an automobile. It operates as a wireless
computer, sound system, global positioning system (GPS) and DVD player. It also contains
word processing software and is Bluetooth compatible.
8. Fly Fusion Pentop computer: It is a computing device with the size and shape of a pen.
It functions as a writing utensil, MP3 player, language translator, digital storage device and
calculator.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

Trends in Mobility:
Mobile computing is moving into a new era, third generation ( 3G), which promises greater
variety in applications and have highly improved usability as well as speedier networking.
"iPhone" from Apple and Google-led "Android" phones are the best examples of this trend
and there are plenty of other developments that point in this direction. This smart mobile
technology is rapidly gaining popularity and the attackers (hackers and crackers) are among
its biggest fans.
It is worth noting the trends in mobile computing; this will help readers to readers to realize
the seriousness of cybersecurity issues in the mobile computing domain. Figure below
shows the different types of mobility and their implications.

The new technology 3G networks are not entirely built with IP data security. Moreover, IP
data world when compared to voice-centric security threats is new to mobile operators.
There are numerous attacks that can be committed against mobile networks and they can
originate from two primary vectors. One is from outside the mobile network - that is, public
Internet, private networks and other operator's networks - and the other is within the mobile
networks- that is, devices such as data-capable handsets and Smartphones, notebook
computers or even desktop computers connected to the 3G network.
Popular types of attacks against 3G mobile networks are as follows:
1. Malwares, viruses and worms: Although many users are still in the transient process of
switching from 2G,2.5G2G,2.5G to 3G,3G, it is a growing need to educate the community
people and provide awareness of such threats that exist while using mobile devices. Here
are few examples of malware(s) specific to mobile devices:
• Skull Trojan: I targets Series 60 phones equipped with the Symbian mobile OS.
• Cabir Worm: It is the first dedicated mobile-phone worm infects phones running on
Symbian OS and scans other mobile devices to send a copy of itself to the first
vulnerable phone it finds through Bluetooth Wireless technology. The worst thing
about this worm is that the source code for the Cabir-H and Cabir-I viruses is
available online.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

• Mosquito Trojan: It affects the Series 60 Smartphones and is a cracked version of

"Mosquitos" mobile phone game.
• Brador Trojan: It affects the Windows CE OS by creating a svchost. exe file in the
Windows start-up folder which allows full control of the device. This executable file
is conductive to traditional worm propagation vector such as E-Mail file
attachments.
• Lasco Worm: It was released first in 2005 to target PDAs and mobile phones
running the Symbian OS. Lasco is based on Cabir's source code and replicates over
Bluetooth connection.

2. Denial-of-service (DoS): The main objective behind this attack is to make the system
unavailable to the intended users. Virus attacks can be used to damage the system to make
the system unavailable. Presently, one of the most common cyber security threats to wired
Internet service providers (iSPs) is a distributed denial-of-service (DDos) attack
.DDoS attacks are used to flood the target system with the data so that the response from the
target system is either slowed or stopped.
3. Overbilling attack: Overbilling involves an attacker hijacking a subscriber's IP address
and then using it (i.e., the connection) to initiate downloads that are not "Free downloads"
or simply use it for his/her own purposes. In either case, the legitimate user is charged for
the activity which the user did not conduct or authorize to conduct.
4. Spoofed policy development process (PDP): These of attacks exploit the vulnerabilities
in the GTP [General Packet Radio Service (GPRS) Tunneling Protocol].
5. Signaling-level attacks: The Session Initiation Protocol (SIP) is a signaling protocol
used in IP multimedia subsystem (IMS) networks to provide Voice Over Internet Protocol
(VoIP) services. There are several vulnerabilities with SIP-based VolP systems.

Credit Card Frauds in Mobile and Wireless Computing Era:

These are new trends in cybercrime that are coming up with mobile computing - mobile
commerce (M-Commerce) and mobile banking (M-Banking). Credit card frauds are now
becoming commonplace given the ever-increasing power and the ever-reducing prices of
the mobile hand-held devices, factors that result in easy availability of these gadgets to
almost anyone. Today belongs to "mobile compüting," that is, anywhere anytime
computing. The developments in wireless technology have fuelled this new mode of
working for white collar workers. This is true for credit card processing too; wireless credit
card processing is a relatively new service that will allow a person to process credit cards
electronically, virtually anywhere. Wireless credit card processing is a very desirable
system, because it allows businesses to process transactions from mobile locations quickly,
efficiently and professionally. It is most often used by businesses that operate mainly in a
mobile environment
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

There is a system available from an Australian company "Alacrity" called closed-loop

environment for for wireless (CLEW). Figure above shows the flow of events with CLEW
which is a registered trademark of Alacrity used here only to demonstrate the flow in this
environment.

