Chapter 5

Internet Security and Cyber Law

 Needs of Firewall
•Protecting Against External Threats:
Firewalls act as a first line of defense against malicious actors and cyberattacks trying to
infiltrate your network.
•Filtering Network Traffic:
They examine incoming and outgoing network traffic, allowing legitimate communication
while blocking
suspicious or unauthorized activity.
•Blocking Unauthorized Access:
Firewalls prevent unauthorized users from accessing sensitive data and resources on your
network.
•Enforcing Security Policies:
They help enforce network security policies, ensuring that only authorized traffic is allowed
through.
•Monitoring Network Activity:
Firewalls can monitor network traffic for suspicious patterns or activities, helping to identify and
prevent
potential security breaches.
•Protecting Against Malware:
They can help prevent the spread of malware and other malicious software by blocking infected
traffic.
•Ensuring Data Integrity:
Firewalls help ensure that data transmitted over the network remains confidential and intact,
preventing
unauthorized access or modification.
•Protecting Sensitive Information:
They are essential for protecting sensitive data, such as financial information, personal data,
and intellectual
property.
•Improving Network Performance:
By blocking unwanted traffic, firewalls can help improve network performance and stability.
•Compliance with Regulations:
Firewalls can help organizations comply with various security regulations and industry
standards.
Design goals:
• All traffic from inside to outside and vice versa must pass through the
firewall. This is achieved by physically blocking all access to the local
network except via the firewall. The configurations used for this are
screened Host Firewall (Single and Dual) and Screened Subnet
Firewall.
Types of Firewall
Packet Filters
• It is a technique used to control network access by monitoring
outgoing and incoming packets and allowing them to pass or halt
based on the source and destination Internet Protocol (IP) addresses,
protocols, and ports. This firewall is also known as a static firewall.
Stateful Packet Firewalls
• It is also a type of packet filtering that is used to control how data
packets move through a firewall. It is also called dynamic packet
filtering. These firewalls can inspect that if the packet belongs to a
particular session or not. It only permits communication if and only if,
the session is perfectly established between two endpoints else it will
block the communication.
Application Layer Firewalls

• These firewalls can examine application layer (of OSI model)

information like an HTTP request. If finds some suspicious application
that can be responsible for harming our network or that is not safe for
our network then it gets blocked right away.
Circuit-level Gateways
• A circuit-level gateway is a firewall that provides
User Datagram Protocol (UDP) and Transmission Control Protocol
(TCP) connection security and works between an Open Systems
Interconnection (OSI) network model’s transport and application
layers such as the session layer.
Firewall Policies:

•Definition:
A firewall policy is a set of rules that define how a firewall should handle
network traffic.
•Purpose:
To control and manage network traffic, ensuring that only authorized traffic is
allowed
through the firewall.
 Firewall Rules:
•Definition:
Firewall rules are the individual instructions that define how the firewall
should handle
specific
types of network traffic.
•Types of Rules:
•Inbound Rules: Determine which traffic from outside the network is
allowed to enter.
•Outbound Rules: Determine which traffic from inside the network is
allowed to leave.
•Application-Level Control: Rules that restrict access based on
specific applications or
• protocols.
•Packet Filtering: Rules that filter traffic based on IP addresses, ports,
and protocols.
Firewall Configuration

