1 marks:

1.what is cyber space?

Cyberspace is the virtual environment where digital communication, data exchange, and
online activities occur.

2.WSIS - World Summit on the Information Society

3.ICANN: Internet Corporation for Assigned Names and Numbers

4.CERT: Computer Emergency Response Team

5.NCIIPC: National Critical Information Infrastructure Protection Centre

6.what is cyber security?

Cybersecurity is the practice of protecting computer systems, networks, and data from digital
threats and unauthorized access.

2 marks:

1.What is cyber attack and types of cyber attack.

A cyberattack is a deliberate attempt to compromise computer systems, networks, or data by

exploiting vulnerabilities or using malicious software.

1.web based attack

1.injection attack

2.dns spoofing

3.session hijacking

4.phishing

5.brute force

6.denial of service

7.dictionary attack
 8.url interpretation

9.file inclision attack

10.man in the middle attack

2.system based attack

1.virus

2.worm

3.trojan horse

4.backdoors

5.bots

2.History of Internet.

✓ In the 1960s, research into what was then known as packet switching gave birth

to the Internet.

✓ It was believed that packet switching would be a better and faster way to convey

data than the hardware option, which was the circuits.

✓ The United States Military's development of ARPANET required packet-switching

technology.

✓ The ARPANET is regarded as the earliest known network of connected computers

or the internet.

✓ The military used this technique to exchange private information. Then, this datasharing
technology was made available to American educational institutions so

they could use the government's supercomputer, initially at 56 kbit/s, then at 1.5

Mbit/s, and finally at 45 Mbit/s.

✓ In the US, the internet was completely commercialised by 1995, and internet

service providers started to appear in the late 1980s.

3.SPDI rules.

The SPDI Rules (Sensitive Personal Data or Information Rules) were issued on April 13, 2011.
These rules impose strict security requirements on organizations that retain sensitive user personal
information. They apply to any corporate body or person located in India. According to the Security
Practices Rules, sensitive personal information must be given to government entities.
4.explain 2013 rules in IT act.

Information Technology (The Indian Computer Emergency Response Team and

Manner of Performing Functions and Duties) Rules, 2013 (2013 rules), established

the Computer Emergency Response Team (CERT-In) as the administrative agency

responsible for collecting, analysing and disseminating information on

cybersecurity incidents, and taking emergency response measures. These rules

also put in place obligations on intermediaries and service providers to report

cybersecurity incidents to the CERT-In.

3 marks:

1.phishing

o Phishing attacks have long been the most common and effective means by which

cybercriminals gain access to corporate environments. It is often much easier to

trick a user into clicking a link or opening an attachment than it is to identify and

exploit a vulnerability within an organization’s defences.

o In recent years, phishing attacks have only grown more sophisticated. While the

original phishing scams were relatively easy to detect, modern attacks are

convincing and sophisticated to the point where they can be virtually

indistinguishable from legitimate emails.

o Employee cyber security awareness training is not enough to protect against the

modern phishing threat. Managing the risk of phishing requires cyber security

solutions that identify and block malicious emails before they even reach a user’s

inbox.

2.explain denial of services with their types.

a. It is an attack which meant to make a server or network resource

unavailable to the users. It accomplishes this by flooding the target

with traffic or sending it information that triggers a crash. It uses

the single system and single internet connection to attack a server.

It can be classified into the followingi. Volume-based attacks- Its goal is to saturate the bandwidth

of the attacked site, and is measured in bit per second.

ii. Protocol attacks- It consumeNs actual server resources, and

is measured in a packet.

iii. Application layer attacks- Its goal is to crash the web server

and is measured in request per second.

3.difference between www or ransomeware

Table

Aspect WWW (World Wide Web) Ransomware

A global system of interconnected A type of malware that blocks

web pages and resources system access until a ransom fee
Definition accessible via the internet. is paid.

Facilitates information sharing, Designed to extort money from

communication, and online victims by restricting access to
Purpose services. their data or systems.

Publicly accessible; anyone with Targets specific victims through

internet access can browse and phishing emails or infected
Accessibility interact with websites. attachments.

Highly harmful; disrupts

Generally harmless; provides operations, encrypts files, and
Harmfulness valuable information and services. demands payment for decryption.

Accessed via web browsers; Primarily spread through

Spread URLs and hyperlinks connect phishing emails containing
Mechanism users to web content. malicious attachments.

Removal often requires paying a

No need for removal; it’s an ransom to regain access to
Removal integral part of the internet. encrypted data or systems.
4.what is malware and ransomeware?

Ransomware

o While ransomware has been around for decades, it only became the dominant

form of malware within the last few years. The WannaCry ransomware outbreak

demonstrated the viability and profitability of ransomware attacks, driving a

sudden surge in ransomware campaigns.

o Since then, the ransomware model has evolved drastically. While ransomware used

to only encrypt files, it now will steal data to extort the victim and their customers

in double and triple extortion attacks. Some ransomware groups also threaten or

19

Written by: Prof Vidhi Jivrajani

employ Distributed Denial of Service (DDoS) attacks to incentivize victims to meet

ransom demands.

