Vous êtes sur la page 1sur 189

CYBER SECURITY BOOK

Table of Contents
INTRODUCTION TO CYBER SECURITY .................................................................................. 5
Objectives:- .................................................................................................................................. 5
1.1 DEFINITION OF CYBER SECURITY ................................................................................ 5
1.2 LAYERED APPROACH TO CYBER SECURITY......................................................... 8
Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) - ......................... 10
PASSWORDS ................................................................................................................................ 12
Objective:- .................................................................................................................................. 12
2.1 DEFINITION OF PASSWORD .......................................................................................... 12
2.3 TYPES OF PASSWORD ATTACKS ................................................................................ 13
2.4 NEED FOR STRONG PASSWORDS ................................................................................ 13
2.5 USE OF SYSTEM PASSWORDS AND BIOS PASSWORDS ........................................ 14
2.6 TYPES OF PASSWORDS .................................................................................................. 15
2.7 SETTING UP STRONG PASSWORDS ........................................................................ 19
➢ Keep your passwords secrete ............................................................................................. 21
CYBER CRIME ............................................................................................................................. 22
Objectives:- ................................................................................................................................ 22
3.1 DEFINITION OF CYBER CRIME .................................................................................... 22
3.2 TYPES OF CYBER CRIMES ............................................................................................ 23
3.3 CATEGORIES OF CYBER CRIME ................................................................................... 30
3.4 ONLINE BANKING .......................................................................................................... 31
UNIT 4 ....................................................................................................................................... 34
Objectives:- ............................................................................................................................ 34
4.1 DEFINITION OF CYBER LAWS ................................................................................. 34
4.2 EVOLUTION OF CYBER LAWS IN INDIA ............................................................... 35
4.3 JURISDICTION OF IT-ACT .......................................................................................... 36
4.4 PENALTIES UNDER IT–ACT ....................................................................................... 37
4.5 IMPORTANT SECTIONS OF IT-ACT .......................................................................... 37
WEB BROWSER SECURITY ...................................................................................................... 43
Objectives:- ................................................................................................................................ 43
5.2 SECURITY FEATURES OF DIFFERENT BROWSERS ................................................. 45

Page 1
CYBER SECURITY BOOK

5.3 BROWSERS ADD-ONS ..................................................................................................... 60


5.4 BACKUPS OF DIFFERENT BROWSERS ................................................................... 66
EMAIL SECURITY ...................................................................................................................... 67
Objectives: - ............................................................................................................................... 67
6.1 DEFINITION OF AN E-MAIL .......................................................................................... 68
6.2 UNDERSTANDING HOW E-MAIL WORKS .................................................................. 69
6.3 TYPES OF EMAIL ......................................................................................................... 70
6.4 EMAIL SECURITY ........................................................................................................ 71
FIREWALL AND UNIFIED THREAT MANAGEMENT .......................................................... 73
Objectives:- ................................................................................................................................ 73
7.1 DEFINITION OF FIREWALL............................................................................................ 74
7.2 TYPES OF FIREWALL ...................................................................................................... 74
PHYSICAL SECURITY................................................................................................................ 82
Objectives: - ............................................................................................................................... 82
8.1 UNDERSTANDING PHYSICAL SECURITY ................................................................. 82
8.2 NEED FOR PHYSICAL SECURITY ............................................................................ 83
8.3 PHYSICAL SECURITY EQUIPMENTS ...................................................................... 83
(1) FINGERPRINT BIOMETRICS ....................................................................................... 86
(2) IRIS BIOMETRICS ......................................................................................................... 88
(3) RETINA BIOMETRICS .................................................................................................. 89
(4) FACE BIOMETRICS ...................................................................................................... 91
(5) SECURITY TOKEN ........................................................................................................ 93
(6) Smart Card ................................................................................................................... 94
8.4 OTHER ELEMENTS OF PHYSICAL SECURITY ........................................................... 95
MOBILE SECURITY .................................................................................................................... 96
9.1 DIFFERENT MOBILE PLATFORMS ............................................................................... 97
9.2 OPERATING SYSTEMS USED FOR MOBILE ............................................................... 99
9.3 APPLICATIONS OF MOBILE SECURITY .................................................................... 104
9.4 ENCRYPTION FOR MOBILE ......................................................................................... 105
9.5 MOBILE COMMUNICATION TECHNOLOGY ............................................................ 106
9.6 PREVENTING MOBILE RELATED CRIMES ............................................................... 108

Page 2
CYBER SECURITY BOOK

Check Point Software Rises to Mobile Security Challenge ................................................. 109


CRYPTOGRAPHY ..................................................................................................................... 111
Objectives: - ............................................................................................................................. 111
10.1 UNDERSTANDING of CRYPTOGRAPHY .................................................................. 111
10.2 GOAL OF CRYPTOGRAPHY ....................................................................................... 112
10.3 METHODS OF CRYTOGRAPHY ................................................................................. 113
10.4 TYPES OF CRYPTOGRAPHY ...................................................................................... 116
10.5 HASH FUNCTION IN CRYPTOGRAPHY ................................................................ 119
10.6 DIGITAL SIGNATURE IN CRYPTOGRAPHY ........................................................... 121
10.7 DIGITAL CERTIFICATE ............................................................................................... 123
ETHICAL HACKING ................................................................................................................. 125
11.1 CONCEPT OF ETHICAL HACKING ............................................................................ 125
11.2 STEPS OF ETHICAL HACKING .................................................................................. 126
11.3 GOOGLE HACKING ..................................................................................................... 129
MALWARES ............................................................................................................................... 134
12.1 COMPUTER VIRUSES .................................................................................................. 134
12.2 WORMS........................................................................................................................... 139
12.3 TROJANS OR TROJAN HORSE .................................................................................. 142
12.4 MALWARE .................................................................................................................... 144
12.5 SPYWARE..................................................................................................................... 145
12.6 ADWARE ........................................................................................................................ 148
UNIT – 13 ISO 27001 .................................................................................................................. 150
Objectives: - ............................................................................................................................. 150
13.1 INTRODUCTION OF ISO 27001 ................................................................................... 150
13.2 GENERAL REQUIREMENTS FOR ISO STANDRADIZATION ................................ 151
13.3 ESTABLISHING AND MANAGING ISMS – ............................................................... 153
13.4 MONITOR AND REVIEW ISMS .................................................................................. 154
❖ CASE STUDY ON ISO 27001:2013 - CALLIGO ACHIEVES THE LATEST ISO
27001:2013 GLOBAL SECURITY CERTIFICATION ..................................................... 155
INCIDENT RESPONSE AND COMPUTER FORENSICS ....................................................... 156
14.1 COMPUTER EMERGENCYRESPONSE TEAM .......................................................... 156

Page 3
CYBER SECURITY BOOK

14.2 ROLE OF COMPUTER EMERGENCY RESPONSE TEAM ....................................... 156


14.3 GOALS OF CERT ........................................................................................................... 157
14.4 INCIDENT RESPONSE AND ITS GOALS ................................................................... 157
14.5 INTRODUCTION OF COMPUTER FORENSICS ........................................................ 158
14.6 TYPES AND IMPORTANCE OF COMPUTER FORENSICS ..................................... 158
14.7 ROLE OF COMPUTER FORENSICS INVESTIGATOR ............................................ 159
14.8 INTRODUCTION AND IMPORTANCE OF EVIDENCE ............................................ 162
14.9 LIFE CYCLE OF COMPUTER EVIDENCE ................................................................. 162
PROTECTION OF INFORMATION ASSETS BC/DR PLANNING & DEVELOPMENT ..... 166
15.1 NEED FOR BCDR ......................................................................................................... 167
15.2 TYPES OF DISASTER .................................................................................................. 168
VIRTUALIZATION .................................................................................................................... 177
Objectives:- .............................................................................................................................. 177
16.1 BASIC CONCEPT OF VIRTUALIZATION ................................................................. 177
16.2 DATA CENTER VIRTUALIZATION ........................................................................... 181
16.3 DESKTOP VIRTUALIZATION ..................................................................................... 182
16.4 SERVER VIRTUALIZATION....................................................................................... 183
16.5 LOAD BALANCING WITH VIRTUALIZATION ....................................................... 183
CLOUD COMPUTING ............................................................................................................... 184
Objectives:- .............................................................................................................................. 185
17.1 DEFINITION OF CLOUD ............................................................................................. 185
17.2 CLOUD ARCHITECTURE ........................................................................................... 185
17.3 ADVANTAGES OF CLOUD COMPUTING ................................................................ 186
17.4 TYPES OF CLOUDS ..................................................................................................... 187
17.5 CLOUD SERVICES ........................................................................................................ 187
* * * ................................................................................................................................. 189

Page 4
CYBER SECURITY BOOK

UNIT 1

INTRODUCTION TO CYBER SECURITY

Objectives:-
1.1 Definition of Cyber Security
1.2 Layered Approach to Cyber Security

1.1 DEFINITION OF CYBER SECURITY

Cyberspace is an interactive domain made up of digital networks that is used to store, modify and
communicate information. It includes the internet, but also the other information systems that
support our businesses, infrastructure and services.1

Cyber security is a branch of computer technology also known as Information Security as it is


applied to computers and networks.

Objective of cyber security is protection of sensitive and valuable information and services from
unauthorized access, hacking or natural disaster while allowing it to remain accessible and
productive to its intended users while maintaining Confidentiality, Integrity & Availability (CIA).

Cyber Security is the process of preventing and detecting unauthorized use of your computer and
network. Preventive measures help you to put barriers for unauthorized users also known as
―intruders‖ from accessing any part of your computer system. Cyber security helps you to
determine whether or not someone attempted to break into your system, if they were successful,
and what they may have done and what may be the further security.

1
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/73128/12-1120-10-steps-to-
cybersecurity-executive.pdf
2
https://www.google.co.in/search?q=cyber+security+images-cyber-security-month.html%3B1297%3B1480
In today's highly digitalized world, almost everyone is affected by computers and technology.

Page 5
CYBER SECURITY BOOK

▪ Everybody (from age 6 to 60) is using Computers.


▪ New generation is growing up with computers.
▪ We use emails, cell phones and SMS messages for communication.
▪ Most of the bank transactions are depending upon technology.
▪ With the dematerialization of shares almost all share transactions are in Demat form.
▪ Conventional crimes like Forgery, extortion, kidnapping etc are being committed with the
help of computers.
▪ All companies extensively depend upon their computer networks and keepingtheir
valuable data in electronic form.
▪ Government forms including income tax returns, company law forms, Director
Identification Number, etc. are now filled in electronic form.

So we use computers for everything from banking and investing to shopping and communicating
with others through email or chat programs. Although you may not consider your communications
top secret, you probably do not want strangers reading your email, using your computer to attack
other systems, sending forged email from your computer, or examining personal information stored
on your computer such as financial statements.

Computer crime can be defined as – Any unlawful activity, where ―cyberspace‖ is used as a tool
or target or both.

Term cyberspace today signifies everything related or connected to computers – desktops, laptops,
PDA‗s, cell phones, smart phones, the internet, networks, data, electronic communication,
software hardware, data storage devices (like hard disks, pen drives, CD-ROM), ATM machines,
data servers, and even cloud servers.

Cyber world is vulnerable because of lack of user awareness; usually victims are inexperienced,
unskilled people, they might be business rivals or professional hacker.Intruders also referred to as
hackers, attackers, or crackers may not care about your identity. Often they want to gain control of
your computer so they can use it to launch attacks on other computer systems.

Having control of your computer gives them the ability to hide their true location as they launch
attacks; often against high-profile computer systems such as government or financial systems. Even
if you have a computer connected to the Internet only to play the latest games or to sendemail to
friends and family, your computer may be a target. Intruders may be able to watch all your actions
on the computer, or cause damage to your computer by reformatting your hard drive or changing
your data.
Intruders are always discovering new vulnerabilities informally called "security loopholes" to
exploit in computer software. The complexity of software makes it increasingly difficult to
thoroughly test the security of computer systems. When loopholes are discovered, computer
vendors will usually develop patches to address the problem. However, it is up to you, the users,

Page 6
CYBER SECURITY BOOK

to obtain and install the patches, or correctly configure the IT Infra/software to operate more
securely.

Application/OS developers always keep a backdoors for themselves to make necessary changes
through patches/hot fixes for the bugs found. Hence it is user‘s responsibility to customize the
security settings according to their nature of business or confidentiality required.

Examples include chat programs that let outsiders execute commands on your computer or web
browsers that could allow someone to place harmful programs on your computer that run when
you click on them.

Now it seems that everything relies on computers and the Internet now — communication (email,
cell phones), entertainment (digital cable, mp3s), transportation (car engine systems, airplane
navigation), shopping (online stores, credit cards), medicine (equipment, medical records), and the
list goes on. How much of your daily life relies on computers? How much of your personal
information is stored either on your own computer or on someone else's system? Cyber security
involves protecting that information by preventing, detecting, and responding to attacks.

Page 7
CYBER SECURITY BOOK

1.2 LAYERED APPROACH TO CYBER SECURITY


Computers have become part of almost every aspect of our daily lives. Hackers and Cyber criminals
are launching cyber-attacks more frequently and sophisticatedly. The traditional approach to
security — namely a firewall combined with an anti-virus — is insufficient of you from today‗s
advanced threats. You can, however, erect a formidable defense by implementing security using a
layered approach. By selectively installing security measures on five levels within your network
environment, you can adequately protect your digital assets and greatly reduce your exposure to
catastrophic threats.

Layered-security approach is about maintaining appropriate security measures and procedures at


five different levels within your IT environment.

(1) Perimeter

(2) Network

(3) Host

(4) Application

(5) Data

3
http://hackmageddon.com/category/security/cyber-attacks-statistics/

Page 8
CYBER SECURITY BOOK

SECURITY LEVEL APPLICABLE SECURITY MEASURES

Perimeter ▪ Firewall
▪ Network-based anti-virus
▪ VPN encryption

Network ▪ Intrusion detection /prevention


system (IDS/IPS)
▪ Vulnerability management system
▪ Network access control
▪ Access control /user authentication

▪ Hardware Component
▪ OS Security
▪ Host IDS
▪ Host vulnerability assessment (VA)
▪ Network access control
▪ Anti-virus
▪ Access control/user authentication

Application ▪ Application shield


▪ Access control/user authentication
▪ Input validation

Data ▪ Encryption
▪ Access control/user authentication

➢ PERIMETER –

Perimeter is the first line of defense from outside, un-trusted networks. Un-trusted network allow
data to be transferred transparently. The machines using a trusted network are usually administered
by an Administrator to ensure that private and secured data is not leaked. Access to this network is
limited. Computers using trusted networks are more secured and confidential because of strong
firewalls. Perimeter acts as the first and last point of contact for security defense protecting the
network. It is the area where your network ends and the Internet begins. Perimeter consists of one
or more firewalls and a set of strictly controlled servers located in a portion of the perimeter referred
to as Demilitarized Zone (DMZ).

Demilitarize Zone (DMZ): typically contains Web servers, email gateways, network antivirus,
and DNS servers that must be exposed to the Internet. Firewall has strict rules about what can enter

Page 9
CYBER SECURITY BOOK

inside the network as well as rules about how servers in the DMZ can interact with the Internet and
the inside network.

Network perimeter, in short, is your gateway to the internet. A compromised network perimeter
can cripple your ability to conduct business. For example, if your organization relies on your Web
servers for revenue generation and those servers have been hacked and are off-line, you lose money
for every minute they are down.

➢ NETWORK

Network level of the layered-security model refers to your internal LAN and WAN. Your internal
network may include desktops and servers. Most networks today are fairly open behind the
perimeter; once inside, you can travel across the network unimpeded. This is especially true for
most small to medium size organizations, which makes them tempting targets for cyber criminals.

Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) -


Vulnerability management technologies perform sophisticated analyses on network threats and
vulnerabilities. Where your firewall allows or disallows traffic based on its ultimate destination,
IPS and IDS tools conduct a much deeper analysis and, therefore provide a higher level of
protection. With these advanced technologies, attacks embedded in legitimate network traffic
which can get through a firewall, will be identified and potentially terminated before damage
occurs.

➢ HOST

In the layered-security model, the host level pertains to the individual devices, such as servers,
desktops, switches, routers, etc., on the network. Each device has a number of configurable
parameters that, when set inappropriately, can create exploitable security holes. These parameters
include registry settings, services (applications) operating on the device or patches to the operating
system or important applications. The host-based technologies provide excellent protection
because they are configured to meet the specific operational characteristics of a single device. Their
accuracy and responsiveness to the host environment allow administrators to quickly identify
which device settings require updating to ensure secure operation.

➢ APPLICATION

In Application level security, secure development of application has got lot of importance. Poorly
developed applications can provide easy access to confidential data and records resulting into
breach of Confidentiality, Integrity & Availability (CIA). Most of the times, security is not taken
as the agenda while requirement gathering phase of Software Development. Due to this lack of
knowledge on secured, applications are poorly developed containing various vulnerabilities.

Page 10
CYBER SECURITY BOOK

Especially in case of web-based applications, which are being placed on the Web for access by
customers, partners or even remote employees, it is important to impose a comprehensive security
strategy for each web-based application as such security is mandatory from respective compliances
like Data Privacy Act, PCI DSS etc.

➢ DATA

Data level security majorly can be categorized by two methods:

a. Data classification Policy

b. Data Security Procedure i.e. Authentication & encryption.

In Data classification Policy, any data which is accepted as an input, processed given as output or
even stored must be classified. Compliances like Data Protection Act and/or Data Privacy Act, PCI
DSS standard mandate this classification. Hence at Policy level, data classification shall be defined.
Organization has to define the sensitivity of their data.

Depending upon the classification level access shall be assigned based on role based access or dual
authentication mechanism shall be applied. If the data classified is highly sensitive or comes under
any kind of regulatory compliance or standard, it shall be encrypted with an appropriate level of
encryption.

Page 11
CYBER SECURITY BOOK

UNIT 2

PASSWORDS

Objective:-
2.1 Definition of password
2.2 Password storing methods
2.3 Types of passwords attacks
2.4 Need for strong password
2.5 Usage of system password and BIOS password
2.6 Types of passwords
2.7 Setting up strong passwords

2.1 DEFINITION OF PASSWORD

Password is a secret word or string of characters, numbers, special characters etc. that is used for
authentication, to prove identity or gain access to a resource. It is a secret combination of
characters, numbers & special characters that enables a user to access a file, computer, or program.
Password is used to identify the user and authenticate them to process the desired input. Password
helps to ensure that unauthorized users do not access the computeror computer network or
computer resource. In addition, data files and programs may require a password.

2.2 PASSWORD STORING METHODSIN DIFFERENT OS:


In Windows, passwords are stored at C:\Windows\System32\Configdirectory but that file is read
only and is used by the operating system so a normal user cannot access it, rename it or change it
in anyway while using windows. There is a backup copy stored in windows at
C:\Windows\System32\repair\ directory which can be copied easily. In Windows, passwords

Page 12
CYBER SECURITY NOTES

are stored using NTLMv2, but they can support all types of authentication protocols like LM,
NTLM, NTLMv2 and Kerberos.

System Accounts Manager (SAM File) is saved as a registry file in windows and stores password
in hashed format. As we know that hash is generated through one way function, so this provides
some level of security for storing passwords.

In Linux, passwords are stored in encrypted format in the file called as ``/etc/passwd''.