•Firewall configuration is the process of defining the rules and policies

that a firewall uses
• to monitor and control network traffic.
•These rules determine which connections are allowed and which are
blocked, forming the
foundation of a secure network.
•Effective firewall configuration is crucial for protecting network integrity
and preventing
unauthorized access.
Types of Firewall Configuration
• Screened Host Firewall, Single – Home Bastion.
• Screened Host Firewall, Dual – Home Bastion.
• Screened Subnet Firewall.
Screened Host Firewall, Single –
Home Bastion.
• A Screened Host Firewall with a single-homed bastion host enhances
security by placing a screened host firewall (a packet-filtering router)
before a bastion host, which acts as a single point of access to internal
resources, offering application-level filtering and a layered defense
Screened Host Firewall, Dual – Home
Bastion.
• A screened host firewall, often using a dual-homed bastion
host, enhances security by placing a screened host firewall between
an untrusted network (like the internet) and a trusted internal
network, acting as a gateway with two network interfaces, one for
each network.
Screened Subnet Firewall.
• A screened subnet firewall, also known as a demilitarized zone (DMZ)
or perimeter network, is a network security architecture that uses
two firewalls to create a "buffer zone" (the screened subnet) between
an internal, trusted network and an external, untrusted network (like
the internet).
Limitations of a Firewall.
• Firewalls cannot stop users from accessing data or information from
malicious websites, making them vulnerable to internal threats or
attacks.
• It does not prevent misuse of passwords and attackers with modems
from dialing in to or out of the internal network.
intrusion detection system (IDS)
• An intrusion detection system (IDS) is a network security tool that monitors for
malicious activity or policy violations. It can be a device or software application.
• Intrusion Detection System (IDS) observes network traffic for malicious transactions
and sends immediate alerts when it is observed.
• It is software that checks a network or system for malicious activities or policy
violations.
• IDS monitors a network or system for malicious activity and protects a computer
network from unauthorized access from users, including perhaps insiders.
• The intrusion detector learning task is to build a predictive model (i.e. a classifier)
capable of distinguishing between ‘bad connections’ (intrusion/attacks) and ‘good
(normal) connections’.
Working of Intrusion Detection
System(IDS)
• An IDS (Intrusion Detection System) monitors the traffic on a computer
network to detect any suspicious activity.
• It analyzes the data flowing through the network to look for patterns and
signs of abnormal behavior.
• The IDS compares the network activity to a set of predefined rules and
patterns to identify any activity that might indicate an attack or intrusion.
• If the IDS detects something that matches one of these rules or patterns,
it sends an alert to the system administrator.
• The system administrator can then investigate the alert and take action
to prevent any damage or further intrusion.
Network Intrusion Detection
System (NIDS)
• Network intrusion detection systems (NIDS) are set up at a planned
point within the network to examine traffic from all devices on the
network.
• It performs an observation of passing traffic on the entire subnet and
matches the traffic that is passed on the subnets to the collection of
known attacks.
• Once an attack is identified or abnormal behavior is observed, the
alert can be sent to the administrator. An example of a NIDS is
installing it on the subnet where firewalls are located in order to see if
someone is trying to crack the firewall.
Host Intrusion Detection System
(HIDS)
• Host intrusion detection systems (HIDS) run on independent hosts or
devices on the network.
• A HIDS monitors the incoming and outgoing packets from the device
only and will alert the administrator if suspicious or malicious activity is
detected.
• It takes a snapshot of existing system files and compares it with the
previous snapshot.
• If the analytical system files were edited or deleted, an alert is sent to
the administrator to investigate. An example of HIDS usage can be seen
on mission-critical machines, which are not expected to change their
layout.
honeypot
• In network security, a honeypot is a decoy system or application
designed to attract and capture malicious activity, allowing security
teams to observe and analyze attacker behavior and techniques
without risking real systems.
• Purpose:
• Honeypots act as a "trap" for attackers, mimicking legitimate systems
or applications with vulnerabilities or sensitive data.
Email Security
• SMTP
• PGP
• MIME
Simple Mail Transfer Protocol
(SMTP)
• The Simple Mail Transfer Protocol (SMTP) is a technical standard for
transmitting electronic mail (email) over a network.
• Like other networking protocols, SMTP allows computers and servers
to exchange data regardless of their underlying hardware or software.
• Simple Mail Transfer mechanism (SMTP) is a mechanism for
exchanging email messages between servers.
• It is an essential component of the email communication process and
operates at the application layer of the TCP/IP protocol stack.
• SMTP is a protocol for transmitting and receiving email messages
• SMTP is an application layer protocol.
• The client who wants to send the mail opens a TCP connection to the
SMTP server and then sends the mail across the connection.
• The SMTP server is an always-on listening mode. As soon as it listens
for a TCP connection from any client, the SMTP process initiates a
connection through port 25.
• After successfully establishing a TCP connection the client process
sends the mail instantly.
How does SMTP Work?
• Communication between the sender and the receiver: The sender’s user agent prepares the
message and sends it to the MTA. The MTA’s responsibility is to transfer the mail across the
network to the receiver’s MTA. To send mail, a system must have a client MTA, and to receive
mail, a system must have a server MTA.
• Sending Emails: Mail is sent by a series of request and response messages between the
client and the server. The message which is sent across consists of a header and a body. A
null line is used to terminate the mail header and everything after the null line is considered
the body of the message, which is a sequence of ASCII characters. The message body
contains the actual information read by the receipt.
• Receiving Emails: The user agent on the server-side checks the mailboxes at a particular time
of intervals. If any information is received, it informs the user about the mail. When the user
tries to read the mail it displays a list of emails with a short description of each mail in the
mailbox. By selecting any of the mail users can view its contents on the terminal.
PGP (Pretty Good Privacy)
• PGP (Pretty Good Privacy) is a protocol primarily used for encrypting
and decrypting emails and files, as well as authenticating messages
with digital signatures, ensuring secure communication.
• Pretty Good Privacy (PGP) is an encryption software designed to
ensure the confidentiality, integrity, and authenticity of virtual
communications and information. It is considered as one of the best
methods for securing digital facts.
The following are the services
offered by PGP:
• 1. Authentication
• 2. Confidentiality
• 3. Email Compatibility
• 4. Segmentation
Authentication in PGP
• At the Sender’s End:
• A hash function (SHA-1) generates a 160-bit hash value of the message.
• This hash is encrypted with the sender’s private key (KPa), creating a digital
signature.
• The message is appended to the signature, compressed, and sent to the receiver.
• At the Receiver’s End:
• The message is decompressed, and the signature is decrypted using the sender’s
public key (PUa) to retrieve the hash.
• The message is hashed again using the same function.
• If both hash values match, the message is verified as authentic and unaltered. If not,
the message is likely tampered with or from an untrusted source.
Confidentiality in PGP