Malware

o The different generations of cyberattacks have been defined mainly by the

evolution of malware.

o Malware authors and cyber defenders are playing a continual cat and mouse game,

where attackers try to develop techniques that overcome or bypass the latest in

security technology. Often, when they succeed, a new generation of cyberattacks

is created.

o Modern malware is swift, stealthy, and sophisticated. The detection techniques

used by legacy security solutions (such as signature-based detection) are no longer

effective, and, often, by the time security analysts have detected and responded to

a threat, the damage is already done.

o Detection is no longer “good enough” to protect against malware attacks.

Mitigating the threat of Gen V malware requires cyber security solutions focused

on prevention, stopping the attack before it begins and before any damage is done.

5 marks:
1.Explain system based attack.

System-based attacks

o These are the attacks which are intended to compromise a computer

or a computer network. Some of the important system-based attacks

are as follows1. Virus

a. It is a type of malicious software program that spread throughout

the computer files without the knowledge of a user. It is a selfreplicating malicious computer
program that replicates by inserting

copies of itself into other computer programs when executed. It

can also execute instructions that cause harm to the system.

2. Worm

a. It is a type of malware whose primary function is to replicate itself

to spread to uninfected computers. It works same as the computer

virus. Worms often originate from email attachments that appear

to be from trusted senders.

3. Trojan horse

a. It is a malicious program that occurs unexpected changes to

computer setting and unusual activity, even when the computer

should be idle. It misleads the user of its true intent. It appears to

be a normal application but when opened/executed some

malicious code will run in the background.

4. Backdoors

a. It is a method that bypasses the normal authentication process. A

developer may create a backdoor so that an application or

operating system can be accessed for troubleshooting or other

purposes.

5. Bots

a. A bot (short for "robot") is an automated process that interacts

with other network services. Some bots program run

automatically, while others only execute commands when they

receive specific input. Common examples of bots program are the

crawler, chatroom bots, and malicious bots.

2.explain we based attack.

❖ Web-based attacks

✓ These are the attacks which occur on a website or web applications. Some of

the important web-based attacks are as follows1. Injection attacks

a. It is the attack in which some data will be injected into a web

application to manipulate the application and fetch the required

information.

b. Example- SQL Injection, code Injection, log Injection, XML Injection

etc.

2. DNS Spoofing

a. DNS Spoofing is a type of computer security hacking. Whereby a

data is introduced into a DNS resolver's cache causing the name

server to return an incorrect IP address, diverting traffic to the

attackers computer or any other computer.

b. The DNS spoofing attacks can go on for a long period of time

without being detected and can cause serious security issues.

3. Session Hijacking

a. It is a security attack on a user session over a protected network.

b. Web applications create cookies to store the state and user sessions.

c. By stealing the cookies, an attacker can have access to all of the

user data.

4. Phishing

a. Phishing is a type of attack which attempts to steal sensitive

information like user login credentials and credit card number.

b. It occurs when an attacker is masquerading as a trustworthy entity

in electronic communication.

5. Brute force
a. It is a type of attack which uses a trial and error method. This attack

generates a large number of guesses and validates them to obtain

actual data like user password and personal identification number.

b. This attack may be used by criminals to crack encrypted data, or by

security, analysts to test an organization's network security.

6. Denial of Service

a. It is an attack which meant to make a server or network resource

unavailable to the users. It accomplishes this by flooding the target

with traffic or sending it information that triggers a crash. It uses

the single system and single internet connection to attack a server.

It can be classified into the followingi. Volume-based attacks- Its goal is to saturate the bandwidth

of the attacked site, and is measured in bit per second.

ii. Protocol attacks- It consumeNs actual server resources, and

is measured in a packet.

iii. Application layer attacks- Its goal is to crash the web server

and is measured in request per second.

7. Dictionary attacks

a. This type of attack stored the list of a commonly used password

and validated them to get original password.

8. URL Interpretation

a. It is a type of attack where we can change the certain parts of a

URL, and one can make a web server to deliver web pages for

which he is not authorized to browse.

9. File Inclusion attacks

a. It is a type of attack that allows an attacker to access unauthorized

or essential files which is available on the web server or to execute

malicious files on the web server by making use of the include

functionality.

10. Man in the middle attacks

a. It is a type of attack that allows an attacker to intercepts the

connection between client and server and acts as a bridge

between them. Due to this, an attacker will be able to read, insert

and modify the data in the intercepted connection.

3.Architecture of cyberspace.

Practically cyberspace architecture for global standard is not yet possible, though

certain groups of networks are maintaining some rules and regulations to make a

minimum architecture through TCP/IP and a virtual global server system. Here

some theoretical architectural choice has been described.

• Communication and web technology

• Internet, World wide web

• Advent of internet

• Internet infrastructure for data transfer and governance

• Internet society

• Regulation of cyberspace

• Concept of cyber security

• Issues and challenges of cyber security

4.seven layers of cyber security.

1. Mission Critical Assets – This is the data you need to protect

2. Data Security – Data security controls protect the storage and transfer of data.

3. Application Security – Applications security controls protect access to an

application, an application’s access to your mission critical assets, and the

internal security of the application.

4. Endpoint Security – Endpoint security controls protect the connection

between devices and the network.

5. Network Security – Network security controls protect an organization’s

network and prevent unauthorized access of the network.

6. Perimeter Security – Perimeter security controls include both the physical and

digital security methodologies that protect the business overall.

7. The Human Layer – Humans are the weakest link in any cyber security posture.

Human security controls include phishing simulations and access management

controls that protect mission critical assets from a wide variety of human

threats, including cyber criminals, malicious insiders, and negligent users.