Cyber Security
Cyber Security
Kalaiselvi
I INTRODUCTION 6
Cyber Security – History of Internet – Impact of Internet – CIA Triad; Reason for Cyber Crime –
Need for Cyber Security – History of Cyber Crime; Cybercriminals – Classification of Cybercrimes
-A Global Perspective on Cyber Crimes; Cyber Laws – The Indian IT Act – Cybercrime and
Punishment.
UNIT TITLE PERIODS
OSWAP; Malicious Attack Threats and Vulnerabilities: Scope of Cyber-Attacks – Security Breach
– Types of Malicious Attacks – Malicious Software – Common Attack Vectors – Social engineering
Attack – Wireless Network Attack – Web Application Attack – Attack Tools – Countermeasures.
UNIT TITLE PERIODS
III RECONNAISSANCE 6
IV INTRUSION DETECTION 6
Host -Based Intrusion Detection – Network -Based Intrusion Detection – Distributed or Hybrid
Intrusion Detection – Intrusion Detection Exchange Format – Honeypots – Example System Snort
UNIT TITLE PERIODS
V INTRUSION PREVENTION 6
Firewalls and Intrusion Prevention Systems: Need for Firewalls – Firewall Characteristics and
Access Policy – Types of Firewalls – Firewall Basing – Firewall Location and Configurations –
Intrusion Prevention Systems – Example Unified Threat Management Products
30 PERIODS
TEXT BOOKS:
Anand Shinde, “Introduction to Cyber Security Guide to the World of Cyber Security”, Notion Press, 2021
1
(Unit 1)
Nina Godbole, Sunit Belapure, “Cyber Security: Understanding Cyber Crimes, Computer Forensics and
2 Legal Perspectives”, Wiley Publishers, 2011 (Unit 1)
3 https://owasp.org/www-project-top-ten/
REFERENCE BOOKS:
1 David Kim, Michael G. Solomon, “Fundamentals of Information Systems Security”, Jones & Bartlett
Learning Publishers, 2013 (Unit 2)
2 Patrick Engebretson, “The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration
Testing Made easy”, Elsevier, 2011 (Unit 3)
3 Kimberly Graves, “CEH Official Certified Ethical hacker Review Guide”, Wiley Publishers, 2007 (Unit 3)
William Stallings, Lawrie Brown, “Computer Security Principles and Practice”, Third Edition, Pearson
4
Education, 2015 (Units 4 and 5)
Georgia Weidman, “Penetration Testing: A Hands-On Introduction to Hacking”, No Starch Press, 2014
5
(Lab)
UNIT 1
INTRODUCTION
Cyber Security – History of Internet – Impact of Internet – CIA Triad; Reason for Cyber Crime
– Need for Cyber Security – History of Cyber Crime; Cybercriminals – Classification of
Cybercrimes -A Global Perspective on Cyber Crimes; Cyber Laws – The Indian IT Act –
Cybercrime and Punishment.
UNIT 1 INTRODUCTION
Cyber Security – History of Internet – Impact of Internet – CIA Triad; Reason for Cyber Crime – Need
for Cyber Security – History of Cyber Crime; Cybercriminals – Classification of Cybercrimes –A Global
Perspective on Cyber Crimes; Cyber Laws – The Indian IT Act – Cybercrime and Punishment.
Cyber Security
Cyber security is the preservation through policy technology and education of the Avaliablity,
confidenality and integrity of information and its underlying infrastructure so as to enhance the
security of person of both online and offline.
"Cyber security is primarily about people, processes, and technologies working together to
encompass the full range of threat reduction, vulnerability reduction, deterrence, international
engagement, incident response, resiliency, and recovery policies and activities, including
computer network operations, information assurance, law enforcement, etc."
OR
Cyber security is the body of technologies, processes, and practices designed to protect networks,
computers, programs and data from attack, damage or unauthorized access.
• The term cyber security refers to techniques and practices designed to protect digital data.
• The data that is stored, transmitted or used on an information system.
OR
Cyber security is the protection of Internet-connected systems, including hardware, software,
and data from cyber attacks. It is made up of two words one is cyber and other is security.
• Cyber is related to the technology which contains systems, network and programs or
data.
• Whereas security related to the protection which includes systems security, network security and
application and information security.
