Unit-3: Introduction to Cyber Crimes:

3.1 Category/Technical aspects of Cyber Crimes

History of Cyber Crime

Crime and cybercrime have become an increasingly large problem in

our society, even with the criminal justice system in place. Both in the public
web space and dark web, cybercriminals are highly skilled and are not easy to
find. Cybercrime has created a major threat to those who use the internet, with
millions of users’ information stolen within the past few years.

Definition:

Cybercrime is criminal activity that either targets or uses a computer, a

computer network or a networked device. Most, but not all, cybercrime is
committed by cybercriminals or hackers who want to make money.

Distinction between Cyber Crime and Traditional Crime

1. This kind of Crime- Cybercrimes is quite different from traditional

crimes as they are often harder to detect, investigate and prosecute
and because of that cybercrimes cause greater damage to society than
traditional crimes. Cybercrime also includes traditional crimes
conducted through the internet or any other computer technology. For
example; hate crimes, identity theft, terrorism, are considered to be
cybercrimes.
2. Another difference is in the description of the criminals of both kinds of
crimes. The hackers in cyber-crime are professional thieves, educated
hackers, organized criminal gangs, ideological hackers etc. as
compared to traditional crimes.
3. Evidence- The other difference between these two terms is based on
the evidence of the offences. In the traditional crimes the criminals
usually leave any proof of that crime like fingerprints or other physical
proof. But in the cyber crimes cyber criminals commit their crimes
 through the internet and there are very less chances of leaving any
physical proof.
4. Physical force- Further, these two terms can be differentiated on the
basis of use of force. In traditional crimes many of the crimes like rape,
murder, and burglary etc. involve the use of excessive physical force
which leads to physical injury on the victim. But in cybercrimes, there
is no requirement of any type of physical force because in this type of
crimes the criminals only use the identities or accounts of other person
using computer technologies.

3.1 Categories /Classification of Cyber Crimes

The cybercrimes may be broadly classified into four groups. They are:

1. Crime against the Individuals: Crimes that are committed by the cyber
criminals against an individual or a person. A few cybercrimes against
individuals are:
⮚ E-mail Spoofing -: A spoofed email is one that appears originate from
one source but actually sent from another source.
⮚ Phishing -: Phishing is a special type of intended to trick you into entering
your personal /A/C information to the purpose of breaching your account
and committing theft or fraud.
⮚ Cyber-stalking -: Cyber stalking is a crime in which the attacker harasses
a victim using electronic communication, such as e-mail.
⮚ Defamation -: Cyber defamation occurs when a computer connected to the
internet is used as a tool, or a medium to defame a person or an entity.
⮚ Password Sniffing -:Password sniffer is a software application that scans
and records passwords that are used or broadcasted on a computer or
network interface. It listens to all incoming and outgoing network traffic
and records any instance of a data packet that contains a password.

2. Crimes against Property: These types of crimes includes vandalism of

computers, Intellectual (Copyright, patented, trademark etc) Property Crimes
etc. Intellectual property crime includes:

⮚ Credit Card fraud - Credit card fraud happens when someone — a

fraudster or a thief — uses your stolen credit card or the information from
 that card to make unauthorized purchases in your name or take out cash
advances using your account.
⮚ Intellectual Crime - Intellectual property crime is committed when
someone manufactures, sells or distributes counterfeit or pirated goods,
such as patents, trademarks, industrial designs or literary and artistic
works, for commercial purpose.

⮚ Internet Time theft- It refers to the theft in a manner where the

unauthorized person uses internet hours paid by another person. The
authorized person gets access to another person's ISP user ID and
password, either by hacking or by illegal means without that person's
knowledge.

3. Crime against Organization: Crimes done to threaten the international

governments or any organization by using internet facilities. These cybercrimes
are known as cybercrimes against Organization. These crimes are committed to
spread terror among people. Cyber terrorism is referred as crimes against a
government. Cybercrimes against Government includes cyber attack on the
government website, military website or cyber terrorism etc.

● Unauthorized access / control over computer system.

● Cyber terrorism against the government organization.
● Possession of unauthorized information.
● Distribution of Pirate software.

4. Crime against Society: Those cybercrimes which affects the society

interest at large are known as cybercrimes against society, which include:

⮚ Forgery- When a perpetrator alters documents stored in computerized

form, the crime committed may be forgery. ... In this
instance, computer systems are the target of criminal activity. Computers,
however, can also be used as instruments with which to commit forgery.
⮚ Child pornography- Cyber Pornography means the publishing,
distributing or designing pornography by using cyberspace . The
technology has its pros and cons and cyber pornography is the result of
the advancement of technology. With the easy availability of the Internet,
people can now view thousands of porn on their mobile or laptops, they
even have access to upload pornographic content online.
 ⮚ Sale of illegal articles- This would include sale of narcotics, weapons and
wildlife etc., by posting information on websites, bulletin boards or simply
by using e-mail communications.

3.2 Technical Aspects of Cyber Crimes

3.2.1 Unauthorized access & Hacking

Unauthorized access:
It is an act of gaining access to a network, system, application or
other resource without permission. Unauthorized access could occur if a user
attempts to access an area of a system they should not be accessing.
Unauthorized access could be result of unmodified default access policies or
lack of clearly defined access policy documentation.

Hacking:
Hacking refers to an array of activities which are done to intrude
someone else’s personal information space so as to use it for malicious
unwanted purposes.
Hacking is a term used to refer to activities aimed at exploiting
security flaws to obtain critical information for gaining access to secured
networks.

Who Is Hacker?

Hacker is a term that first started being used in the 1960s and
described a programmer or someone who hacked computer code. Later the term
evolved into an individual who had an advanced understanding of computers,
networking, programming, or hardware, but did not have any malicious intent .
Today, a malicious hacker is usually referred to as a black hat or criminal
hacker, which describes any individual who illegally breaks into computer
systems to damage or steal information .

Hacking Methods

A typical attacker works in the following manner:

● Identify the target system.
● Gathering Information on the target system.
● Finding a possible loophole in the target system.
● Exploiting this loophole using exploit code.
● Removing all traces from the log files and escaping without a trace.

Types Of Hacking

1.Website Hacking :
Hacking a website means taking control from the Website owner to a
person who hacks the website.

2.Network hacking:
It is generally means gathering information about domain by using tools
like telnet, Ns look UP, Ping, Tracert , Netstat, etc. Over the network.

3. password hacking:
We have passwords for emails, databases, computer systems, servers,
bank accounts, and virtually everything that we want to protect. Passwords are
in general the keys to get access into a system or an account. Password
Hacking. is the process of recovering secret passwords from data that has been
stored in or transmitted by a computer system.

Types of hackers
1. Black Hat Hacker

These types of hackers always have a malicious intention and they

access computer networks, websites in an unauthorized manner. The intent is
for personal gain through stealing of confidential organizational data, stealing of
funds from online bank accounts, privacy right violations to benefit criminal
organizations etc. In today’s scenario, most of the hackers belong to this
category and carry on their activities.

2· Ethical Hacker/White Hat Hacker

They are recognized and officially stamped hackers who access
systems to asses to identify and eliminate suspected weakness. Other
responsibilities include vulnerability assessment, cracking of codes of illegal
or anti-social setups, retrieval of crucial data required for security purposes.
These are highly trained, certified and paid professionals.

3· Grey Hat Hacker

They lie between the above-mentioned type of hackers i.e. they
take the recourse of unauthorized access to a system but not with any fraudulent
intent. The objective is to reveal the vulnerabilities and weakness of the
system’s stakeholders.

4· Hacktivist
These hackers are those who are focussed on hacking websites and
leaving contentious information on such websites. This is to spread political,
social, religious messages. This can also take the form of targeting other
nations.

Guard against hacking

Virtual Private Networks (VPN) is a protocol by which corporate

networks connect to offsite and remote locations through a point to point tunnel
like connectivity. VPN resources such as ExpressVPN, securely cover the
transmitting and receiving IP addresses thereby preventing any hacker from
making any unauthorized encroachment.

What should do after hacked?

✔ Shutdown the system or turn of the system

✔ Separate the system from network
✔ disConnect the system to the network
✔ Restore the system with the backup or reinstall all programs
✔ It can be good to call a police
Advantages of hacking

Can be used to recover lost information where the computer password has
been lost

⮚ To test how good security is on your own network

Disadvantages of hacking

⮚ Criminals can use it to their advantage.

⮚ It can harm someone privacy .
⮚ It's illegal .

3.2.2 Trojan, Virus and Worm Attacks

 Malware
Malware, short for malicious software, is a blanket term for viruses,
worms, Trojans and other harmful computer programs hackers use to wreak
destruction and gain access to sensitive information.

The most common blunder people make when the topic of a computer
virus arises is to refer to a worm or Trojan horse as a virus. While the words
Trojan, worm and virus are often used interchangeably, they are not the same.
Viruses, worms and Trojan Horses are all malicious programs that can cause
damage to your computer, but there are differences among the three, and
knowing those differences can help you to better protect your computer from
their often damaging effects.

Virus
“A Computer Virus is a malicious software program “Malware” that
can infect a computer by modifying or deleting data files, boot sector of a hard
disk drive or causes a software program to work in an unexpected manner”.
A computer virus resides on a host computer and can replicate itself
when executed. Virus can steal user data, delete or modify files & documents,
records keystrokes & web sessions of a user. It can also steal or damage hard
disk space, it can slowdown CPU processing.

Activation Of Virus
When the computer virus starts working, it is called the activation of
virus. A virus normally runs all the time in the computer. Different viruses are
activated in different ways. Many viruses are activated on a certain data. For
example, a popular virus “Friday, the 13th” is activated only if the date is 13 and
the day is Friday.
Damages Caused By Virus
Computer virus cannot damage computer hardware. It may cause many
damages to a computer system. A virus can:
1. A computer virus can damage data or software on the computer.
2. It can delete some or all files on the computer system.
3. It can destroy all the data by formatting hard drive.
4. It may display a false message very few times.

Virus infects computer system if latest and updated version of an Antivirus

program is not installed. Latest Antivirus software should be installed on
Computer to protect it from viruses.
 A computer system can be protected from virus by following these precautions.
1. The latest and updated version of Anti-Virus and firewall should be installed on
the computer.
2. The Anti-Virus software must be upgraded regularly.
3. USB drives should be scanned for viruses, and should not be used on infected
computers.
4. Junk or unknown emails should not be opened and must be deleted straightaway.
5. Unauthorized or pirated software should not be installed on the computer.
6. Your best protection is your common sense. Never click on suspicious links,
never download songs, videos or files from suspicious websites. Never share
your personal data with people you don’t know over the internet.

Different types of computer virus classification are given below.

• Boot Sector Virus:

A Boot Sector Virus infects the first sector of the hard drive, where
the Master Boot Record (MBR) is stored. The Master Boot Record (MBR) stores
the disk's primary partition table and to store bootstrapping instructions which
are executed after the computer's BIOS passes execution to machine code. If a
computer is infected with Boot Sector Virus, when the computer is turned on,
the virus launches immediately and is loaded into memory, enabling it to control
the computer.

• File Deleting Viruses:

A File Deleting Virus is designed to delete critical files which are the
part of Operating System or data files.

• Mass Mailer Viruses:

Mass Mailer Viruses search e-mail programs like MS outlook for e-

mail addresses which are stored in the address book and replicate by e-mailing
themselves to the addresses stored in the address book of the e-mail program.

• Macro viruses:

Macro viruses are written by using the Macro programming languages

like VBA, which is a feature of MS office package. A macro is a way to automate
and simplify a task that you perform repeatedly in MS office suit (MS Excel, MS
word etc). These macros are usually stored as part of the document or
spreadsheet and can travel to other systems when these files are transferred to
another computers.

• Polymorphic Viruses:

Polymorphic Viruses have the capability to change their appearance

and change their code every time they infect a different system. This helps the
Polymorphic Viruses to hide from anti-virus software.

• Stealth viruses:

Stealth viruses have the capability to hide from operating system or anti-
virus software by making changes to file sizes or directory structure. Stealth
viruses are anti-heuristic nature which helps them to hide from heuristic
detection.

• Retro virus:

Retrovirus is another type virus which tries to attack and disable the
anti-virus application running on the computer. A retrovirus can be considered
anti-antivirus. Some Retroviruses attack the anti-virus application and stop it
from running or some other destroys the virus definition database.

Worms
A computer worm is a type of malicious program whose primary
function is to infect other computers while remaining active on infected systems.

A computer worm is self-replicating malware that duplicates itself to

spread to uninfected computers. Worms often use parts of an operating
system that are automatic and invisible to the user. It is common for worms to
be noticed only when their uncontrolled replication consumes system resources,
slowing or halting other tasks.

Actions of Computer Worm

● Bandwidth is consumed and servers are overloaded that causes harm to

the network.
● Also rather than spreading and destroying the network, codes are written

inside the worm so that the systems are destroyed with these codes.

These codes steal data or create backdoors so that other systems can

control the system.

● The codes also called payloads to destroy the system in a way that the

infected systems are used to spread spams and destroy the entire

network.