2.3 TYPES OF PASSWORD ATTACKS


• Dictionary Attack:
In Dictionary attack, attacker tries to use the entire password prewritten in separate files called the
dictionary (which contains common passwords used by people and English dictionary words). It
is a fast way of cracking password but its disadvantage is that the success rate is very poor.

• Brute Force Attack:


Here an attacker try use all the permutations and combinations possible by a set of character sets
like 0-9, A-Z, a-z and symbols. Advantage of using brute force attack is that it can have 100%
success rate, however, in case of a long password, it will become so slow that it will be almost not
feasible.

• Hybrid Attack:
An attacker uses the combination of the previous two methods or any other. Hybrid Attack also
involves pre-computed rainbow tables which increase the speed of cracking password. These
rainbow tables are generated by using all the character sets, which also increases the success rate.

2.4 NEED FOR STRONG PASSWORDS


Passwords are vital component of system security i.e. identification & authentication of a user.
Password cracking is the process of figuring out or breaking passwords in order to gain
unauthorized entrance to a system or account. It is much easier than most users would think.
Another easy way to steal password is through social engineering i.e. through imitating as an IT
engineer and asking over the phone. Many users create passwords that can be guessed by learning
a minimal amount of information about the person whose password is being sought.

In order to protect our data, it is important that you should have a strong/complete password policy
in effect. They are the front line of protection for user accounts; it has been proven that computer
hackers are able to guess or gather passwords to accounts, which can enable them to compromise
most systems.

Strong Password Policies:

Page 13
CYBER SECURITY NOTES

▪ Users should their change their default password allotted by the administrator, on their first
log-in.
▪ The password should be alphanumeric. The password should be a combination of upper
and lower case letters, special characters and numbers (0-9,!@#$ %^&*()_+|~-
=\`{}[]:";'<>?,./)
▪ The complexity of the password should vary with the level of information that it is used
to protect.
▪ The length of the password should be minimum eight (8) characters. It should not be any
word from the dictionary or formed in any known pattern like a1b2 etc.
▪ The password should be changed every 30 days.
▪ The password should not be disclosed to any other person either over the phone, mail or
any other medium.
▪ The ―remember password‖ feature present in applications and browsers should not be
used.
▪ As good practice passwords for official mail account and non-official mail personal
accounts should be different.

Hence user can enhance the security of host, network, and data by setting strong password policies.
Improve security of your computer by creating strong passwords and reducing your risk from
online predators, email hoaxes. Strong password is important protection while doing online
transactions.

Your passwords are the keys you use to access personal information that you've stored on your
computer and in your online accounts. If criminals or other malicious users steal this password of
yours, they can use your name to open new credit card accounts, apply for a mortgage, or pose as
you in online transactions by using your identity through your password. In many cases you may
not notice these attacks until it was too late. It is not hard to keep a strong password. Strong
Passwords help in protecting your personal information from getting, either by access or
disclosure, to the wrong doers. Other pieces are general user education, good physical security,
plugging network holes, and installing strong firewalls. These provide much more global
protection in the controlled corporate environment than passwords alone, but in areas where the
only method of control users have is a PIN or password, the best thing we can do is be aware of
security risks and keep up with their password controls.

2.5 USE OF SYSTEM PASSWORDS AND BIOS PASSWORDS


Password is a protected word or string of characters which serves as identification & authentication
for a user. Passwords are used to control access & to protect computer operating systems, mobile
phones, cable TV decoders, automated teller machines (ATMs), etc. A typical computer user may
require passwords for many purposes: logging in to computer accounts, retrieving email from

Page 14
CYBER SECURITY NOTES

servers, accessing files, databases, networks, web sites, and even reading the morning newspaper
online.

2.6 TYPES OF PASSWORDS


1. BIOS Password

2. System Password

(i) Administrator password

(ii) User password

1. Basic Input / Output System (BIOS) Password:

BIOS is an acronym for basic input/output system. Computers BIOS is the first program that is
runs when computer starts. You can tell the BIOS to ask for a password when it starts, thus
restricting access to your computer.

A computer‗s Basic Input-Output System (BIOS) is embedded software on a motherboard that


will control attached hardware. It provides an operating system with information about hardware,
and is designed to support a specific range of components. The BIOS itself is typically an
EEPROM, or Electronically Erasable Programmable Read-Only Memory, that is programmed
with ―firmware and has the ability to save small amounts of information specific to user
configurations.

BIOS is also called Complementary Metal Oxide Semiconductor (CMOS) setup. When PC is
powering up it immediately initiate execution of the BIOS utility. For most systems, this is done
by pressing DEL key on the keyboard within the first 2 - 10 seconds of turning the computer on.
Other systems might use other keys such as F2, F10, CTRL & ENTER, etc. If you don't know the
keystroke sequence for entering the BIOS utility, watch the monitor to see if the computer displays
it. To clear the BIOS settings, look for an option to "Restore Defaults" or "Load FailSafe Defaults".
This may be on the main page of the BIOS utility or on the last page of a tabbed menu. Use the
arrow keys to navigate, and follow the on-screen instructions. When complete, save the settings
and exit the BIOS utility.
When you press DEL at the right time you'll see a menu screen something like the following screen:
-

Page 15
CYBER SECURITY NOTES

BIOS or CMOS setting screen

As you can see in the below diagram, two options that relate to passwords, Supervisor Password
and User Password, these relate to controlling access to the BIOS Setup Program and the Machine
Boot respectively.

Select USER PASSWORD and you'll be prompted to enter a password: You shallnow enter a
password of up to eight characters; most BIOS's are limited to eight characters unfortunately.
The BIOS will then prompt you to confirm the password, just type the same again.

Page 16
CYBER SECURITY NOTES

Now navigate back to the main menu and select SAVE & EXIT SETUP. Your machine will then
reboot and you'll be prompted to enter your password. Each and every time you boot you'll be
asked for password.

If you forget your BIOS password, refer back to your motherboard manual or if you don't have
one, refer back to the website of the BIOS manufacturer.

System passwords:

It includes –

(i) User Password

(ii) Administrator Password

(i) USER PASSWORD

They are the passwords assigned to the users on a single machine or a domain.

Different users can have different permissions, on the same objects depending upon the role they
play in the organization. Permissions may be granted to a single user or to users group.

How to Set User Password:

Step 1: Click the Windows 7 Start button, and then click the User Icon in the top right corner of
start menu.

Step 2: You will be brought to the User Accounts panel, just click the Manage another account
button to access User Accounts Control Settings.

Page 17
CYBER SECURITY NOTES

Step 3: In this screen, it shows all the accounts currently on your computer. To create a new
account, click on the Create a new account button.

Step 4: Right now, you are at the Create New Account on Windows screen. Enter name of the new
account you would like to use in the new account name box. As there are two types of Windows
user accounts and each provides the user with different levels of control over the computer. Thus,
you need to decide which type of accounts you would like to use.

Step 5: Your new account has been created and it will appear on the Manage Accounts screen.
Now the next step you should do is to create a password for the account.

(ii) ADMINISTRATOR PASSWORD:

Administrator password as the name suggests is assigned to the administrator of the machine who
has all the powers to make changes on the machine and privileges to assign different rights to
different users.

Note: - Setting the user and administrator password is mentioned as above in snapshots.

Windows passwords can be cracked by using the following tools: -

• Ophcrack Live CD and windows installer.


• ERD commander

Page 18
CYBER SECURITY NOTES

Cain & Abel


John the ripper

2.7 SETTING UP STRONG PASSWORDS


To an attacker, a strong password shall appear to be a random string of characters. The following
criteria can help your passwords do so:

(i) Make it lengthy: Each character that you add to your password increases the password
strength. Passwords should be minimum8 or more characters in length; 14 characters or longer is
ideal.

(ii) Use of Passphrase: A pass phrase is often easier to remember than a simple password, as
well as longer and harder to guess.

(iii) Constructing Strong Password: Combine letters, numbers, and symbols. The complex
characters that you have in your password, the harder it is to guess. Other important specifics
include:

Page 19
CYBER SECURITY NOTES

• The fewer types of characters in your password, the longer it must be. A 15-character
password composed only of random letters and numbers is about 33,000 times stronger
than an 8-character password composed of characters from the entire keyboard. If you
cannot create a password that contains symbols, you need to make it considerably longer
to get the same degree of protection. An ideal password combines both length and different
types of symbols.
• Use the entire keyboard, not just the most common characters. Symbols typed by holding
down the "Shift" key and typing a number are very common in passwords. Your password
will stronger if you choose from all the symbols on the keyboard, including punctuation
marks not on the upper row of the keyboard, and any symbols unique to your language.
• Use words and phrases that are easy for you to remember, but difficult for others to guess.
The easiest way to remember your passwords and pass phrases is to write them down.
Contrary to popular belief, there is nothing wrong with writing passwords down, but they
need to be adequately protected in order to remain secure and effective.

➢ Password strategies to avoid:


Some common methods used to create passwords are easy to guess by criminals. To avoid weak,
easy-to-guess passwords:

(i) Avoid sequences or repeated characters. "12345678," "222222," "abcdefg," or


adjacent letters on your keyboard do not help make secure passwords.
(ii) Avoid using only look-alike substitutions of numbers or symbols. Criminals and other
malicious users who know enough to try and crack your password will not be fooled by
common look-alike replacements, such as to replace an 'i' with a '1' or an 'a' with '@' as in
"M1cr0$0ft" or "P@ssw0rd". But these substitutions can be effective when combined with
other measures, such as length, misspellings, or variations in case, to improve the strength
of your password.

(iii) Avoid any part of your full name, birthday, car number plate, or similar information.
This is one of the first things criminals will try.

(iv) Avoid dictionary words in any language. Criminals use sophisticated tools that can
rapidly guess passwords that are based on words in multiple dictionaries, including words
spelled backwards, common misspellings, and substitutions. This includes all sorts of
profanity and any word you would not say in front of your children.

(v) Do not use common passwords for multiple applications in case of single sign on? If
any one of the computers or online systems using this password is compromised, all of
your other information protected by that password should be considered compromised as
well. It is critical to use different passwords for different systems.

Page 20
CYBER SECURITY NOTES

(vi) Be careful where you store the passwords that you record or write down. Do not leave
these records of your passwords anywhere that you would not leave the information that
they protect.

(vii) Never provide your password over e-mail or based on an e-mail request. Any e-mail
that requests your password or requests you to go to a web site to verify your password is
a fraud. This includes requests from a trusted company or individual. E-mail can be
intercepted in transit, and e-mail that requests information might not be from the sender it
claims. Internet "phishing" scams use fraudulent e-mail messages to entice you into
revealing your user names and passwords, steal your identity, and more.

➢ Keep your passwords secrete


(i) Don't reveal them to others. Keep your passwords secrete from friends or family
members especially children that could pass them on to other less trustworthy
individuals. Passwords that you need to share with others, such as the password to your
online banking account that you might share with your partner, are the only exceptions.

(ii) Change your passwords regularly at appropriate intervals. This can help keep criminals
and other malicious users unaware of password change frequency and increase
complexity. The strength of your password will help keep it good for a longer time. A
password that is shorter than 8 characters should be considered only good for a week
or so, while a password that is 14 characters or longer can be good for several years.

(iii) Do not carry out login attempts on unknown devices on computers that you do not control.
Computers such as those in Internet cafes, computer labs, shared systems, kiosk
systems, conferences, and airport lounges should be considered unsafe for any personal
use other than anonymous Internet browsing. Do not use these computers to check
online e-mail, chat rooms, bank balances, business mail, or any other account that
requires a user name and password. Criminals can purchase keystroke logging devices
for cheaper cost and they take only a few moments to install. These devices let
malicious users harvest all the information typed on a computer from across the
Internet—your passwords and pass phrases are worth as much as the information that
they protect.

Page 21
CYBER SECURITY NOTES

UNIT 3

CYBER CRIME

Objectives:-
3.1 Definition of Cyber Crime.
3.2 Types of Cyber Crimes
3.3 Categories of Cyber Crime
3.4 Online Banking

3.1 DEFINITION OF CYBER CRIME

“In a nutshell, we are shocked by cybercrime, but also expect to be shocked by it because we expect
it to be there, but - confusingly - we appear to be shocked if we are not shocked (if we don't find
it)!”David S. Wall1

Cybercrime is defined as a crime in which a computer is the subject or object of the crime (hacking,
phishing, spamming) or is used as a tool or target to commit an offence. Cybercriminals may use
computer technology to access personal information, business trade secrets, or use the Internet for
exploitive or malicious purposes. Criminals can also use computers for communication and
document or data storage. Criminals who perform these illegal activities are often referred to as
hackers.
2
Denial of Service (DoS) Attack is a cybercrime which can also be called a Computer Network
Attack (CNA) is an attack from one computer to another using a network deliberately to alter,
disrupt, deny, degrade, or destroy the data hosted in the attacked system or network. It is done by
producing a malicious code which is directed against a computer processing code or logic. These
attacks are made in a way to steal the relevant information without leaving back any traces of
intrusion.

Common types of cybercrime include identity theft, social engineering, online bank information
theft, use of automated scripts to execute/launch denial of service & unauthorized computer access.
More serious crimes like cyber terrorism, crimes against women etc are also of significant concern.

1
http://theindianschool.in
2
http://cybercrimeindia.org/cyber_attack.php

Page 22
CYBER SECURITY NOTES

3.2 TYPES OF CYBER CRIMES


➢ Password Related Crimes:

There are for types of Password Attacks:

A. Passive Online Attacks


B. Active Online Attacks
C. Offline Attack
D. Non-Electronic Attacks

A. Passive Online Attack: Passive attacks basically mean that the attacker is eavesdropping. It
is an attack which is the attacker listening in the communication. Some of the examples are
given below:-
(i) Wire Sniffing: -Attackers run packet sniffer tools on the local area network (LAN) to sniff
and record the raw network traffic. The captured data may include sensitive information
such as password and emails. Sniffed credentials are used to gain unauthorized access to
the target system.
(ii) Man-In-The-Middle: -In a MITM attack, the attacker acquires access to the
communication channels between victim and server to extract the information.

B. Active Online Attack: An active attack is an attack in which the attacker attempting to break
into the system. Some of the examples are given below:-
(i) Password Guessing: - The attacker takes a set of dictionary and names, and tries all the
possible combinations to crack the password.
(ii) Trojan: - With the help of a Trojan, an attacker gets access to the stored passwords in the
attacked computer and is able to read personal documents, delete the files and display
pictures.
(iii)Spyware: - Spyware is a type of malware that allows attackers to secretly gather
information about a person or organization.
(iv) Keylogger: - A keylogger is a program that runs in the background and allows remote
attackers to read every keystroke.

C. Offline Attack:
(i) Rainbow Attacks: - Convert huge word lists like dictionary files and brute force lists into
password hashes using techniques such as rainbow tables.

D. Non-Electronic Attacks:
(i) Shoulder Surfing: - In this attack, Attacker looking at either the user‘s keyboard or screen
while he/she is logging in.

Page 23
CYBER SECURITY NOTES

(ii) Social Engineering: - Convincing people to reveal the confidential information.


(iii)Dumpster Diving: - Searching for sensitive information at the user‘s trash-bins, printer
trash bins, and user desk for sticky notes.

➢ Email Related Crimes:

Emails have fast emerged as the world's most preferred form of communication. Billions of
email messages traverse the globe daily. Like any other form of communication, email is also
misused by criminals. The ease, speed and relative anonymity of email has made it a powerful
tool for criminals.

Some of the major email related crimes are:

i. Email spoofing
ii. Sending malicious codes through email
iii. Email bombing
iv. Sending threatening emails
v. Defamatory emails
vi. Email frauds

(i) Email Spoofing: - A spoofed email is one that appears to originate from one source but has
actually emerged from another source. Falsifying the name and / or email address of the
originator of the email usually does email spoofing.
(ii) Sending Malicious Code through Email: - Emails are often the fastest and easiest ways to
propagate malicious code over the Internet. The Love Bug virus, for instance, reached
millions of computers within 36 hours of its release from the Philippines thanks to email.
Hackers often bind Trojans, viruses, worms and other computer contaminants with egreeting
cards and then email them to persons. Such contaminants can also be bound with software
that appears to be an anti-virus patch.
(iii) Email Bombing: - Email bombing refers to sending a large amount of emails to the victim
resulting in the victim's email account (in case of an individual) or servers (in case of a
company or an email service provider) crashing. A simple way of achieving this would be to
subscribe the victim's email address to a large number of mailing lists. Mailing lists are
special interest groups that share and exchange information on a common topic of interest
with one another via email. Mailing lists are very popular and can generate a lot of daily
email traffic - depending upon the mailing list. Some generate only a few messages per day
others generate hundreds. If a person has been unknowingly subscribed to hundreds of
mailing lists, his incoming email traffic will be too large and his service provider will
probably delete his account.

Page 24
CYBER SECURITY NOTES

All that one has to do is compose a message, enter the email address of the victim multiple
times in the "To" field, and press the "Send" button many times. Writing the email address
25 times and pressing the "Send" button just 50 times (it will take less than a minute) will
send 1250 email messages to the victim! If a group of 10 people do this for an hour, the result
would be 750,000 emails! There are several scripts available to automate the process of email
bombing. These scripts send multiple emails from different email servers, which make it
very difficult, for the victim to protect himself.
(iv) Sending Threatening Messages Via Emails: - Email is a useful tool for technology savvy
criminals to hide their original identity. It becomes fairly easy for anyone with even a basic
knowledge of computers to become a blackmailer by threatening someone via e-mail.
(v) Email Frauds: - Email spoofing is very often used to commit financial crimes. It becomes
a simple thing not just to assume someone else's identity but also to hide one's own. The
person committing the crime understands that there is very little chance of his actually being
identified.

➢ Desktop Related Crimes:

(i) Desktop Forgery: - This is becoming increasingly common in corporate area. With
computer technology and desktop publishing programs, thieves copy official letterhead,
documents, passports, birth certificates, cash receipts for personal gain.
(ii) Data Theft: - Data theft is a growing problem in outside and inside the network with access
to technology such as desktop computers and USB flash drives, iPods and even memory
cards used in digital cameras. Some employees misuse the confidential data of the company
for their benefits when they leave the company, or while they are still in the company.

➢ Social Networking Sites Related Crimes:

A social network service is created to build online communities of people who share common
interests. They provide a variety of ways for users to interact, such as e-mail and instant messaging
services. Social networking has encouraged new ways to communicate and share information.
Such Web sites are used by millions of people every day.

The popularity of social networking sites has grown tremendously in the last few years. They help
people stay in touch. They help small businesses connect with other businesses and clients and
developed concept of ecommerce business through social networking websites. They give people
the chance to network with people, know their interest, design business strategy and plans to attract
customer of common interests and age groups.

However, with the growing popularity and mainstream use of these sites, there's also a dangerous
side. There have been many terrorists, hackers and scammers. People can create fake profiles i.e.
do identity theft and most recently, these sites have become an avenue for crimes.

Page 25
CYBER SECURITY NOTES

Some of the social networking sites crimes are given below:


(i) Crimes Resulting from Information gathered through Social Engineering/Identity
theft techniques
(ii) Pictures on Social Networking Sites Being Exploited
(iii) Cyber Bullying and Emotional Distress
(iv) Sex Crimes, Assault and Murder
(v) Child Pornography
(vi) Crime against Country/Government.

