8 Sem Internship Report
8 Sem Internship Report
SUMMARY REPORT
UnderThe
Supervisionof Name of
Supervisor:
Mr. Piyoush Kumar
Assistant Professor
Submitted By
SHIVAM PANDEY- 21SCSE1010274
I hereby certify that the work which is being presented in the Internship project
report entitled "PALO ALTO AICTE Virtual Internship Program 2024 - VIRTUAL
INTERNSHIP PROGRAM IN CYBER SECURITY" is in partial fulfilment of the
requirements for the award of the degree of Bachelor of Technology in Computer
Science Galgotias University, Greater Noida, is an authentic record of my work
carriedout in the industry.
To the best of my knowledge, the matter embodied in the project report has not
been submitted to any other University/Institute for the award of any Degree.
This is to certify that the above statement made by the candidate is correct and
true to the best of my knowledge.
Signature of Student
Shivam Pandey
21SCSE1010274
ABSTRACT
In the current world that is run by technology and network connections, it is crucial to know what cyber
security is and to be able to use it effectively. Systems, important files, data, and other important virtual
things are at risk if there is no security to protect it.
Cyber security is essential because military, government, financial, medical and corporate organizations
accumulate, practice, and stock unprecedented quantities of data on PCs and other devices. Cyber
Security accepts a vigorous role in the area of information technology. Safeguarding the information
has become an enormous problem in the current day. The cybersecurity the main thing that originates
in mind is ‘cyber crimes’ which are aggregate colossally daily. Different governments and
organizations are taking numerous measures to keep these cyber wrongdoings. Other than different
measures cybersecurity is as yet a significant worry to many. This paper mostly emphases on cyber
security and cyber terrorism. The significant trends of cybersecurity and the consequence of
cybersecurity discuss in it. The cyber-terrorism could make associations lose billions of dollars in the
region of organizations. The paper also explains the components of cyber terrorism and motivation of
it. Two case studies related to cybersecurity also provide in this paper. Some solution about cyber
security and cyber terrorism also explains in it.
TABLE OF CONTENTS
S. No List of contents
2 Layers of Security
Security vulnerabilities, threats and Attacks
3
4 Cyber Threats-Cyber-Warfare
7 Cyber Forensics
14 Conclusion
15 References
Introduction to Cyber Security
Cyber Security Introduction - Cyber Security Basics:
Cyber security is the most concerned matter as cyber threats and attacks are overgrowing.
Attackers are now using more sophisticated techniques to target the systems. Individuals,
small-scale businesses or large organization, are all being impacted. So, all these firms
whether IT or non-IT firms have understood the importance of Cyber Security and focusing
on adopting all possible measures to deal with cyber threats.
"Cyber security is primarily about people, processes, and technologies working together to
encompass the full range of threat reduction, vulnerability reduction, deterrence, international
engagement, incident response, resiliency, and recovery policies and activities, including
computer network operations, information assurance, law enforcement, etc."
OR
Cyber security is the body of technologies, processes, and practices designed to protect networks,
computers, programs and data from attack, damage or unauthorized access.
• The term cyber security refers to techniques and practices designed to protect digital data.
• Whereas security related to the protection which includes systems security, network
security and application and information security.
• Regulations such as GDPR are forcing organizations into taking better care of the
personal data they hold.
Because of the above reasons, cyber security has become an important part of the
business and the focus now is on developing appropriate response plans that minimize
the damage in the event of a cyber-attack.
But an organization or an individual can develop a proper response plan only when
he has a good grip on cyber security fundamentals.
It also means trying to keep the identity of authorized parties involved in sharing and holding
data private and anonymous.
• Data encryption
• Two-factor authentication
• Biometric verification
• Security tokens
Integrity
• Cryptographic checksums
• Using file permissions
• Uninterrupted power supplies
• Data backups
Availability
Availability is making sure that authorized parties are able to access the information when
needed.