● Computer worms need no assistance and also they replicate by

themselves.

● Worms either modify or delete the files of the system thereby overloading

the system and hence the network.

● The worm creates space for a hacker to enter the system and destroy the

entire network.

● Computer worms destroy the data worth years and are very malicious.

Protecting our data from worms is very important.

● Security features are mostly exploited by the worms.

● Some worms also try to change the system settings.

● Examples of worms include Morris Worm, Storm Worm, SQL Slammer.

● Morris developed a few lines of code to know how vast the internet is but

the codes had bugs that destroyed the host systems and caused damage

worth millions.
 ● Storm worm, as the name suggests sends mails of a news report regarding

the storm. Once opened the system is affected and other contacts are also

sent emails. This worm was created in 2007. Many believe that the

systems are still affected by this worm which the user does not know.

● Stuxnet is a famous computer worm that was intended to destroy Iran’s

nuclear plans.

Types of computer worms

● Email Worms: Email Worms spread through malicious email as an

attachment or a link of a malicious website.

● Instant Messaging Worms: Instant Messaging Worms spread by sending

links to the contact list of instant messaging applications such as

Messenger, WhatsApp, Skype, etc.

● Internet Worms: Internet worm searches all available network resources

using local operating system services and/or scans compromised

computers over the Internet.

● IRC Worms: IRC Worms spread through Internet Relay Chat (IRC) chat

channels, sending infected files or links to infected websites.

● File sharing Worms: File sharing Worms place a copy of them in a shared

folder and distribute them via Peer To Peer network.

Prevention From Worm

 ⮚ Using firewalls will help reduce access to systems by malicious software.

⮚ Using antivirus software will help prevent malicious software from

running.

⮚ Being careful not to click on attachments or links in email or other

messaging applications that may expose systems to malicious software.

⮚ Encrypt files to protect sensitive data stored on computers, servers and

mobile devices

Some symptoms that may indicate the presence of a worm include:

● Computer performance issues, including degraded system performance,

system freezing or crashing unexpectedly.

● Unusual system behavior, including programs that execute or terminate

without user interaction; unusual sounds, images or messages; the sudden
appearance of unfamiliar files or icons, or the unexpected disappearance of
files or icons; warning messages from the operating system or antivirus
software; and email messages sent to contacts without user action.

One of the most damaging computer worms ever was the ILOVEYOU virus.
ILOVEYOU primarily spread when targeted victims opened an email attachment,
and the malware resent itself to all of the victim's contacts in Microsoft Outlook.

Trojan
A Trojan horse, or Trojan, is a type of malicious code or software
that looks legitimate or harmless but can take control of your computer. A
Trojan is designed to damage, disrupt, steal, or in general inflict some other
harmful action on your data or network.

Viruses can execute and replicate themselves. A Trojan cannot. A user has
to execute Trojans. Even so, Trojan malware and Trojan virus are often used
interchangeably.

Trojans working :

Here’s a Trojan malware example to show how it works.

 You might think you’ve received an email from someone you know and
click on what looks like a legitimate attachment. But you’ve been fooled. The
email is from a cybercriminal, and the file you clicked on — and downloaded and
opened — has gone on to install malware on your device.

When you execute the program, the malware can spread to other files and
damage your computer.

Types of Trojan

⮚ Backdoor Trojan

This Trojan can create a “backdoor” on your computer. It lets an

attacker access your computer and control it. Your data can be downloaded by a
third party and stolen. Or more malware can be uploaded to your device.

⮚ Distributed Denial of Service (DDoS) attack Trojan

This Trojan performs DDoS attacks. The idea is to take down a

network by flooding it with traffic. That traffic comes from your infected
computer and others.

⮚ Downloader Trojan

This Trojan targets your already-infected computer. It downloads and

installs new versions of malicious programs. These can include Trojans and
adware.

⮚ Fake AV Trojan

This Trojan behaves like an antivirus software, but demands money

from you to detect and remove threats, whether they’re real or fake.

⮚ Game-thief Trojan

The losers here may be online gamers. This Trojan seeks to steal their
account information.

⮚ Remote Access Trojan

This Trojan can give an attacker full control over your computer via a
remote network connection. Its uses include stealing your information or spying
on you.

Examples of Trojan malware attacks

 1. Rakhni Trojan - This malware has been around since 2013. More
recently, it can deliver ransomware (allowing criminals to use your device
to mine for cryptocurrency) to infected computers.

2. ZeuS/Zbot - This banking Trojan source code was first released in 2011.
It uses keystroke logging — recording your keystrokes as you log into
your bank account, for instance — to steal your credentials and perhaps
your account balance as well.

● Don’t visit unsafe websites. Some internet security software will alert you
that you’re about to visit an unsafe site, such as Norton Safe Web.
● Don’t open a link in an email unless you’re confident it comes from a
legitimate source. In general, avoid opening unsolicited emails from
senders you don’t know.
● Don’t download or install programs if you don’t have complete trust in the
publisher.
● Don’t click on pop-up windows that promise free programs that perform
useful tasks.
● Don’t ever open a link in an email unless you know exactly what it is.

Signs Of Trojan

● Desktop changes
● Increase of spam or pop-ups
● Poor device performance
● Unfamiliar downloads, add-ons, or applications
● Changes to display color, clarity, or orientation
● Strange device behavior

3.2.3 E-Mail related Crimes: Spoofing, Spamming,

Bombing

Email fraud
Email fraud is the intentional deception made for personal gain or to damage
another individual through email. Almost as soon as email became widely used, it
began to be used as a means to defraud people.
Types of Email fraud

Spoofing
Email sent from someone pretending to be someone else is known as
spoofing. Spoofing may take place in a number of ways. Common to all of them is
that the actual sender's name and the origin of the message are concealed or
masked from the recipient. Many, if not most, instances of email fraud use at
least minimal spoofing, as most frauds are clearly criminal acts. Criminals
typically try to avoid easy traceability.

Some spoof messages purport to be from an existing company, perhaps one with
which the intended victim already has a business relationship. The 'bait' in this
instance may appear to be a message from 'the fraud department' of, for
example, the victim's bank, which asks the customer to: "confirm their
information"; "log in to their account"; "create a new password", or similar
requests. If the 'fish' takes the 'bait', they are 'hooked' -- their account
information is now in the hands of the con man, to do with as they wish.
See Phishing.
Bogus offers
Email solicitations to purchase goods or services may be instances of attempted
fraud. The fraudulent offer typically features a popular item or service, at a
drastically reduced price.
Items may be offered in advance of their actual availability, for instance, the
latest video game may be offered prior to its release, but at a similar price to a
normal sale. In this case, the "greed factor" is the desire to get something that
nobody else has, and before everyone else can get it, rather than a reduction in
price. Of course, the item is never delivered, as it was not a legitimate offer in
the first place.
Such an offer may even be no more than a phishing attempt to obtain the victim's
credit card information, with the intent of using the information to fraudulently
obtain goods or services, paid for by the hapless victim, who may not know they
were scammed until their credit card has been "used up".
Requests for help
The "request for help" type of email fraud takes this form. An email is sent
requesting help in some way, but including a reward for this help as a "hook,"
such as a large amount of money, a treasure, or some artifact of supposedly
great value.
Other form of fraudulent help requests is represented by romance scam. Under
this, fraudsters (pretended males or females) build online relationships, and after
some time, they ask for money from the victims, claiming the money is needed
due to the fact they have lost their money (or their luggage was stolen), they
have been beaten or otherwise harmed and they need to get out of the country
to fly to the victim's country.
This confidence trick is similar to the face-to-face con, known as the "Stranger
With a Kind Face," which is the likely origin of at least the title of
the vaudevillian routine known by the same name, as "Niagara Falls," or as
"Slowly I turned..."

Avoiding email fraud

Email fraud may be avoided by:

▪ Keeping one's email address as secret as possible.

▪ Using a spam filter.
▪ Noticing the several spelling errors in the body of the "official looking" email.
▪ Ignoring unsolicited emails of all types, simply deleting them.
▪ Not giving in to greed, since greed is often the element that allows one to be
"hooked".
Many frauds go unreported to authorities, due to shame, guilty feelings or
embarrassment.

Email spoofing
Email spoofing is email activity in which the sender address and other parts of
the email header are altered to appear as though the email originated from a
different source. Because core SMTP doesn't provide any authentication, it is easy
to impersonate and forge emails.
Although there are legitimate uses, these techniques are also commonly used in
spam and phishing emails to hide the origin of the email message.[2]
By changing[clarification needed] certain properties of the email, such as the From,
Return-Path and Reply-To fields (which can be found in the message header), ill-
intentioned users can make the email appear to be from someone other than the
actual sender. The result is that, although the email appears to come from the
address indicated in the From field (found in the email headers), it actually
comes from another source.[3
Because many spammers now use special software to create random sender
addresses, even if the user finds the origin of the email it is unlikely that the
email address will be active.
The technique is now used ubiquitously by bulk email software as a means of
concealing the origin of the propagation. On infection, worms such as
ILOVEYOU, Klez and Sober will often try to perform searches for email addresses
within the address book of a mail client, and use those addresses in the From
field of emails that they send, so that these emails appear to have been sent by
the third party. For example:

Email Bombing
There are two methods of perpetrating an email bomb: mass mailing and list
linking.

Mass mailing

Mass mailing consists of sending numerous duplicate mails to the same email
address. These types of mail bombs are simple to design but their extreme
simplicity means they can be easily detected by spam filters. Email-bombing
using mass mailing is also commonly performed as a DDoS attack by employing
the use of "zombie" botnets; hierarchical networks of computers compromised
by malware and under the attacker's control. Similar to their use in spamming,
the attacker instructs the botnet to send out millions or even billions of emails,
but unlike normal botnet spamming, the emails are all addressed to only one or a
few addresses the attacker wishes to flood. This form of email bombing is
similar in purpose to other DDoS flooding attacks. As the targets are frequently
the dedicated hosts handling website and email accounts of a business, this type
of attack can be just as devastating to both services of the host.

This type of attack is more difficult to defend against than a simple mass-
mailing bomb because of the multiple source addresses and the possibility of
each zombie computer sending a different message or employing stealth
techniques to defeat spam filters.

List linking

List linking means signing a particular email address up to several email list
subscriptions. The victim then has to unsubscribe from these unwanted services
manually. In order to prevent this type of bombing, most email subscription
services send a confirmation email to a person's inbox when that email is used
to register for a subscription. This method of prevention is easily circumvented:
if the perpetrator registers a new email account and sets it to automatically
forward all mail to the victim, he or she can reply to the confirmation emails, and
the list linking can proceed.

Zip bombing

A ZIP bomb is a variant of mail-bombing. After most commercial mail servers

began checking mail with anti-virus software and filtering certain malicious file
types, EXE, RAR, Zip, 7-Zip, mail server software was then configured to
unpack archives and check their contents as well. A new idea to combat this
solution was composing a "bomb" consisting of an enormous text file, containing,
for example, only the letter z repeating millions of times. Such a file compresses
into a relatively small archive, but its unpacking (especially by early versions of
mail servers) would use a greater amount of processing, which could result in a
DoS (Denial of Service).

Email Spamming
definition

Email spam includes unwanted or unsolicited emails that arrive in a user’s email
inbox. Usually, email spam is sent to a large number of recipients. Spam can be
sent automatically by a botnet or by human senders.

If spam is not appropriately dealt with it can become troublesome for users to
conduct work activity without disruption from unwanted emails. Email spam also
poses a security threat because messages can contain malicious links or
malware that can allow a cyber-criminal access to a user’s device or ability to
find sensitive data/account information.

What is a spammer?

A spammer is a person who sends unsolicited or unwanted emails. Typically,

this entity is advertising or promoting something. However, they can also be
cyber-criminals who are distributing a large number of malicious emails that
contain malware or phishing scams.
How does spam email work?

The method of spamming has been around for quite some time and since then
has become a common method of cyber disruption. To launch an email spam
attack, a cyber-criminal will use spambots, computer systems that conduct
repetitive tasks designed to assist in spamming activities, to gather emails
available on the internet and send out a large amount malicious emails. Spam
emails use a “spray and pray” tactic which involves sending spam emails in
masses with hopes that a few individuals will mistakenly interact with the spam
content.

How to identify spam emails

Certain characteristics of an email will reveal to a user that it is spam. Here is

what to look for:
Sender credentials

check the sender of any unsolicited email to make sure that it is coming from a
legitimate source.
Subject line

Spam emails will have vague subject lines or ones that attempt to alarm or call
for urgent action. This might come in the form of an alert or a fraudulent
notification that your “account” is closing.
Requesting information

Spam emails are always trying to divulge sensitive information from their
victims. Never share your personal account information unless you are 100%
certain of the senders identity.
For organizations

Identifying spam emails can be a time consuming task given that they come in
large quantities and from a variety of senders. Automated filtering can maximize
productivity of employees and declutter their inboxes while reducing the the
workload of the security team. Below is an example of a non-productive email
identified in Darktrace/Email's UI. Darktrace/Email can identify and tag emails
that are suspicious of spam and other security risks like phishing scams, giving
detailed explanation of the potential threat.

