UNIT-2

Part -1
Cyber Space and Security

1) Cyberspace

Definition: Cyberspace is the virtual environment created by interconnected computers, networks,

and devices. It includes everything from the internet and online services to communication
networks.

• Components:

o Internet: A global network connecting millions of computers and devices.

o Devices: Computers, smartphones, and other electronic gadgets that access the
internet.

o Data: Information exchanged or stored in cyberspace, like emails, files, and

databases.

o Networks: Connections that link devices, including local area networks (LAN) and
wide area networks (WAN).

• Importance: Cyberspace enables communication, work, entertainment, and commerce.

However, it also opens the door to cyber threats like hacking, malware, and online fraud,
making cybersecurity crucial.

2) Goals for Security

The main goals of cybersecurity aim to protect systems and data in cyberspace. These are often
described using the CIA triad:

• Confidentiality: Keeping sensitive information safe from unauthorized access.

o Example: Encrypting personal data to prevent hackers from stealing it.

• Integrity: Ensuring that data remains accurate and unchanged.

o Example: Using checks to confirm that a file hasn’t been altered by hackers.

• Availability: Ensuring that systems and data are accessible when needed.

o Example: Backing up data to ensure it can be restored if a system is attacked.

Additional goals include:

• Accountability: Tracking actions to know who is responsible for them.

o Example: Logging system access to monitor who made changes.

• Non-repudiation: Ensuring actions can't be denied by the person who performed them.

o Example: Digital signatures to prove who sent a message.

3) Security Threats and Vulnerabilities

• Security Threat: A potential danger that can exploit weaknesses in a system.

o Examples: Hackers, viruses, phishing, and insider threats.

• Security Vulnerability: A weakness that can be exploited by a threat to gain unauthorized

access.

o Examples: Weak passwords, outdated software, or system misconfigurations.

Example of Threat and Vulnerability:

• Phishing: A hacker tricks someone into providing login details by sending fake emails
(threat).

• Weak Passwords: A person uses “123456” as their password, which is easy for hackers to
guess (vulnerability).

4) Cybersecurity Models

Cybersecurity models provide frameworks to protect systems from cyber threats. Some common
models are:

• The Bell-LaPadula Model (BLP): Focuses on confidentiality.

o Rules:

▪ No Read Up (NRU): A user can’t access information classified at a higher

level.

▪ No Write Down (NWD): A user can’t write information to a lower security

level.

• The Biba Model: Focuses on integrity.

o Rules:

▪ No Write Up (NWU): A user can’t modify data at a higher security level.

▪ No Read Down (NRD): A user can’t read data at a lower security level.

• The Clark-Wilson Model: Focuses on data integrity and enforces well-formed transactions.

o Rules: Only authorized users can perform certain actions on data to ensure data
correctness.

Summary

• Cyberspace is the digital world where systems and data interact.

• The goals for security focus on confidentiality, integrity, and availability of data and systems.
 • Security threats are potential dangers like hacking and malware, while vulnerabilities are
weaknesses in systems that can be exploited.

• Cybersecurity models provide guidelines to protect systems, with models like Bell-LaPadula
and Biba focusing on confidentiality and integrity, respectively.

Part -2

Malicious Software (Malware)

Malicious software (malware) is any software intentionally designed to cause harm, steal data, or
gain unauthorized access to computer systems. Below is a more detailed, precise explanation of
various types of malware:

1) Viruses

• Definition: A virus is a malicious program that attaches itself to legitimate files or programs.
It spreads when the infected file or program is executed or shared with others.

• How It Works:

o A virus relies on user interaction to spread. When the user opens an infected file, the
virus activates and replicates itself, attaching to other files or programs.

o It can corrupt or delete files, steal data, or slow down system performance.

• Example:

o The ILOVEYOU virus (2000) spread via email. When opened, it emailed itself to
everyone in the victim's address book, causing widespread damage.

2) Worms

• Definition: Worms are self-replicating programs that spread independently across networks.
Unlike viruses, worms do not need a host file to propagate.

• How It Works:

o Worms exploit security vulnerabilities in software or operating systems to spread

across connected networks.

o They can cause system overloads, slow down networks, or provide a backdoor for
attackers to control infected devices.

• Example:

o The Conficker worm (2008) exploited a vulnerability in Windows, causing infected

computers to spread the worm without user intervention.
3) Virus vs Worms

• Viruses require user interaction and rely on a host file, while worms spread autonomously
and don't need a host.