These are the attacks which occur on a website or web applications. Some of the important web-
based attacks are as follows-
1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting
traffic to the attackers computer or any other computer. The DNS spoofing attacks can go on
for a long period of time without being detected and can cause serious security issues.
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have
access to all of the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a
trustworthy entity in electronic communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large number
of guesses and validates them to obtain actual data like user password and personal
identification number. This attack may be used by criminals to crack encrypted data, or by
security, analysts to test an organization's network security.
6. Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a
crash. It uses the single system and single internet connection to attack a server. It can be
classified into the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in bit per second.
Application layer attacks- Its goal is to crash the web server and is measured in request per
second.
7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated them to get
original password.
8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a web
server to deliver web pages for which he is not authorized to browse.
It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of
the include functionality.
It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read, insert
and modify the data in the intercepted connection.
System-based attacks
These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows-
1. Virus
It is a type of malicious software program that spread throughout the computer files without
the knowledge of a user. It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed. It can also execute
instructions that cause harm to the system.
2. Worm
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It
appears to be a normal application but when opened/executed some malicious code will run
in the background.
4. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes. 5. Bots
A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they
receive specific input. Common examples of bots program are the crawler, chatroom bots,
and malicious bots.
SECURITY VULNERABILITIES, THREATS AND ATTACKS –
Categories of vulnerabilities
• Corrupted (Loss of integrity)
• Leaky (Loss of confidentiality)
• Unavailable or very slow (Loss of availability)
– Threats represent potential security harm to an asset when vulnerabilities are
exploited - Attacks are threats that have been carried out
• Passive – Make use of information from the system without affecting system
resources
Computer criminals
Computer criminals have access to enormous amounts of hardware, software, and data;
they have the potential to cripple much of effective business and government throughout
the world. In a sense, the purpose of computer security is to prevent these criminals from
doing damage.
We say computer crime is any crime involving a computer or aided by the use of one.
Although this definition is admittedly broad, it allows us to consider ways to protect
ourselves, our businesses, and our communities against those who use computers
maliciously.
One approach to prevention or moderation is to understand who commits these crimes
and why. Many studies have attempted to determine the characteristics of computer
criminals. By studying those who have already used computers to commit crimes, we
may be able in the future to spot likely criminals and prevent the crimes from occurring.
CIA Triad
The CIA Triad is actually a security model that has been developed to help people think
about various parts of IT security.
CIA triad broken down:
Assets and Threat
What is a threat: A threat is any incident that could negatively affect an asset – for
example, if it’s lost, knocked offline or accessed by an unauthorized party.
Intentional threats include things such as criminal hacking or a malicious insider stealing
information, whereas accidental threats generally involve employee error, a technical
malfunction or an event that causes physical damage, such as a fire or natural disaster.
Motive of Attackers
Active attacks: An active attack is a network exploit in which a hacker attempts to make
changes to data on the target or data en route to the target.
Masquerade: in this attack, the intruder pretends to be a particular user of a system to gain
access or to gain greater privileges than they are authorized for. A masquerade may be
attempted through the use of stolen login IDs and passwords, through finding security
gaps in programs or through bypassing the authentication mechanism.
Session replay: In this type of attack, a hacker steals an authorized user’s log in
information by stealing the session ID. The intruder gains access and the ability to do
anything the authorized user can do on the website.
Message modification: In this attack, an intruder alters packet header addresses to direct
a message to a different destination or modify the data on a target machine.
In a denial of service (DoS) attack, users are deprived of access to a network or web
resource. This is generally accomplished by overwhelming the target with more traffic
than it can handle.
Traffic analysis: the attacker looks at the metadata transmitted in traffic in order to
deduce information relating to the exchange and the participating entities, e.g. the form of
the exchanged traffic (rate, duration, etc.). In the cases where encrypted data are used,
traffic analysis can also lead to attacks by cryptanalysis, whereby the attacker may obtain
information or succeed in unencrypting the traffic.
Attack Characteristics
Virus A virus is a program that attempts to damage a computer system and replicate itself
to other computer systems. A virus:
Logic A Logic Bomb is malware that lies dormant until triggered. A logic bomb is a
Bomb specific example of an asynchronous attack.