Most popular email services have automatic spam identification that will use an
algorithm to identify spam content and send it to your spam folder. However, if
you find that you are still receiving a high degree of spam emails you can mark
these emails as spam instead of deleting them right away. This will identify that
particularly sender as spam email, and it will not appear in your inbox.

Organizations want to ensure that their employees are able to communicate and
conduct business activity without disruption. However, email spam can stand in
the way of employees who want to quickly communicate via email. Having an
inbox that is cluttered with emails will cause employees to get distracted and
have to parse through hundreds of emails just to identity which are legitimate,
and which are malicious.

There are several systems in place that protect email inboxes from spam mail.
However, some organizations might want to take extensive action in order to
protect their employees’ inboxes to ensure business continuity and productivity
remain optimal. Email security options include:
Secure email gateways

A secure email gateway (SEG) or a secure email server (SEC) is a type of email
security software that sits between inbound and outbound email communication.
Every email that is sent to and from an organization passes through this gateway
to ensure that its contents are not malicious or a sign of a data leak. It prevents
unwanted emails in user inboxes like spam, phishing emails, emails containing
malware, etc… In many ways email gateways are the first line of defense for
email security.
AI Email solutions

Darktrace/Email uses artificial intelligence and machine learning algorithms

to prevent, detect, respond to, and heal from email attacks. Through its unique
understanding of you, rather than knowledge of past attacks, Darktrace/Email
stops the most sophisticated and evolving email security risks like generative Al
attacks, BEC, account takeover, human error, and ransomware.
3.2.4 Denial of Service Attacks

DOS Attack

What is DOS Attack ?

Dos means Denial of service attack.

Dos attack is an attempt to make a computer or network resources

unavailable to its intended users. When a denial of service (DOS) attack
occurs, a computer or a network user is unable to access resources like e-
mail and the Internet. An attack can be directed at an operating system or at
the network. These attacks had to be "manually" synchronized by a lot of
attackers in order to cause an effective damage.

The subject came to public awareness only after a massive attack on public
sites on February 2000. During a period of three days the sites of Yahoo.com,
amazon.com, buy.com, cnn.com & eBay.com were under attack. Analysts
estimated that Yahoo! Lost $500,000 in e-commerce and advertising revenue
when it was knocked offline for three hours

Bad guy Compromis Victim

ed

Third parties

Dos attacks include

• Slow the network.

• Unavailability of website.
• Increase the no of spam emails.
• Disrupt connection between two system.
• Prevent the individual from accessing services
Classification of DOS attacks:

1. Bandwidth attacks:
Loading any website takes certain time. Loading means complete
webpage ( i.e., With entire content of the webpage – text along
with images) appearing on the screen and system is awaiting user’s input.
This loading consumes some amount of memory. Every site is given with a
particular amount of bandwidth for its hosting. Say for example, 50 GB. Now
if more visitor consume all 50 GB bandwidth then the hosting of the site can
ban this site.

2. Logic attacks :
This kind of attack can exploit vulnerabilities in network software
such as web server or TCP/IP attack

3. Protocol attack:

• Protocol here are rules that are to be followed to send data over
network. These kind of attacks exploit a specific feature of
implementations bug .of some protocol installed at the victim’s system to
consume excess amounts of its resources.

How to protect from Dos Attack:

• Implements router filter. This will lessen your exposure to certain dos
attacks.
• If such filters are available for your system, installed patches to guard
against TCP SYN flooding.
• Routinely examine your physical security with regard to your currents
needs
• Establish and maintain regular backup schedule and policies ,particularly
for important configuration information.
• Disable any unused network service. This can limit the ability of an
attacker to take advantage of these service to execute a Dos attack
Types of dos attacks

1.flood attack:-
 This is the earliest from of DOS attacks and is also known as ping
flood. It is based on attacker simply sending the victim overwhelming number
of ping packets, usually by using the “ping” command, which result into more
traffic than the victim can handle.

2.Ping of death attack:

The ping of death attack sends oversized internet control message

protocol packets, and it is one of the core protocol of the IP suite. It is mainly
used by networked computer OS to send error message indicating (e.g. that a
requested service is not available) to the victim. The maximum size of
packets is allowed 65,536 octets. Some system, upon receiving the
overprized packet, will crash resulting in DOS.

3. SYN Attack:-
It is also termed as TCP SYN flooding. In the transmission control
protocol handshaking of network connection is done by with SYN and ACK
messages.

An attacker initiates a TCP connection to the server with an SYN. The server
replies with an SYN ACK.The client does not send back an ACK ,causing the
server allocate memory for the pending connection and wait.

4.Smurf attack:-

• It is a way of generating significant computer network traffic on a victim

network. This is a type of Dos attack that flood a target system via
spoofed broadcast ping message. This attack consist of a host sending an
ICMP echo request to a network broadcast address. Every host on the
network receive the ICMP echo request and send back an ICMP echo
response with the network traffic.

3.2.5 Distributed Denial of Service Attack

DDOS Attack
This is the complicated but powerful version of DOS attack in which
many attacking systems are involved.
In DDOS attacks, many computers start performing DOS attacks on the same
target server. As the DOS attack is distributed over large group of
computers, it is known as a distributed denial of service attack.

To perform a DDOS attack, attackers use a zombie network, which is a group

of infected computers on which the attacker has silently installed the DOS
attacking tool. Whenever he wants to perform DDOS, he can use all the
computers of ZOMBIE network to perform the attack. In simple words, when
a server system is being flooded from fake requests coming from multiple
sources (potentially hundreds of thousands), it is known as a DDOS attack.

For creating the zombie network, hackers generally use a Trojan. The
more members in the zombie network, more powerful the attack it .The wave
of DDoS attacks that targeted major Websites such as Yahoo and Amazon in
2000 was estimated cumulatively to have cost over $1.2 billion in damages.

Protection from dos attack

Computer Emergency Response Team Coordination Centre(CERT/CC) .

1. Implements router filters. This will lesson your exposure to certain DoS
attacks.
2. Disable any unused or inessential network service. This can limit the
ability of an attacker to take advantage of these service to execute a dos
attack.
3. Enable quota system on your OS if they are available.
4. Routinely examine your physical security with regard to your current
needs.
5. Establish and maintain regular backup schedules and policies, particularly
for important configuration information.
6. Establish and maintain appropriate password policies, especially access to
highly privileged accounts such as Unix root or Microsoft windows NT
administrator.

Tools for detecting DDOS attck

1.Zombie Zapper:

It is a free, open source tool that can tell a zombie system flooding packets
to stop flooding. It works against Trinoo, TFN and Stacheldraht.
 2.Remote Intrusion Detector (RID):

It is tool develop in “C” computer language, which is a highly

configurable packet snooper and generator. It detects the presence of Trinoo,
TFN or Stacheldrhat

3.3 Various crimes :

3.3.1 IPR Violations (Software piracy, Copyright
Infringement, Trademarks Violations, Theft of Computer source
code, Patent Violations)
Intellectual property rights are the legal rights that cover the
privileges given to individuals who are the owners and inventors of a work, and
have created something with their intellectual creativity. Individuals related to
areas such as literature, music, invention, etc., can be granted such rights, which
can then be used in the business practices by them.

The creator/inventor gets exclusive rights against any misuse or use of work
without his/her prior information. However, the rights are granted for a limited
period of time to maintain equilibrium.

The following list of activities which are covered by the intellectual property
rights are laid down by the World Intellectual Property Organization (WIPO) −

Industrial designs

Scientific discoveries

Protection against unfair competition

Literary, artistic, and scientific works

Inventions in all fields of human endeavor

Performances of performing artists, phonograms, and broadcasts

Trademarks, service marks, commercial names, and designations

All other rights resulting from intellectual activity in the industrial, scientific,
literary, or artistic fields

Types of Intellectual Property Rights

Intellectual Property Rights can be further classified into the following

categories −

1.Copyright

2.Patent

3.Trade Marks

4.Source code

5.Software Piercy

6.Plagiarism

Copyright

Copyright is only infringed if the unauthorized use involves the whole or a

'substantial part' of the copyright work. Unauthorized use usually involves
copying, issuing copies, renting or lending, performing, showing, playing,
communicating or adapting the copyright work.

In order to succeed with an action for infringement, it is necessary to establish

that the alleged infringing party actually copied the work protected rather than
arrived at their work by means of independent creative activity.

So, if the infringement of a copyright work is intentional, is on a large scale and

copies of a work are being made for sale, being imported, distributed, sold or put
on the internet, then it is worth informing the police ,They can decide whether
action by them, including possible prosecution, is justified.

Patents

Infringing a patent means manufacturing, using, selling or importing a

patented product or process without the patent owner's permission. The owner
of a patent can take legal action against you and claim damages if you infringe
their patent.

Trade marks
A registered trade mark is a property right whereby the owner is granted
exclusive rights in relation the use of the trade mark. If someone uses an
identical or similar trade mark for identical or similar goods or services to a
trade mark already in use without the owner's consent, that person infringes the
trade mark. Remedies are available to the owner to prevent an ongoing
infringement, including damages for past infringements.

Source code Theft

Source code theft is when a malicious insider, or someone outside of your

organization, steals the source code to your software.

Software piracy

Software piracy is a term used to describe the act of illegally using, copying or
distributing software without ownership or legal rights. The majority of software
today is purchased as a single-user license, meaning that only one computer
may have that software installed on it at one time. Copying that software to
multiple computers or sharing it with your friend without multiple licenses is
considered software piracy, which is illegal. Additionally, downloading pirated
software from the Internet could be a security risk to your computer; it can be
difficult to know what else may be getting installed.

3.3.2 Cyber Squatting, Cyber Smearing, Cyber Stacking

The term cybersquatting refers to the unauthorized registration and use of

Internet domain names that are identical or similar to trademarks, service marks,
company names, or personal names. Cybersquatting registrants obtain and use
the domain name with the bad faith intent to profit from the goodwill of the
actual trademark owner. Both the federal government and the Internet
Corporation for Assigned Names and Numbers have taken action to protect the
owners of trademarks and businesses against cybersquatting abuses.

Types of Cyber Squatting

Typo-squatting
 Typosquatting is often referred to as ‘URL hijacking,’ ‘a sting site,’ and a
‘fake URL.’ Typosquatters rely on common mistakes made by Internet users
when typing a web address into a web browser. Such mistakes include
misspelling (e.g., www.intrenet.com), different phrasing of a domain name (e.g.,
www.internets.com),

To trick Internet users, typosquatters may also create a fake website that
resembles the source by using a similar layout, color schemes, logos, and
content. Typosquatters use such fake websites to (1) compel legitimate website
owners to buy the cybersquatted domain names, (2) generate more web traffic,
and (3) spread malware.

Identity theft

Cybersquatters may purchase a domain which was unintentionally not renewed

by the previous owner. Cybersquatters use special software applications which
allow them to monitor the expiration dates of targeted domain names easily.
After registering the expired domain names, cybersquatters may link them with
websites which duplicate the websites of the previous domain name owners.
Thus, cybersquatters will mislead the visitors of their websites into believing
that they are visiting the websites of the previous domain names owners.

Name jacking

Name jacking refers to the registration of a domain name associated with the
name of an individual, usually celebrities and well-known public figures. Name
jackers benefit from web traffic related to the targeted individuals.

The registration of the domain name Madonna.com was a typical example of

name jacking. The domain name, which is identical to the name of the pop diva
Madonna, was used for spreading pornographic materials.

Reverse-cybersquatting

Reverse-cybersquatting refers to an attempt to secure a domain name

legitimately owned by another person. Reverse-cybersquatting may include
intimidation and pressure to transfer the legitimate ownership of a domain name
to the person or organization which owns a registered trademark reflected in the
domain name.
It should be noted that reverse cybersquatting may be considered an abuse of
domain name dispute resolution procedures. Reverse-cybersquatting may also
constitute a tort or an unfair business practice within the meaning of the laws of
some jurisdictions and, therefore, entitle the victims of reverse-cyber squatters
to compensation for damages.

Cyber Smearing, Cyber Stacking

Cyber stalking is a crime in which someone harasses or stalks a victim using

electronic or digital means, such as social media, email, instant messaging
(IM), or messages posted to a discussion group or forum. Cyberstalkers take
advantage of the anonymity afforded by the internet to stalk or harass their
victims, sometimes without being caught, punished or even detected.

Although cyberstalking is a general term for online harassment, it can take

many forms, including slander, defamation, false accusations, trolling and
even outright threats. In many cases, especially when both the harasser and
victim are individuals, the motive may be the following:

• monitor the victim's online -- and, in some cases, offline -- activities;

• track the victim's locations and follow them online or offline;

• annoy the victim;

• intimidate, frighten, control or blackmail the victim;

• reveal private information about the victim, a practice known as doxing; or

• gather more information about the victim to steal their identity or perpetrate
other real-world crimes, like theft or harassment.