• Viruses spread through email attachments or downloads, while worms spread via networks.

• Worms are more likely to cause network congestion or failures due to their ability to self-
replicate rapidly.

4) Information Theft

• Definition: Malware designed to steal sensitive information, such as usernames, passwords,

financial details, and personal identification.

• How It Works:

o Information theft malware can monitor keystrokes, capture login credentials, or scan
for sensitive documents.

o It transmits stolen data back to the attacker for identity theft or financial fraud.

• Example:

o A banking Trojan captures online banking login details and transfers funds from the
victim’s account to the attacker’s.

5) Keyloggers

• Definition: Keyloggers are programs that track every keystroke made on a device, capturing
sensitive information such as passwords, credit card numbers, and personal messages.

• How It Works:

o Keyloggers run in the background and log every keystroke made by the user. This
data is then transmitted to the attacker.

o Some advanced keyloggers can also capture screenshots or record audio.

• Example:

o A keylogger capturing the login credentials for an online banking system, enabling
the attacker to access and steal funds.
6) Phishing

• Definition: Phishing is a social engineering attack where attackers impersonate trusted

organizations to trick individuals into revealing sensitive information.

• How It Works:

o Attackers send fraudulent emails or create fake websites that mimic legitimate ones
(e.g., banks or e-commerce sites).

o Users are tricked into entering personal details, which are then harvested by the
attackers.

• Example:

o An email that appears to come from a bank, asking the user to click a link and verify
their account details, which leads to a fake website that steals their login credentials.

7) Spyware

• Definition: Spyware is software that secretly monitors the user’s activities and collects
information without consent.

• How It Works:

o Spyware collects data such as browsing habits, login credentials, or even financial
data. It then sends this data back to the attacker.

o It often runs in the background without the user’s knowledge, making it difficult to
detect.

• Example:

o A spyware program installed on a computer that records browsing habits and sends
the information to advertisers for targeted ads.

8) Backdoors

• Definition: A backdoor is a hidden entry point installed by malware or hackers to allow

unauthorized access to a system.

• How It Works:

o Once a backdoor is installed, attackers can remotely access the infected system,
bypassing normal authentication processes (like passwords).

o Backdoors are often used to maintain access to compromised systems, allowing

attackers to execute further attacks or steal information.

• Example:

o A hacker installs a backdoor on a server to have persistent access to a company’s

internal network, enabling them to steal sensitive information or launch attacks.
9) Rootkits

• Definition: Rootkits are a set of tools used by attackers to gain administrative control over a
system and hide their activities from the user and security software.

• How It Works:

o Rootkits alter system files, processes, and security software, preventing detection.

o Once installed, attackers can monitor or control the system remotely without being
noticed by antivirus programs or the user.

• Example:

o A rootkit that hides malicious processes running on a server, allowing an attacker to

monitor the system's activity while avoiding detection.

10) Trojan Horses

• Definition: A Trojan horse is a type of malware that disguises itself as a legitimate program to
trick the user into installing it.

• How It Works:

o Trojans masquerade as useful software, like a game or a system update. Once

installed, they perform malicious actions such as stealing data, corrupting files, or
giving attackers control of the system.

o Unlike viruses or worms, Trojans do not self-replicate; they rely on social engineering
to trick the user into installing them.

• Example:

o A Trojan horse disguised as a legitimate software update that, once installed, gives
attackers control over the user’s device.

Summary

• Viruses: Attach to files and spread when those files are opened.

• Worms: Spread automatically across networks and exploit system vulnerabilities.

• Information Theft: Malware that steals sensitive data like login credentials or financial
information.

• Keyloggers: Malware that records every keystroke typed by the user, often to steal
passwords or credit card numbers.

• Phishing: Social engineering attacks that deceive users into providing sensitive information
via fake emails or websites.
 • Spyware: Malware that secretly monitors a user's activity and sends collected data to
attackers.

• Backdoors: Hidden methods that allow attackers to bypass security measures and remotely
access a system.

• Rootkits: Malware that provides unauthorized access to a system while concealing its
presence from users and antivirus software.

• Trojan Horses: Disguised as legitimate software, they perform harmful actions once installed.

Each type of malware has a specific function and can have serious consequences, including data
theft, system damage, or even unauthorized control of the infected system. It’s crucial to use
effective security measures such as antivirus software, firewalls, and cautious behavior online to
protect against these threats.