Hardware Attacks:
Common hardware attacks include:
Security Policies:
Security policies are a formal set of rules which is issued by an organization to ensure
that the user who are authorized to access company technology and information assets
comply with rules and guidelines related to the security of information.
A security policy also considered to be a "living document" which means that the
document is never finished, but it is continuously updated as requirements of the
technology and employee changes.
We use security policies to manage our network security. Most types of security policies
are automatically created during the installation. We can also customize policies to suit
our specific environment. Need of Security policies-
1) It increases efficiency.
There are some important cyber security policies recommendations describe below-
Firewall Policy:
• It blocks the unauthorized users from accessing the systems and networks that
connect to the Internet.
• It detects the attacks by cybercriminals and removes the unwanted sources of
network traffic.
• This policy automatically detects and blocks the network attacks and browser
attacks.
• It also protects applications from vulnerabilities and checks the contents of one or
more data packages and detects malware which is coming through legal ways.
• This policy protects a system's resources from applications and manages the
peripheral devices that can attach to a system
CYBERSPACE AND THE LAW & CYBER FORENSICS
CYBERSPACE
Cyberspace can be defined as an intricate environment that involves interactions between
people, software, and services. It is maintained by the worldwide distribution of
information and communication technology devices and networks.
With the benefits carried by the technological advancements, the cyberspace today has
become a common pool used by citizens, businesses, critical information infrastructure,
military and governments in a fashion that makes it hard to induce clear boundaries
among these different groups. The cyberspace is anticipated to become even more
complex in the upcoming years, with the increase in networks and devices connected to
it.
REGULATIONS
There are five predominant laws to cover when it comes to cybersecurity:
Information Technology Act, 2000 The Indian cyber laws are governed by the
Information Technology Act, penned down back in 2000. The principal impetus of this
Act is to offer reliable legal inclusiveness to eCommerce, facilitating registration of real-
time records with the Government.
But with the cyber attackers getting sneakier, topped by the human tendency to misuse
technology, a series of amendments followed.
The ITA, enacted by the Parliament of India, highlights the grievous punishments and
penalties safeguarding the e-governance, e-banking, and e-commerce sectors. Now, the
scope of ITA has been enhanced to encompass all the latest communication devices.
The IT Act is the salient one, guiding the entire Indian legislation to govern cybercrimes
rigorously:
Section 43 - Applicable to people who damage the computer systems without permission
from the owner. The owner can fully claim compensation for the entire damage in such
cases.
Section 66 - Applicable in case a person is found to dishonestly or fraudulently
committing any act referred to in section 43. The imprisonment term in such instances
can mount up to three years or a fine of up to Rs. 5 lakh.
Section 66B - Incorporates the punishments for fraudulently receiving stolen
communication devices or computers, which confirms a probable three years
imprisonment. This term can also be topped by Rs. 1 lakh fine, depending upon the
severity.
Section 66C - This section scrutinizes the identity thefts related to imposter digital
signatures, hacking passwords, or other distinctive identification features. If proven
guilty, imprisonment of three years might also be backed by Rs.1 lakh fine.
Section 66 D - This section was inserted on-demand, focusing on punishing cheaters
doing impersonation using computer resources.
Indian Penal Code (IPC) 1980
Identity thefts and associated cyber frauds are embodied in the Indian Penal Code (IPC),
1860 - invoked along with the Information Technology Act of 2000.
The primary relevant section of the IPC covers cyber frauds:
Forgery (Section 464)
Forgery pre-planned for cheating (Section 468)
False documentation (Section 465)
Presenting a forged document as genuine (Section 471)
Reputation damage (Section 469)
Companies Act of 2013
The corporate stakeholders refer to the Companies Act of 2013 as the legal obligation
necessary for the refinement of daily operations. The directives of this Act cements all the
required techno-legal compliances, putting the less compliant companies in a legal fix.