As shown in Figure, the basic flow is as follows:

1. Merchant sends a transaction to bank
2. The bank transmits the request to the authorized cardholder
3. The cardholder approves or rejects (password protected)The bank/merchant is notified
4. The credit card transaction is completed.

Security Challenges Posed by Mobile Devices:

Mobility brings two main challenges to cybersecurity: first, on the hand-held devices,
information is being taken outside the physically controlled environment and second remote
access back to the protected environment is being granted. Perceptions of the organizations
to these cybersecurity challenges are important in devising appropriate security operating
procedure. When people are asked about important in managing a diverse range of mobile
devices, they seem to be thinking of the ones shown in below figure.
As the number of mobile device users increases, two challenges are presented: one at the
device level called "micro challenges" and another at the organizational level called
"macro- challenges."
Some well-known technical challenges in mobile security are: managing the registry
settings and configurations, authentication service security, cryptography security,
Lightweight Directory Access Protocol (LDAP) security, remote access server (RAS)
security, media player control security, networking application program interface (API),
security etc.

Registry Settings for Mobile Devices:

Let us understand the issue of registry settings on mobile devices through an example:
Microsoft Activesync is meant for synchronization with Windows-powered personal
computers (PCs) and Microsoft Outlook. ActiveSync acts as the "gateway between
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

Windows-powered PC and Windows mobile-powered device, enabling the transfer of

applications such as Outlook information, Microsoft Office documents, pictures, music,
videos and applications from a user's desktop to his/her device.
In addition to synchronizing with a PC, ActiveSync can synchronize directly with the
Microsoft exchange server so that the users can keep their E-Mails, calendar, notes and
contacts updated wirelessly when they are away from their PCs. In this context, registry
setting becomes an important issue given the ease with which various applications allow a
free flow of information.

Authentication Service Security:

There are two components of security in mobile computing: security of devices and security
in networks. A secure network access involves authentication between the device and the
base stations or Web servers. This is to ensure that only authenticated devices can
be
connected to the network for obtaining the requested services. No Malicious Code can
impersonate the service provider to trick the device into doing something it does not mean
to. Thus, the networks also play a crucial role in security of mobile devices.
Some eminent kinds of attacks to which mobile devices are subjected to are: push attacks,
pull attacks and crash attacks.
Authentication services security is important given the typical attacks on mobile devices
through wireless networks: Dos attacks, traffic analysis, eavesdropping, man-in-the-middle
attacks and session hijacking. Security measures in this scenario come from Wireless
Application Protocols (WAPs), use of VPNs, media access control (MAC) address filtering
and development in 802.xx standards.

Attacks on Mobile-Cell Phones:

• Mobile Phone Theft:

Mobile phones have become an integral part of everbody's life and the mobile phone
has transformed from being a luxury to a bare necessity. Increase in the purchasing
power and availability of numerous low cost handsets have also lead to an increase in
mobile phone users. Theft of mobile phones has risen dramatically over the past few
years. Since huge section of working population in India use public transport, major
locations where theft occurs are bus stops, railway stations and traffic signals.
The following factors contribute for outbreaks on mobile devices:
1. Enough target terminals: The first Palm OS virus was seen after the number of
Palm OS devices reached 15 million. The first instance of a mobile virus was observed
during June 2004 when it was discovered that an organization "Ojam" had engineered
an antipiracy Trojan virus in older versions of their mobile phone game known as
Mosquito. This virus sent SMS text messages to the organization without the users'
knowledge.
2. Enough functionality: Mobile devices are increasingly being equipped with office
functionality and already carry critical data and applications, which are often protected
insufficiently or not at all. The expanded functionality also increases the probability of
malware.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

3. Enough connectivity: Smartphones offer multiple communication options, such as

SMS, MMS, synchronization, Bluetooth, infrared (IR) and WLAN connections.
Therefore, unfortunately, the increased amount of freedom also offers more choices for
virus writers.