➢ Website Related Crimes:

Given below are some common website attacks:

(i) Cross Site Scripting (XSS): - XSS flaws occur whenever an application takes user supplied
data and sends it to a web browser without first validating or encoding that content. XSS
allows attackers to execute script in the victim's browser which can hijack user sessions,
deface web sites, possibly introduce worms, etc.
(ii) Website defacement: - It is an attack on a website that changes the visual appearance of the
site or a webpage. These are typically the work of system crackers, who break into a web
server and replace the hosted website with one of their own. Defacement is generally meant
as a kind of electronic graffiti, although recently it has become a means to spread messages
by politically motivated "cyber protesters" or hacktivists.
(iii) Website spoofing: - Website spoofing is the act of creating a website, as a hoax, with the
intention of misleading readers that the website has been created by a different person or
organization. Normally, the spoof website will adopt the design of the target website and
sometimes has a similar URL. A more sophisticated attack results in an attacker creating a
"shadow copy" of the World Wide Web by having all of the victim's traffic go through the
attacker's machine, causing the attacker to obtain the victim's sensitive information.
(iv) SQL Injection: - SQL injection is a very old approach but it's still popular among attackers.
This technique allows an attacker to retrieve crucial information from a Web server's
database. Depending on the application's security measures, the impact of this attack can vary
from basic information disclosure to remote code execution and total system compromise.
(v) Malicious File Execution: - Code vulnerable to remote file inclusion (RFI) allows attackers
to include hostile code and data, resulting in devastating attacks, such as total server
compromise. Malicious file execution attacks affect PHP, XML and any framework which
accepts filenames or files from users.

➢ Network Related Crimes:

Page 26
CYBER SECURITY NOTES

There are hundreds of types of network-based attacks that can damage an organization. The most
common forms include:

(i) Denial of Service Attack (DoS Attack) and Distributed Denial of Service Attack (DDoS
Attack):- These attacks are designed to cause an interruption or suspension of services of a
specific host/server by flooding it with large quantities of useless traffic or external
communication requests. When the DoS attack succeeds, the server is not able to answer
even to legitimate requests any more - this can be observed in numbers of ways: slow
response of the server, slow network performance, unavailability of software or web page,
inability to access data, website or other resources. Distributed Denial of Service Attack
(DDoS) occurs where multiple compromised or infected systems (botnet, collection of
compromised system) flood a particular host with traffic simultaneously.
(ii) 3Man-In-The-Middle Attack: - The attack is form of active monitoring or eavesdropping
on victim‘s connections and communication between victim hosts. This form of attack
includes as well interaction between both victim parties of the communication and the
attacker - this is achieved by attacker intercepting all part of the communication, changing
the content of it and sending back as legitimate replies. The both speaking parties are here
not aware of the attacker presence and believing the replies they get are legitimate. For this
attack to success the perpetrator must successfully impersonate at least one of the endpoints
- this can be the case if there are no protocols in place that would secure mutual authentication
or encryption during the communication process.
(iii) Passive Social Engineering- Network Sniffing (Packet sniffing):–It is a process of
capturing the data packets travelling in the network. Network sniffing can be used both by
IT Professionals to analyses and monitor the traffic for example in order to find unexpected
suspicious traffic, but as well by perpetrators to collect data send over clear text that is easily
readable with use of network sniffers (protocol analyzers). Best countermeasure against
sniffing is the use of encrypted communication between the hosts.
(iv) Session Hijacking Attack: - In Session Hijacking attack targeted as exploit of the valid
computer session in order to gain unauthorized access to information on a computer system.
The attack type is often referenced as cookie hijacking as during its progress the attacker uses
the stolen session cookie to gain access and authenticate to remote server by impersonating
legitimate user.
(v) Buffer Overflow Attack: - This type of attack the victim host is being provided with
traffic/data that is out of range of the processing specs of the victim host, protocols or
applications - overflowing the buffer and overwriting the adjacent memory.. One example
can be the mentioned Ping of Death attack - where malformed ICMP packet with size
exceeding the normal value can cause the buffer overflow.

3
http://www.symantec.com/connect/articles/security-11-part-3-various-types-network-attacks

Page 27
CYBER SECURITY NOTES

➢ Social Engineering Related Crimes:

4
Social engineering is the use of persuasion or deception to gain access to information systems.
The medium is usually a telephone or e-mail message. The attacker usually pretends to be a
director or manager in the company traveling on business with a deadline to get some important
data left on their network drive. They pressure the help desk to give them the toll-free number of
the RAS server to dial and sometimes get their password reset. The main purpose behind social
engineering is to place the human element in the network-breaching loop and use it as a weapon.
The human element has been referred to as the weakest link in network security.

Examples of social engineering:

1. Faked Email: The social engineer sends a message to one or more users in a domain that
"this is the system administrator and your password must be reset to user 123‖ for a
temporary period of time. The hacker then continuously monitors for the change and then
exploits the whole system.
2. Fictitious Competition: The social engineer manipulates a group of users to participate in
some fake competition for a jackpot prize, with the ultimate purpose of eventually
extracting confidential information about network and password security.
3. The Helpful Help Desk: The help desk gets a call from the social engineer impersonating
a user reporting a forgotten password. In many cases the help desk will change the user's
password over the phone. The hacker now has a legitimate user name and password to work
with. To avoid problems from the original user, the social engineer will then call the user
who was impersonated and say something like ―This is John from MIS department. We
had some problems with security today, so we have changed your password. Your new
password is ―JohnforU@123."

➢ Wi-Fi Network Related Crimes:

Wi-Fi Network Related Crimes are given below:


(i) Passive Attack: These attacks are not harmful to the networks; they take place for
information-gathering. A malicious user just listens to the all inbound and outbound traffic
of a wireless network. As we know, traffic contains packets, and each packet contains juicy
information such as packet sequence numbers, MAC address, and much more. The nature of
these attacks is silent, that is why they are hard to detect. Using this attack, a malicious
attacker can make an active attack to the wireless network. Sometimes malicious users use
packet-deciphering tools in order to steal information by decrypting the data from it.

4
http://www.drtomoconnor.com/3100/3100lect05.htm

Page 28
CYBER SECURITY NOTES

Deciphering packets in WEP is really easy, as WEP‘s security is very low and easily
breakable. Sometimes this technique is also called WAR DRIVING.
(ii) Active Attack: As the attacker does a passive attack in order to get information about the
wireless network, now she/he will do an active attack. Mostly, active attacks are IP spoofing
& Denial of Service attack.
❖ IP Spoofing: In this attack scenario, the attacker accesses the unauthorized wireless network.
Not only that, but also she/he does packet crafting in order to impersonate the authorization
of that server or network.
❖ Denial of Service Attack: Here the attacker makes an attack on a particular target by
flooding the packets to the server. In most cases, SYN packets are used because they have
those capabilities of generating the flood storm.
❖ MITM Attack: Here the attacker accesses the information of the AP of any active SSID.
Here dummy APs are created. The attacker listen the communication between to end points.
Let‘s suppose a client is having a TCP connection with any server, then the attacker will be
the man in the middle and she/he splits that TCP connection into two separate connections,
whose common node will be an attacker himself/herself. So the first connection is from client
to an attacker, and the second connection will be from the attacker to the server. So each and
every request and response will be taking place between client and server via an attacker. So
an attacker can steal information passing in the air between them.

Man In The Middle Attack


(iii) 5Wireless Signal Jamming Attack: In this attack scenario, wireless radio signals are used.
An attacker may have a stronger antenna for a signal generator. First, the attacker identifies
the signal patterns around him or the target AP. Then she/he creates the same frequency
pattern radio signals and starts transmitting in the air in order to create a signal tornado of a
wireless network. As a result, the target AP gets jammed. On top of that, the legitimate user
node also gets jammed by signals. It disables the AP connection between a legitimate user
of wireless network and the network itself. There can be mainly three reasons for jamming
the wireless network.

5
http://resources.infosecinstitute.com/wireless-attacks-unleashed/

Page 29
CYBER SECURITY NOTES

❖ Fun – Prevent the legitimate user from receiving any kind of data from the Internet.

❖ Spy – Delay in packet deployment to the legitimate user can give more time to an
attacker for deciphering the packet in order to steal the information.

❖ Attack – Attacker may spoof the packets and send it to the victim in order to take
control over the user‘s machine or network.

Wireless Access Point Jammer

➢ Bluetooth Related Crime:

(i) Bluesnarfing:- This kind of attack allows the malicious user to gain unauthorized access to
information on a device through its Bluetooth connection. Any device with Bluetooth
turned on and set to "discoverable" state may be prone to bluesnarfing attack.
(ii) Bluejacking: - This kind of attack allows the malicious user to send unsolicited (often
spam) messages over Bluetooth to Bluetooth enabled devices.
(iii) Bluebugging: - Hack attack on a Bluetooth enabled device. Bluebugging enables the
attacker to initiate phone calls on the victim's phone as well read through the address book,
messages and eavesdrop on phone conversations.

3.3 CATEGORIES OF CYBER CRIME

Cyber-crimes are broadly categorized into three categories, namely crime against

1. Individual
2. Property

Page 30
CYBER SECURITY NOTES

3. Government

Each category can use a variety of methods and the methods used vary from one criminal to
another:

1. 6Individual: This type of cyber-crime can be in the form of cyber stalking, distributing
pornography, trafficking and ―grooming‖. Today, law enforcement agencies are taking
this category of cyber-crime very seriously and are joining forces internationally to reach
and arrest the perpetrators.

2. Property: Just like in the real world where a criminal can steal and rob, even in the cyber
world criminals resort to stealing and robbing. In this case, they can steal a person‘s bank
details and siphon off money; misuse the credit card to make numerous purchases online;
run a scam to get naïve people to part with their hard earned money; use malicious software
to gain access to an organization‘s website or disrupt the systems of the organization. The
malicious software can also damage software and hardware, just like vandals damage
property in the offline world.

3. Government: Although not as common as the other two categories, crimes against a
government are referred to as cyber terrorism. If successful, this category can wreak havoc
and cause panic amongst the civilian population. In this category, criminals hack
government websites, military websites or circulate propaganda. The perpetrators can be
terrorist outfits or unfriendly governments of other nations.

3.4 ONLINE BANKING


7
Online banking (or Internet banking or E-banking) allows customers of a financial institution to
conduct financial transactions on a secure website operated by the institution, which can be a retail
or virtual bank, credit union or building society.

To access online facility of a financial institution, a customer having personal Internet access must
register with the institution for the service, and set up a password for customer verification. The
password for online banking is normally not the same as for telephone banking. Financial
institutions now routinely allocate customer numbers (also under various names), whether or not
customers intend to access their online banking facility. Customer numbers are normally not the
same as account numbers, because a number of accounts can be linked to the one customer number.

6
http://www.crossdomainsolutions.com/cyber-crime/
7
http://en.wikipedia.org/wiki/User:Rakeshgopal8891763936/sandbox

Page 31
CYBER SECURITY NOTES

The customer will link to the customer number any of those accounts which the customer controls,
which may be cheque, savings, loan, credit card and other accounts.

3.4.1 Online Banking Frauds

Internet Banking Fraud is a fraud or theft committed using online technology to illegally remove
money from a bank account and/or transfer money to an account in a different bank. Internet
Banking Fraud is a form of identity theft and is usually made possible through techniques such as
phishing.

3.4.2 Most Of The Attacks On Online Banking Used Today Are

▪ Phishing
▪ Pharming
▪ Cross-site scripting
▪ Use of Keyloggers/Trojan horse, etc.

3.4.3 Safety Tips For Online Banking

Adopting following measures is suggested to ensure Internet Banking security.

▪ Ensure your computer is protected with the latest anti-virus definitions and firewall
protection turned on at all times. Download updates regularly to ensure you have the latest
upgraded version of protection to deal with zero day attacks.
▪ Choose a Password that is memorable to you but not easy to guess by someone else.
Passwords that contain combinations of alpha and numeric characters are generally harder
to guess (e.g. a7g3cy91).
▪ Do not choose a Password that you use for other services. Your Password should be unique
to Internet Banking.
▪ Change your Internet Banking Password at regular intervals.
▪ Never disclose your Internet Banking Password to anyone. Always remember that Bank
will never ask you for your Password either via phone or email.
▪ Do not write your Internet Banking Username together with your Password. Do not write
your Password in a recognizable format and never leave your logon details with your
Online Security Device.
▪ Disable functionality on your computer or browsers that remembers logon details.
▪ Keep your system and web browser updated. Manufacturers regularly release security
patches when weaknesses are discovered in their systems and browsers.
▪ Check with your software provider for these updates on a regular basis.

Page 32
CYBER SECURITY NOTES

▪ Check the padlock symbol and site certificate. Double-click the padlock symbol at the
bottom of your browser when you log-in to Online Banking website/portal to ensure the
site certificate belongs to your bank. This will ensure you're not being duped into entering
your details on a 'fake' site.
▪ Check your accounts regularly. If in doubt about any transactions, note the details and call
your bank immediately.

❖ CASE STUDY ON INTERNET BANKING FRAUD:


ABC BANK LTD and Poonam Gulati reported to MP Cyber Police that an amount worth Rs 17
lacs has been illegally transferred to account in the name of Gourav Shukla from account of
Poonam Gulati through internet banking and subsequently withdrawn from various ATMs. The
matter came to light when Mrs. Poonam Gulati read her bank account statement in the month of
July that amount worth Rs 17 lac had been transferred through internet banking to some new
account which she didn't know. She enquired at the bank and asked when she didn't asked for
internet banking then how it can be activated and transfers could be made.

On preliminary enquiry MP Cyber police found that it was an act of cheating forgery and fraud
against the bank and not the customers as the customer ever asked for the activation of Internet
banking, Hence a FIR was lodged in the name of ABC BANK LTD.

As per complaint a fake account was opened in the name Gourav Shukla. For the purpose of
cheating the suspect approached the bank and submitted forged document to add mobile in the
account of Poonam Gulati. The bank official matched only PAN number but didn't match the
photocopies with the original. After getting registered the mobile number in the account of Poonam
Gulati the suspect requested to add Internet banking in the account of Poonam Gulati. After getting
Internet banking activated the suspect made request forgot password through Internet banking. He
could obtain the same partial on internet window and partial on registered mobile. The suspect
after getting the internet banking password transferred Rs 17 lacs , one lac each per day from the
account of Poonam Gulati to account of Gourav Shukla. He withdrew money at the rate of one lac
per day from the various ATMs of State Bank of India wearing helmet.

MP State cyber police analyzed the complaint to ascertain the point from where evidences can be
found out. Cyber police got CDRs, IP Login logs and found that suspect entered Cyber cafe with
fake Name and address. Cyber police analyzed the location based on CDRs and tried to look
through Fake ID cards and listed out the suspect list. After getting the profile of suspects built up
Cyber police raided several places and arrested Rahul Sharma, Reetesh Choukse, Shyam Yadav
and Pramod Jaiswal.

Out of these the master mind was the Ex ABC BANK employee Reetesh who conspired with Rahul
to open a account in the name of Fake ID card in the name of Gourav Shukla. The account was

Page 33
CYBER SECURITY NOTES

opened with photo of Shyam Yadav. The fake id was created by the cyber cafe owner Pramod
Jaiswal and Rahul withdrew the money from ATMs wearing Helmet.

Cyber police cracked the case within seven days and seized around Rs 15 lacs which were
deposited in several accounts.8

UNIT 4

CYBER LAW
Objectives:-

4.1 Definition of Cyber Laws.


4.2 Evolution of cyber law in India.
4.3 Jurisdiction of IT Act.
4.4 Penalties under IT Act.
4.5 Difference between civil law and criminal law.
4.6 Sections under IT Act.
4.7 Intellectual Property Rights.

4.1 DEFINITION OF CYBER LAWS


Cyber Law is a law governing cyber space. Cyber space is very wide term and includes computers,
networks, software and data storage devices (such as hard disks, USB disks etc).Internet, websites,
emails even electronic devices such as cell phones, ATM machines etc. It focuses on enhancing a
jurisdiction‗s legal system by establishing laws that reflects and deal with the technological

8
http://www.mpcyberpolice.nic.in/casestudies.htm

Page 34
CYBER SECURITY NOTES

changes that permeate society that describes the legal issues related to use of inter-networked
information technology.

Cyber laws encompassing laws related to:

1. Cyber Crimes
2. Electronic and digital signatures
3. Intellectual Property
4. Data protection and privacy.

4.2 EVOLUTION OF CYBER LAWS IN INDIA


The United Nations General Assembly, by resolution A/RES/51/162, dated 30 January 1997 has
adopted the Model Law on Electronic Commerce adopted by the United Nations Commission on
International Trade Law i.e. UNCITRAL Model Law on E-Commerce. India is a signatory to the

UNCITRAL following the UN Resolution India passed the Information Technology Act, 2000
(hereinafter referred to as the IT Act) in May 2000 and notified it for effectiveness on October
17,2000.9

YEAR DATE DEVELOPMENT

2000 17th The Information Technology Act, 2000 was notified in the
official gazette.
October, 2000
Amendments made in the Indian Penal Code, 1860 (hereinafter
referred to as the IPC) in tune with the IT Act to penalize
several cyber-crimes like, forgery of electronic records, cyber
frauds, destroying electronic evidence, etc.

Amendments made in the Indian Evidence Act, 1872regarding


collection and production of digital evidence in the court of
law.

Amendments made in the Bankers Books Evidence Act, 1891,


Reserve Bank of India Act, Code of Criminal Procedure and
Code of Civil Procedure in tune with the IT Act.

2004 29th The Information Technology (Security Procedure) Rules, 2004


were passed.
October, 2004

9
http://www.un.org/documents/ga/res/51/ares51-162.htm.

Page 35
CYBER SECURITY NOTES

The Information Technology (Certifying Authorities) Rules,


2000 were amended.

2009 27th The Information Technology (Amendment) Act, 2008 came


into force.
October, 2009
27th Following rules also came in force–

October, 2009 ▪ Information Technology (Procedure and Safeguards for


Interception, Monitoring and Decryption of
Information) Rules, 2009
▪ Information Technology (Procedure and Safeguards for
Monitoring and Collecting Traffic Data or Information)
Rules, 2009.
▪ Information Technology (Procedure and Safeguards for
Blocking for access of Information) Rules, 2009.
▪ The Information Technology (Certifying Authorities)
Rules, 2000

2011 11th Following rules have come into force –

April, 2011 ▪ Information Technology (Guidelines for Cyber Cafe)


Rules, 2011
▪ Information Technology (Intermediaries guidelines)
Rules, 2011
▪ Information Technology (Reasonable Security
Practices and procedures and sensitive personal data or
information) Rules, 2011
▪ Information Technology (Electronic Service Delivery)
Rules, 2011

4.3 JURISDICTION OF IT-ACT


SEC. 1(2) - It will extend to whole India and, save as otherwise provided in this Act, it applies
also to any offence or contravention there under committed outside India by any person.

SEC. 75 – (1) Subject to the provisions of sub-section (2), the provisions of this Act shall apply
also to any offence or contravention committed outside India by any person irrespective of his
nationality. (2) For the purposes of sub-section (1), this Act shall apply to an offence or
contravention committed outside India by any person if the act or conduct constituting the offence
or contravention involves a computer, computer system or computer network located in

Page 36
CYBER SECURITY NOTES

India.