The Companies Act 2013 vested powers in the hands of the SFIO (Serious Frauds
Investigation Office) to prosecute Indian companies and their directors. Also, post the
notification of the Companies Inspection, Investment, and Inquiry Rules, 2014, SFIOs
has become even more proactive and stern in this regard.
The legislature ensured that all the regulatory compliances are well-covered, including
cyber forensics, e-discovery, and cybersecurity diligence. The Companies (Management
and Administration) Rules, 2014 prescribes strict guidelines confirming the cybersecurity
obligations and responsibilities upon the company directors and leaders.
NIST Compliance
The Cybersecurity Framework (NCFS), authorized by the National Institute of Standards
and Technology (NIST), offers a harmonized approach to cybersecurity as the most
reliable global certifying body.
NIST Cybersecurity Framework encompasses all required guidelines, standards, and best
practices to manage the cyber-related risks responsibly. This framework is prioritized on
flexibility and cost-effectiveness.
It promotes the resilience and protection of critical infrastructure by: Allowing better
interpretation, management, and reduction of cybersecurity risks – to mitigate data loss,
data misuse, and the subsequent restoration costs Determining the most important
activities and critical operations - to focus on securing them Demonstrates the trust-
worthiness of organizations who secure critical assets Helps to prioritize investments to
maximize the cybersecurity ROI Addresses regulatory and contractual obligations
Supports the wider information security program By combining the NIST CSF
framework with ISO/IEC 27001 - cybersecurity risk management becomes simplified. It
also makes communication easier throughout the organization and across the supply
chains via a common cybersecurity directive laid by NIST.
DIGITAL FORENSICS LIFECYCLE:
Collection: The first step in the forensic process is to identify potential sources of data
and acquire data from them.
Examination:After data has been collected, the next phase is to examine the data, which
involves assessing and extracting the relevant pieces of information from the collected
data. This phase may also involve bypassing or mitigating OS or application features that
obscure data and code, such as data compression, encryption, and access control
mechanisms.
Analysis: Once the relevant information has been extracted, the analyst should study and
analyze the data to draw conclusions from it. The foundation of forensics is using a
methodical approach to reach appropriate conclusions based on the available data or
determine that no conclusion can yet be drawn.
Reporting: The process of preparing and presenting the information resulting from the
analysis phase. Many factors affect reporting, including the following:
a. Alternative Explanations:When the information regarding an event is
incomplete, it may not be possible to arrive at a definitive explanation of what
happened. When an event has two or more plausible explanations, each should be
given due consideration in the reporting process. Analysts should use a
methodical approach to attempt to prove or disprove each possible explanation
that is proposed.
Mobile computing is "taking a computer and all necessary files and software out into the
field." Many types of mobile computers have been introduced since 1990s. They are as
follows:
1. Portable computer: It is a general-purpose computer that can be easily moved
from one place to another, but cannot be used while in transit, usually because it requires
some "setting-up" and an AC power source.
2. Tablet PC: It lacks a keyboard, is shaped like a slate or a paper notebook and has
features of a touchscreen with a stylus and handwriting recognition software. Tablets may
not be best suited for applications requiring a physical keyboard for typing, but are otherwise
capable of carrying out most tasks that an ordinary laptop would be able to perform.
3. Internet tablet: It is the Internet appliance in tablet form. Unlike a Tablet PC, the
Internet tablet does not have much computing power and its applications suite is limited.
Also it cannot replace a general-purpose computer. The Internet tablets typically feature
an MP3 and video player, a Web browser, a chat application and a picture viewer.
4. Personal digital assistant (PDA): It is a small, usually pocket-sized, computer
with limited functionality. It is intended to supplement and synchronize with a desktop
computer, giving access to contacts, address book, notes, E-Mail and other features.
5. Ultramobile (PC): It is a full-featured, PDA-sized computer running a general-
purpose operating system (OS).
6. Smartphone: It is a PDA with an integrated cell phone functionality. Current
Smartphones have a wide range of features and installable applications.