• Mobile - Viruses
• Concept of Mishing
• Concept of Vishing
• Concept of Smishing
• Hacking - Bluetooth

Organizational security Policies and Measures in Mobile Computing Era:

Proliferation of hand-held devices used makes the cybersecurity issue graver than what we
would tend to think. People have grown so used to their hand-helds they are treating them
like wallets! For example, people are storing more types of confidential information on
mobile computing devices than their employers or they themselves know; they listen to
music using their-hand-held devices.One should think about not to keep credit card
and bank
account numbers, passwords, confidential E-Mails and strategic information about
organization, merger or takeover plans and also other valuable information that could
impact stock values in the mobile devices. Imagine the business impact if an employee's
USB, pluggable drive or laptop was lost or stolen, revealing sensitive customer data such as
credit reports, social security numbers (SSNs) and contact information.
Operating Guidelines for Implementing Mobile Device Security Policies
In situations such as those described above, the ideal solution would be to prohibit all
confidential data from being stored on mobile devices, but this may not always be practical.
Organizations can, however, reduce the risk that confidential information will be accessed
from lost or stolen mobile devices through the following steps:
1. Determine whether the employees in the organization need to use mobile computing
devices at all, based on their risks and benefits within the organization, industry and
regulatory environment.
2. Implement additional security technologies, as appropriate to fit both the
organization and the types of devices used. Most (and perhaps all) mobile
computing devices will need to have their native security augmented with such tools
as strong encryption, device passwords and physical locks. Biometrics techniques
can be used for authentication and encryption and have great potential to eliminate
the challenges associated with passwords.
3. Standardize the mobile computing devices and the associated security tools being
used with them. As a matter of fundamental principle, security deteriorates quickly
as the tools and devices used become increasingly disparate.
4. Develop a specific framework for using mobile computing devices, including
guidelines for data syncing, the use of firewalls and anti-malware software and the
types of information that can be stored on them.
5. Centralize management of your mobile computing devices. Maintain an inventory
so that you know who is using what kinds of devices.,
6. Establish patching procedures for software on mobile devices. This can often be
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

simplified by integrating patching with syncing or patch management with the

centralized
7. Provide education and awareness training to personnel using mobile devices. People
cannot be expected to appropriately secure their information if they have not been
told how.

Organizational Policies for the Use of Mobile Hand-Held Devices

There are many ways to handle the matter of creating policy for mobile devices. One way is
creating distinct mobile computing policy. Another way is including such devices existing
policy. There are also approaches in between where mobile devices fall under both existing
policies and a new one.In the hybrid approach, a new policy is created to address the
specific needs of the mobile devices but more general usage issues fall under general IT
policies. As a part of this approach, the "acceptable use" policy for other technologies is
extended to the mobile devices.
Companies new to mobile devices may adopt an umbrella mobile policy but they find over
time the the they will need to modify their policies to match the challenges posed by
different kinds of mobile hand-held devices. For example, wireless devices pose different
challenges than non-wireless Also, employees who use mobile devices more than 20%% of
the time will have different requirements than less-frequent users. It may happen that over
time, companies may need to create separate policies for the mobile devices on the basis of
whether they connect wirelessly and with distinctions for devices that connect to WANs and
LANs .

Concept of Laptops:
As the price of computing technology is steadily decreasing, usage of devices such as the
laptops is becoming more common. Although laptops, like other mobile devices, enhance
the business functions owing to their mobile access to information anytime and anywhere,
they also pose a large threat as they are portable Wireless capability in these devices has
also raised cyber security concerns owing to the information being transmitted over other,
which makes it hard to detect.
The thefts of laptops have always been a major issue, according to the cybersecurity
industry and insurance company statistics. Cybercriminals are targeting laptops that are
expensive, to enable them to fetch a quick profit in the black market. Very few laptop.
thieves. are actually interested in the information that is contained in the laptop. Most
laptops contain personal and corporate information that could be sensitive..
Physical Security Countermeasures
Organizations are heavily dependent upon a mobile workforce with access to information,
no matter where they travel. However, this mobility is putting organizations at risk of
having a data breach if a laptop containing sensitive information is lost or stolen. Hence,
physical security countermeasures are becoming very vital to protect the information on the
employees laptops and to reduce the likelihood that employees will lose laptops.
1. Cables and hardwired locks: The most cost-efficient and ideal solution to safeguard any
mobile device is securing with cables and locks, specially designed for laptops. Kensington
cables are one of the most popular brands in laptop security cable. These cables are made of
aircraft-grade steel and Kevlar brand fiber, thus making these cables 40%% stronger than
any other conventional security cables. One end of the security cable is fit into the universal
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

security slot of the laptop and the other end is locked around any fixed furniture or item,
thus making a loop. These cables come with a variety of options such as number locks, key
locks and alarms.