Another catalyst in the formation of the Internet was the heating up of the Cold War. The Soviet
Union's launch of the Sputnik satellite spurred the U.S. Defense Department to consider ways
information could still be disseminated even after a nuclear attack. This eventually led to the
formation of the ARPANET (Advanced Research Projects Agency Network), the network that
ultimately evolved into what we now know as the Internet. ARPANET was a great success but
membership was limited to certain academic and research organizations who had contracts with the
Defense Department. In response to this, other networks were created to provide information
sharing.
January 1, 1983 is considered the official birthday of the Internet. Prior to this, the various
computer networks did not have a standard way to communicate with each other. A new
communications protocol was established called Transfer Control Protocol/Internetwork Protocol
(TCP/IP). This allowed different kinds of computers on different networks to "talk" to each other.
ARPANET and the Defense Data Network officially changed to the TCP/IP standard on January 1,
1983, hence the birth of the Internet. All networks could now be connected by a universal language.
This allowed different kinds of computers on different networks to "talk" to each other. ARPANET
and the Defense Data Network officially changed to the TCP/IP standard on January 1, 1983, hence
the birth of the Internet. All networks could now be connected by a universal language.
The image above is a scale model of the UNIVAC I (the name stood for Universal Automatic
Computer) which was delivered to the Census Bureau in 1951. It weighed some 16,000 pounds, used
5,000 vacuum tubes, and could perform about 1,000 calculations per second. It was the first
American commercial computer, as well as the first computer designed for business use. (Business
computers like the UNIVAC processed data more slowly than the IAS-type machines, but were
designed for fast input and output.) The first few sales were to government agencies, the A.C. Nielsen
Company, and the Prudential Insurance Company. The first UNIVAC for business applications was
installed at the General Electric Appliance Division, to do payroll, in 1954. By 1957 Remington-Rand
(which had purchased the Eckert-Mauchly Computer Corporation in 1950) had sold forty-six
machines.
Impact of Internet :
Learning
Communication
Social Networks
Health Care
Business
Entertainment
Jobs and Employment
CIA TRIAD :
We use a control or countermeasure as protection. That is, a control is an action, device, procedure,
or technique that removes or reduces a vulnerability.
These characteristics are both basic security properties and the objects of security threats.
We can define these three properties as follows.
• availability: the ability of a system to ensure that an asset can be used by any authorized parties
• integrity: the ability of a system to ensure that an asset is modified only by authorized parties
• confidentiality: the ability of a system to ensure that an asset is viewed only by authorized parties
adds
properties that are desirable, particularly in communication networks:
• authentication: the ability of a system to confirm the identity of a sender
• nonrepudiation or accountability: the ability of a system to confirm that a sender cannot
convincingly deny having sent something
Confidentiality is about preventing the disclosure of data to unauthorized parties. It also means trying
to keep the identity of authorized parties involved in sharing and holding data private and
anonymous.
Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle
Integrity: Integrity
Integrity refers to protecting information from being modified by unauthorized parties. Three
particular aspects of integrity are
Authorized actions
Separation and protection of resources
Error detection and correction.
Integrity can be enforced in much the same way as can confidentiality: by rigorous control of who or
what can access which resources in what ways.
Standard measures to guarantee integrity include:
• Cryptographic checksums
• Using file permissions
• Uninterrupted power supplies
• Data backups
if we say that we have preserved the integrity of an item, we may mean that the item is
• precise
• accurate
• unmodified
• modified only in acceptable ways
• modified only by authorized people
• modified only by authorized processes
• consistent
• internally consistent
• meaningful and usable
Availability
Availability is making sure that authorized parties are able to access the information when
needed. Availability applies both to data and to services (that is, to information and to information
processing), and it is similarly complex. As with the notion of confidentiality,
different people expect availability to mean different things. For example, an object or
service is thought to be available if the following are true:
• It is present in a usable form.
Harm:
The C-I-A triad can be viewed from a different perspective: the nature of the harm caused to assets.
Harm can also be characterized by four acts: interception, interruption, modification, and
fabrication.
Personal motives: Some cyber criminals engage in cyber crime to harass, defame or harm individuals
or organizations. Opportunism: Some cyber criminals engage in cyber crime simply because they can,
taking advantage of security vulnerabilities in technology or in people to steal information or
resources.
The purpose of cyber attacks can be:
Extortion:
In exchange for money or ransom, hackers threaten the victim by illegally gaining access to their
sensitive and private data.
Damage reputation:
Breaches lead to a loss of trust among an organization’s customer base.