Comments - Provisions of the IT Act are applicable within the territory of India (incl. Jammu and
Kashmir) as well as to an offence or contravention committed outside India by any person, if the
act or conduct constituting the offence or contravention involves a computer, computer system or
computer network located in India.

Illustration - Andrew, a German citizen, breaks into the computer system located in India and
unauthorized copies sensitive information. Andrew can be held liable under the IT Act.

4.4 PENALTIES UNDER IT–ACT


Chapter IX of the IT Act provides for penalties, compensation and adjudication. Sections under
Chapter IX are civil in nature.
Point of distinction Civil wrong/law Criminal/wrong law

Nature of wrong/crime Wrong/crime against an Wrong/crime against society


individual

Cognizance should be Victim should approach law Action can be taken suomotu
taken by enforcement agency by the Police or government

What needs to be proved? Party has suffered loss or Intention, knowledge and
damages motive (Mensrea + Actusreus)

Parties involved Two or more parties in their Two or more parties, usually
individual capacity victim is represented by the
government through
public/police prosecutor

4.5 IMPORTANT SECTIONS OF IT-ACT


Subsections of Section 43:
Section 43 (a) Accesses or secures access to such computer, computer system or
computer network.

Section 43 (b) Downloads, copies or extracts any data, computer data base or
information from such computer, computer system or computer network
including information or data held or stored in any removable storage
medium

Page 37
CYBER SECURITY NOTES

Section 43 (c) Introduces or causes to be introduced any computer contaminant or


computer virus into any computer, computer system or computer
network.
Section 43 (d) Damages or causes to be damaged any computer, computer system or
computer network, data, computer data base or any other program
residing in such computer, computer system or computer network.

Section 43 (e) Disrupts or causes disruption of any computer, computer system or


computer network
Section 43 (f) Denies or causes the denial of access to any person authorized to access
any computer, computer system or computer network by any means.

Section 43 (g) provides any assistance to any person to facilitate access to a computer,
computer system or computer network in contravention of the provisions
of this Act, rules or regulations made hereunder;

Section 43 (h) charges the services availed of by a person to the account of another
person by tampering with or manipulating any computer, computer
system, or computer network, he shall be liable to pay damages by way
of compensation not exceeding one crore rupees to the person so
affected.

SECTION 65:
TAMPERING WITH COMPUTER SOURCE CODE DOCUMENTS

Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly


causes another to conceal, destroy or alter any computer source code used for a computer,
computer program, computer system or computer network, when the computer source code is
required to be kept or maintained by law for the time being in force, shall be punishable with
imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

Explanation — for the purposes of this section, "computer source code" means the listing of
programs, computer commands, design and layout and program analysis of computer resource in
any form.

SECTION 66:

Page 38
CYBER SECURITY NOTES

Computer related offences if any person, dishonestly or fraudulently, does any act referred to in
section 43, he shall be punishable with imprisonment for a term which may extend to three years
or with fine which may extend to five lakh rupees or with both.

Explanation — for the purposes of this section,—

(a) The word ―dishonestly shall have the meaning assigned to it in section 24 of the
Indian Penal Code.
(b) The word ―fraudulently shall have the meaning assigned to it in section 25 of the
Indian Penal Code.

Bold Punishment for sending offensive massages through telecommunication services:

Any person who sends, by means of a computer resource or a communication device,-

(a) Any information that is grossly offensive or has menacing character; or

Illustration-
Meghana is Swapnil's ex-girlfriend. After their break-up, Swapnil uploads his status on a popular
social networking site, describing Meghana to be a woman of a loose character. Swapnil can be
punished under this section.

SECTION 72:

PENALTY FOR BREACH OF CONFIDENTIALITY AND PRIVACY

Save as otherwise provided in this Act or any other law for the time being in force, any person
who, in pursuance of any of the powers conferred under this Act, rules or regulations made there
under, has secured access to any electronic record, book, register, correspondence, information,
document or other material without the consent of the person concerned discloses such electronic
record, book, register, correspondence, information, document or other material to any other
person shall be punished with imprisonment for a term which may extend to two years, or with
fine which may extend to one lakh rupees, or with both.

This section provides punishment for –

• If any person secures access to some information in pursuance of the power given under
the IT Act or any rules thereof. (E.g. authorities like, adjudicating officers, Inspector of
Police, etc.)

Page 39
CYBER SECURITY NOTES

• If such person discloses such information to a third party without authorization or without
being lawfully permitted.

4.6 INTELLECTUAL PROPERTY RIGHTS:

Intellectual property refers to creations of the mind: inventions; literary and artistic works; and
symbols, names and images used in commerce. The intellectual property system helps strike a
balance between the interests of innovators and the public interest, providing an environment in
which creativity and invention can flourish, for the benefit of all. Intellectual property is divided
into two categories:

• Industrial Property: It includes patents for inventions, trademarks, industrial designs and
geographical indications.

• Copyright covers literary works (such as novels, poems and plays), films, music, artistic
works (e.g., drawings, paintings, photographs and sculptures) and architectural design.
Rights related to copyright include those of performing artists in their performances,
producers of phonograms in their recordings, and broadcasters in their radio and television
programs.

➢ Definition of patent

A patent is an exclusive right granted for an invention – a product or process that provides a new
way of doing something, or that offers a new technical solution to a problem. A patent provides
patent owners with protection for their inventions. Protection is granted for a limited period,
generally 20 years.

➢ Protection offered by Patenting

Patent protection means an invention cannot be commercially made, used, distributed or sold
without the patent owner‘s consent. Patent rights are usually enforced in courts, in most systems;
hold the authority to stop patent infringement. Conversely, a court can also declare a patent invalid
upon a successful challenge by a third party.

➢ Definition of Trademark

A trademark is a distinctive sign that identifies certain goods or services produced or provided by
an individual or a company. Its origin dates back to ancient times when craftsmen reproduced
their signatures, or ―marks‖, on their artistic works or products of a functional or practical nature.

Page 40
CYBER SECURITY NOTES

Over the years, these marks have evolved into today‘s system of trademark registration and
protection. The system helps consumers to identify and purchase a product or service based on
whether its specific characteristics and quality – as indicated by its unique trademark – meet their
needs.

➢ Trademark- Owners benefits

Trademark protection ensures that the owners of marks have the exclusive right to use them to
identify goods or services, or to authorize others to use them in return for payment. The period of
protection varies, but a trademark can be renewed indefinitely upon payment of the corresponding
fees. Trademark protection is legally enforced by courts that, in most systems, have the authority
to stop trademark infringement.

➢ Industrial Design

An industrial design refers to the ornamental or aesthetic aspects of an article. A design may consist
of three-dimensional features, such as the shape or surface of an article, or twodimensional
features, such as patterns, lines or color.

Industrial designs are applied to a wide variety of industrial products and handicrafts: from
technical and medical instruments to watches, jewelry and other luxury items; from house wares
and electrical appliances to vehicles and architectural structures; from textile designs to leisure
goods.

➢ Industrial Designs-Owners Benefit


When an industrial design is protected, the owner – the person or entity that has registered the
design – is assured an exclusive right and protection against unauthorized copying or imitation of
the design by third parties. This helps to ensure a fair return on investment. An effective system of
protection also benefits consumers and the public at large, by promoting fair competition and
honest trade practices, encouraging creativity and promoting more aesthetically pleasing products.

Generally, ―new‖ means that no identical or very similar design is known to have previously
existed. Once a design is registered, a registration certificate is issued. Following that, the term of
protection granted is generally five years, with the possibility of further renewal, in most cases for
a period of up to 15 years.

The good folks at Opera were the only browser group to actually release a proper official backup
utility for their browser, and as a result – it‘s a top class product called OperaFly. Aside from

Page 41
CYBER SECURITY NOTES

handling the basic backups, it also has the ability to backup and restore to/from an FTP server,
send backups via email, and to restore backups from an http site. It also allows for pre-scheduled
backups and automatic backups when the browser is closed10

❖ CASE STUDY ON INTELLECTUAL PROPERTY THEFT:


The complainant (Software Company based in Bangalore) alleged that some of the company‘s
former employees had accessed the company‘s IT system and tampered with the source code of
the software under development.

The investigating team visited the complainant‘s premises and scanned the logs of e-mails. They
identified the IP address and using tracing software traced the ISP and the address of the place
where the e-mails had been sent.
This address was of a Hyderabad based company. On visiting the company the investigating team
found 13 computers and a server. Using specialized forensic tools the disks were imaged and
analyzed by the team. The analysis revealed that the original source code as well as its tampered
version had been restored from these systems.11

Former employees found guilty was booked under the 65 and 66 of the IT Act 2000, 381, 420 of
the Indian Penal Code.

10
World intellectual property document- WIPO Publication No. 450(E)- ISBN 978-92-805-1555-0 No. 450(E)
WIPO Publication No. 450(E) WWIPO Publication No. 450(E) IPO Publication No. 450(E)
11
http://indiacyberlab.in/know_more/legal-hacking.htm

Page 42
CYBER SECURITY NOTES

UNIT 5

WEB BROWSER SECURITY

Objectives:-
5.1 Understanding Web Browsers
5.2 Security Features of Different Browsers
5.3 Browsers Add-Ons
5.4 Backups of Different Browsers

5.1 UNDERSTANDING WEB BROWSERS

Web browser is a software program that interprets the coding language of the World Wide Web in
graphic form, displaying the translation rather than the coding. This allows anyone to ―browse
the Web‖ by simple point and click navigation, bypassing the need to know commands used in
software languages. The World Wide Web is written in Hypertext Markup Language (HTML).
Viewed with software other than a Web browser, HTML looks nothing like its graphic translation.
To take a peek, right-click on any empty space in a webpage. A small pop-up menu will appear.

Page 43
CYBER SECURITY NOTES

Choose View Page Source in Firefox, or View Source in Microsoft‘s Internet Explorer (IE). When
finished viewing the HTML coding, click the window closed to return to the Web browser window.

The first successful graphical Web browser, Mosaic, was written by Marc Andreessen and Eric
Bina in 1992 and released in 1993. At that time, the only popular graphical online services were
offered by Prodigy, America Online (AOL), and CompuServe. These companies were closed
networks that provided their own proprietary content, message boards, email programs, and
interfaces, and did not provide access to the Internet.

The Mosaic Web browser opened the Internet to the general public. It provided a pleasurable
means to navigate the World Wide Web and was free for personal use. To compete with the appeal
of the Internet‘s worldwide network, closed networks had to introduce a pipeline to the Internet
and supply a graphic Web browser to interpret HTML. By the time this occurred in the mid-1990s,
Andreessen had partnered with Jim Clark, former founder of Silicon Graphics, to create a new
flagship Web browser called Netscape.

Netscape remained the Web browser of choice until Microsoft began pre-packaging their own Web
browser into the Windows operating system. Internet Explorer (IE) was inferior to Netscape in
many ways, particularly criticized for ongoing security issues, numerous bugs, and a lack of
conformity to Web standard protocols. While this turned off many in the online community, the
flood of new computer users knew too little to be aware or concerned. By 1998, Internet Explorer
dominated as the most ubiquitous Web browser, due in large part to Microsoft‘s ability to pre-load
it into new computer systems.

At the same time, Netscape, then known as Netscape Communicator, released its source code to
the public. The Web browser went through a massive rewrite over the next few years. It emerged
as the open source Web browser known as Mozilla, under the Mozilla Organization, and then
owned by AOL. By 2003, AOL passed off oversight to the newly formed Mozilla Foundation,
which renamed the Web browser to Phoenix and later to Firefox.

Although IE and Firefox are not the only Web browsers, they are the two most popular. As a third
alternative, Opera Software, located in Oslo, Norway, offers the Opera Web browser, a
proprietary browser released in 1996. Opera was originally offered as shareware, then adware, and
finally, as of September 2005, freeware. After years of using Netscape Navigator and Internet
Explorer for Macintosh computers, Apple developed a Web browser just for Macintosh computers.
Safari was initially included as an optional Web browser on Macintosh computers, because of a
licensing-agreement with Microsoft to package Internet Explorer with new Macintosh computers.
Starting in 2005, Safari became the exclusive Web browser installed on new Macintosh computers.
In 2007, Apple announced that it had developed a Safari browser that was compatible with
Microsoft Windows. After a series of tests, Safari was labeled the fastest web-browser for initial
data loads in Microsoft Windows, although it equaled Microsoft's Internet Explorer in loading
cache memory.

Page 44
CYBER SECURITY NOTES

Google Chrome also a freeware web browser developed by Google that uses the Web Kit layout
engine. It was first released as a beta version for Microsoft Windows on September 2, 2008, and
the public stable release was on December 11, 2008. As of May 2012, Google Chrome has
approximately 33% worldwide usage share of web browsers, making it the most widely used web
browser, according to Stat Counter.

5.2 SECURITY FEATURES OF DIFFERENT BROWSERS


A. INTERNET EXPLORER - Microsoft has worked hard to enhance
security for Internet Explorer users. Internet Explorer includes
many improvements that will help to keep you safe as you surf the
Web. Here are some of the newest security updates and features in
IE, most of which are conveniently located on the Safety menu.

➢ SECURITY FEATURES OF INTERNET EXPLORER

(I) TRACKING PROTECTION

Tracking Protection helps you stay in control of your privacy as you browse the web.
Some of the content, images, ads, and analytics that you see on the websites you visit are provided
by third-party websites. While this content can provide value to you and your favorite websites,
these third-party websites have the ability to potentially track your behavior across multiple sites.
Tracking Protection provides you an added level of control and choice about the information that
third-party websites can potentially use to track your browsing activity.

Tracking Protection Lists help enhance your privacy and help protect you from online tracking by
blocking web content that may be used to track you. To use this functionality, you simply have to
add a Tracking Protection List from one of the Tracking Protection List providers. These Tracking
Protection Lists contain domains which Internet Explorer will block as well as domains Internet
Explorer will not block. As you browse to different sites, Internet Explorer helps ensure that
personal information about you, such as your IP address or the site you are currently viewing, is
not sent to the domains that are blocked based on the heuristics of the list. Once you‗ve installed
a Tracking Protection List, the settings apply to all the sites you browse to and are preserved each
time you begin a new browsing session. Tracking Protection stays on until you decide to turn it
off.

(II) URL FILTERING IMPROVEMENTS

The Smart Screen URL filter continues to be a key safety asset of Internet Explorer. Since the
launch of Internet Explorer 8, Smart Screen has blocked over 1.5 billion malware and phishing
attacks and continues to block between 3 and 5 million attacks each day. Microsoft committed to

Page 45
CYBER SECURITY NOTES

continuously improving their intelligence systems and processes so they can continue to provide
industry leading protection from phishing and malware. Microsoft also made improvements to the
Smart Screen block experience in two core scenarios to ensure that you clearly understand the
risks involved.

The new Download Manager blocks download from known malicious websites. When a malicious
download URL is detected, a warning is shown in the new notification bar and in the Download
Manager. At this point, you can continue the download—otherwise the download is cancelled and
removed automatically.

(III) INPRIVATE BROWSING

Sometimes we don‗t want to leave a trace of their web browsing activity on their computers.
Whether it‗s shopping for a gift on a shared computer or checking email at an Internet café, there
are times when you don‗t want to leave any evidence of your browsing or search history for others
to see.

Microsoft InPrivate Browsing helps prevent browsing history, temporary Internet files, form data,
cookies, usernames, and passwords from being retained by the browser. You can start InPrivate
Browsing from the New Tab page, from the Internet Explorer Jump List, or by selecting InPrivate
Browsing from the Safety menu. Internet Explorer will launch a new browser session that won‗t
record any information, including WebPages that you visit and searches that you perform. Closing
the browser window ends the InPrivate Browsing session.

(IV) ACTIVEX FILTERING

ActiveX Filtering in Internet Explorer can help you make an informed decision about every
ActiveX control you run by giving you the ability to block ActiveX controls for all sites, and then
turn them on for only the sites that you trust. This can help improve your protection against risky
and unreliable ActiveX controls. ActiveX is a technology that‗s embedded into many of the top
websites to enrich your browsing experiences. It can be used for things like playing videos,
displaying animations, and viewing certain kinds of files. However, ActiveX can also pose security
risks and slow down your computer

Page 46
CYBER SECURITY NOTES

(V) DOMAIN HIGHLIGHTING

Internet Explorer can help you avoid deceptive sites and can give you peace of mind. As with older
Internet Explorer, the new Internet Explorer takes domain names which appear in the address bar
and highlights them in black, while the rest of the web address is displayed in gray text. This makes
it easier to confirm the identity of the sites that you visit and helps to alert you about deceptive
websites with misleading addresses, reducing the chances of exposing your personal information
while browsing.

B. MOZILLA FIREFOX - Mozilla Firefox is one of the best browsers out there on the market,
and it's free. Through the unique development methods of Open Source, the Mozilla
Foundation and contributors are able to make a product with impressive speed and fewer
bugs than programs developed by traditional methods. Mozilla Firefox has a number of
unique features, and it is overall a good product.

➢ SECURITY FEATURES OF FIREFOX

I. BROWSE WITH SECURITY

Whether it‘s buying a gift, paying your bills or simply signing in to Facebook, it‘s important keep
your personal info out of the hands of any online bad guys who might be snooping around.
Fortunately, Firefox is packed with advanced security features to help you stay safe.

II. INSTANT WEBSITE ID

The Site Identity Button is a Firefox security feature that gives you more information about the
sites you visit. Using the Site Identity Button, you can find out if the website you are viewing is
encrypted, if it is verified, who owns the website, and who verified it. This should help you avoid
malicious websites that are trying to get you to provide important information.

The Site Identity Button is in the Location bar to the left of the web address.

Page 47
CYBER SECURITY NOTES

When viewing a website, the Site Identity Button will display in one of three colors - gray, blue,
or green. Clicking on the Site Identity Button will display
security information about the website, with a matching gray,
blue, or green "Passport Officer" icon.

II.A. TABLE OF CONTENTS

✓ Gray - No identity information


✓ Blue - Basic identity information
✓ Green - Complete identity information

➢ GRAY - No Identity Information

When the Site Identity button is gray, that indicates that the site doesn't provide any
identity information at all. Also, the connection between Firefox and the server is
either unencrypted or only partially encrypted, and should not be considered safe
against possible eavesdroppers.

Most websites will have the gray button, because they don't involve passing sensitive information
back and forth and do not really need to have verified identities or encrypted connections. For sites
that don't require any personal information, a lack of identity information is fine.

Note: If you are sending any sort of sensitive information (bank information, credit card data, Social
Security Numbers, etc.) the Site Identity Button should not be gray.

BLUE - Basic Identity Information

Page 48
CYBER SECURITY NOTES

When the Site Identity button is blue, that indicates that the site's domain has been
verified, and the connection between Firefox and the server is encrypted and therefore
protected against eavesdroppers. When a domain has been verified, it means that the
people who are running the site have bought a certificate proving that
they own the domain and it is not being spoofed. For example, the TD Canada Trust website has
this sort of certificate and an encrypted connection, so the Site Identity Button displays as blue.
When you click on the Site Identity Button, it tells you that the easywebcpo.td.com site is verified
to be part of td.com, as certified by VeriSign Inc. It also assures you that the connection is
encrypted so no one can eavesdrop on the connection and steal your bank login information that
way.