2. Laptop safes: Safes made of polycarbonate - the same material that is used in bulletproof
windows, police riot shields and bank security screens-can be used to carry and safeguard
the laptops. The advantage of safes over security cables is that they protect the whole laptop
and its devices such as CD-ROM bays, PCMCIA cards and HDD bays which can be easily
removed in the case of laptops protected by security cables.
3. Motion sensors and alarms: Even though alarms and motion sensors are annoying
owing to their false alarms and loud sound level, these devices are very efficient in securing
laptops. Once these devices are activated, they can be used to track missing laptops in
crowded places. Also owing to their loud nature, they help in deterring thieves. Modern
systems for laptops are designed wherein the alarm device attached to the laptop transmits
radio signals to a certain range around the laptop.
4. Warning labels and stamps: Warning labels containing tracking information and
identification details can be fixed onto the laptop to deter aspiring thieves. These labels
cannot be removed easily and are a low-cost solution to a laptop theft. These labels have an
identification number that is stored in a universal database for verification, which, in turn
makes the resale of stolen laptops a difficult process. Such labels are highly recommended
for the laptops issued to top executives and/or key employees of the organizations.
5. Other measures for protecting laptops are as follows:
• Engraving the laptop with personal details
• Keeping the laptop close to oneself wherever possible
• Carrying the laptop in a different and unobvious bag making it unobvious to
potential thieves
• Creating the awareness among the employees to understand the responsibility of
carrying a laptop and also about the sensitivity of the information contained in the
laptop
• Making a copy of the purchase receipt, laptop serial number and the description of
the laptop
• Installing encryption software to protect information stored on the laptop
• Using personal firewall software to block unwanted access and intrusion
• Updating the antivirus software regularly
• Tight office security using security guards and securing the laptop by locking it
down in lockers when not in use
• Never leaving the laptop unattended in public places such as the car, parking
lot, conventions, conferences and the airport until it is fitted with an anti theft
device;
• Disabling IR ports and wireless cards and removing PCMCIA cards when not in
use. Information systems security also contains logical access controls. This is
because, information, be it corporate or private, needs high security as it is the most
important asset of an organization or an individual. A few logical or access controls are as
follows:
1. Protecting from malicious programs/attackers/social engineering.
2. Avoiding weak passwords/ access.
3. Monitoring application security and scanning for vulnerabilities.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

4. Ensuring that unencrypted data/unprotected file systems do not pose threats.

5. Proper handing of removable drives/storage mediums /unnecessary ports.
6. Password protection through appropriate passwords rules and use of
strong passwords.
7. Locking down unwanted ports/devices.
8. Regularly installing security patches and updates.
9. Installing antivirus software/firewalls / intrusion detection system (IDSs).
10. Encrypting critical file systems.
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

12. Consolidated attendance statement of students

13. Consolidated semester grades of students
CA1 MARKS
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

CA2 MARKS
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA
 Future Institute of Engineering and Management
College Code: 148
P/7/2098 Sonarpur Station Road, Kolkata 700150, INDIA

14. Result analysis (Normal distribution curves/Bell curves)

15. Sample copies of evaluated answer scripts of Class test, assignments, tutorials, lab records, Mid,
End semester exams (Highest, average and marginal pass)
1
2
3
4
5
6
7
 Future
DUATN