• The message is compressed and encrypted using a random session key

(Ks) with symmetric encryption (CAST-128, IDEA, or 3DES).
• The session key (Ks) is then encrypted using the receiver’s public key
(PUb) with RSA encryption.
• The encrypted message and encrypted session key are sent together to the
receiver.
• At the Receiver’s End:
• The session key is decrypted using the receiver’s private key (KPb).
• The message is decrypted using the retrieved session key.
• Finally, the message is decompressed to restore the original content.
Multipurpose Internet Mail
Extension (MIME) Protocol
• Multipurpose Internet Mail Extension (MIME) is a standard that was
proposed by Bell Communications in 1991 in order to expand the
limited capabilities of email.
• MIME is a kind of add-on or a supplementary protocol that allows
non-ASCII data to be sent through SMTP.
• It allows the users to exchange different kinds of data files on the
Internet: audio, video, images, application programs as well.
• Purpose and Functionality of MIME –
Growing demand for Email Messages as people also want to express themselves in terms
of Multimedia. So, MIME another email application is introduced as it is not restricted to
textual data.
• MIME transforms non-ASCII data at the sender side to NVT 7-bit data and delivers it to the
client SMTP. The message on the receiver side is transferred back to the original data. As
well as we can send video and audio data using MIME as it transfers them also in 7-bit
ASCII data.
• Features of MIME –
• It is able to send multiple attachments with a single message.
• Unlimited message length.
• Binary attachments (executables, images, audio, or video files) may be divided if needed.
• MIME provided support for varying content types and multi-part messages.
Cybercrime
• Cybercrime encompasses any criminal activity carried out using a
computer, network, or other digital devices, including hacking, data
theft, and online fraud.
• These crimes involve the use of technology to commit fraud, identity
theft, data breaches, computer viruses, scams, and expanded upon in
other malicious acts.
• Cybercrime is a broad term encompassing a wide range of illegal
activities that exploit technology.
• Hacking: Unauthorized access to computer systems or networks.
• Data theft: Stealing sensitive information, such as personal data or financial records.
• Malware attacks: Using malicious software (like viruses, worms, or ransomware) to
damage or disrupt systems.
• Phishing: Deceiving individuals into revealing sensitive information through fraudulent
emails or websites.
• Identity theft: Stealing someone's personal information to impersonate them.
• Cyber extortion: Threatening individuals or organizations with harm if they don't
comply with demands.
• Cyberbullying: Harassing or threatening others online.
• Cyber Espionage: Stealing confidential information and intellectual property from
competitors or government entities
Cyber Hacking
• Hacking in cyber security refers to the misuse of devices like
computers, smartphones, tablets, and networks to cause damage to
or corrupt systems, gather information on users, steal data and
documents, or disrupt data-related activity.
• Types
• White Hat: hackers with owners permission.
• Black Hat: hackers without owners permission with malicious intent.
• Gray Hat: hackers without owners permission without malicious
intent
Digital forgery
• Digital forgery in cybercrime refers to the act of manipulating or
creating fraudulent digital content (like images, videos, or documents)
with the intent to deceive or mislead, often for financial or other
malicious gains.
• Definition:
• Digital forgery involves using digital tools and techniques to create or
alter digital content to appear genuine or authentic when it is not.
• This can include modifying images or videos, adding or removing
elements, or creating entirely fake documents.
Cyberstalking
• Cyberstalking is a crime that involves using digital technology to harass or stalk
someone. It can include threatening, intimidating, or controlling a victim.
• Examples of cyberstalking
• Sending unwanted emails, texts, or messages
• Tracking someone's computer or internet use
• Using GPS to track someone's location
• Hacking into someone's online accounts
• Posting false or damaging information about someone
• Manipulating search engines to make damaging material about someone