Cyberstalkers often start small. In the beginning, they may send a few strange
or somewhat unpleasant messages to their intended victim. Then, later, they
may brush off these messages as funny, annoying or mildly weird and ignore
them without taking any action.
Over time, the messages may become systematic, sustained and repetitive
and take on an increasingly intimidating or frightening tone.

Cyberstalking: Victims and criminals

Often, cyberstalkers pursue their victims over a sustained period. An
overwhelming majority of cyberstalkers are men, while victims are usually
women. However, cyberstalking cases where women were the perpetrators
are not unheard of. For instance, following the 2006 Megan Meier suicide
case in Missouri, a female cyberstalker was indicted and convicted in 2008 of
violating the Computer Fraud and Abuse Act. Occasionally, men have been
victims in some cyberstalking cases.

Other ways to guard against cyberstalking include the following:

• update all software to prevent information leaks;

• mask your Internet Protocol address with a virtual private network;

• strengthen privacy settings on social media;

• strengthen all devices with strong passwords or, better, use multifactor
authentication;

• avoid using public Wi-Fi networks;

• send private information via private messages, not by posting on public

forums;

• safeguard mobile devices by using password protection and never leave

devices unattended;

• disable Geolocation settings on devices;

• install antivirus software on devices to detect malicious software;

• always log out of all accounts at the end of a session; and

• beware of installing apps that ask to access your personal information.

•
 • Defamation (Cyber smearing)
• Defamation is injury to the reputation of a person. Cyber defamation
occurs when defamation takes place with the help of computers and / or
the Internet.
• The three essentials of defamation are:
• The statement must be false and defamatory,
• The said statement must refer to the victim, and
• The statement must be published.
• A person's reputation is his or her property and sometimes even more
valuable than physical property.
• Cyber criminals may also disclose victims' personal data (e.g. real name,
address, or workplace/ schools) on various immoral websites.
Cases of piggy-backing on victim’s identity are now common. This could
be used to publish objectionable material in their name that defames or
ridicules a person.
• Digital Impersonation
• Digital impersonation is one of the most dangerous kinds of online
reputation problems. It happens when someone else assumes your identity
and communicates using your real name, photograph or avatar.
• Impersonator could either hack into your real accounts; or just create fake
profiles or comments purporting to be “you.” The motivation behind the
act may be revenge, sadism, extortion, or playing some kind of twisted
prank. The damage to reputation caused by impersonating someone online
can be substantial and hard to cope with.
•

3.3.3 Financial Crimes: ( Banking, credit card, Debit card related)

Credit card fraud is a form of identity theft in which an individual uses

someone else’s credit card information to charge purchases, or to withdraw
funds from the account. Credit card fraud also includes the fraudulent use of a
debit card, and may be accomplished by the theft of the actual card, or by
illegally obtaining the cardholder’s account and personal information, including
the card number, the card’s security number, and the cardholder’s name and
address.
Elements of Credit Card Fraud

. These include:

Credit Card Theft: the taking of a credit card, or credit card number, from
another person, without the cardholder’s consent, with the intent of using or
selling it.

Credit Card Forgery: the purchasing of something of value using a credit card,
by someone other than the cardholder, or an authorized user, with the intent of
defrauding the card’s issuer.

Credit Card Fraud: the taking of a credit card, or credit card number, from
another person, with the intent to use, sell, or transfer it to another person, or
using the credit card or card number to purchase something of value, with the
intent to defraud.

Means of payment card fraud

There are two kinds of card fraud: card-present fraud (not so common
nowadays) and card-not-present fraud (more common). The compromise can
occur in a number of ways and can usually occur without the knowledge of the
cardholder. The internet has made database security lapses particularly costly,
in some cases, millions of accounts have been compromised.[5]

Prevention of payment card fraud

Card information is stored in a number of formats. Card numbers – formally

the Primary Account Number (PAN) – are often embossed or imprinted on the
card, and a magnetic stripe on the back contains the data in a machine-readable
format. Fields can vary, but the most common include the Name of the
cardholder; Card number; Expiration date; and Verification CVV code.

some countries are equipped with an EMV chip which requires a 4 to 6 digit PIN
to be entered into the merchant's terminal before payment will be authorized.
However, a PIN is not required for online transactions. In some European
countries, buyers using a card without a chip may be asked for photo ID at
the point of sale.
In some countries, a credit card holder can make a contactless payment for
goods or services by tapping their card against a RFID or NFC reader without
the need for a PIN or signature if the cost falls under a pre-determined limit.

Types of payment card fraud[

Application fraud[

Application fraud takes place when a person uses stolen or fake documents to
open an account in another person's name. Criminals may steal or fake
documents such as utility bills and bank statements to build up a personal
profile. When an account is opened using fake or stolen documents, the fraudster
could then withdraw cash or obtain credit in the victim's name.[10]

Application fraud can also occur using a synthetic identity which is similar to the
fake documents mentioned above. A synthetic identity is personal information
gathered from many different identities to create one fake identity.[11] Once the
identity and the account is established, the fraudster has a few different options
to take advantage of the bank. They can maximize their credit card spending by
spending as much money as possible on their new credit card. Many fraudsters
will use the new credit card to purchase items that have a high resale value so
they can turn it into cash.

Account takeover

An account takeover refers to the act by which fraudsters will attempt to

assume control of a customer's account (i.e. credit cards, email, banks, SIM card
and more). Control at the account level offers high returns for fraudsters.
According to Forrester, risk-based authentication (RBA) plays a key role in risk
mitigation.[12]

A fraudster uses parts of the victim's identity such as an email address to gain
access to financial accounts. This individual then intercepts communication
about the account to keep the victim blind to any threats. Victims are often the
first to detect account takeover when they discover charges on monthly
statements they did not authorize or multiple questionable
withdrawals.[13] There has been an increase in the number of account
takeovers since the adoption of EMV technology, which makes it more difficult
for fraudsters to clone physical credit cards.[14]
Among some of the most common methods by which a fraudster will commit an
account, takeover includes proxy-based "checker" one-click apps, brute-force
botnet attacks, phishing,[15] and malware. Other methods include dumpster
diving to find personal information in discarded mail, and outright buying lists of
'Fullz', a slang term for full packages of identifying information sold on the black
market.[16]

Once logged in, fraudsters have access to the account and can make purchases
and withdraw money from bank accounts.[17] They have access to any
information that is tied to the account, they can steal credit card numbers along
with social security numbers. They can change the passwords to prevent the
victim from accessing their account. Cybercriminals have the opportunity to
open other accounts, utilize rewards and benefits from the account, and sell this
information to other hackers.

Social engineering fraud

Social engineering fraud can occur when a criminal poses as someone else
which results in a voluntary transfer of money or information to the fraudster.
Fraudsters are turning to more sophisticated methods of scamming people and
businesses out of money. A common tactic is sending spoof emails
impersonating a senior member of staff and trying to deceive employees into
transferring money to a fraudulent bank account.[18]

Fraudsters may use a variety of techniques in order to solicit personal

information by pretending to be a bank or payment processor. Telephone
phishing is the most common social engineering technique to gain the trust of
the victim.

Businesses can protect themselves with a dual authorization process for the
transfer of funds that requires authorization from at least two persons, and a
call-back procedure to a previously established contact number, rather than any
contact information included with the payment request. The bank must refund
any unauthorized payment; however, they can refuse a refund if they can prove
the customer authorized the transaction, or it can prove the customer is at fault
because they acted deliberately, or failed to protect details that allowed the
transaction.[19]

Skimming
 "Skimmer (device)" redirects here. For other uses, see Skimmer
(disambiguation).

Green plastic unit on an ATM slot, intended to stop thieves from installing a
skimmer device on the machine

Skimming is the theft of personal information which has been used in an

otherwise normal transaction. The thief can procure a victim's card number
using basic methods such as photocopying receipts or more advanced methods
such as using a small electronic device (skimmer) to swipe and store hundreds
of victims' card numbers. Common scenarios for skimming are taxis, restaurants
or bars where the skimmer has possession of the victim's payment card out of
their immediate view.[20] The thief may also use a small keypad to
unobtrusively transcribe the three or four-digit card security code, which is not
present on the magnetic strip.

Chapter 4
4.1.1 Types of Threats
Cyber Security Threats
Most Common Cyber attacks

In recent years, there have been several high-profile cyberattacks that have had a devastating
impact on businesses and individuals. These are theft of social security numbers, bank account
details, credit card information, and sensitive data leaks. The main reason is that most
individuals store their data on cloud storage services such as Dropbox or Google Drive. These
attacks have highlighted the importance of having strong cybersecurity measures in
place. Some of the most common cyberattacks include:

1. Phishing Attacks

Phishing is a type of cyberattack that involves tricking users into clicking on malicious links or
attachments. It can lead to the theft of sensitive information, such as login credentials or
financial data.

2. Malware Attacks
Malware is a type of malicious software that can infect computers and devices. It can steal
information, hijack devices, or launch attacks on other systems.

3. Denial-of-service Attacks

A denial-of-service attack is a type of attack that prevents users from accessing a system or
service. This can be done by flooding the system with traffic or requests or damaging it so it
can no longer function properly.

4. Ransomware Attacks

Ransomware is malware that encrypts files or systems and demands a ransom to decrypt them.
It can lead to the loss of essential data or the complete shutdown of a system.

5. Man-in-the-middle (MitM) AttacksA MitM attack is a type of attack where an attacker

intercepts communications between two parties. This can be done by eavesdropping on a
network connection or redirecting traffic to a malicious server.

6. SQL Injection

A SQL injection attack is a type of cyber-attack that exploit vulnerabilities in web applications
to inject malicious SQL code into the database. This code can view, delete, or modify data in
the database. SQL injection attacks can also take control of the server or carry out other
malicious activities.

4.1.2 Advantages of Cyber Security

1.Protects Personal Information: In this age of a digitally-driven world, one of the most valuable
commodities is personal information. If a virus is able to collect personal information about your
employees or customers, it is quite likely that it will be sold or used to steal their money.

2.Protects and Enhances Productivity: Viruses infecting your systems and network will result in
functioning resulting in the almost impossibility of further working. In effect, this will cause
downtime in work for your staff and wastage additionally bringing the entire company to a halt.

3. Prevents crashing of websites: If you're a small business, you're probably hosting your own
website. If your system is infected, there's a good risk your website will be forced to go down.
This means that not only will you incur losses due to missed transactions, but you will also run
the risk of losing trust from your clients, and some viruses may cause long-term damages to your
systems.
Support Your IT Professional: Typically, a good security system equips your organization and
employees with the best tools, techniques, and assistance in combating cyber attacks and
criminals.

In a nutshell, we can list out the advantages of cyber security as follows:

• It will safeguard your company.

• Please keep your personal information private.

• Enables users to work in a relaxed environment.

• It also maintains efficiency.

• Various jobs are mechanized as a result of this.

• Organize data and information more effectively.

• The information and files as recommendations and suggestions are essential for the
productivity of the business

• Internet security processes all the incoming & outgoing data on our computer.
- It helps to reduce computer chilling & crashes.
- Gives us privacy.

4.2 Basic Terminologies:

4.2.1 IP Address, MAC Address
4.2.2 Domain name Server(DNS)
4.2.3 DHCP, Router, Bots
1. IP address

An IP address is a unique address that identifies a device on the internet or a local network.
IP stands for "Internet Protocol," which is the set of rules governing the format of data sent via
the internet or local network.

In essence, IP addresses are the identifier that allows information to be sent between devices on
a network: they contain location information and make devices accessible for communication.
The internet needs a way to differentiate between different computers, routers, and websites.
IP addresses provide a way of doing so and form an essential part of how the internet works.
What is an IP Address?

An IP address is a string of numbers separated by periods. IP addresses are expressed as a set

of four numbers — an example address might be 192.158.1.38. Each number in the set can
range from 0 to 255. So, the full IP addressing range goes from 0.0.0.0 to 255.255.255.255.

IP addresses are not random. They are mathematically produced and allocated by the Internet
Assigned Numbers Authority (IANA), a division of the Internet Corporation for Assigned
Names and Numbers (ICANN). ICANN is a non-profit organization that was established in the
United States in 1998 to help maintain the security of the internet and allow it to be usable by
all. Each time anyone registers a domain on the internet, they go through a domain name
registrar, who pays a small fee to ICANN to register the domain.

Watch this video to learn what IP address is, why IP address is important and how to protect it
from hackers:

Types of IP addresses

There are different categories of IP addresses, and within each category, different types.

Consumer IP addresses

Every individual or business with an internet service plan will have two types of IP addresses:
their private IP addresses and their public IP address. The terms public and private relate to
the network location — that is, a private IP address is used inside a network, while a public
one is used outside a network.

Private IP addresses

Every device that connects to your internet network has a private IP address. This includes
computers, smartphones, and tablets but also any Bluetooth-enabled devices like speakers,
printers, or smart TVs. With the growing internet of things, the number of private IP addresses
you have at home is probably growing. Your router needs a way to identify these items
separately, and many items need a way to recognize each other. Therefore, your router
generates private IP addresses that are unique identifiers for each device that differentiate
them on the network.
Public IP addresses

A public IP address is the primary address associated with your whole network. While each
connected device has its own IP address, they are also included within the main IP address for
your network. As described above, your public IP address is provided to your router by your
ISP. Typically, ISPs have a large pool of IP addresses that they distribute to their customers.
Your public IP address is the address that all the devices outside your internet network will
use to recognize your network.