However, it is not verified who actually owns the domain in question. There is no guarantee that
td.com is actually owned by the Toronto Dominion Bank. The only things that are guaranteed are
that the domain is a valid domain, and that the connection to it is encrypted. If you are still leery
about a site's identity when the Site Identity Button is blue, you can see more information about
the site by clicking the More Information... button on the Site Identification dialog. This will open
the Security panel of the View technical details about the page you are on, where you can view the
site's identity certificate, see if you've visited the site before, and if you have any cookies or
passwords stored for the site.

Green - Complete Identity Information

When the Site Identity button is green, that indicates that the site provides fully
verified identity information about its owner, and that the connection is encrypted.

If a site makes the Site Identity Button turn green, it means that it is using a new
Extended Validation (EV) certificate. An EV certificate is a special type of site certificate that
requires a significantly more rigorous identity verification process than other types of certificates.
While the blue Site Identity Button indicates that a site uses a secure connection, the green Site

Page 49
CYBER SECURITY NOTES

Identity Button indicates that the connection is secure and that the owners of the domain are who
you would expect them to be.

With the EV certificate, the Site Identity Button assures you that paypal.com is owned by Paypal
Inc., for example. Not only does the Site Identity Button turn green on the Paypal site, it also
expands and displays the name of the owner in the button itself. The Site Identification dialog
contains further information.

III. PRIVATE BROWSING

As you browse the web, Firefox remembers lots of information for you: sites you've visited, files
you've downloaded, and more. There may be times, however, when you don't want other users on
your computer to see this information, such as when shopping for a birthday present.

A. WHAT DOES PRIVATE BROWSING NOT SAVE?

❖ Visited pages: No pages will be added to the list of sites in the History menu, the Library
window's history list, or the Awesome Bar address list.
❖ Form and Search Bar entries: Nothing you enter into text boxes on web pages or the
Search bar - Easily choose your favorite search engine will be saved for Control whether
Firefox automatically fills in forms with your information.
❖ Passwords: No new passwords will be saved.
❖ Download List entries: No files you download will be listed in the Use the Downloads
window to manage downloaded files after you turn off Private Browsing.
❖ Cookies: Cookies - Information that websites store on your computer store information
about websites you visit such as site preferences, login status, and data used by plug-ins
like Adobe Flash. Cookies can also be used by third parties to track you across web sites.
For more info about tracking, see how do I turn on the Do-not-track feature?

B. HOW TO TURN ON PRIVATE BROWSING

Page 50
CYBER SECURITY NOTES

➢ To Start A Private Browsing Session:

(i) At the top of the Firefox window, click the Firefox button (Tools menu in Windows XP)
and select Start Private Browsing.

(ii) When you turn on Private Browsing, Firefox alerts you that it will save your current
windows and tabs for after you finish using Private Browsing. Click Start Private Browsing
to continue.

(ii) Check the box next to "Do not show this message again" if you don't want to receive this
alert when you turn on Private Browsing.

(iii) The Private Browsing information screen appears to confirm that you're in Private
Browsing mode.

Page 51
CYBER SECURITY NOTES

(v) WHEN browsing in Private Browsing mode, the Firefox button will be purple during your
session.

C. HOW TO TURN OFF PRIVATE BROWSING

➢ To End A Private Browsing Session:

1. At the top of the Firefox window, click the Firefox button (Tools menu in Windows XP)
and select Stop Private Browsing.

2. The windows and tabs you were using when you enabled Private Browsing will appear,
and you can use Firefox normally. The Firefox button will turn orange again (for Windows
XP the Firefox window title will no longer say (Private Browsing)) when Private Browsing
is off.

Page 52
CYBER SECURITY NOTES

Browsing allows you to browse the Internet without saving any information about which
sites and pages you‘ve visited.

C. GOOGLE CHROME - Google Chrome has been steadily gaining in the browser market
share since its launch 3 years ago. It‘s not without its flaws but it definitely falls in the
―kind a cool‖ category. Its simplicity and minimalistic, yet feature-rich, interface caused
a lot of users to ditch their old and trusted browser in favor of this new tool. Chrome has a
lot of obscure features which could immensely enhance one‘s browsing productivity if he
were to know about them. This post intends to do reveal exactly those features.

➢ SOME OF THE IMPORTANT SECURITY FEATURES OF CHROME

I. INCOGNITO MODE

For times when you want to browse in stealth mode, Google Chrome offers the incognito browsing
mode. Here's how the incognito mode works –

WebPages that you open and files downloaded while you are incognito aren't recorded in your
browsing and download histories.

All new cookies are deleted after you close all incognito windows that you've opened.

Changes made to your Google Chrome bookmarks and general settings while in incognito mode
are always saved.

➢ Tip –

If you're using Chrome OS, you can use the guest browsing feature as an alternative to incognito
mode. When browsing as a guest, you can browse the web and download files as normal. Once
you exit your guest session, all of your browsing information from the session is completely erased.

Open an incognito window

Click the wrench icon on the browser toolbar.

Select New incognito window.

A new window will open with the icon in the corner. You can continue browsing as normal
in the other window.

Page 53
CYBER SECURITY NOTES

You can also use the keyboard shortcuts Ctrl+Shift+N (Windows, Linux, and Chrome OS) and
-Shift-N (Mac) to open an incognito window.

II. PRIVACY PREFERENCES

You can control all your privacy preferences for Chrome from the Options dialog, under the
Privacy section located at the top of the Under the Hood tab.

III. CLEARING YOUR BROWSING DATA

You have full control over your browsing data. This data includes your browsing and download
history, cache, cookies, passwords, and saved form data. Use the "Clear browsing data" dialog to
delete all your data or just a portion of your data, collected during a specific period of time.

➢ DELETE ALL YOUR DATA

i) Click the wrench icon on the browser toolbar.


ii) Select Tools. iii) Select Clear browsing data. iv) In the
dialog that appears, select the checkboxes for the types of
information that you want to remove.
v) Use the menu at the top to select the amount of data that you want to delete. Select
beginning of time to delete everything.
vi) Click Clear browsing data.

Page 54
CYBER SECURITY NOTES

IV. ADJUST IMAGES, JAVASCRIPT AND OTHER WEB CONTENT SETTING

Use the Content Settings dialog to manage the following settings: cookies, images, JavaScript,
plug-ins, pop-ups, location sharing, and notifications. Follow the steps below to adjust these
settings:

i) Click the wrench icon on the browser toolbar.


ii) Select Settings. iii) Click Show advanced settings. iv) In the "Privacy"
section, click Content settings button.

❖ Cookies are files created by websites you've visited to store browsing information, such
as your site preferences or profile information. They're allowed by default. It's important
to be aware of your cookie settings because cookies can allow sites to track your
navigation during your visit to those sites.

❖ Images are allowed by default. To prevent images from displaying, select "Do not show
any images."

❖ JavaScript is commonly used by web developers to make their sites more interactive. If
you choose to disable JavaScript, you may find that some sites don't work properly.

❖ Plug-ins is used by websites to enable certain types of web content (such as Flash or
Windows Media files) that browsers can't inherently process. They're allowed by default

❖ Pop-ups are blocked by default from appearing automatically and cluttering your screen.

❖ Location requests: Google Chrome alerts you by default whenever a site wants to use
your location information
❖ Notifications: Some websites, such as Google Calendar, can show notifications on your
computer desktop. Google Chrome alerts you by default whenever a site wants
permission to automatically show notifications.
V. SAFE BROWSING

Chrome will show you a warning message before you visit a site that is suspected of containing
malware or phishing.

A phishing attack takes place when someone masquerades as someone else to trick you into sharing
personal or other sensitive information with them, usually through a fake website. Malware, on
the other hand, is software installed on your machine often without your knowledge, and is
designed to harm your computer or potentially steal information from your computer.

Page 55
CYBER SECURITY NOTES

With Safe Browsing technology enabled in Chrome, if you encounter a website suspected of
containing phishing or malware as you browse the web, you will see a warning page like the one
below.

D. OPERA

➢ SOME FEATURES OF OPERA

I. GET SUGGESTIONS AS YOU SEARCH


Search suggestions predict questions as you type, making searching quicker and easier.
Common searches for the major search engines are now built into Opera. Type your
question right into the address field, and Opera does the rest.
II. USE ANY SEARCH ENGINE INSTANTLY

It is easy to use your favorite search engine whenever you want — from the search field, the
address field or even the context menu. You can also add any search engine. Simply right-
click in the search field of a search engine‘s website and select ―Create Search‖.

III. FIND WHAT YOU NEED IN WEBPAGES

―Find in page‖ is brilliant in Opera. All matching results are highlighted, so they are clearly
visible. You can fine-tune your search to match all the text, just the whole word or only the
links or the page. This feature can be accessed from keyboard shortcuts such as (Period)
for text and, (comma) for links.

IV. MAKE IT YOUR WON

Page 56
CYBER SECURITY NOTES

➢ SOME SECURITY AND PRIVACY FEATURE OF OPERA

i. BE SAFE ON THE WEB

The Opera browser features up-to-the-minute information from leading security agencies on
exploits, viruses and phishing scams. When you visit sites on the web, Opera checks this data
in real time and warns you when a site is identified as dangerous. In addition, Opera supports
Extended Validation certificates (EV) to provide added assurance and trust for secure websites.

ii. SEE YOUR SECURITY ON WEBSITES

An enhanced address field makes it easy to stay safe on the web. The complexity of long
addresses is hidden to make it clear which site you are visiting. A colored badge also indicates
the quality of encryption that is used; clicking it gives you detailed information about the site.

Page 57
CYBER SECURITY NOTES

iii. KEEP YOUR BROWSING PRIVATE


Using a private tab or window ensures that evidence of your browsing history is removed as
soon as the tab or window is closed. Now, it is safer to do your banking from a public computer
or easier to plan that surprise vacation.

iv. CONTROL WEBSITE COOKIES


Opera allows you to choose which cookies you accept or reject. For example, you can allow
for different set-ups for different servers.

E. SAFARI

Safari isn‘t just the world‘s most innovative web browser. It changes the way you interact with
the web.

i. VOICEOVER SCREEN READER

Safari features built-in support for Apple‘s VoiceOver screen reader in OS X. VoiceOver
describes aloud what appears on your screen and reads the text and links of websites. Using
VoiceOver, you can completely control the computer with the keyboard instead of the mouse.

ii. FULL-PAGE ZOOM


Zoom in or out on web content using keyboard shortcuts, Multi-Touch gestures, or the Zoom
toolbar button for more comfortable reading. Images and graphics scale up while your text
remains razor sharp, keeping the web page layout consistent as you zoom. To add the Zoom
button to your toolbar, simply choose Customize Toolbar from the View menu and drag the
button onto your toolbar.

iii. ENHANCED KEYBOARD NAVIGATION

Page 58
CYBER SECURITY NOTES

Thanks to the enhanced keyboard navigation options in Safari, you can navigate the web
without a mouse. Press the Tab key, and Safari jumps to the next password field, pop-up menu,
or input field. For increased keyboard control, you can hold down the Option key while tabbing
to have Safari skip through every link on the page. And if you press the Return key, Safari
opens the highlighted link, letting you ―point and click‖ with just a few keystrokes.

iv. CUSTOM STYLE SHEETS

Apply a custom style sheet — that you download or create yourself — that sets default fonts,
font sizes, colors, and contrast, making your favorite websites more readable.

v. MINIMUM FONT SIZE

If you find that text on some websites is too small to read (such as photo captions or fine print),
Safari can increase the font size to make it more legible. Just set the minimum font size in the
advanced pane of Safari preferences.

➢ SOME SECURITY FEATURE OF SAFARI


i. SANDBOXING
All the web content and applications you use in Safari on Lion are sandboxed, so that they
don‘t have access to information on your system. If a website contains malicious code intended
to capture personal data or tamper with your computer, sandboxing provides a builtin blocker
that restricts that code from doing harm.

ii. XSS AUDITOR


Safari has improved protection from cross-site scripting (XSS). XSS is a type of exploit in
which an attacker tampers with a website, injecting scripts that could capture personal
information from users visiting the website. With the XSS Auditor, Safari can filter these
scripts to protect you from ones that might be malicious.

iii. PHISHING PROTECTION


Safari protects you from fraudulent Internet sites. When you visit a suspicious site, Safari warns
you about its suspect nature and prevents the page from loading.

iv. MALWARE PROTECTION


Safari recognizes websites that harbor malware before you visit them. If Safari identifies a
dangerous page, it warns you about the suspect nature of the site.

Page 59
CYBER SECURITY NOTES

5.3 BROWSERS ADD-ONS


An add-on is a software extension that adds extra features to a program. It may extend certain
functions within the program, add new items to the program's interface, or give the program
additional capabilities. For example, Mozilla Firefox, a popular Web browser, supports add-ons
such as the Google toolbar, ad blockers, and Web developer tools.

Most add-ons are available as self-installing packages. This means the user can simply
doubleclick the add-on package to install the files for the corresponding program. Other add-ons
may require the user to manually move files into specific directories. While not all programs
support add-ons, many programs are now developed with add-on support, since it provides a
simple way for other developers to extend the functions of the program.

A. ADD-ONS OF MOZILLA FIREFOX

➢ WOT

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or
send spam. Protect your computer against online threats by using WOT as your front-line layer of
protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you
ratings for 21 million websites - green to go, yellow for caution and red to stop – helping you avoid
the dangerous sites. Surf safer and add WOT to your Firefox now.
Keep yourself safe from online threats such as –

▪ Spyware, adware and viruses


▪ Browser exploits
▪ Unreliable online shops
▪ Phishing, spam and other Internet scams
▪ Annoying or malicious spam

If you are about to enter a risky website, WOT will warn you and save your computer before you
interact with a harmful site. With safety ratings of 21 million websites, WOT combines evidence
collected from multiple trusted sources, like phishing and spam blacklists, with the ratings
provided by WOT users. The system uses sophisticated algorithms to produce reliable and up-
todate ratings.

WOT reputation ratings have four components:

▪ Trustworthiness
▪ Vendor reliability

Page 60
CYBER SECURITY NOTES

▪ Privacy
▪ Child safety

WOT lets you customize your level of protection to make your browsing experience safe and
enjoyable. To protect your family, you can even set WOT to block inappropriate content for
children.

Ratings are shown on Google, Yahoo!, Gmail, Wikipedia, dig and other sites. WOT comes in 10
languages.

➢ ADBLOCK
Annoy by all those ads and banners on the internet that often take longer to download than
everything else on the page. Install Adblock Plus now and get rid of them.

Right-click on a banner and choose "Adblock" from the context menu - the banner won't be
downloaded again. Maybe even replace parts of the banner address with star symbols to block
similar banners as well. Or you select a filter subscription when Adblock Plus starts up the first
time, then even this simple task will usually be unnecessary: the filter subscription will block most
advertisements fully automatically.

Page 61
CYBER SECURITY NOTES

➢ NO SCRIPT
The best security you can get in a web browser! Allow active content to run only from sites you
trust, and protect you against.

➢ LASTPASS PASSWORD MANAGER

LastPass is a free online password manager and Form Filler that makes your web browsing easier
and more secure. LastPass supports IE and Firefox as Plugins (Opera, Safari, Chrome, iPhone,
Opera Mini via Bookmarklets), allows you to import from every major password storage vendor
and export too, captures passwords that other managers won't including many AJAX forms, and
allows you to make strong passwords easily. Your sensitive data is encrypted _locally_ before
upload so even LastPass cannot get access to it. One Time Passwords & Screen Keyboard helps
protect your master password.

➢ PANIC BUTTON
Quickly hide all browser windows with a click of a button.

Don't want the boss to catch you surfing the Web on company time? Don't want your teacher,
classmates, roommate or significant other to see the Web sites you're viewing? With Panic Button,
a single click of a toolbar button will quickly hide all Firefox windows -- bring them back by
clicking a button on the Restore Session toolbar. The Panic Button action can also be invoked by
pressing F9 (Command+F9 on the Macintosh).

B. GOOGLE CHROME ADD-ONS

➢ HOW TO INSTALL EXTENSION IN GOOGLE CHROME


1. First of open Google Chrome and Click on customize and control Google chrome option.

Page 62
CYBER SECURITY NOTES

2. Then go to setting and open it.


3. Then click on Extensions

4. Then click on Get More Extensions option.


5. Then type Extension name on the given search box

Page 63
CYBER SECURITY NOTES

6. Then go to the extension which you want to add.


7. Then click on add button to install the extension.

➢ SOME OF THE EXTENSIONS OF GOOGLE CHROME

❖ GOOGLE CHROME BACKUP


Google Chrome (web browser) has just hit the world. Google Chrome backup is a small tool to
create, backup, restore and manage Google Chrome profiles. The profile holds personal data like
history, bookmarks, etc. Everything is done with one click.

❖ AD BLOCK FOR GOOGLE CHROME

The famous Adblock Plus for Firefox is finally available for Google Chrome. It brings the same
convenience of blocking unwanted ads as you‘re used to.

Page 64
CYBER SECURITY NOTES

Simply install it and forget it. It‘ll block all the ads in the background, update its filters
automatically and never bother you. Google Quick Scroll has this feature you type a search query
on Google, find a site which contains that query and then, when you land on that webpage, you
have a hard time locating the words you searched for? Sounds familiar? Well, Google Quick Scroll,
developed by Google itself, is the solution. It saves you time by helping you quickly locate the
relevant portion of a search result on the landing page.

❖ SPLIT SCREEN

Split Screen, as the name suggests, splits the Chrome screen into two panes so that you can
browse two websites side by side. It will save time when you want to compare the content on two
sites for whatever reason.

❖ EASY AUTO REFRESH


Want a particular web page to auto refresh? (for example a news site) No problem. Chrome addon
Easy Auto Refresh does just that for you.

Page 65
CYBER SECURITY NOTES

5.4 BACKUPS OF DIFFERENT BROWSERS12

No matter which browser you‘ve picked for everyday use – chances are you‘ve customized your
browser to make it your own. Here are 5 free tools which will let you backup and preserve your
browser profile, so all the tweaking you‘ve done is safe.

1. How to Backup Google Chrome

Google‘s shiny new browser doesn‘t come with extensions yet – but ‗Google Chrome Backup‘
will help you save all your bookmarks and settings. Not only that, you can easily create
multiple user profiles (each with different settings/bookmarks) and switch between them
quickly.

2. How to Backup Firefox

MozBackup is a cross Mozilla backup utility which allows you to backup and restore
bookmarks, mail, contacts, history, extensions, cache etc.

3. How to Backup Safari

12
http://www.friedbeef.com/how-to-backup-any-browser-5-tips-for-google-chrome-firefox-safari-internet-
explorerand-opera/

Page 66
CYBER SECURITY NOTES

Apple provides an uncharacteristically round-about way of backing up your bookmarks on its


support portal, but if you‘re interested in getting a tool which would help automate the process,
tries out ‗Safari Backup and Restore‘.

4. How to Backup Internet Explorer

BackRex Internet Explorer Backup is a backup and restore tool for Internet Explorer. It allows
you to backup favorites, history, proxy settings, fonts, autocomplete passwords and cookies.
Not only that – it supports backups across different versions of IE e.g. IE 6 to IE7 and vice
versa.