MANAGEMENT
PUTURE INSTITUTE OFENGINEERING &
CC- 148

UNDER

MAKAUT, WB
Man- in - tta-Middle ataek
TDS, IPS,

CONTINUOUS ASSESSMENT#2

Cylau Secaity
PEC-CS 702£

Odd Semester
Academic Year: 2023-24

SUBMITTED BY

148600Q0007
(ombutea Soisnce Engining
24 Samesto-7

25
 matuok and
datastion Syutmo (ID) monita entenkise t t a t . Zhese
ta deteot Aeity ineidenta and inmint
;yslutina Aatt busieass y bsactily atetial eyhescaty metuark
Ablbtin that aotoauspicisus
jmcidonto. tis moiteing
(soc)analyt. hesa aleit analte aeculy eael e
oeatib cent astate euntrmeeules
Bmweatigao sha deteted jsses and aneeuta tha Lue man netwsk
aigniluant danage Bccws.
Is addlso them e7oa IDS - hast-baaed IDS (HIDS) and
dettoymnt oana est for and
(NIDS). HIDS io dallayed at the ndtot lenol
mtask-basd IDS NIDS Asludtiba mouita
sndboint om tileats hile
atoto inddusl
and
ems of tu mesdotoy uaed Bor ideniiyg
locatin, TDS also di{b in baaed 7bg leneragesbhngertlng to
bstetliituains.Siymatua-
uch as mawa Gnee malicisus thelhie i
tieato
denty Ansun ig caktmed and addod ta the datalhaae. ech
idonibied,ito aignatua
datahase io combaed ogainst metLsk leallie in
signatus this capalle ol
tieato. thia tyhe of Ibs io
)ual time to dotet me nebdy and acewstey.
Astecng Rnswn hieato
Paewandion Syatoma (IPS) ojoms ntuain dataction. n
TRS Ssin secuity harduo, ax
io a metwerk ehaiioun Qer thuato,
fienention
Ttuion that aytemohseuesmotuek
coneuay
sofuane sytem. Houweme IPS gaes ne slet
Qik an intuaion detectin
}uat
tahs he spiate actiol?t datat
hoad of TbS and automalically
meaawes Aueh as
tae thpato neudng
a
frm a foticula
Aations can aas kue coniqued to aea
hanyat la
S IPS attacka and d
dmmy datayo miadin
dacoy thot contains
hom ln Bhin aiginl targeto that containm accwste data
 maden-day antobiar aecuiy
cmhonent of
o
o a022 have mumeroa
gaiatimal metusnko thuomaking manay
Omd prscsa igh data nolumes an imbosing taak.
thuet
Aeatonding to

Pasmt
D beiation bo
IPS.
Intsion Pronentin Syaem
Tntbuion betection Sym automitieally
lmonitn
Aetie
and stil dalend) amd pasine.
Ininoto datacmmunicalion
n) Placemnt Oat of band rom data
Comnication Satiatical nomaly based
Signate dotetin: dotecti.
1)betectin Enplait fociny aignatus "Signatus dotestion:
mwchaism Eatlat-facig aigatus
Vulmahaility Bacing Aignalues
dotting b ,alutoeleanmaliciela
v) dnemaly Sendo alamlaleto
hastonse matciss lanlie
perlomene Seua laun metwsk
V)Notuek DaLsmat impact matuuenk Anlomanee due t dalay
depbymat of Ib
perlonane due to mo-lne Calsdd y nline IPs cag

legitimat thulsle Pefoedy medt. ganisata

Due do llset IPS ance detectinand
) Bonefito which ight u blocked y IPS
smentinau automatcy
at imes tozomd.
 enlelman-ainMnan-- in-he- iddle otlack
h-mdale (MiTM) atack io a tyb
ya of cyhen attack in whieh
of eyher
inaato and lays mussngis hetuseen tus
wih aoh athe.

he entecmAaln. MiTM atacks a alao

aa momat n-tha-mddla, ahe-in - theiddle
atlaeka. Manin - ba
n - the-mddlo and moan-in- tha-midlu

allaeke scus on ssser inestem and inject maicius f

malae ine the itio donic. dhe
h mase ia ommo

attocks is a steoal finamcal inonatin ly inteestting a usa

welite
tallie a bantny n hinanelal matthemaolues in the middle
MiTM ottacka, elereiab
Duing tranaactians sugh
online eommnieatin.te wses welueAand
l the data access to and
malare, bu alache duingdamaactiono.Budine ening
ando and hecens Rthencatin ith a
h data it eguihe Aee
akla hieh
o MiTM attacka a thay
e- ommeree
th me targeto cidantial komt
are
a finteycaptue dogn cdential and athe
bu andatackena o atep eeos
la aut hgha tuo
atacka aue CAied Data inteeebiniti
tyicay hese ntoreetin and dettion.
dota toanalu ctue aa clent ond a
knawn
otoekerintoceptg a data Aeer to lelienng
an trdeks heer and the wheh the
he ataeker eoch ath,
inlomation tA
e n e nto Qha
hat oates a
nefto tha data,
ottack