Public IP addresses

Public IP addresses come in two forms – dynamic and static.

Dynamic IP addresses

Dynamic IP addresses change automatically and regularly. ISPs buy a large pool of IP
addresses and assign them automatically to their customers. Periodically, they re-assign them
and put the older IP addresses back into the pool to be used for other customers. The rationale
for this approach is to generate cost savings for the ISP. Automating the regular movement of
IP addresses means they don’t have to carry out specific actions to re-establish a customer's IP
address if they move home, for example. There are security benefits, too, because a changing IP
address makes it harder for criminals to hack into your network interface.

Static IP addresses

In contrast to dynamic IP addresses, static addresses remain consistent. Once the network
assigns an IP address, it remains the same. Most individuals and businesses do not need a
static IP address, but for businesses that plan to host their own server, it is crucial to have one.
This is because a static IP address ensures that websites and email addresses tied to it will have
a consistent IP address — vital if you want other devices to be able to find them consistently on
the web.

2. MAC address

What is a MAC address (media access control address)?

A MAC address (media access control address) is a 12-digit hexadecimal number assigned to
each device connected to the network. Primarily specified as a unique identifier during device
manufacturing, the MAC address is often found on a device's network interface card (NIC). A
MAC address is required when trying to locate a device or when performing diagnostics on a
network device.

The MAC address belongs to the data link layer of the Open Systems Interconnection (OSI)
model, which encapsulates the MAC address of the source and destination in the header of
each data frame to ensure node-to-node communication.

Each network interface in a device is assigned a unique MAC address, so it's possible for a
device to have more than one MAC address. For example, if a laptop has both
an Ethernet cable port and built-in Wi-Fi, there will be two MAC addresses shown in the
system configuration.

There are three types of MAC addresses:

1. Unicast MAC address. A unicast address is attached to a specific NIC on the local
network. Therefore, this address is only used when a frame is sent from a single
transmitting device to a single destination device.

2. Multicast MAC address. A source device can transmit a data frame to multiple
devices by using a multicast A multicast group IP address is assigned to devices
belonging to the multicast group.

3. Broadcast MAC address. This address represents every device on a given network.
The purpose of a broadcast domain is to enable a source device to send data to every
device on the network by using the broadcast address as the destination's MAC
address.

3. Domain name server

What is DNS?

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information
online through domain names, like nytimes.com or espn.com. Web browsers interact
through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so
browsers can load Internet resources.

Each device connected to the Internet has a unique IP address which other machines use to
find the device. DNS servers eliminate the need for humans to memorize IP addresses such as
192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as
2400:cb00:2048:1::c629:d7a2 (in IPv6)

How does DNS work?

The process of DNS resolution involves converting a hostname (such as www.example.com)

into a computer-friendly IP address (such as 192.168.1.1). An IP address is given to each device
on the Internet, and that address is necessary to find the appropriate Internet device - like a
street address is used to find a particular home. When a user wants to load a webpage, a
translation must occur between what a user types into their web browser (example.com) and
the machine-friendly address necessary to locate the example.com webpage.

In order to understand the process behind the DNS resolution, it’s important to learn about the
different hardware components a DNS query must pass between. For the web browser, the
DNS lookup occurs "behind the scenes" and requires no interaction from the user’s computer
apart from the initial request.

There are 4 DNS servers involved in loading a webpage:

• DNS recursor - The recursor can be thought of as a librarian who is asked to go find a
particular book somewhere in a library. The DNS recursor is a server designed to
receive queries from client machines through applications such as web browsers.
Typically the recursor is then responsible for making additional requests in order to
satisfy the client’s DNS query.

• Root nameserver - The root server is the first step in translating (resolving) human
readable host names into IP addresses. It can be thought of like an index in a library
that points to different racks of books - typically it serves as a reference to other more
specific locations.

• TLD nameserver - The top level domain server (TLD) can be thought of as a specific
rack of books in a library. This nameserver is the next step in the search for a specific
IP address, and it hosts the last portion of a hostname (In example.com, the TLD
server is “com”).

• Authoritative nameserver - This final nameserver can be thought of as a dictionary

on a rack of books, in which a specific name can be translated into its definition. The
authoritative nameserver is the last stop in the nameserver query. If the authoritative
name server has access to the requested record, it will return the IP address for the
requested hostname back to the DNS Recursor (the librarian) that made the initial
request.

4. DHCP
Dynamic Host Configuration Protocol (DHCP) is a network protocol that is used to
configure network devices to communicate on an IP network. A DHCP client uses the
DHCP protocol to acquire configuration information, such as an IP address, a default
route, and one or more DNS server addresses from a DHCP server.
 Domain Name System (DNS) is an Internet service that translates domain names (e.g.,
its.umich.edu) into IP addresses. Dynamic Host Configuration Protocol (DHCP) is a
protocol for automatically assigning IP addresses and other configurations to devices
when they connect to a network

Here are the features a DHCP server can offer. Allows the administrator to set lease times,
even on manually allocated IP addresses. Allows the definition of the pool or pools of IP
addresses that can be allocated dynamically. A user might have a server that forces the pool to
be a whole subnet or network.
There are three main kinds of DNS Servers — primary servers, secondary servers, and caching
servers.11-Jun-2021

5. Router

A router is a device that connects two or more packet-switched networks or subnetworks. It serves
two primary functions: managing traffic between these networks by forwarding data packets to
their intended IP addresses, and allowing multiple devices to use the same Internet connection.

There are several types of routers, but most routers pass data between LANs (local area
networks) and WANs (wide area networks). A LAN is a group of connected devices restricted to a
specific geographic area. A LAN usually requires a single router.

A WAN, by contrast, is a large network spread out over a vast geographic area. Large
organizations and companies that operate in multiple locations across the country, for instance,
will need separate LANs for each location, which then connect to the other LANs to form a WAN.
Because a WAN is distributed over a large area, it often necessitates multiple routers and
switches*.

*A network switch forwards data packets between groups of devices in the same network, whereas a
router forwards data between different networks.

How does a router work?

Think of a router as an air traffic controller and data packets as aircraft headed to different
airports (or networks). Just as each plane has a unique destination and follows a unique route,
each packet needs to be guided to its destination as efficiently as possible. In the same way that
an air traffic controller ensures that planes reach their destinations without getting lost or
suffering a major disruption along the way, a router helps direct data packets to their destination
IP address.

In order to direct packets effectively, a router uses an internal routing table — a list of paths to
various network destinations. The router reads a packet's header to determine where it is going,
then consults the routing table to figure out the most efficient path to that destination. It then
forwards the packet to the next network in the path.

To learn more about IP routing and the protocols that are used during this process, read What is
routing?

What are the different types of routers?

In order to connect a LAN to the Internet, a router first needs to communicate with a modem.
There are two primary ways to do this:

• Wireless router: A wireless router uses an Ethernet cable to connect to a modem. It distributes
data by converting packets from binary code into radio signals, then wirelessly broadcasts them
using antennae. Wireless routers do not establish LANs; instead, they create WLANs (wireless
local area networks), which connect multiple devices using wireless communication.

• Wired router: Like a wireless router, a wired router also uses an Ethernet cable to connect to a
modem. It then uses separate cables to connect to one or more devices within the network,
create a LAN, and link the devices within that network to the Internet.

In addition to wireless and wired routers for small LANs, there are many specialized types of
routers that serve specific functions:

• Core router: Unlike the routers used within a home or small business LAN, a core router is used
by large corporations and businesses that transmit a high volume of data packets within their
network. Core routers operate at the "core" of a network and do not communicate with external
networks.

• Edge router: While a core router exclusively manages data traffic within a large-scale network, an
edge router communicates with both core routers and external networks. Edge routers live at
 the "edge" of a network and use the BGP (Border Gateway Protocol) to send and receive data
from other LANs and WANs.

• Virtual router: A virtual router is a software application that performs the same function as a
standard hardware router. It may use the Virtual Router Redundancy Protocol (VRRP) to
establish primary and backup virtual routers, should one fail.

What are some of the security challenges associated with

routers?
Vulnerability exploits: All hardware-based routers come with automatically installed software
known as firmware that helps the router perform its functions. Like any other piece of software,
router firmware often contains vulnerabilities that cyber attackers can exploit (one example), and
router vendors periodically issue updates to patch these vulnerabilities. For this reason, router
firmware needs to be updated regularly. Unpatched routers can be compromised by attackers,
enabling them to monitor traffic or use the router as part of a botnet.

DDoS attacks: Small and large organizations often are the targets of distributed denial-of-service
(DDoS) attacks directed at their network infrastructure. Unmitigated network layer DDoS
attacks can overwhelm routers or cause them to crash, resulting in network downtime. Cloudflare
Magic Transit is one solution for protecting routers and networks from these kinds of DDoS
attacks.

Administrative credentials: All routers come with a set of admin credentials for performing
administrative functions. These credentials are set to default values, such as "admin" as the
username and "admin" as the password. The username and password should be reset to
something more secure as soon as possible: attackers are aware of the common default values for
these credentials and can use them to gain control of the router remotely if they are not reset.

6. Bots

What is a bot?
A bot -- short for robot and also called an internet bot -- is a computer program that operates as
an agent for a user or other program or to simulate a human activity. Bots are normally used to
automate certain tasks, meaning they can run without specific instructions from humans.

An organization or individual can use a bot to replace a repetitive task that a human would
otherwise have to perform. Bots are also much faster at these tasks than humans. Although bots
can carry out useful functions, they can also be malicious and come in the form of malware.

How do bots work?

Normally, bots operate over a network. They communicate with one another using internet-
based services, such as instant messaging (IM); interfaces like Twitterbots; or Internet Relay
Chat. According to the 2021 research report titled "Bot Attacks: Top Threats and Trends" from
security firm Barracuda, more than two-thirds of internet traffic is bots. In addition, 67% of bad
bot traffic originates from public data centers in North America.

Bots are made from sets of algorithms that aid them in their designated tasks. These tasks
include conversing with a human -- which attempts to mimic human behaviours -- or gathering
content from other websites. There are several different types of bots designed to accomplish a
wide variety of tasks.

For example, a chatbot uses one of several methods to operate. A rule-based chatbot interacts
with a person by giving predefined prompts for that individual to select. An intellectually
independent chatbot uses machine learning to learn from human inputs and scan for valuable
keywords that can trigger an interaction. Artificial intelligence chatbots are a combination of
rule-based and intellectually independent chatbots. Chatbots may also use pattern matching,
natural language processing (NLP) and natural language generation tools.

Organizations or individuals who use bots can also use bot management software, which helps
manage bots and protect against malicious bots. Bot managers may also be included as part of a
web app security platform. A bot manager can allow the use of some bots and block the use of
others that might cause harm to a system. To do this, a bot manager classifies any incoming
requests by humans and good bots, as well as known malicious and unknown bots. Any suspect
bot traffic is then directed away from a site by the bot manager. Some basic bot management
feature sets include IP rate limiting and CAPTCHAs. IP rate limiting restricts the number of
same address requests, while CAPTCHAs provide challenges that help differentiate bots from
humans.

Types of bots
There are numerous types of bots, all with unique goals and tasks. Some common bots include
the following:

• Chatbots. These programs can simulate conversations with a human being. One of
the first and most famous chatbots prior to the web was Eliza, an NLP program
developed in 1966 as a Massachusetts Institute of Technology research project. This
chatbot pretended to be a psychotherapist and answered questions with other
questions. More recent examples of chatbots include virtual assistants, such as
Amazon's Alexa, Apple's Siri and Google Assistant.

• Social bots. These bots, often considered opinion bots, influence discussions with
users on social media platforms.

• Shopbots. Many of these programs shop around the web and locate the best price
for a product a user is interested in buying. Other shopbots like the Shopify chatbot
enable Shopify store owners to automate marketing and customer support.

• Knowbots. These programs collect knowledge for a user by automatically visiting

websites to retrieve information that meets certain specified criteria. Knowbots
were originally used as a computerized assistant that performed redundant tasks.

• Spiders or crawlers. Also known as web crawlers, these bots access websites and
gather content for indexes in search engines, such as Google and Bing.

• Monitoring bots. These can be used to monitor the health of a website or system.

• Transactional bots. These bots are designed to simplify tasks that would otherwise
be performed by a human over the phone, such as blocking a stolen credit card or
confirming a bank's hours of operation.
4.3 Common Types of Attacks:
4.3.1 Distributed Denial of Service
Already discuss

4.3.2 Man in the Middle, Email Attack

What is MITM Attack
A MITM attack is a form of cyber-attack where a user is introduced with some kind of meeting
between the two parties by a malicious individual, manipulates both parties and achieves access
to the data that the two people were trying to deliver to each other. A man-in-the-middle attack
also helps a malicious attacker, without any kind of participant recognizing till it's too late, to hack
the transmission of data intended for someone else and not supposed to be sent at all. In certain
aspects, like MITM, MitM, MiM or MIM, MITM attacks can be referred.