7. Carputer: It is a computing device installed in an automobile. It operates as a
wireless computer, sound system, global positioning system (GPS) and DVD player. It
also contains word processing software and is Bluetooth compatible.
8. Fly Fusion Pentop computer: It is a computing device with the size and shape of
a pen. It functions as a writing utensil, MP3 player, language translator, digital storage
device and calculator.
Trends in Mobility:
Mobile computing is moving into a new era, third generation ( 3G), which promises
greater variety in applications and have highly improved usability as well as speedier
networking. "iPhone" from Apple and Google-led "Android" phones are the best
examples of this trend and there are plenty of other developments that point in this
direction. This smart mobile technology is rapidly gaining popularity and the attackers
(hackers and crackers) are among its biggest fans.
It is worth noting the trends in mobile computing; this will help readers to readers to
realize the seriousness of cybersecurity issues in the mobile computing domain. Figure
below shows the different types of mobility and their implications.
The new technology 3G networks are not entirely built with IP data security. Moreover,
IP data world when compared to voice-centric security threats is new to mobile operators.
There are numerous attacks that can be committed against mobile networks and they can
originate from two primary vectors. One is from outside the mobile network - that is,
public Internet, private networks and other operator's networks - and the other is within
the mobile networks- that is, devices such as data-capable handsets and Smartphones,
notebook computers or even desktop computers connected to the 3G network.
Popular types of attacks against 3G mobile networks are as follows:
1. Malwares, viruses and worms: Although many users are still in the transient
process of switching from 2G,2.5G2G,2.5G to 3G,3G, it is a growing need to educate the
community people and provide awareness of such threats that exist while using mobile
devices. Here are few examples of malware(s) specific to mobile devices:
• Skull Trojan: I targets Series 60 phones equipped with the Symbian mobile OS.
• Cabir Worm: It is the first dedicated mobile-phone worm infects phones running
on Symbian OS and scans other mobile devices to send a copy of itself to the first
vulnerable phone it finds through Bluetooth Wireless technology. The worst thing
about this worm is that the source code for the Cabir-H and Cabir-I viruses is
available online.
• Mosquito Trojan: It affects the Series 60 Smartphones and is a cracked version of
"Mosquitos" mobile phone game.
• Brador Trojan: It affects the Windows CE OS by creating a svchost. exe file in
the Windows start-up folder which allows full control of the device. This
executable file is conductive to traditional worm propagation vector such as E-
Mail file attachments.
• Lasco Worm: It was released first in 2005 to target PDAs and mobile phones
running the Symbian OS. Lasco is based on Cabir's source code and replicates
over Bluetooth connection.
2. Denial-of-service (DoS): The main objective behind this attack is to make the
system unavailable to the intended users. Virus attacks can be used to damage the system
to make the system unavailable. Presently, one of the most common cyber security threats to
wired Internet service providers (iSPs) is a distributed denial-of-service (DDos) attack
.DDoS attacks are used to flood the target system with the data so that the response from the
target system is either slowed or stopped.
3. Overbilling attack: Overbilling involves an attacker hijacking a subscriber's IP
address and then using it (i.e., the connection) to initiate downloads that are not "Free
downloads" or simply use it for his/her own purposes. In either case, the legitimate user is
charged for the activity which the user did not conduct or authorize to conduct.
4. Spoofed policy development process (PDP): These of attacks exploit the
vulnerabilities in the GTP [General Packet Radio Service (GPRS) Tunneling Protocol].
5. Signaling-level attacks: The Session Initiation Protocol (SIP) is a signaling
protocol used in IP multimedia subsystem (IMS) networks to provide Voice Over
Internet Protocol (VoIP) services. There are several vulnerabilities with SIP-based VolP
systems.
• Mobile - Viruses
• Concept of Mishing
• Concept of Vishing
• Concept of Smishing
• Hacking - Bluetooth
LINKS:
https://www.itgovernance.co.uk/what-is-cybersecurity
https://www.kaspersky.com/resource-center/definitions/what-is-cyber-security
https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-cyber-
security