Cybercriminals are individuals or teams of people who use technology to commit malicious
activities on digital systems or networks with the intention of stealing sensitive company
information or personal data, and generating profit.
Cybercriminals are known to access the cybercriminal underground markets found in the deep web
to trade malicious goods and services, such as hacking tools and stolen data. Cybercriminal
underground markets are known to specialize in certain products or services.
Laws related to cybercrime continue to evolve across various countries worldwide. Law
enforcement agencies are also continually challenged when it comes to finding, arresting, charging,
and proving cybercrimes.
Hacking does not necessarily count as a cybercrime; as such, not all hackers are cybercriminals.
Cybercriminals hack and infiltrate computer systems with malicious intent, while hackers only seek
to find new and innovative ways to use a system, be it for good or bad.
Cybercriminals also differ greatly from threat actors in various ways, the first of which is intent.
Threat actors are individuals who conduct targeted attacks, which actively pursue and compromise
a target entity’s infrastructure. Cybercriminals are unlikely to focus on a single entity, but conduct
operations on broad masses of victims defined only by similar platform types, online behavior, or
programs used. Secondly, they differ in the way that they conduct their operations. Threat actors
follow a six-step process, which includes researching targets and moving laterally inside a network.
Cybercriminals, on the other hand, are unlikely to follow defined steps to get what they want from
their victims.
The significance of cyber security in today’s digital age cannot be understated. A single security
breach has severe consequences in today’s interconnected world, resulting in heavy financial losses
and data loss, as well as hurting its reputation.
For instance, in 2017 Equifax breach exposed the personal identification information of over 145
million people. In 2018, the breach at Marriott leaked the personal information of over 500 million
people.
Cyber Crime: Cybercrime or a computer-oriented crime is a crime that includes a computer and a
network. The computer may have been used in the execution of a crime or it may be the target.
Cybercrime is the use of a computer as a weapon for committing crimes such as committing fraud,
identity theft, or breaching privacy. Cybercrime, especially through the Internet, has grown in
importance as the computer has become central to every field like commerce, entertainment, and
government. Cybercrime may endanger a person or a nation’s security and financial health.
Cybercrime encloses a wide range of activities, but these can generally be divided into two
categories:
Crimes that aim at computer networks or devices. These types of crimes involve different threats
(like virus, bugs etc.) and denial-of-service (DoS) attacks.
Crimes that use computer networks to commit other criminal activities. These types of crimes
include cyber stalking, financial fraud or identity theft.
• Computer Sabotage
• Pornographic Offenses
• Password Sniffing
Cyber crime against property
• Credit card frauds
• Intellectual Property Crimes
• Internet time theft
Cyber Terrorism –
Cyber terrorism is the use of the computer and internet to perform violent acts that result in loss of
life. This may include different type of activities either by software or hardware for threatening life
of citizens.
In general, Cyber terrorism can be defined as an act of terrorism committed through the use of
cyberspace or computer resources.
Cyber Extortion –
Cyber extortion occurs when a website, e-mail server or computer system is subjected to or
threatened with repeated denial of service or other attacks by malicious hackers. These hackers
demand huge money in return for assurance to stop the attacks and to offer protection.
Cyber Warfare –
Cyber warfare is the use or targeting in a battle space or warfare context of computers, online
control systems and networks. It involves both offensive and defensive operations concerning to
the threat of cyber attacks, espionage and sabotage.
Internet Fraud –
Internet fraud is a type of fraud or deceit which makes use of the Internet and could include hiding
of information or providing incorrect information for the purpose of deceiving victims for money or
property. Internet fraud is not considered a single, distinctive crime but covers a range of illegal and
illicit actions that are committed in cyberspace.
Cyber Stalking –
This is a kind of online harassment wherein the victim is subjected to a barrage of online messages
and emails. In this case, these stalkers know their victims and instead of offline stalking, they use
the Internet to stalk. However, if they notice that cyber stalking is not having the desired effect, they
begin offline stalking along with cyber stalking to make the victims’ lives more miserable.
Challenges of Cyber Crime:
People are unaware of their cyber rights-
The Cybercrime usually happen with illiterate people around the world who are unaware about
their cyber rights implemented by the government of that particular country.
Anonymity- Anonymity-
Those who Commit cyber crime are anonymous for us so we cannot do anything to that person.