If an attacker puts himself between a client and a webpage, a Man-in-the-Middle (MITM) attack
occurs. This form of assault comes in many different ways.

For example, In order to intercept financial login credentials, a fraudulent banking website can be
used. Between the user and the real bank webpage, the fake site lies "in the middle."

How does MITM work

There are several reasons and strategies for hackers to use a MITM attack. Usually, like credit card
numbers or user login details, they try to access anything. They also spy on private meetings,
which may include corporate secrets or other useful information.

The feature that almost every attack has, in general, is that the attacker pretends to be somebody
you trust (or a webpage).
Real life Instances of MITM attack

In the above diagram, you can see that the intruder positioned himself in between the client and
server to intercept the confidential data or manipulate the incorrect information of them.

Another Instance of MITM attack

As shown in the above picture, to obtain access to banking, the attacker is trying to imitate both
sides of the discussion. This instance is accurate for the client and the server discussions and also
person-to-person discussions. Shown in this instance, the attacker retrieves a public key and can
modulate his own passwords to manipulate the audience to accept that they are safely
communicating with each other at either end.

Types of MITM Attack

4.3.3 Password Attack, Malware

Password attack is a common attack vector used to bypass or exploit authentication of user
accounts. As one of the most common application security threats, password attacks accounted
for more than 81% of data breaches in 2020. This article teaches what a password attack is,
different types of such attacks, and best practices to prevent them in modern applications.

Password Attack Definition

Password attacks involve exploiting a broken authorization vulnerability in the system combined
with automatic password attack tools that speed up the guessing and cracking passwords. The
attacker uses various techniques to access and expose the credentials of a legitimate user,
assuming their identity and privileges. The username-password combination is one of the oldest
known account authentication techniques, so adversaries have had time to craft multiple
methods of obtaining guessable passwords. Additionally, applications that use passwords as the
sole authentication factor are vulnerable to password attacks since the vulnerabilities are well
understood.

Password attacks have far-reaching consequences since malicious users only require
unauthorized access to a single privileged account or a few users accounts to compromise the
web application. Depending on the data hosted by the application, compromised passwords can
pave the way for the exposure of sensitive information, distributed denial-of-service, financial fraud,
and other sophisticated attacks.

Types of Password Attacks

Hackers typically rely on different techniques to obtain and authenticate with a legitimate user’s
password. These include:
Phishing Attacks
By far the most common form of password attack, a phishing attack involves a social engineering
technique in which the hacker masquerades as a trusted site by sending the victim a malicious
link. After assuming they are authenticating to a legitimate web server, the victim clicks on this
link, providing the attacker with their account credentials. Besides identity theft, phishing attacks
also foster Advanced Persistent Threats by allowing the threat actor to gain permissions of an
internal user, thereby allowing the attacker to compromise more profound components of the
system while remaining undetected. In phishing attacks, adversaries commonly use multiple
methods to trick the user into clicking the malicious link, including:

1. DNS cache poisoning – Attackers leverage vulnerabilities in the application’s DNS server to
redirect user requests to a malicious site with a similar-looking domain name.

2. URL hijacking/typosquatting – The attacker creates a genuine-looking URL with subtle

differences from the website they want to impersonate. The attack then depends on users
making typing mistakes, so they land on the malicious page.

3. Tabnabbing – The attacker rewrites unattended browser tabs with malicious sites that look like
legitimate web pages.

4. UI redressing/iFrame overlay – Using transparent layers, the attacker places a link to the
malicious page over a legitimate, clickable button.

5. Clone phishing – In this attack, the attacker sends a copy of a legitimate email where the links
within the original email are replaced with URLs to malicious sites.

Brute-Force Password Attacks

This type of password attack employs trial-and-error methods to guess a user’s authentication
information. The bad actor uses automated scripts to work through as many permutations as
possible to guess the user’s password correctly. While it is a relatively old method that requires a
lot of patience and time, a Brute force attack is still standard in account breach attempts since they
are automated and straightforward. There are several types of brute force attacks:

1. Simple brute force attacks – A hacker uses logic and data about a user to guess the most likely
password. This technique is used for simple passwords, such as those containing a combination
of pet name-year and birth.

2. Credential stuffing – This involves using previously exposed login combinations that were
maliciously obtained across vulnerable websites. In such attacks, hackers typically take
advantage of the fact that entities tend to re-use their username-password combinations across
multiple services.
3. Hybrid brute force attacks – An attacker combines simple weak password-guessing with
automated software that performs credential stuffing to uncover complex passwords. In most
production systems, entities use slight variations of passwords across different websites.
Attackers also rely on user data patterns across services to improve the accuracy of credential
stuffing tools.

4. Reverse brute force attacks – In this attack, a hacker starts with a known password and then
searches for usernames that match it. As threat actors often have access to multiple databases
of leaked credentials, it is easy to identify common passwords within a particular group of users.

Dictionary Password Attacks

This attack method uses a predefined list of words most likely to be used as passwords by a
specific target network. The predefined list is built from a website user’s behavioral patterns and
passwords obtained from previous data breaches. The lists are created by varying common
combinations of words by case, adding numeric suffixes & prefixes, and using common phrases.
These lists are passed to an automated tool, which attempts to authenticate against a list of
known usernames.

Password Spraying Attack

In this attack, the hacker attempts to authenticate using the same password on various accounts
before moving to another password. Password spraying is most effective since most website
users set simple passwords, and the technique doe not violate lockout policies since it uses
several different accounts. Attackers mostly orchestrate password spraying in websites where
administrators set a standard default password for new users and unregistered accounts.

Keylogging
While orchestrating a Keylogging attack, a hacker installs monitoring tools in the user’s computer
to record the keys struck by the user covertly. A keylogger records all information that users type
into input forms and then sends it to the malicious third party. While keyloggers often have
essential uses in enterprise settings (UX improvement, employee monitoring, etc.), attackers
often use them to extract information such as login credentials for unauthorized access
maliciously.

Password Attack Example

One of the most common examples of a phishing password attack involves lying to the victim
that their account will be deactivated if they do not confirm their login details.
Assume the user utilizes services from a website with the URL: http://darwin.com

The attacker crafts phishing emails to the users, informing them that their account has been
compromised and that their credit card and login details are needed to retain the account. The
email includes a link like: http://darw1n.com/confirm-details, pointing to the hacker’s malicious
website. The victim clicks on this link and is redirected to the fake confirmation page, where they
supply their legitimate login credentials. The hacker then collects these credentials and uses
them to access the victim’s legitimate account.

How to Prevent Password Attacks

Some best practices to prevent password attacks include:

Enforce strong password policies

Security administrators must enforce policies that ensure users follow set criteria to prevent
malicious actors from cracking their passwords. For example, the password should be a
minimum of 8 characters long and include special characters to avoid brute force attempts. Also,
passwords should not contain personally identifying information, as this may foster dictionary
attacks. Users should also use unique passwords for each service and rotate the passwords
frequently to prevent attackers from using exposed credential databases for password attacks.

Organization-wide password security training

It is vital to ensure every user understands the criticality of a strong password policy and follows
the organization-wide awareness of password security. Additionally, every application user should
be aware of social engineering attacks that trick them into submitting their credentials to
malicious third parties.

Enable Multifactor Authentication

Passwords in themselves generally do not offer a complete user authentication solution.

Multifactor authentication involves the use of passwords in combination with extra security
checks. Some MFA implementations include the One-Time Password (OTP), biometric
authentication, software tokens, and behavioral analysis.

Use a password manager

The primary function of a password manager is to help web administrators store and manage
user credentials. Password management solutions also generate passwords for users following
strong policies and best practices. In addition, these tools store user credentials in strongly
encrypted databases, making them robustly secured from exposure in a data breach.
4.4 Hackers:
4.4.1 Various Vulnerabilities:

4.4.1.1 Injection attacks, Changes in security settings

A SQL injection (SQLi) is a technique that attackers use to gain unauthorized access to a web
application database by adding a string of malicious code to a database query.

A SQL injection manipulates Structured Query Language code to provide access to protected
resources, such as sensitive data, or execute malicious SQL statements. When executed
correctly, a SQL injection can expose intellectual property, customer data or the administrative
credentials of a private business.

SQL injection attacks can be used to target any application that uses a SQL database, with
websites being the most common prey. Common SQL databases
include MySQL, Oracle and Microsoft SQL Server.

How does a SQL injection attack work?

A SQL query is a request for some action to be performed on an application database. Queries
can also be used to run operating system commands. Each query includes a set of parameters
that ensure only desired records are returned when a user runs the query. During a SQL
injection, attackers exploit this by injecting malicious code into the query's input form.

The first step of a SQL injection attack is to study how the targeted database functions. This is
done by submitting a variety of random values into the query to observe how the server
responds.

Attackers then use what they've learned about the database to craft a query the server interprets
and then executes as a SQL command. For example, a database may store information about
customers who have made a purchase with customer ID numbers. Instead of searching for a
specific customer ID, an attacker may insert "CustomerID = 1000 OR 1=1" into the input field.
Since the statement "1=1" is always true, the SQL query would return all available customer
IDs and any corresponding data. This enables the attacker to circumvent authentication and gain
administrator-level access.

In addition to returning unauthorized information, SQL attacks can be written to delete an entire
database, bypass the need for credentials, remove records or add unwanted data.

How many types of SQL injection attacks are there?

There are a few different types of SQL injection attacks.

In-band SQLi

Also known as classic SQLi, in-band SQLi is when hackers use the same channel -- or band --
to launch database errors and to collect the results from an attack. In-band SQLi is most
commonly achieved through two methods:

1. Error-based injection techniques force the database to produce error messages that reveal
information about the structure of the database.

2. Union-based attacks use prepared statements that exploit the SQL union function, which
combines the results of multiple queries into one result.

Inferential SQLi

Also known as blind SQLi, inferential SQLi is when hackers send data payloads to a database
server to observe its response and behavior without being able to see what is occurring within
the database. The server's response provides attackers with clues that they can use to adjust their
attack strategy.

Inferential SQLi can be either Boolean-based or time-based. Boolean SQLi uses true or false
statements to solicit a response, while time-based SQLi sets a designated response period.

Out-of-band SQLi

Out-of-band SQLi is when hackers take advantage of domain name system or Hypertext
Transfer Protocol requests to retrieve data. Out-of-band SQLi is usually only performed when a
web server is too slow or when in-band SQLi is not possible to execute.

How can a SQL injection attack be detected and prevented?

If a SQL injection attack is successfully carried out, it could cause extensive damage by
exposing sensitive data and damaging customer trust. That's why it is important to detect this
type of attack in a timely manner.

Web application firewalls (WAFs) are the most common tool used to filter out SQLi attacks.
WAFs are based on a library of updated attack signatures and can be configured to flag
malicious SQL queries in web applications.

To prevent a SQL injection attack from occurring, businesses can follow these practices:

• Train employees on prevention methods. It's important that IT teams -- including DevOps,
system administrators and software development -- receive proper security training to
understand how SQLi attacks happen and how they can be prevented in web applications.

• Don't trust user input. Any user input provided in a SQL query increases the likelihood for
a successful SQL injection. The best way to mitigate this type of risk is to put security
measures around user input.

• Use an allowlist instead of a blocklist. Validating and filtering user input via an allowlist, as
opposed to a blocklist, is recommended because cybercriminals can usually bypass a
blocklist. This is because a blocklist includes a list of all the applications or executables that
might pose a threat to the network. Therefore, everything on the network can operate
besides the items on the blocklist. Unfortunately, thousands of new malware and virus
samples are created every day, and it's impossible for administrators to keep the blocklists
updated with newer attack variants and zero-day vulnerabilities, so a security breach is
entirely possible before the list is updated.

• Perform routing updates, and use the newest version of applications. One of the most
common SQL injection vulnerabilities is outdated software. Not only is older technology
unlikely to have built-in SQLi protection, but unpatched software is also often easier to
manipulate. This includes programming languages, too. Older languages and syntax are
more vulnerable. For example, use PHP Data Objects as a substitute for older MySQL.
• Use validated prevention methods. Query strings written from scratch offer insufficient
protection against SQLi. The best way to protect web applications is through input
validation, prepared statements and parameterized queries.

• Perform regular security scans. Regularly scanning web applications catches and remedies
potential vulnerabilities before they do serious damage.

Some database administrators believe that a stored procedure statement can often aid in the
prevention of SQL injection attacks by restricting the types of statements that can be supplied to
its parameters. However, this doesn't prevent all exploits, as there are numerous workarounds
and intriguing statements that can still be provided to stored procedures.

4.4.1.2 Exposure of Sensitive Data

What is sensitive data exposure?

Sensitive data exposure occurs when an application, company, or other entity
inadvertently exposes personal data. Sensitive data exposure differs from a data
breach, in which an attacker accesses and steals information.

Sensitive data exposure occurs as a result of not adequately protecting a

database where information is stored. This might be a result of a multitude of
things such as weak encryption, no encryption, software flaws, or when someone
mistakenly uploads data to an incorrect database.