UNIT – 6

EMAIL SECURITY

Objectives: -

6.1 Definition of an Email.


6.2 Understanding How Email Works
6.3 Types of Email
6.4 Email Security

Page 67
CYBER SECURITY NOTES

6.1 DEFINITION OF AN E-MAIL

Email is shorthand term meaning Electronic Mail. Email much the same as a letter, only that it is
exchanged in a different way. Computers use the TCP/IP protocol suite to send email messages in
the form of packets. The first thing you need to send and receive emails is an email address. When
you create an account with an Internet Service Provider you are usually given an email address to
send from and receive emails. If this isn't the case you can create an email address / account at web
sites such as yahoo, Hotmail and Gmail.

6.1.1 Email Address

An e-mail address typically has two main parts:

John.Samsung@iqspl.com

The first field is the user name (John.Samsung) which refers to the recipient's mailbox. Then there
is the sign (@) which is the same in every email address. Then come to the next host name (iqspl),
which can also be called the domain name. This refers to the mail server address, most usually
having an individual IP address. The final part of an email address includes the top-level domain
(TLD). For the above address this is 'com', which is for commercial sites.

6.1.2 Benefits of Email Include

❖ Convenience- If a desktop computer, laptop or mobile phone is around, you can type
your email message wherever you want, save it for later use and send it at any time
without having to worry about envelopes, stamps and tariffs.
❖ Speed- Emails typically arrive within seconds or minutes — anywhere in the world,
something that can be said only about a negligible number of the letters I've sent via
postal mail.

❖ Attachments - You can attach any file on your computer to an email message easily,
regardless of its type and, mostly, size. It's as easy to send a long master's thesis around
the world as it is to email a spread sheet, a report, pictures, or a saved game of your
favorite game.

❖ Accessibility - Emails can be stored conveniently in your email program. Good programs
make it easy to organize, archive and search your emails, so any information contained
in an email is always readily accessible.

❖ Cost- Safe for the fee you pay for accessing the internet, sending and receiving emails is
typically free.

Page 68
CYBER SECURITY NOTES

6.2 UNDERSTANDING HOW E-MAIL WORKS


13
Billions of electronic mail (e-mail) messages move across the Internet every year. Sending
electronic letters, pictures and data files, either across a building or across the globe, has grown so
popular that it has started to replace some postal mail and telephone calls. This universal medium
is no longer restricted to exchange of simple text messages and is now regularly used to deliver
voice mail, facsimiles and documents that may include images, sound and video.

Typically, a message becomes available to the recipient within seconds after it is sent—one reason
why Internet mail has transformed the way that we are able to communicate.

1. MESSAGE SENDER uses mail software, called a client, to compose a document, possibly
including attachments such as tables, photographs or even a voice or video recording.
System software, called Transmission Control Protocol (TCP), divides the message into
packets and adds information about how each packet should be handled-for instance, in
what order packets were transmitted from the sender. Packets are sent to a mail submission
server, a computer on the internal network of a company or an Internet service provider.

2. INTERNET MAIL ADDRESSES attached to each message are in the form


"mailbox@domainname" - one specific example being "John@iqspl.com." The multipart
domain name in the above example denotes a top-level domain (".com") following the
second-level domain ("iqspl"). A message is delivered to an individual or a group by the
mailbox name ("John").

3. MAIL SUBMISSION SERVER converts the domain name of the recipient‘s mail address
into a numeric Internet Protocol (IP) address. It does this by querying domain name servers
interspersed throughout the Internet. For example, the mail submission server can first
request from the "root" name server the whereabouts of other servers that store information
about ".com" domains. It can then interrogate the ".com" name server for the location of
the specific "iqspl.com" name server. A final request to the "iqspl.com" name server
provides the IP address for the computer that receives the mail for iqspl.com, which is then
attached to each message packet.

4. ROUTERS dispersed throughout the Internet read the IP address on a packet and relay it
toward its destination by the most efficient path. (Because of fluctuating traffic over data
lines, trying to transmit a packet directly to its destination is not always the fastest way.)
The packets of a single message may travel along different routes, shuttling through 10 or
so routers before their journey‘s end.

13
http://www.seniorindian.com/email.htm

Page 69
CYBER SECURITY NOTES

5. DESTINATION MAIL SERVER places the packets in their original order, according to
the instructions contained in each packet, and stores the message in the recipient‘s mailbox.
The recipient‘s client software can then display the message.

6.3 TYPES OF EMAIL


6.3.1 Web based Email:

Email addresses are commonly assigned by your Internet service provider (ISP), but other can also
obtain an email address through a website service. This is known as web based email.

Most people are familiar with setting up their email clients to receive mail through their ISP. The
client asks for a POP server (Post Office Protocol) in order to receive mail and a SMTP server
(Standard Mail Transfer Protocol) in order to send mail. However, most email clients can also be
used to collect web based email by configuring the client to connect to an IMAP server (Internet
Message Access Protocol). The IMAP server is part of the host's package. That said, the more
common way to access this mail is by using a browser.

Web based email has its advantages, especially for people who travel. Email can be collected by
simply visiting a website, negating the need for an email client, or to logon from home. Wherever
a public terminal with Internet access exists — from the library to a café to the airport or hotel —
one can check, send and receive email quickly and easily.

Another advantage of web based email is that it provides an alternate address allowing you to
reserve your ISP address for personal use. If you would like to subscribe to a newsletter, enter a
drawing, register at a website, participate in chats, or send feedback to a site, a web based email
address is the perfect answer. It will keep non-personal mail on a server for you to check when
you wish, rather than filling up your private email box.

The other use of the word is to describe a Web-based email service: an email service offered
through a web site (a webmail provider) such as Gmail, Yahoo! Mail, Hotmail and AOL Mail.
Practically every webmail provider offers email access using a webmail client, and many of them
also offer email access by a desktop email client using standard email protocols, while many
internet service providers provide a webmail client as part of the email service included in their
internet service package.

Page 70
CYBER SECURITY NOTES

As with any web application, webmail's main advantage over the use of a desktop email client is
the ability to send and receive email anywhere from a web browser. Its main disadvantage is the
need to be connected to the internet while using it (Gmail offers offline use of its webmail client
through the installation of Gears). There exist also other software tools to integrate parts of the
webmail functionality into the OS (e.g. creating messages directly from third party applications
via MAPI).

6.3.2 Email Clients:

An email client, email reader, or more formally mail user agent (MUA), is a computer program
used to access and manage a user's email. The term can refer to any system capable of accessing
the user's email mailbox, regardless of it being a mail user agent, a relaying server, or a human
typing on a terminal. In addition, a web application that provides message management,
composition, and reception functions is sometimes also considered an email client, but more
commonly referred to as webmail.

Popular locally installed email clients include Microsoft Outlook, IBM Lotus Notes, Pegasus Mail,
Mozilla's Thunderbird, KMail in the Kontact suite, Evolution and Apple Inc.'s Mail.

14
6.4 EMAIL SECURITY
(A) Set up Spam Filters: - Enable spam filtering and adjust how aggressively you want to filter
under Spam Filtering on a user‘s Overview page. Doing this for a Default User applies these
settings to all new users in any org the Default User is assigned to. Doing this for any other
user applies the settings only to that user. You can set an overall level of aggressiveness for
filtering all types of spam (Bulk Email) and then adjust separate filters for more aggressive
filtering of specific spam categories. In Gmail's filters allow you to manage the flow of
incoming messages. Using filters, you can automatically label, archive, delete, star, or
forward your mail, even keep it out of Spam.

(B) Prevent Yourself from Phishing: - Phishing scams can happen when malicious
organizations or people (also known as cybercriminals) present themselves as an entity you
can trust, then try to trick you, or lure you, into providing them with your personal
information. Phishing scams normally occur via email, websites, text messages, and
sometimes, even phone calls. Cybercriminals will often pose as your bank or financial
institution, your employer, or any other entity that you normally trust with your information.
To protect yourself from phishing scams, you can learn about the methods these
cybercriminals use and the signs that indicate you may be a potential victim.

(i) Determine if the nature of the correspondence is suspicious.

14
https://www.google.com/support/enterprise/static/postini/docs/admin/en/admin_ee_cu/spam_enable.html

Page 71
CYBER SECURITY NOTES

(ii) Review suspicious emails and text messages for spelling and punctuation errors.
(iii) Call the organization directly to verify the inquiry.
(iv) Examine the website links and logos in suspicious emails you receive.
(v) Examine the email address of the entity that sent you the email.
(vi) Provide your personal information only to websites that are secure.

(C) Email Encryption: - If you want to be sure that your email can be read by no one but you,
then it needs to be encrypted. One of the best encryption systems is called PGP encryption
which is an open-source version of PGP encryption. PGP stand for Pretty Good Privacy and
is actually an understatement made by a programmer who didn't want to be too optimistic
about how secure it is. However, as it turns out, PGP is has actually proven itself to be
extremely good. It's been around for many years, being maintained by the best coders in the
world and it hasn't been cracked.

❖ CASE STUDY ON EMAIL SCAM:

Dailyhelmsman.com publication reported that on 27th August, 2014 the University of Memphis
recently became victim of phishing as many students received an email from the ―help
desk‖Memphis.edu is the domain of University of Memphis but it is reported that particular email
did not contain that domain at all. The email requested students to click a link and update their
account by filling their online credentials.

The University‘s Help Desk got alerted about the issue when a student called them stating the
receipt of the email and he did not know what to do. The attendant of the help desk asked the
student to send the email to the office which was then sent to abuse.memphis.edu which is the
spam email help line of the University.

Ellen Watson, Chief Information Officer and Vice Provost of Information Technology of the
University advised the students to be very careful when reading unfamiliar emails, as reported
dailyhelmsman.com.

He continued by stating that, ―We have stopped more than 7 million spam messages and on many
occasions different hackers try to steal others‘ identity in different ways.‖ The University has
highlighted some important security tips on its official website to combat phishing attacks.

They include: Never click on links contained in an unsolicited email as such links often lead to
fake Internet sites. For example, a phishing email may contain the link ―Click here to update your

Page 72
CYBER SECURITY NOTES

information‖ as in the above case and then direct you to a fake business website requesting for
personal credentials.15

UNIT 7

FIREWALL AND UNIFIED THREAT


MANAGEMENT

Objectives:-
7.1 Definition of Firewall
7.2 Types of Firewall.
7.3 Firewall techniques.
7.4 Unified threat management (UTM).

15
http://alertafrica.com/university-students-targeted-fraudulent-email-scam/

Page 73
CYBER SECURITY NOTES

7.1 DEFINITION OF FIREWALL


Firewalls can be implemented in both forms i.e. hardware and software, or a combination of both.
Firewall is a term used to describe a device or application that will control and restrict data transfers
between a computer system and internet connection. The purpose of having a firewall in place is
to not only prevent unauthorized or malicious data entering your system via your internet
connection, but to also prevent sensitive information from leaving your system.16

7.2 TYPES OF FIREWALL


Firewalls are of two types –

1. Hardware (external)
2. Software (internal)

While both have their advantages and disadvantages, the decision to use a firewall is far more
important than deciding which type you use.

1. Hardware Firewall

20

Typically called network firewalls, these external devices are positioned between your computer
or network and your cable. Many vendors and some Internet Service Providers (ISPs) offer devices
called "routers" that also include firewall features. Hardware-based firewalls are particularly useful

16
http://www.vicomsoft.com/learning-center

Page 74
CYBER SECURITY NOTES

for protecting multiple computers but also offer a high degree of protection for a single computer.
If you only have one computer behind the firewall, or if you are certain that all of the other
computers on the network are up to date on patches are free from viruses, worms, or other
malicious code, you may not need the extra protection of a software firewall. Hardware based
firewalls have advantage of being separate devices running their own operating systems, so they
provide an additional line of defense against attacks. Their major drawback is cost.

20
http://www.vicomsoft.com/learning-center/firewalls/
➢ Advantages of Hardware Firewall:
▪ Uses very little system resources.
▪ More secure.
▪ Enhanced security control.
▪ Dedicated hardware firewalls are typically more reliable.
▪ Easy to disable or remove.
▪ Work independently of associated computer systems.

➢ Disadvantages of Hardware Firewall:


▪ Install process is more demanding both physically and mentally.
▪ Takes up physical work space. ▪ More expensive.
▪ Harder to upgrade and repair.

3. Software Firewall

Software firewall is a commercial product that is sold as a standalone software package or comes
as part of a security suite where anti-virus and anti-spam or spyware are part of the package.
Software firewalls are a popular choice for home users, depending on the type you buy you could
get some protection against basic Trojans or email worms. A software firewall needs to be installed
on every computer that needs firewall protection.

Page 75
CYBER SECURITY NOTES

21

21
http://www.vicomsoft.com/learning-center/firewalls/
➢ Advantages of Software Firewall:
▪ Considerably cheaper or even free
▪ Simple to install and upgrade
▪ Requires no physical changes to hardware or network
▪ Ideal for home/family use
▪ Takes up no physical space

➢ Disadvantages of Software Firewall:


▪ Software may crash or be incompatible with system ▪ It is difficult to completely disable
and remove.
▪ Software bugs may compromise security.
▪ Firewall utilizes more resources.
▪ Incompatibilities with operating system.

7.3 FIREWALL TECHNIQUES:


There Are Several Types of Firewall Techniques (i)
Packet Filtering Firewall.
(ii) Stateless Firewall.
(iii) Stateful Packet Inspection.
(iv) Internet Connection Firewall.

Page 76
CYBER SECURITY NOTES

(v) Application Level Proxy. (vi) Circuit Gateways.


(vii) Hybrid Firewall. 17

(i) Packet Filtering:

All Internet traffic travels in the form of packets. A packet filtering firewall will examine the
information contained in the header of a packet of information which, is attempting to pass through
the network. Information checked includes:

▪ Source IP address
▪ Source port
▪ Destination IP address
▪ Destination port
▪ IP protocol (TCP or UDP)
A packet filter firewall works on the network level of the Open System Interconnection i.e. OSI
definition protocol stack, and so, does not hide the private network topology behind the firewall
from prying eyes. It is important to be aware that this type of firewall only examines the header
information. Its contents and context are ignored. If data with malicious intent is sent from a trusted
source, this type of firewall is no protection. When a packet passes the filtering process, it is passed
on to the destination address. If the packet does not pass, it is simply dropped. Filtering consists
of examining incoming or outgoing packets and allowing or disallowing their transmission or
acceptance on the basis of a set of configurable rules, called policies.

Packet filtering policies may be based upon any of the following:

▪ Allowing or disallowing packets on the basis of the source IP address ▪


Allowing or disallowing packets on the basis of their destination port ▪
Allowing or disallowing packets according to protocol.

This type of firewall is vulnerable to 'IP spoofing', a practice where a hacker will make his
transmission to the private LAN (Local Area Network) look as though it is coming from a trusted
source, thereby gaining access to the LAN.

(ii) Stateless Firewall:

Stateless firewalls watch network traffic, and restrict or block packets based on source and
destination addresses or other static values. They are not 'aware' of traffic patterns or data flows.
A stateless firewall uses simple rule-sets that do not account for the possibility that a packet might
be received by the firewall 'pretending' to be something you asked for.

17
http://www.webopedia.com/TERM/F/firewall.html

Page 77
CYBER SECURITY NOTES

Stateless firewalls are typically faster and perform better under heavier traffic loads. Stateful
firewalls are better at identifying unauthorized and forged communications.

iii) Stateful Packet Inspection:

It is called "Stateful" because it examines the contents of the packet to determine what the state of
the communication. Stateful firewall may examine not just the header information but also the
contents of the packet up through the application layer in order to determine more about the packet
than just information about its source and destination. It ensures that the stated destination
computer has previously acknowledged the communication from the source computer.

In this way all the communications are initiated by the "receiving" computer and are taking place
only with sources that are known or trusted from previous communication connections. In
addition, Stateful Packet Inspection firewalls are also more rigorous in their packet inspections.

Stateful Packet Inspection firewalls also close off ports until an authorized connection is requested
and acknowledged by the receiving computer. This allows for an added layer of protection from
the threat of "port scanning" a method used by hackers to determine what PC services or
applications are available to be utilized to gain access to the host computer.

(iv) Application Level Proxy:

Also known as application proxy or application-level proxy, an application gateway is an


application program that runs on a firewall system between two networks. When a client program
establishes a connection to a destination service, it connects to an application gateway, or proxy.
The client then negotiates with the proxy server in order to communicate with the destination
service. In effect, the proxy establishes the connection with the destination behind the firewall and
acts on behalf of the client, hiding and protecting individual computers on the network behind the
firewall. This creates two connections: one between the client and the proxy server and one

Page 78
CYBER SECURITY NOTES

between the proxy server and the destination. Once connected, the proxy makes all packet-
forwarding decisions. Since all communication is conducted through the proxy server, computers
behind the firewall are protected.

This type of firewall works on the application level of the protocol stack, which enables it to
perform with more intelligence than a packet filtering or circuit gateway firewall. In computer
networking, an application layer firewall is a firewall operating at the application layer of a
protocol stack. Generally it is a host using various forms of proxy servers to proxy traffic instead
of routing it. As it works on the application layer, it may inspect the contents of the traffic, blocking
what the firewall administrator views as inappropriate content, such as certain websites, viruses,
and attempts to exploit known logical flaws in client software, and so forth. An application layer
firewall does not route traffic on the network layer. All traffic stops at the firewall which may
initiate its own connections if the traffic satisfies the rules.

(v) Circuit Level Gateway:

Also called a ―Circuit Level Gateway‖ this is a firewall approach that validates connections before
allowing data to be exchanged.

What this means is that the firewall doesn't simply allow or disallow packets but also determines
whether the connection between both ends is valid according to configurable rules, then opens a
session and permits traffic only from the allowed source and possibly only for a limited period of
time. Whether a connection is valid may for examples be based upon:

▪ destination IP address and/or port


▪ source IP address and/or port
▪ time of day
▪ protocol
▪ user
▪ password

Every session of data exchange is validated and monitored and all traffic is disallowed unless a
session is open.

Circuit Level Filtering takes control a step further than a Packet Filter. Among the advantages of
a circuit relay is that it can make up for the shortcomings of the ultra-simple and Exploitable UDP
protocol, wherein the source address is never validated as a function of the protocol. IP Spoofing
can be rendered much more difficult.

A disadvantage is that Circuit Level Filtering operates at the Transport Layer and may require
substantial modification of the programming which normally provides transport functions (e.g.
Winsock).

Page 79
CYBER SECURITY NOTES

(vi) Hybrid Firewall:

Hybrid firewall is a combination of two of the above-mentioned firewalls. The first commercial
firewall, the DEC Seal, was a hybrid developed using an application gateway and a filtering packet
firewall. This type of firewall is generally implemented by adding packet filtering to an application
gateway to quickly enable a new service access to and from the private LAN.

A simple firewalling mechanism called packet filtering. In packet filtering, a firewall looks at each
packet and uses the packet's header information to decide if the packet should be delivered or
discarded. The decision most often relies on the packet's port number, which generally indicates
what type of application traffic the packet carries. Packet filtering is simple and fast, but its
simplicity means it is unable to detect attacks that are embedded in the application protocols
themselves. For example, Code Red and Nimda used HTTP messages to infect servers running
Microsoft Internet Information Server. Packet filtering can't stop these worms because it looks in
the wrong places to detect attacks. Not even a "stateful" packet filter keeps track of enough
information to distinguish between legitimate HTTP traffic and that which carries a worm
infection.