more prominent
Identity theft
• Identity theft, a serious form of cybercrime, occurs when someone uses another
person's personal information without their permission to commit fraud or other
crimes, often involving financial gain.
• Identity theft happens when a criminal steals someone else's personal information (like
name, Social Security number, bank account details, etc.) and uses it to open accounts,
make purchases, or commit other fraudulent activities in the victim's name.
• Types of Identity Theft:
• Financial Identity Theft: Using stolen information to open credit cards, bank accounts,
or take out loans in the victim's name.
• Medical Identity Theft: Using stolen information to obtain medical services or
treatments in the victim's name.
• Synthetic Identity Theft: Creating a fake identity by combining real and fake
information, often to obtain credit or other benefits.
Cyber terrorism
• Cyber terrorism is a type of crime that involves using electronic media
to disrupt computer systems and cause panic or alarm. It can also
involve spying, theft, or creating a public nuisance.
• Cyber terrorists use a variety of methods, including phishing,
ransomware, and identity theft
• They may use emails, instant messages, or text messages to spread
malware that collects personal information or damages systems
• They may use ransomware to extort money from victims, or to disrupt
services and cause chaos
• They may use cyber-attacks to physically damage critical infrastructures
OS fingerprinting
• In cybersecurity, OS fingerprinting is a technique used to identify the
operating system (OS) running on a remote computer by analyzing
network traffic or responses to specific probes, allowing attackers or
security professionals to assess vulnerabilities and tailor attacks or
defenses.
• OS fingerprinting, also known as OS detection, is the process of
identifying the type and version of an operating system running on a
remote device by analyzing its network behavior.
• This information is crucial for understanding potential vulnerabilities
and tailoring attacks or defenses.
Types of OS Fingerprinting:
1 . Active OS Fingerprinting:
• Involves sending specially crafted packets to the target system and
analyzing the responses to determine the OS.
• How it works: This method involves sending various packets with
different settings and analyzing the responses to identify the OS's
TCP/IP stack characteristics.
• Examples: Nmap is a popular tool used for active OS fingerprinting.
2.Passive OS Fingerprinting:
• Involves passively monitoring network traffic to identify OS
characteristics without sending any packets to the target.
• How it works: This method analyzes existing network traffic for
deviations in TCP/IP stack implementations.
• Examples: Tools like pof are used for passive OS fingerprinting.
Cyber law
• Cyber law is all about the rules that help to keep things safe and secure on
the internet and computers.
• This includes making sure that what you create (like writing or music),
agreements you make, and your private information are protected online.
• Cyberlaw also makes sure people have the freedom to express themselves
safely on the internet.
• As technology grows, cyber laws become more important to protect our
rights, privacy, and security.
• These laws aim to stop cybercrimes such as hacking, fraud, and data theft. In
this article, we will get to know about cybercrime, cyber law related to it,
types of cyber law, Cyber law in INDIA and International Cyber Law
 Types of Cyber Laws
Type of Cyber Law
Data Protection Laws
Cybercrime Laws
Intellectual Property Laws
Privacy Laws
Electronic Transactions Laws
Description
Laws that regulate the collection, storage, and
use of personal data to ensure individuals'
privacy rights are protected.
Laws that define criminal offenses related to
cyber activities, such as hacking, identity theft,
cyberbullying, and online fraud.
Laws that protect digital creations, including
patents, copyrights, trademarks, and trade
secrets, from unauthorized use or
reproduction.
Laws that govern the right to privacy and
confidentiality of personal information,
including regulations on surveillance, data
breaches, and online tracking.
Laws that establish legal requirements and
standards for electronic transactions, including
electronic signatures, contracts, and records.
Catogory of Cyber Laws
• Individual
• Government
• Property