Different types of data can be exposed in a sensitive data exposure. Banking

account numbers, credit card numbers, healthcare data, session tokens, Social
Security number, home address, phone numbers, dates of birth, and user
account information such as usernames and passwords are some of the types of
information that can be left exposed.

How does data exposure differ from a

data breach?
A data breach is a security incident in which information is accessed without
authorization.

Hackers seek out personally identifiable information and other data in order to
steal money, compromise identities, or sell over the dark web. Data can be
targeted to be stolen, modified, or destroyed.

Data exposure is when data is left exposed in a database or server for anyone to
see. Sensitive data can be exposed when configuration details for systems and
applications are left unsecured online.

How applications are vulnerable to

data exposure
Data exposure can be linked to how a company handles certain information.
Sometimes, sensitive data can be found stored in plain text documents.

If websites don’t use SSL and don’t have HTTPS security on web pages that
store information, data may be at risk of being exposed.

Other ways data can be exposed include by storing it in a database that may be
compromised by SQL injection or other types of attacks, using weak
cryptographic algorithms or keys, not implementing hashed and salted password
practices (which is a form of cryptography similar to encryption), and other
unsecure data storage. SQL injection is a code injection technique that allows an
attacker to interfere with the queries that an application makes to its database. It
can be used to steal information from a database via the backend.

Passwords can be exposed when hashed passwords are stored without salt,
meaning it was not fully protected via cryptography, making the password easily
unencrypted. Hashed and salted passwords refer to the storage of the password
on the server, in which the password (salted or not) is converted into a type of
word puzzle that the server knows how to read. If a website’s hashing isn’t
strong, then passwords can easily be read during a data exposure.

How to protect yourself in an event of

sensitive data exposure
Here are some tips that can help.

• Use a unique and complex password for each of your online

accounts. Keeping track of all those passwords can be difficult, but there are
products, such as Norton Password Manager, that can help make this task
easier to manage.
• Monitor your bank and other financial accounts. Check your accounts
regularly for unfamiliar activity. And if the companies offer activity alerts via
text or email, it may make sense for you to sign up for them.
• Check your credit report. Do so regularly to see if a thief has attempted to
open a new credit card or another account in your name. You’re entitled by
law to a free credit report from each of the three major credit reporting
agencies every 12 months. Visit annualcreditreport.com for more
information.
• Take action as soon as possible. If you see suspicious activity, contact the
financial institution involved immediately. If your information was stolen in a
data breach, let them know that, as well.
• Use only secure URLs. Be sure that you are visiting a well known website
that you trust. Generally, reputable sites begin with https://. The “s” is key.
This is especially important when entering credit card or other personal
information.
• Implement high-quality security software. Install and use a software
suite that includes malware and virus protection — and always keep it
updated. Norton 360 with LifeLock is one such solution.
• Consider an identity theft protection or credit monitoring service. The
mess caused by a stolen identity could take months or even years to fix. It’s
important to consider identity theft protection or a credit monitoring service.
Norton protection now includes LifeLock identity theft protection, helping to
protect your personal information in an age of data exposure and breaches.

4.4.1.3 Breach in authentication protocol

Here are the most common network authentication methods that your company can integrate to
prevent future breaches:

1. Password-based authentication
Passwords are the most common network authentication method. And for obvious reasons, they
are the easiest to implement. Passwords can be any combination of letters, numbers, and special
characters, and work best when they are complex and tricky to guess. However, passwords are
also very easy targets for cybercriminals and are often compromised as a result of phishing
attacks and bad password hygiene.

2. Two-factor authentication
Two-factor authentication (2FA) provides an additional layer of security on top of password
protection. It requires an additional login credential, on top of a username and password. For
example, when logging into a banking portal, users may have to provide a password and follow by
entering a 6-digit code that’s been sent to their phone. This makes it more difficult for hackers to
successfully access the account.

3. Multi-factor authentication
Multi-Factor Authentication (MFA) is a network authentication method that is similar to a 2FA but
requires two or more ways to identify a user. This can be anything from text messages that send
security codes to your mobile device, facial recognition, fingerprints, or even voice biometrics.
MFA authentication significantly improves security and user confidence by adding additional
layers of security.

4. CAPTCHAs
The term is an acronym for “completely automated public Turing test to tell computers and
humans apart”, and is used to identify if a user is a human or a malicious bot. CAPTCHAs are
designed to prevent sophisticated automated programs from breaking into secure systems by
displaying a distorted image of numbers and letters and asking users to type out the message
they see. Computers have a hard time understanding these distortions, and without the ability to
successfully decipher images will be unable to access the network.

5. Biometrics authentication
Biometrics is a computer authentication method that relies on the individual biological
characteristics of a single person. It is often used by consumers, governments, and private
corporations (airports, national borders, etc.) for security and identification purposes. Since no two
users have the same physical features (unless you are identical twins, perhaps), biometric
authentication is extremely secure and is becoming increasingly popular as it archives a high level
of security without infringing on the user. Here are the most common biometric authentication
methods:

FACIAL RECOGNITION
If you have one of the latest iPhones, then you are familiar with this biometric feature. Facial
recognition matches different facial features of a user attempting to gain access to an approved
facial record stored within the database. For example, if your friend is not within the facial
recognition database of your iPhone, they will not be able to unlock your phone. While facial
recognition is a progressive authentication method, it can be inconsistent when comparing faces
at different angles or comparing the faces of close relatives, which may confuse the
authentication algorithm.

FINGERPRINT SCANNERS
Fingerprint scanners match the specific patterns of an individual’s fingerprint to approve and grant
user access. Fingerprint scanners are the oldest and most popular type of biometric
authentication.

SPEAKER RECOGNITION
Speaker recognition, or voice biometrics, examines the speech patterns of a speaker to determine
the formation of shapes and sound qualities. A device protected by voice recognition relies on
standardized words to identify a user.

6. Certificate-based authentication
Certificate-based authentication identifies users, devices, or machines by using digital certificates
— based on the ideas of a passport or a driver’s license. Each certificate contains the digital
identity of a user with a public key and digital signature. When a user is being authenticated, this
digital certificate is deployed the same way as a username and password.

3 Common authentication
protocols
Authentication protocols are set rules for verification and interaction that systems
or endpoints (phones, servers, laptops, etc.) use to communicate. Every application accessed has
its own set of protocols and standards that must be followed. Having an authentication protocol
for your business ensures that compatibility and secure operations are continuously maintained.
Here are some of the most common authentication protocols:

Password authentication protocol

Password authentication protocol (PAP) is the routine log-in process that requires a username
and password to access a system. And although PAP is the most common authentication
protocol, it is also the least secure due to its lack of encryption.

Challenge handshake authentication

protocol (CHAP)
Challenge handshake authentication protocol (CHAP) verifies a user or network host to an
authenticating entity during an online session — for example, an Internet service provider. CHAPs
protect against replay attacks with the use of incrementally changing identities and a variable
challenge-value. This makes it significantly more secure than a PAP.

Extensible authentication protocol

An extensible authentication protocol (EAP) is used for wireless communications and is the
highest level of security for authentication. EAPs are the most secure because they allow a given
access point and remote device to communicate together to perform simultaneous authentication
with built-in encryption. EAP methods protect a specific portal so that users with a password or
authentication key are the only ones that can access a network. And as a result, the number of
users is reduced, protection is enhanced, and networks are faster and more secure.

4.4.2 Types of Hackers: White hat and Black hat

Already Discuss
 Unit-5:
5.1 Ethical Hacker
5.1.1 Roles and Responsibilities
5.1.2 Benefit of Ethical Hacking
5.1.3 Skills require to become Ethical hacker

What is Ethical hacking?

Ethical hacking is also known as White hat Hacking or Penetration Testing. Ethical hacking
involves an authorized attempt to gain unauthorized access to a computer system or data. Ethical
hacking is used to improve the security of the systems and networks by fixing the vulnerability
found while testing.

Ethical hackers improve the security posture of an organization. Ethical hackers use the same
tools, tricks, and techniques that malicious hackers used, but with the permission of the
authorized person. The purpose of ethical hacking is to improve the security and to defend the
systems from attacks by malicious users.

Advantages of Hacking
There are various advantages of hacking:
 1. It is used to recover the lost of information, especially when you lost your password.
2. It is used to perform penetration testing to increase the security of the computer and network.
3. It is used to test how good security is on your network.

• Prevent harmful cyber attacks.

• Prevent penetration attacks of intruders.
• Find loopholes in the system and repair them with their expertise.
• Establish security and safety measures within the system.
• Prevent cyber terrorism and hacks from taking place.
Skill Required to be an Ethical Hacker:
Ethical hackers are professionals having immense tech-knowledge about security and
safety of computer systems, operating systems, networking. They are required to have
excellent hacking skills and prevent threats from harming the computer systems. Some
of basic skills that must every hacker have include:
• Knowledge about Networking
• Expert in Scripting
• Good hands-on programming
• Exposure to multiple operating systems: Windows, Linux
• Knowledge of the backend database
• Experience with servers and search engines
• Well-versed with available tools in market
Ethical Hacker Roles and Responsibilities:
Ethical Hackers Responsibilities Role:
• In-depth Knowledge of Security: Ethical hackers should be well versed with
potential threats and vulnerabilities that can hack organisational systems. Ethical
hackers are hired by organisations for their expertise skills and quick resolution to
security vulnerabilities. They should be cyber security professionals having
knowledge of the computer systems, network and security.
• Think like Hackers: The primary role of Ethical hackers is to attack the system like
hackers, without adopting authorised methods. They are supposed to think like
hackers who want to steal confidential data /information. Ethical hackers look for
areas that are most likely to be attacked and the different ways in which attack can
take place.
• In-depth Knowledge of the Organisation they intend to provide Service: Ethical
hackers should be well versed with the services of the functional working of the
organisation they are associated with. It should have the knowledge about the
information that is extremely safe and needs to be protected. Ethical hackers should
be capable of finding the attack methods for accessing the sensitive content of the
organisation.
Ethical Hackers Responsibilities:
• Hacking their own Systems: Ethical hackers hack their own systems to find
potential threats and vulnerabilities. They are hired to find vulnerabilities of the
system before they are discovered by hackers.
• Diffuse the intent of Hackers: Ethical hackers are hired as a Precautional Step
towards Hackers, who aim at breaching the security of computers. Vulnerabilities
when detected early can be fixed and safe confidential information from being
exposed to hackers who have malicious intentions.
• Document their Findings: Ethical hackers must properly document all their findings
and potential threats. The main part of the work they are hired by the organisations is
proper reporting of bugs and vulnerabilities which are threat to the security.
• Keeping the Confidential Information Safe: Ethical hackers must oblige to keep all
their findings secure and never share them with others. Under any kind of situation
they should never agree to share their findings and observations.
• Sign Non-Disclosure Agreements: They must sign confidential agreements to keep
the information they have about the organisations safe with them. This will prevent
them to give -out confidential information and legal action will be taken against them if
they indulge in any such acts.
• Handle the loopholes in Security: Based on their observations, Ethical hackers
should restore/ repair the security loopholes. This will prevent hackers from breaching
the security of the organisation from attacks.
Unlock the Power of Placement Preparation.

10 Essential skills for an ethical hacker

Here is a list of essential skills for an ethical hacker that can enable you to perform your duties
effectively:

1. Communication

While this job requires a list of hard skills, communication is a critical soft skill for individuals
aspiring for this position. Your job entails technicalities that may seem advanced for non-IT
professionals. Discussing strategies and brainstorming ideas becomes a crucial part of your daily
collaboration as you work with different teams. Communication skills are important, as it is
necessary to ensure that other non-IT professionals or concerned superiors understand your
message and respond accordingly. Transcribing your ideas or observations clearly and adding
graphical representations, especially when making a report, is quite useful.

2. Networking

Computer networking involves establishing a connection between computer systems within an

organisation, allowing them to send and receive data seamlessly. This skill is essential for
performing your duties with expert precision, as it can help you detect and trace the extent of an
unauthorised intrusion by unethical hackers. Hackers sometimes use viruses to hack systems to
find potential vulnerabilities. These viruses can spread across systems within a network.
Comprehensive knowledge of networking can help detect this quickly. Knowledge about internet
protocols (IP), servers, access points and various network models to manage such occurrences is
also important for an ethical hacker.
Related: What is Coding? A Complete Guide To Coding Languages

3. Operating systems proficiency

Being skilled at using various operating systems is essential for a white hat hacker. Besides some
of the most common operating systems, including Windows and Mac, a hacker can utilise various
high-level operating systems. Hackers usually prefer to work from untraceable networks, including
the use of unique operating systems. Besides the standard operating systems, knowing how to
run more advanced operating systems like Linux, Ubuntu and Red Hat is beneficial to detecting
and averting security breaches.

4. Troubleshooting

Apart from providing preventative or proactive measures to prevent security breaches, white hat
hackers also provide reactive measures in the event of such an occurrence. While you develop
preventive measures, it is also essential to have contingencies if preventative plans fail and
hackers breach the cybersecurity protocol. Exhibiting problem-solving skills involves how well you
react to setbacks and devise a protective counter-strategy in adverse situations.