Often, the best choice is a firewall that offers a hybrid architecture combining packet filtering and
application layer proxies. This lets organizations tailor their firewall protection to optimize
performance while maintaining the appropriate level of security for the corresponding risk. Hybrid
firewalls use simple packet filtering to provide high throughput for lowest-risk traffic, stateful
inspection for slightly riskier traffic, and the application layer gateway where the risk of data-
driven attacks is highest. 18

7.4 UNIFIED THREAT MANAGEMENT (UTM):

Unified Threat Management (UTM) is the approach that many organizations have adopted to
improve visibility and control of their network security while lowering complexity of their
networks. UTM creates an environment in which all network security falls beneath a single,
consistent technology umbrella. UTM enables the consolidation of all traditional as well as next
generation firewall functions into a single device.

18
http://www.webopedia.com/DidYouKnow/Hardware_Software/firewall_types.asp

Page 80
CYBER SECURITY NOTES

UTM is the evolution of the traditional firewall into an all-inclusive security product able to
perform multiple security functions within one single appliance: network firewalls, network
intrusion prevention(IPS) and gateway antivirus (AV), gateway anti-spam, VPN-Virtual Private
Network, content filtering, load balancing, data leak prevention and on-appliance reporting. 19
UTM firewalls offer significant management and cost advantages over single-purpose security
products, but often require feature and functionality tradeoffs. Products dedicated to a single
security application are typically more feature-rich and deliver higher performance.

Advantages of Unified Threat Management:


• Lower up-front cost – Single all-in-one appliance costs less than buying multiple
dedicated systems.
• Lower maintenance costs – Since you‘re buying just one support agreement for all
security services, you can significantly reduce the amount you pay for service contracts
and ongoing support.
• Less space – If you have limited space for networking equipment, Unified Threat
Management‘s ability to fit all the services into a small, self-contained package can be
really appealing.
• Lower power consumption – One power supply means less power used and less lost while
reducing line voltage to the levels network devices use.
• Easier to install and configure– One appliance set up means there are just a couple of
wires to connect and one interface to use setting the device.
• Fully integrated–All the features of UTM device are designed to work together without
leaving holes in your protection or creating interoperability challenges.

19
http://www.isarg.org/utm-unified-threat-management.php

Page 81
CYBER SECURITY NOTES

Disadvantages of Unified Threat Management:


• Less specialization – Like a Swiss Army knife, a UTM device is a single tool designed to
fill multiple roles. It therefore could lack some of the more granular features a dedicated
box provides. The most important example of where a dedicated appliance may be superior
is in anti-virus, anti-malware and anti-spam features.
• Single point-of-failure – The drawback of any single box system is that when it fails,
everything fails. As a result, it‘s a great idea for Unified Threat Management users to
purchase a managed UTM service that includes a full backup of your configuration and
next business day replacement of your hardware. In addition, many UTM devices these
days allow you to cluster multiple appliances to eliminate this risk.
• Possible performance constraints – The UTM device is having single CPU is being
expected to perform multiple tasks at once; it could become overtaxed when dealing with
multiple simultaneous attacks. In such cases, some devices will shut down selected
services to maintain the integrity of the device, limiting your protection. Usually this can
be overcome by purchasing a device with significantly more processing power than you
think you need.20
UNIT – 8

PHYSICAL SECURITY

Objectives: -
8.1 Understanding Physical Security
8.2 Need for Physical Security
8.3 Physical Security Equipment‘s
8.4 Other Elements of Physical Security

8.1 UNDERSTANDING PHYSICAL SECURITY

21
Physical security is an extremely important part of keeping your computers and data secure if an
experienced hacker can just walk up to your machine, it can be compromised in a matter of
minutes. That may seem like a remote threat, but there are other risks —like theft, data loss, and
physical damage — that make it important to check your physical security posture for holes.

20
http://www.vicomsoft.com/learning-center/firewalls/
21
http://books.google.co.in/

Page 82
CYBER SECURITY NOTES

It deals with such things as personnel, the environment, the facility and its power supply, fire
protection, physical access, and even the protection of software, hardware, and data files.

Physical security is concerned with physical measures designed to safeguard people, to prevent
unauthorized access to equipment, facilities, hardware, materials and documents, and to safeguard
them from damage or loss.

➢ The risk associated due to improper physical access maybe –

(1) Unauthorized entry


(2) Damage or theft of equipment‘s or documents.
(3) Copying or viewing of sensitive data.
(4) Abuse of data.
(5) Illegal physical access.

Remember that network security starts at the physical level. All the firewalls in the world won‘t stop an
intruder who is able to gain physical access to your network and computers, so lock up as well as
lock down.
8.2 NEED FOR PHYSICAL SECURITY
The first layer of security you need to take into account is the physical security of your computer
systems. Security is the condition of being protected against danger or loss. As security is essential
in our day to day life it is also essential in the world of computers too. We have already seen the
importance of data stored in computers, its use and the consequences that we have to face if this
data is not protected i.e., if it is not secured.

Computer Security can be defined as ―the measures applied to ensure security and availability of
the information processed, stored and transmitted by the computer‖. It is protection of information
assets through the use of technology, processes and training. The security measures applied differ
with the differing levels of security requirements. As physical security can be achieved through
the use of locks, security guards, closed circuit television, Biometrics, smart cards, fingerprinting,
security tokens etc., the logical security can be achieved through the use of various antivirus
software‘s, firewalls, intrusion detection systems etc.

8.3 PHYSICAL SECURITY EQUIPMENTS

8.3.1 22Close Circuit Television Cameras: - CCTV (closed-circuit television) is a TV system in


which signals are not publicly distributed but are monitored, primarily for surveillance and
security purposes.

22
http://whatis.techtarget.com/definition/closed-circuit-television-CCTV

Page 83
CYBER SECURITY NOTES

CCTV relies on strategic placement of cameras and private observation of the camera's input on
monitors. The system is called "closed-circuit" because the cameras, monitors and/or video
recorders communicate across a proprietary coaxial cable run or wireless communication
link. Access to data transmissions is limited by design.

➢ Analog Cameras: - Analog cameras can record straight to a video tape recorder which is
able to record analogue signals as pictures. If the analogue signals are recorded to tape, then
the tape must run at a very slow speed in order to operate continuously. This is because in
order to allow a three hour tape to run for 24 hours, it must be set to run on a time lapse basis
which is usually about four frames a second. In one second, the camera scene can change
dramatically.

➢ Digital Cameras: - These cameras do not require a video capture card because they work
using a digital signal which can be saved directly to a computer. The signal is compressed
5:1, but DVD quality can be achieved with more compression (MPEG-2 is standard for
DVD-video, and has a higher compression ratio than 5:1, with a slightly lower video quality
than 5:1 at best, and is adjustable for the amount of space to be taken up versus the quality
of picture needed or desired). The highest picture quality of DVD is only slightly lower than
the quality of basic 5:1-compression DV.

8.3.2 BIOMETRICS

Biometric come from the Greek words "bio" (life) and "metric" (to measure). Biometrics is
technologies used for measuring and analyzing a person's unique characteristics.

Biometric characteristics can be divided in two main classes:

▪ Physiological are related to the shape of the body. Examples include, but are not limited to
fingerprint, face recognition, DNA, hand and palm geometry, iris recognition, which has
largely replaced retina, and odour/scent.
▪ Behavioral are related to the behavior of a person. Examples include, but are not limited to
typing rhythm, gait, and voice. Some researchers have coined the term behaviometrics for
this class of biometrics.

➢ Use Of Biometric Security:


Biometrics is used for identification and verification:

▪ Identification

Page 84
CYBER SECURITY NOTES

Identification is determining who a person is. It involves trying to find a match for a person's
biometric data in a database containing records of people and that characteristic. This method
requires time and a large amount of processing power, especially if the database is very large. ▪
Verification

Verification is determining if a person is who they say they are. It involves comparing a user's
biometric data to the previously recorded data for that person to ensure that this is the same
person. This method requires less processing power and time, and is used for access control
(to buildings or data).

➢ Need Of Biometric Security:


Reliable user authentication is essential. The consequences of insecure authentication in a
banking or corporate environment can be catastrophic, with loss of confidential information,
money, and compromised data integrity. Many applications in everyday life also require user
authentication, including physical access control to offices or buildings, e-commerce,
healthcare, immigration and border control, etc.

Currently, the prevailing techniques of user authentication are linked to passwords, user IDs,
identification cards and PINs (personal identification numbers). These techniques suffer from
several limitations like Passwords and PINs can be guessed, stolen or illicitly acquired by covert
observation.

In addition, there is no way to positively link the usage of the system or service to the actual user.
A password can be shared, and there is no way for the system to know who the actual user is. A
credit card transaction can only validate the credit card number and the PIN, not if the transaction
is conducted by the rightful owner of the credit card.

(i) Features Of Biometrics

• Unique: The various biometrics systems have been developed around unique
characteristics of individuals. The probability of 2 people sharing the same biometric data
is virtually nil.

• Cannot be shared: Because a biometric property is an intrinsic property of an individual,


it is extremely difficult to duplicate or share (you cannot give a copy of your face or your
hand to someone!).

Page 85
CYBER SECURITY NOTES

• Cannot be copied: Biometric characteristics are nearly impossible to forge or spoof,


especially with new technologies ensuring that the biometric being identified is from a
live person.

• Cannot be lost: A biometric property of an individual can be lost only in case of serious
accident.

➢ Types of Physical Biometric Systems


The main physical biometric technologies include –

(1) Fingerprint
(2) Iris
(3) Retina
(4) Face
(5) Security tokens
(6) Smart Card
There are also a number of behavioral biometric technologies such as voice recognition (analyzing
a speaker's vocal behavior), keystroke (measuring the time spacing of typed words), gait
recognition (manner of walking), or signature (analyzing the way you sign).

(1) FINGERPRINT BIOMETRICS

(i) Why we use finger part from Human Body?

Human fingerprints are unique to each person and can be regarded as a sort of signature, certifying
the person's identity. Because no two fingerprints are exactly alike, the process of identifying a
fingerprint involves comparing the ridges and impressions on one fingerprint to those of another.

(ii) Principles of fingerprint biometrics


A fingerprint is made of a number of ridges and valleys on the surface of the finger. Ridges are the
upper skin layer segments of the finger and valleys are the lower segments. The ridges form so-
called minutia points: ridge endings (where a ridge end) and ridge bifurcations (where a ridge splits
in two). Many types of minutiae exist, including dots (very small ridges), islands (ridges slightly
longer than dots, occupying a middle space between two temporarily divergent ridges), ponds or
lakes (empty spaces between two temporarily divergent ridges), spurs (a notch protruding from a
ridge), bridges (small ridges joining two longer adjacent ridges), and crossovers (two ridges which
cross each other).

Page 86
CYBER SECURITY NOTES

The uniqueness of a fingerprint can be determined by the pattern of ridges and furrows as well as
the minutiae points. There are five basic fingerprint patterns: arch, tented arch, left loop, right loop
and whorl. Loops make up 60% of all fingerprints, whorls account for 30%, and arches for 10%.

Fingerprints are usually considered to be unique, with no two fingers having the exact same dermal
ridge characteristics.

Fingerprint Example
(iii) How does fingerprint biometrics work
The main technologies used to capture the fingerprint image with sufficient detail are optical,
silicon, and ultrasound.

➢ There are two main algorithm families to recognize fingerprints:

a. Minutia matching - It compares specific details within the fingerprint ridges. At registration
(also called enrolment), the minutia points are located, together with their relative positions to
each other and their directions. At the matching stage, the fingerprint image is processed to
extract its minutia points, which are then compared with the registered template.

b. Pattern matching - It compares the overall characteristics of the fingerprints, not only
individual points. Fingerprint characteristics can include sub-areas of certain interest including
ridge thickness, curvature, or density. During enrolment, small sections of the fingerprint and
their relative distances are extracted from the fingerprint. Areas of interest are the area around
a minutia point, areas with low curvature radius, and areas with unusual combinations of
ridges.

(iv) Applications of fingerprint biometrics


Fingerprint sensors are best for devices such as cell phones, USB flash drives, notebook computers
and other applications where price, size, cost and low power are key requirements. Fingerprint
biometric systems are also used for law enforcement, background searches to screen job applicants,
healthcare and welfare.

Page 87
CYBER SECURITY NOTES

(v) Benefits of fingerprint biometric systems


✓ Easy to use
✓ Cheap
✓ Small size
✓ Low power
✓ Non-intrusive
✓ Large database already available

(vi) Issues with fingerprint systems


The tip of the finger is a small area from which to take measurements, and ridge patterns can be
affected by cuts, dirt, or even wear and tear. Acquiring high-quality images of distinctive
fingerprint ridges and minutiae is complicated task.
People with no or few minutia points (surgeons as they often wash their hands with strong
detergents, builders, and people with special skin conditions) cannot enroll or use the system. The
number of minutia points can be a limiting factor for security of the algorithm. Results can also be
confused by false minutia points (areas of obfuscation that appear due to low-quality enrolment,
imaging, or fingerprint ridge detail).

Note -There is some controversy over the uniqueness of fingerprints. The quality of partial prints
is however the limiting factor. As the number of defining points of the fingerprint becomes smaller,
the degree of certainty of identity declines. There have been a few well-documented cases of
people being wrongly accused on the basis of partial fingerprints.

(2) IRIS BIOMETRICS

➢ Function:
Iris recognition is a method of biometric authentication that uses pattern-recognition techniques
based on high-resolution images of the irises of an individual's eyes.

(i) Principles of iris biometrics


The iris is the elastic, pigmented, connective tissue that controls the pupil. The iris is formed in
early life in a process called morphogenesis. Once fully formed, the texture is stable throughout
life. It is the only internal human organ visible from the outside and is protected by the cornea.
The iris of the eye has a unique pattern, from eye to eye and person to person.

Page 88
CYBER SECURITY NOTES

Iris Example
(ii) How does iris biometrics work?
An iris scan will analyze over 200 points of the iris, such as rings, furrows, freckles, the corona
and will compare it a previously recorded template.
Glasses, contact lenses, and even eye surgery does not change the characteristics of the iris.

To prevent an image / photo of the iris from being used instead of a real "live" eye, iris scanning
systems will vary the light and check that the pupil dilates or contracts.

(iii) Applications of iris biometrics


Applications include: Identity cards and passports, border control and other Government
programmer, prison security, database access and computer login, hospital security, schools,
aviation security, controlling access to restricted areas, buildings and homes.

(iv) Benefits of retina biometric systems


✓ Highly accurate: There is no known case of a false acceptance for iris recognition
✓ Not intrusive and hygienic - no physical contact required

(v) Weaknesses of retina biometric systems


✓ The user must hold still while the scan is taking place

(3) RETINA BIOMETRICS

➢ Functions

Page 89
CYBER SECURITY NOTES

The retina biometric analyzes the layer of blood vessels located at the back of the eye. This
technique usually uses a low-intensity light source through an optical coupler and scans the unique
patterns of the layer of blood vessels known as the retina. Retina scanning is quite accurate and
very unique to each individual similar to the iris scan; but unlike the iris scan, it typically requires
the user to look into a receptacle and focus on a given point for the user's retina to be scanned.
This is not particularly convenient for people who wear glasses or are concerned about close
contact with the reading device. This technique is more intrusive than other biometric techniques;
as a result, retina scanning is not very friendly process even though the technology itself is very
accurate for use in identification, verification and authentication.

(i) Principles of retina biometrics


The blood vessels at the back of the eye have a unique pattern, from eye to eye and person to
person.

(ii) How does retina biometrics work?


Retina scans require that the person removes their glasses, place their eye close to the scanner,
stare at a specific point, and remain still, and focus on a specified location for approximately 10 to
15 seconds while the scan is completed. A retinal scan involves the use of a low-intensity coherent
light source, which is projected onto the retina to illuminate the blood vessels which are then
photographed and analyzed. A coupler is used to read the blood vessel patterns.

A retina scan cannot be faked as it is currently impossible to forge a human retina. Furthermore,
the retina of a deceased person decays too rapidly to be used to deceive a retinal scan.

Retina Scan

A retinal scan has an error rate of 1 in 10,000,000, compared to fingerprint identification error
being sometimes as high as 1 in 500.

(iii) Applications of retina biometrics

Page 90
CYBER SECURITY NOTES

Retina biometrics systems are suited for environments requiring maximum security, such as
Government, military and banking. Retina biometric systems have been in use for military
applications since the early seventies

(iv) Benefits of retina biometric systems


✓ Highly accurate

(v) Issues with retina systems


✓ Enrolment and scanning are intrusive and slow.
(4) FACE BIOMETRICS

➢ Functions
Face recognition can be an important alternative for selecting and developing an optimal biometric
system. Its advantage is that it does not require physical contact with an image capture device
(camera). A face identification system does not require any advanced hardware, as it can be used
with existing image capture devices (webcams, security cameras etc.).

Like fingerprint biometrics, facial recognition technology is widely used various systems,
including physical access control and computer user accounts security.

Usually these systems extract certain features from face images and then perform face matching
using these features. A face does not have as many uniquely measurable features as fingerprints
and eye irises, so facial recognition reliability is slightly lower than these other biometric
recognition methods. However, it is still suitable for many applications, especially when taking
into account its convenience for user. Facial recognition can also be used together with fingerprint
recognition or another biometric method for developing more security-critical applications.

Page 91
CYBER SECURITY NOTES

Face Recognition

(i) Principles of face biometrics


The dimensions, proportions and physical attributes of a person's face are unique.

(ii) How does face biometrics work


Biometric facial recognition systems will measure and analyze the overall structure,
shape and proportions of the face: Distance between the eyes, nose, mouth, and jaw
edges; upper outlines of the eye sockets, the sides of the mouth, the location of the nose
and eyes, the area surrounding the cheekbones. At enrolment, several pictures are taken
of the user's face, with slightly different angles and facial expressions, to allow for more
accurate matching. For verification and identification, the user stands in front of the
camera for a few seconds, and the scan is compared with the template previously
recorded.

To prevent an image / photo of the face or a mask from being used, face biometric systems
will require the user to smile, blink, or nod their head. Also, facial thermography can be
used to record the heat of the face (which won't be affected by a mask). The main facial
recognition methods are: feature analysis, neural network, Eigen faces, and automatic
face processing.

(iii) Applications of face biometrics

Page 92
CYBER SECURITY NOTES

Access to restricted areas like buildings, banks, embassies, military sites, airports, law
enforcement.

(iv) Benefits of face biometric systems


▪ Not intrusive, can be done from a distance, even without the user being aware of it
(for instance when scanning the entrance to a bank or a high security area).

(v) Weaknesses of face biometric systems


▪ Face biometric systems are more suited for authentication than for identification
purposes, as it is easy to change the proportion of one's face by wearing a mask, a
nose extension, etc.
▪ User perceptions / civil liberty: Most people are uncomfortable with having their
picture taken

(5) SECURITY TOKEN

A security token sometimes called an authentication token. It is a small hardware device that the
owner carries to the authorize access to network service. It is used to prove one's identity
electronically as in the case of a customer trying to access their bank account. The token is used
in addition to or in place of a password to prove that the customer is who they claim to be. The
token acts like an electronic key to access something.