No harsh punishment-
In Cyber crime there is no harsh punishment in every cases. But there is harsh punishment in some
cases like when somebody commits cyber terrorism in that case there is harsh punishment for that
individual. But in other cases there is no harsh punishment so this factor also gives encouragement
to that person who commits cyber crime.
Prevention of Cyber Crime:
Below are some points by means of which we can prevent cyber crime:
Software should be updated – Operating system should be updated regularly when it comes to
internet security. This can become a potential threat when cybercriminals exploit flaws in the
system
Increasing Frequency and Complexity: Cyber criminals continuously evolve their tactics,
techniques, and procedures to exploit vulnerabilities in systems and networks, making cyber
attacks more sophisticated and challenging to combat.
Cross-Border Nature: This cross-border nature poses challenges for law enforcement and
regulatory agencies in terms of jurisdiction, coordination, and collaboration in investigating and
prosecuting cyber criminals.
Impact on Individuals and Organisations: Cyber crimes can have significant economic, social,
and geopolitical consequences for individuals, businesses, governments, and society as a whole.
Emerging Trends and Technologies: Rapid technological advancements, such as the Internet of
Things (IoT), artificial intelligence (AI), blockchain, and quantum computing, present both
opportunities and challenges in the fight against cyber crimes.
Regulatory and Policy Landscape: Governments around the world are enacting laws, regulations,
and international agreements to combat cyber crimes, protect critical infrastructure, safeguard data
privacy, and promote cybersecurity best practices.
Cyber Laws :
Cyber law, also known as internet law or digital law, signifies the legal regulations and
frameworks governing digital activities. It covers a large range of issues, including online
communication, e-commerce, digital privacy, and the prevention and prosecution of
cybercrimes.
Cybercrime Laws:
Cybercrime laws define and penalize various cybercrimes, ensuring legal consequences for
offenders. These laws play a crucial role in deterring individuals from engaging in illegal online
activities and provide a legal framework for prosecuting cybercriminals.
E-commerce Laws:
E-commerce laws regulate online business transactions, defining rules for contracts,
transactions, and consumer protection. These laws contribute to the establishment of a secure
and fair online marketplace.
Cybersecurity Laws:
Cybersecurity laws establish standards for securing digital systems and data. These laws
mandate organizations to implement measures to protect against cyber threats, contributing to
the overall resilience of digital infrastructure.
With the increasing prevalence of cross-border cybercrimes, international cyber laws address
the need for cooperation between nations. These laws facilitate collaboration in investigating
and prosecuting cybercriminals operating across borders.
Data Privacy:
Safeguarding individuals' digital information is a paramount concern addressed by cyber laws.
These regulations ensure that organizations handle personal data responsibly, establishing a
foundation of trust in digital transactions and interactions.
E-commerce Regulation:
The legal framework provided by cyber laws is crucial for the regulation of e-commerce. It
defines rules for online transactions, contracts, and consumer protection, thereby fostering a
fair and secure online marketplace.
The Information Technology Act, 2000 also Known as an IT Act is an act proposed by the Indian
Parliament reported on 17th October 2000. This Information Technology Act is based on the
United Nations Model law on Electronic Commerce 1996 (UNCITRAL Model) which was
suggested by the General Assembly of United Nations by a resolution dated on 30th January, 1997.
It is the most important law in India dealing with Cybercrime and E-Commerce.
The main objective of this act is to carry lawful and trustworthy electronic, digital and online
transactions and alleviate or reduce cybercrimes. The IT Act has 13 chapters and 94 sections. The
last four sections that starts from ‘section 91 – section 94’, deals with the revisions to the Indian
Penal Code 1860.
First Schedule –
Deals with documents to which the Act shall not apply.
Second Schedule –
Deals with electronic signature or electronic authentication method.
Section Punishment
Section 43 This section of IT Act, 2000 states that any act of destroying,
altering or stealing computer system/network or deleting
data with malicious intentions without authorization from
owner of the computer is liable for the payment to be made
to owner as compensation for damages.
Section 43 A This section of IT Act, 2000 states that any corporate body
dealing with sensitive information that fails to implement
reasonable security practices causing loss of other person
will also liable as convict for compensation to the affected
party
Section 66 Hacking of a Computer System with malicious intentions like
fraud will be punished with 3 years imprisonment or the fine
of Rs.5,00,000 or both.
Section 66 B, C, D Fraud or dishonesty using or transmitting information or
identity theft is punishable with 3 years imprisonment or Rs.
1,00,000 fine or both.