Related: How To Develop Your Skill Set: A Complete Guide

5. Computer hardware knowledge

One of the major skills for an ethical hacker is requiring a comprehensive understanding of
computer hardware. Understanding how various hardware devices work, including the CPU,
graphics card, data storage and the motherboard. This is essential, as hackers target multiple
system parts to gain access. When accessing a compromised machine or computer, knowing
how the machine works is one step toward troubleshooting it.

This knowledge allows you to examine the critical parts of the machine, test them and identify the
extent of the damage. Depending on your assessment, you can determine if you can salvage the
device and information. As a hacker, accessing the device may involve hacking the system and
bypassing its protection framework.

6. Basic computer skills

An ethical hacker works mainly on a computer and performs simple or complex data computing
and more technical hacking tasks, depending on the job responsibilities. Their less technical
duties involve documenting their activities, including observations and plans for a secure
database. They perform many of these duties by applying basic computing skills. While you are
performing advanced IT tasks, employers and managers expect you to be proficient in basic
computer activities.

They also want you to complete basic computing activities, including documenting and editing
information, creating spreadsheets, making presentations and drafting emails. Other skills
employers can expect are social media proficiency, communication skills and the ability to
execute data management tasks.
7. Advanced search engines knowledge

Internet is the premier hub for answers to almost any and every query. Search engines play a
significant role in accessing information online, as they display result pages in front of users to
help them find answers to their queries. A considerable perk of utilising search engines is their
ease of use.

When you understand how search engines work, you can get almost any information by simply
filling the search engine with keywords and can also gain quickly intelligence on hacking activities.
It helps you collect essential data from multiple sources on hacking and even some of the latest
hacking methods. Report on hacking can be tricky to find and it takes a skilled search engine
expert to locate the relevant information source on hacking.

Related: 15 Software Developer Skills And How To Develop Them

8. Programming languages know-how

You may require working with various databases, computers, machines and software programs
with unique coding in this profession. A job as an ethical hacker also necessitates writing codes
regularly, making an understanding of different programming languages essential. Writing codes
is how you give specific instructions to a computer or detect criminal activities on a machine or
software. You can learn many programming languages and some of the most relevant ones
include C++, Python, Java and PHP.

It is essential that you master at least one high-level programming language, some of which
include Ruby, Kotlin and Perl. Being an expert programmer lets you become more versatile and
increases your chances of securing a job and being successful at it.
Related: What Is A Computer Programmer? Definition And Career Advice

9. Database management savvy

The database is perhaps the most treasured asset of any company. It is where they store
company, staff and client information. Unauthorised access to a company's database can cause
financial loss and affect the company's reputation. Keeping the database secure, as a result, is
one of the top priorities of any establishment, and ethical hackers are instrumental to this. To
accomplish this, having a comprehensive knowledge of databases and database management is
crucial. Knowing the framework of databases and database engines can help you implement
measures to ensure the security of the company's database.

10. Cryptic writing

Unethical hackers or spammers can intercept the data and messages you send, especially when
they are in the vicinity. After intercepting these messages, they interpret and use them for various
disreputable activities. Computer experts then developed a way to send information that hackers
cannot easily interpret to prevent the unlawful decoding of private information. This method of
sharing secret information is cryptography.

Cryptography is a technique that enables you to send and receive information from various
sources without being overly cautious of onlookers. Before sending it, this method converts a
message you intend to send from a human-readable format to a cryptic setup. This makes it
difficult for malicious hackers to intercept and translate information easily.

5.2 Penetration testing concepts

5.2.1 Phases of Ethical hacking
5.2.2 Areas of penetration testing

penetration Testing
Penetration Testing or Pen Testing is a type of Security Testing used to
cover vulnerabilities, threats and risks that an attacker could exploit in
software applications, networks or web applications. The purpose of
penetration testing is to identify and test all possible security vulnerabilities
that are present in the software application. Penetration testing is also called
Pen Test.

Types of Penetration Testing

The type of penetration test selected usually depends on the scope and
whether the organization wants to simulate an attack by an employee,
Network Admin (Internal Sources) or by External Sources. There are three
types of Penetration testing and they are

• Black Box Testing

• White Box Penetration testing
• Grey Box Penetration Testing

How to do Penetration Testing

Following are activities needs to be performed to execute Penetration Test –

Step 1) Planning phase

1. Scope & Strategy of the assignment is determined

 2. Existing security policies, standards are used for defining the scope

Step 2) Discovery phase

1. Collect as much information as possible about the system including data

in the system, usernames and even passwords. This is also called
as FINGERPRINTING
2. Scan and Probe into the ports
3. Check for vulnerabilities of the system

Step 3) Attack Phase

1. Find exploits for various vulnerabilities You need necessary security

Privileges to exploit the system

Step 4) Reporting Phase

1. A report must contain detailed findings

2. Risks of vulnerabilities found and their Impact on business
3. Recommendations and solutions, if any

The prime task in penetration testing is to gather system information. There

are two ways to gather information –

• ‘One to one’ or ‘one to many’ model with respect to host: A tester

performs techniques in a linear way against either one target host or a
logical grouping of target hosts (e.g. a subnet).
• ‘Many to one’ or ‘many to many’ model: The tester utilizes multiple hosts
to execute information gathering techniques in a random, rate-limited,
and in non-linear.

What are the types of pen testing?

A comprehensive approach to pen testing is essential for optimal risk management.
This entails testing all the areas in your environment.

• Web apps. Testers examine the effectiveness of security controls and look for
hidden vulnerabilities, attack patterns, and any other potential security gaps that
can lead to a compromise of a web app.
• Mobile apps. Using both automated and extended manual testing, testers look
for vulnerabilities in application binaries running on the mobile device and the
corresponding server-side functionality. Server-side vulnerabilities include
session management, cryptographic issues, authentication and authorization
issues, and other common web service vulnerabilities.
• Networks. This testing identifies common to critical security vulnerabilities in an
external network and systems. Experts employ a checklist that includes test
cases for encrypted transport protocols, SSL certificate scoping issues, use of
administrative services, and more.
• Cloud. A cloud environment is significantly different than traditional on-premises
environments. Typically, security responsibilities are shared between the
organization using the environment and the cloud services provider. Because of
this, cloud pen testing requires a set of specialized skills and experience to
scrutinize the various aspects of the cloud, such as configurations, APIs, various
databases, encryption, storage, and security controls.
• Containers. Containers obtained from Docker often have vulnerabilities that can
be exploited at scale. Misconfiguration is also a common risk associated with
containers and their environment. Both of these risks can be uncovered with
expert pen testing.
• Embedded devices (IoT). Embedded / Internet of Things (IoT) devices such as
medical devices, automobiles, in-home appliances, oil rig equipment, and
watches have unique software testing requirements due to their longer life
cycles, remote locations, power constraints, regulatory requirements, and more.
Experts perform a thorough communication analysis along with a client/server
analysis to identify defects that matter most to the relevant use case.
• Mobile devices. Pen testers use both automated and manual analysis to find
vulnerabilities in application binaries running on the mobile device and the
corresponding server-side functionality. Vulnerabilities in application binaries
can include authentication and authorization issues, client-side trust issues,
misconfigured security controls, and cross-platform development framework
issues. Server-side vulnerabilities can include session management,
cryptographic issues, authentication and authorization issues, and other
common web service vulnerabilities.
• APIs. Both automated and manual testing techniques are used to cover the
OWASP API Security Top 10 list. Some of the security risks and vulnerabilities
testers look for include broken object level authorization, user authentication,
excessive data exposure, lack of resources / rate limiting, and more.
• CI/CD pipeline. Modern DevSecOps practices integrate automated and
intelligent code scanning tools into the CI/CD pipeline. In addition to static tools
that find known vulnerabilities, automated pen testing tools can be integrated
into the CI/CD pipeline to mimic what a hacker can do to compromise the
 security of an application. Automated CI/CD pen testing can discover hidden
vulnerabilities and attack patterns that go undetected with static code scanning.

5.3 SQL Injection:

5.3.1 Concepts of SQL Injection
5.3.2 Types of SQL Injection
5.3.3 Case study of SQL Injection

What Is SQL Injection?

SQL Injection is a code-based vulnerability that allows an attacker to read and access sensitive
data from the database. Attackers can bypass security measures of applications and use SQL
queries to modify, add, update, or delete records in a database. A successful SQL injection attack
can badly affect websites or web applications using relational databases such as MySQL, Oracle,
or SQL Server. In recent years, there have been many security breaches that resulted from SQL
injection attacks.

With this basic understanding of ‘what is SQL Injection’, you will now look at the different types of
SQL Injection.

the two common types of in-band SQL injections are Error-based SQL injection and Union-based
SQL injection.

1. Error-based SQL injection - Here, the attacker performs certain actions that cause the database
to generate error messages. Using the error message, you can identify what database it
utilizes, the version of the server where the handlers are located, etc.

2. Union-based SQL injection - Here, the UNION SQL operator is used in combining the results of
two or more select statements generated by the database, to get a single HTTP response. You
can craft your queries within the URL or combine multiple statements within the input fields
and try to generate a response.

Blind SQLi - Here, it does not transfer the data via the web application. The attacker can not see
the result of an attack in-band.

1. Boolean-based SQL Injection - Here, the attacker will send an SQL query to the database asking
the application to return a different result depending on whether the query returns True or
False.

2. Time-based SQL Injection - In this attack, the attacker sends an SQL query to the database,
which makes the database wait for a particular amount of time before sharing the result. The
response time helps the attacker to decide whether a query is True or False.

Out-of-bound SQL Injection - Out-of-bound is not so popular, as it depends on the features that are
enabled on the database server being used by the web applications. It can be like a
misconfiguration error by the database administrator.

Now, it’s time to understand another important topic in this article titled ‘What is SQL Injection’,

5.4 Firewall:
5.4.1 Concepts of Firewall
5.4.2 Types of Firewall
5.4.3 Working, Advantages and Importance of Firewall

Firewall is a network security device that observes and filters incoming and outgoing network
traffic, adhering to the security policies defined by an organization. Essentially, it acts as a
protective wall between a private internal network and the public Internet.

Fencing your property protects your house and keeps trespassers at bay; similarly, firewalls are
used to secure a computer network. Firewalls are network security systems that prevent
unauthorized access to a network. It can be a hardware or software unit that filters the incoming
and outgoing traffic within a private network, according to a set of rules to spot and
prevent cyberattacks.

Firewalls are used in enterprise and personal settings. They are a vital component of network
security. Most operating systems have a basic built-in firewall. However, using a third-party
firewall application provides better protection.

Now that we have understood what is firewall, moving forward we will see the history of firewalls.

ypes of Firewalls

A firewall can either be software or hardware. Software firewalls are programs installed on each
computer, and they regulate network traffic through applications and port numbers. Meanwhile,
hardware firewalls are the equipment established between the gateway and your network.
Additionally, you call a firewall delivered by a cloud solution as a cloud firewall.

There are multiple types of firewalls based on their traffic filtering methods, structure, and
functionality. A few of the types of firewalls are:

• Packet Filtering

A packet filtering firewall controls data flow to and from a network. It allows or blocks the data
transfer based on the packet's source address, the destination address of the packet, the
application protocols to transfer the data, and so on.

• Proxy Service Firewall

This type of firewall protects the network by filtering messages at the application layer. For a
specific application, a proxy firewall serves as the gateway from one network to another.

• Stateful Inspection

Such a firewall permits or blocks network traffic based on state, port, and protocol. Here, it
decides filtering based on administrator-defined rules and context.

• Next-Generation Firewall

According to Gartner, Inc.’s definition, the next-generation firewall is a deep-packet inspection

firewall that adds application-level inspection, intrusion prevention, and information from outside
the firewall to go beyond port/protocol inspection and blocking.

• Unified Threat Management (UTM) Firewall

A UTM device generally integrates the capabilities of a stateful inspection firewall, intrusion
prevention, and antivirus in a loosely linked manner. It may include additional services and, in
many cases, cloud management. UTMs are designed to be simple and easy to use.
 Unit-4:
Unit-4:

Email Defamation

To insult or injury, it is very easy to repeat or forward the defamatory

comments of others via email

What is Defamation of Character?

Most people think of personal injury as a physical injury caused by another party. Not all personal
injury causes physical harm. There is a form of personal injury that does no physical harm, but can be
extremely harmful to a person’s reputation (or "character"). That form of personal injury is called
"defamation," which is sometimes known as "defamation of character."

What is defamation?
Defamation is false and unprivileged spoken words or written publication, which exposes any living
person to hatred, contempt, ridicule, or which causes him/her to be shunned or avoided, or which has a
tendency to injure him/her in his/her trade or occupation
.
For example, if a person or the news media says or writes something about you that is understood to lower
your reputation, or that keeps people from associating with you, defamation has occurred. However, if
someone says something false about someone who has died, as reprehensible as that may be, in most
states it is not considered defamatory. No legal action can be taken on behalf of a dead person. Only a
living person can be defamed.