Coamnetin.
 2) Lollsus
Dongn Nome
) HTTP Spsaling Syitem asctig
Bmoil hijaking
5) Seens Sscto tayn
6) Wi-fi eansdratig
hijacting

Paenention
DSecue cnntin
)Aaid hiang mail

molassk eneylin

3) biiNoar.
 TOP SEET

FUTURE INSTITUTE OF ENGINEERING &MANAGEMENT

[ CC148, MAKAUT]
CONTINUOUS ASSESSMENT (CA)3
ODD SEMESTER, AY 2023-24

THEORY PAPER

NAAE OF THE STUDENT NATREET DAS

TH
CEPTCSE SEM UNIVERSITY ROLL No. 40D320034

BAPER NAME CY BER S£CVRITY PAPER CODE PEC-CS?02£

-UL eRKS 25
SIGNATURE OF THE STUDENIT Napeet Das

SIGNATURE OF THE EVALUATOR

DATE OF EXAM: 05/1o(93
 is a denial
Aeath (ooD) uhichn the
(oos) tak i a
atdismupt tongeed
of sevice ainms to tongete d achine
at tacker nonhe ax.
sen ding a packet lawger
by
alowab le size,taresCausi tte target
machine to (nush:
ot social
$houler s r
reering to btain intormar
er reeing technieSsonds, PINS etc.
Co Such as pof
Lype o madane
Trojan house is a
that doum loads onto atopute disquised
as a degitimate pvogram,
etens to the unauthorie!
Cybersaatting etdoain
t imntene
negistration and use
are i d e n t i c ato
r
ames Ehat
krodenarkes sevie marks per sono
nanes.

S.ttware piracy is the act et

;legolly uiingreopyi 8 modifying
/Astibatirgshanin selling co mpter
 is
Honeypotkais a netwa
tbwan attoche
blrep or yber-attackeme
usedas
a
ystem
systen kand stig
odetet the ticks and types
harka.
to
attocks used by
of
Horaypots rostly
onpanies ond organi2atione used by Jange
12atibns invoyed in
Cybensecurityt heaps eybe secunity
he searlens to eann abt the ditferent
ean
attackes.
type o attaks ns ed by
ypes ot H-eypot.
) Reseach Honeynot:-Tese ane us ed by
researchen to

anodyze hacker attacks ar deploy di tteret

ways to prevent these,
btomeypoti Produkion honoypot
ane depdoyed
roductior melworks olong
ane classilied
Basedn tateracin
i) Low inleraction heneyre
i)BtMedin intenari.s honey Elabe
)Hhgintenaction horeypel
4) Docia] Enaireeia is
the term used
for iuties
interation
Sociol Engineminy Atkaek ?e chrique
Baiting attacle
As its nane olmpdies, bating
vitinde
$e a false promise to oique a
9eed
Scareane
Se anewane mvo ves ietims beig
bombanded with falee adarms ad ficti tion!
hreats.

Here o aktacker obtain$ ntornatlom

a serieof cdeverty eroftet ies

ie
Emles
 Ficewal rotecl ne tole
tw
A
attackens,
Arewoll ields you
hebwole becanse
Lacts ass a 2!24/a f:Aten,
keaviny the dat that attennts to
te
he twolk an
enter Anr pvevent onylhing
A.t Aooles susplel*s fron getting thnough
Siobw} tes ke ep hanfl data
outside ur Computer, Soe ot the top niske
on mhich tiv ewJ potects (ompute
inede batkdoovn S, denialrof -Senvice Do S)
attacks macros, rremote oginsspam ar o viruses
how ativewall
hou
Asiople ay toot explain
worles is te Hhine it as seeurit1
midliens
manditk inimate leno-he dge of sees
riminsl. I4 he quandOut ot
criminad
Ehe
keeps
eDdivg. Siiurewol's voteetln
ating toathi
andnegu
hat goes in ovd ng netwonk
 kechrique used
inyection is a eb
yect
to evtract usen ata by Ehongh
as alakementr
ge inp uts
Sal cmmands technique that
eetion
code ine
·Tt is a poro~ise database.

ît is one ot he
haceingLncomlele
tchyiqe