The device may be in the form of a smart card or may be embedded in a commonly used object
such as a key fob. Security tokens provide an extra level of assurance through a method known as
two-factor authentication: the user has a personal identification number (PIN), which authorizes
them as the owner of that particular device; the device then displays a number which uniquely
identifies the user to the service, allowing them to log in. The identification number for each user
is changed frequently, usually every five minutes or so.

Unlike a password, a security token is a physical object. A key fob, for example, is practical and
easy to carry, and thus, easy for the user to protect. Even if the key fob falls into the wrong hands,
however, it can't be used to gain access because the PIN which only the rightful user knows is also
needed.

Page 93
CYBER SECURITY NOTES

(6) Smart Card

A smart card, chip card, or integrated circuit card (ICC), is any pocket-sized card with embedded
integrated circuits. The card may embed a hologram to prevent counterfeiting. Smart cards may
also provide strong security authentication for single sign-on within large organizations. Smart
cards can be used for identification, authentication, data storage and application processing.

❖ The most common smart card applications are:

▪ Credit cards
▪ Electronic cash
▪ Computer security systems
▪ Wireless communication
▪ Loyalty systems (like frequent flyer points)
▪ Banking
▪ Satellite TV
▪ Government identification

A quickly growing application is in digital identification. In this application, the cards authenticate
identity. The most common example employs PKI. The card stores an encrypted digital certificate
issued from the PKI provider along with other relevant information. Combined with biometrics,
cards can provide two- or three-factor authentication. In 1999 Gujarat was the first Indian state to
introduce a smart card license system. To date it has issued 5 million smart card driving licenses
to its people.

In computers, the Mozilla Firefox web browser can use smart cards to store certificates for use in
secure web browsing. Some disk encryption systems, such as FreeOTFE, True Crypt and
Microsoft Windows 7 Bit Locker, can use smart cards to securely hold encryption keys, and also

Page 94
CYBER SECURITY NOTES

to add another layer of encryption to critical parts of the secured disk. Smart cards are also used
for single sign-on to log on to computers

8.4 OTHER ELEMENTS OF PHYSICAL SECURITY23

➢ Gates: - The purpose of a gate is to provide a break in a perimeter fence or wall to allow
entry. Gates are protected by locks, intermittent guard patrols, fixed guard posts, contact
alarms, CCTV, or a combination of these. The number of gates and perimeter entrances
should be limited to those absolutely necessary, but should be sufficient to accommodate the
peak flow of pedestrian and vehicular traffic.

➢ Fencing: - Fences are the most common perimeter barrier or control. Two types normally
used are chain link and barbed wire. The choice is dependent primarily upon the degree of
permanence of the facility and local ordinances. A perimeter fence should be continuous, be
kept free of plant growth, and be maintained in good condition.

➢ Walls: -Walls are not normally considered possible points of entry because of their usual
solid construction. However, they cannot be disregarded because intruders may be able to
break through them to gain entrance. Reinforcement at critical points may be necessary to
deter forced entry.

➢ Doors: - A door is a vulnerable point of the security of any building. A door should be
installed so the hinges are on the inside to preclude removal of the screws or the use of chisels
or cutting devices. Pins in exterior hinges should be welded, flanged, or otherwise secured,
or hinge dowels should be used to preclude the door's removal. The door should be metal or
solid wood. Remember that locks, doors, doorframes, and accessory builder's hardware are
inseparable when evaluating barrier value. Do not put a sturdy lock on a weak door. The best
door is of little value if there are exposed removable hinge pins, breakable vision panels, or
other weaknesses that would allow entry. Transoms should be sealed permanently or locked
from the inside with a sturdy sliding bolt lock or other similar device or equipped with bars
or grills.

➢ Building HVAC Systems: -Ventilation shafts, vents, or ducts, and openings in the building
to accommodate ventilating fans or the air conditioning system can be used to introduce
chemical, biological, and radiological (CBR) agents into a facility. Decisions concerning
protective measures should be implemented based on the perceived risk associated with the
facility and its tenants, engineering and architectural feasibility, and cost.

23
http://www.usgs.gov/usgs-manual/handbook/hb/440-2-h/440-2-h-ch4.html

Page 95
CYBER SECURITY NOTES

➢ Fire Resistance: - Fire resistance means the ability of building components and systems to
perform their intended fire separating and/or loadbearing functions under fire exposure. Fire
resistant building components and systems are those with specified fire resistance ratings
based on fire resistance tests. These ratings, expressed in minutes and hours, describe the
time duration for which a given building component or system maintains specific functions
while exposed to a specific simulated fire event. Various test protocols describe the
procedures to evaluate the performance of doors, windows, walls, floors, beams, columns,
etc. The term ‗fire proof‘ is a misnomer in that nothing is fire proof. All construction
materials, components and systems have limits where they will be irreparably damaged by
fire.

❖ CASE STUDY OF PHYSICAL SECURITY:

Physical Security Just As Important As Antivirus Software:

The theft of a laptop computer and digital camera from a high school teacher‘ s locked filing
cabinet, which brought to mind the fact that the physical security of our digital devices is just as
important as having Internet security software. All of the antivirus/antispyware/anti-Internet-
badguy software in the world won‘t protect you from a clever thief stealing your laptop
physically.24

UNIT – 9

MOBILE SECURITY

Objectives: -

9.1 Different Mobile Platforms


9.2 Operating Systems Used For Mobile
9.3 Applications of Mobile Security
9.4 Encryption for Mobile
9.5 Mobile Communication Technology
9.6 Preventing Mobile Related Crimes

24
http://www.normantranscript.com/news/local_news/physical-security-just-as-important-as-antivirus-software

Page 96
CYBER SECURITY NOTES

9.1 DIFFERENT MOBILE PLATFORMS


The mobile platform wars really kicked into high gear in 2010. Android has continued to grow
bigger and bigger, chipping away at the market shares held by RIM, Apple and Symbian.
Everyone and her mother announced an Android device this year and that trend shows no
sign of slowing. Still, the mobile platform space was hardly defined by one company. Apple
changed the name of its iPhone OS to iOS, RIM released a new version of its BlackBerry OS
and Microsoft went back to the drawing board for Windows Phone 7.

➢ FIVE MOBILE PLATFORMS25 :

1. ANDROID: The iPhone dominated technology news in 2007, 2008 and 2009. It's hard to
argue that any other device, software program or piece of technology had more of an impact
on a culture and an industry as each version launched through the years. It's no longer so cut-
and-dry. In 2010, Android displaced the iPhone as the best-selling smartphone platform in
the U.S., powered many of the hottest smartphones including the EVO 4G, Droid X and
Samsung Galaxy S.

The Android Market grew by leaps and bounds and more and more developers indicated that they
see Android as the long-term path to success.

But the real news with Android wasn't just on phones. E-book readers, laptops, tablet and slate
computers, Google TV set-top boxes, car systems, television sets — you name it, an Android-
based variation is either out or probably in the works. Android's rise from second
or third-tier mobile platform to mobile superstar and embedded system of the future is
certainly one of the biggest stories of 2010.

2. IOS: Apple may have faced some tough competition in 2010, but the company didn't let iOS
sit idle. The fourth generation iPhone, the introduction of iOS and of course, the iPad still
showed that Apple is in this game to play.

As a platform, iOS continues to enjoy the largest mobile application store (200,000 apps
and counting) and is the commercial platform of choice for many developers both large and
small. With iOS 4, the company added some new features to bring the OS to parity with
some of the competition, features like folders and multitasking and better notifications,
while still introducing its own special features like FaceTime, Game Center and the iBook
store.

25
http://mashable.com/2010/10/15/defining-mobile-platforms/

Page 97
CYBER SECURITY NOTES

Still, the biggest thing to happen to iOS was the iPad. The iPad is not just one of the biggest
technology stories of the year; it's one of the most successful product launches of all time.
Millions of units have sold in the last six months with supply levels finally reaching the point
that the device can be sold from outlets like Target, Wal-Mart and Amazon.com. The iPad is
helping transform the publishing industry, is being used in education, and is appealing to
users and buyers of all stripes. iOS faces more competition than ever but the platform
continues to remain strong and for many, is still the undisputed champion when it comes to
a consistent, usable user interface.

3. WINDOWS PHONE 7: Microsoft isn't a company that can often be described as the
underdog in any arena. In mobile, however, it's a pretty fair assessment. After ditching its
Windows Mobile platform (now dubbed Windows Phone Classic), Microsoft formally
announced Windows Phone 7 in February of 2010. The phones will be hitting store shelves
in Europe and Asia in a couple of weeks, with North America following soon after. With
Windows Phone 7, Microsoft is doing a very un-Microsoft thing and cutting all ties to its legacy Windows
Mobile platform. Starting from the ground-up, Windows Phone 7 takes a refreshingly different approach
to interface and smartphone user motifs.

Part Zune, part portable Xbox, part minicomputer, Windows Phone 7 is taking a bit of a
different path than its competitors like Android, iOS and BlackBerry. These differences are
how Microsoft hopes it can distinguish itself in the marketplace. Whether Windows Phone 7
is different enough or powerful enough to win back some of the mobile market, we'll have
to wait and see. Still, we wouldn't bet against Microsoft's ability to rally.

4. UNITY: Unity isn't a platform it's an integrated authoring tool for creating 3D video games.
The Unity engine was already acclaimed for its role for making games for the web and Mac
and PC, but it really helped game developers go to the next level when Unity iOS hit the
scene.

Thanks to Unity, game developers can more rapidly create compelling and complex 3D worlds
and do better device testing, without having to know all of the ins and outs of Xcode. More

Page 98
CYBER SECURITY NOTES

than 1,000 iOS games have been built using Unity, including best-sellers like Skee-Ball and
Zombieland USA.Unity is currently in beta for Android and will be available soon. Unity
might be affected by Apple's brief ban on third-party programming tools. Unity was always
confident its platform would be safe, and after Apple relaxed its guidelines in September,
Unity's place in the mobile platform development ecosystem was solidified.

5. APPCELERATOR: Like Unity, Appcelerator isn't a platform per se, it's more of a toolkit
for helping web developers create native applications for the iPhone, iPad, Android and
BlackBerry operating systems.

Appcelerator's Titanium platform has experienced terrific growth over the last year, with
companies big and small turning to the platform as a way to cut down on development time,
while still creating applications that are native, fast and intuitive.
9.2 OPERATING SYSTEMS USED FOR MOBILE

1. SYMBIAN26: Symbian is a closed-source mobile operating system and computing platform


designed for smartphones and currently maintained by Accenture. Symbian was originally
developed by Symbian Ltd., as a descendant of Psion's EPOC and runs exclusively on ARM
processors, although an unreleased x86 port existed. The current form of Symbian is an open-
source platform developed by Symbian Foundation in 2009, as the successor of the original
Symbian OS. Symbian was used by many major mobile phone brands, like Samsung,
Motorola, Sony Ericsson, and above all by Nokia. It was the most popular smartphone OS
on a worldwide average until the end of 2010, when it was overtaken by Android.

26
en.wikipedia.org/wiki/Symbian

Page 99
CYBER SECURITY NOTES

Symbian has a native graphics toolkit since its inception, known as AVKON (formerly
known as Series 60). S60 was designed to be manipulated by a keyboard-like interface
metaphor, such as the ~15-key augmented telephone keypad, or the mini-QWERTY
keyboards. AVKON-based software is binary-compatible with Symbian versions up to and
including Symbian^3.

Symbian^3 includes the Qt framework, which is now the recommended user interface toolkit for
new applications. Qt can also be installed on older Symbian devices.

Symbian^4 was planned to introduce a new GUI library framework specifically designed for a
touch-based interface, known as "UI Extensions for Mobile" or UIEMO (internal project
name "Orbit"), which was built on top of Qt Widget; a preview was released in

Page 100
CYBER SECURITY BOOK

January 2010, however in October 2010 Nokia announced that Orbit/UIEMO had been
cancelled.

Nokia currently recommends that developers use Qt Quick with QML, the new high-level
declarative UI and scripting framework for creating visually rich touchscreen interfaces that
allows development for both Symbian and MeeGo; it will be delivered to existing Symbian^3
devices as a Qt update. When more applications gradually feature a user interface reworked
in Qt, the legacy S60 framework (AVKON) will be deprecated and no longer included with
new devices at some point, thus breaking binary compatibility with older S60 applications.

2. BLACKBERRY27: BlackBerry OS is a proprietary mobile operating system developed by


BlackBerry Ltd for its BlackBerry line of smartphone handheld devices. The operating
system provides multitasking and supports specialized input devices that have been adopted
by BlackBerry Ltd. for use in its handhelds, particularly the trackwheel, trackball, and most
recently, the trackpad and touchscreen.

The BlackBerry platform is perhaps best known for its native support for corporate email, through
MIDP 1.0 and, more recently, a subset of MIDP 2.0, which allows complete wireless
activation and synchronization with Microsoft Exchange, Lotus Domino, or Novell
GroupWise email, calendar, tasks, notes, and contacts, when used with BlackBerry
Enterprise Server. The operating system also supports WAP 1.2.

Third-party developers can write software using the available BlackBerry API classes, although
applications that make use of certain functionality must be digitally signed. Research from
June 2011 indicates that approximately 45% of mobile developers were using the platform
at the time of publication. BlackBerry OS was discontinued after the release of BlackBerry
10[citation needed], but BlackBerry will continue support for the BlackBerry OS.

27
en.wikipedia.org/wiki/BlackBerry_OS

Copyright © Intelligent Quotient System Pvt. Ltd. Page 101


CYBER SECURITY BOOK

3. ANDROID28: Android is a mobile operating system (OS) based on the Linux kernel that is
currently developed by Google. With a user interface based on direct manipulation, Android
is designed primarily for touchscreen mobile devices such as smartphones and tablet
computers, with variants for televisions (Android TV), cars (Android Auto), and wrists
(Android Wear). The OS uses touch inputs that loosely correspond to real-world actions, like
swiping, tapping, pinching, and reverse pinching to manipulate on-screen objects, and a
virtual keyboard. Despite being primarily designed for touchscreen input, it also has been
used in games consoles, digital cameras, and other electronics. As of 2011, Android has the
largest installed base of any mobile OS and as of 2013, its devices also sell more than
Windows, iOS, and Mac OS devices combined. As of July 2013 the Google Play store has
had over 1 million Android apps published, and over 50 billion apps downloaded. A
developer survey conducted in April–May 2013 found that 71% of mobile developers
develop for Android. At Google I/O 2014, the company revealed that there were over 1
billion active monthly Android users (that have been active for 30 days), up from 538 million
in June 2013.

Android's source code is released by Google under open source licenses, although most
Android devices ultimately ship with a combination of open source and proprietary software.
Initially developed by Android, Inc., which Google backed financially and later bought in
2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance—
a consortium of hardware, software, and telecommunication companies devoted to
advancing open standards for mobile devices.

Android is popular with technology companies which require a ready-made, low-cost and
customizable operating system for high-tech devices. Android's open nature has encouraged
a large community of developers and enthusiasts to use the open-source code as a foundation
for community-driven projects, which add new features for advanced users or bring Android
to devices which were officially, released running other operating systems. The operating

28
http://en.wikipedia.org/wiki/Android_operating_system

Copyright © Intelligent Quotient System Pvt. Ltd. Page 102


CYBER SECURITY BOOK

system's success has made it a target for patent litigation as part of the so-called "smartphone
wars" between technology companies.
4. MICROSOFT 29 : Windows Phone is a smartphone operating system developed by
Microsoft. It is the successor to Windows Mobile, although it is incompatible with the earlier
platform. With Windows Phone, Microsoft created a new user interface, featuring a design
language named "Modern" (which was formerly known as "Metro"). Unlike its predecessor,
it is primarily aimed at the consumer market rather than the enterprise market. It was first
launched in October 2010 with Windows Phone 7.

Windows Phone 8.1, which was released in final form to developers on April 14, 2014 and
will be pushed out to all phones running Windows Phone 8 over the coming months, is the
latest release of the operating system

Most versions of Windows Mobile have a set of standard features, such as multitasking and the
ability to navigate a file system similar to that of Windows 9x and Windows NT, with support
for many of the same file types. Much like its desktop counterpart, it comes bundled with a
set of applications to perform basic tasks. Internet Explorer Mobile is the default web browser
and Windows Media Player is the default media player used for playing digital media.
Microsoft Office Mobile, the mobile versions of Microsoft Office, is the default office suite.

Internet Connection Sharing, supported on compatible devices, allows the phone to share its
Internet connection with computers via USB and Bluetooth. Windows Mobile support virtual
private networking (VPN) over PPTP protocol. Most devices with mobile connectivity
include a Radio Interface Layer (RIL). RIL provides the system interface between the
CellCore layer within the Windows Mobile OS and the radio protocol stack used by the
wireless modem hardware. This allows OEMs to integrate a variety of modems into their
equipment.

29
en.wikipedia.org/wiki/Windows_Mobile

Copyright © Intelligent Quotient System Pvt. Ltd. Page 103


CYBER SECURITY BOOK

The user interface has changed much between versions but the basic functionality has remained
similar. Today Screen, later called the Home Screen, shows the current date, owner
information, upcoming appointments, e-mail messages, and tasks. Taskbar shows the current
time and the audio volume and of devices with a cellular radio the signal strength. Windows
Mobile has supported the installation of third party software since the original Pocket PC
implementations.

9.3 APPLICATIONS OF MOBILE SECURITY

If you're not running some kind of anti-malware app on your smartphone or tablet, then you're
putting yourself at risk of infection from corrupted apps and other kinds of malware.

The good news is that your options are far from limited. The best mobile antivirus apps offer not
only top-notch malware detection and prevention, but also a range of privacy and anti-theft
features, such as the ability to back up your contacts and other data, track your phone or tablet
using its internal GPS chip, or even snap a picture of a phone thief with the device's camera.

Given below are the best Security applications for your mobile30:

1. Avast! Mobile Security & Antivirus: -Its anti-malware protection is excellent, but the
breadth and scope of extra features in Avast! Mobile Security & Antivirus blew us away. Its
free version alone is as comprehensive as some other security apps' paid versions, and Avast's
premium version ($15 per year) has everything from a privacy adviser to a customizable
blacklist, and even options for rooted phones. The app almost does too much, but the well-
organized interface and support keep it user-friendly. Overall, Avast! Mobile Security &
Antivirus is our favorite Android security app.

2. Lookout Mobile Security: - The sole company on this list that makes only mobile security
products, Lookout's focus on smartphones and tablets clearly pays off in its products'
excellent performance speed, beautiful interface design — both in its app and its Web portal
— and wide range of anti-theft and privacy features. For $3 per month or $30 per year for
the premium version, Lookout has everything most users need to feel secure and private on
their mobile devices.

3. McAfee Mobile Security for Android: - A well-known name in PC anti-virus, McAfee


impressed us with its strong mobile-app offering, including exceptional malware detection
and a wide range of features that balance functionality with ease of use. We especially like

30
www.tomsguide.com/us/best-android-antivirus,review-2102.html

Copyright © Intelligent Quotient System Pvt. Ltd. Page 104


CYBER SECURITY BOOK

the Data Exposure feature, which helps you keep better tabs on your privacy. McAfee also
boasts an excellent interface full of helpful notes that keeps even its more complex features
simple and understandable. At $29.99 per year for the premium version, McAfee is easily
one of the best mobile security apps for Android.

4. Kaspersky Internet Security for Mobile: - A powerhouse in PC security, Kaspersky brings


its excellent malware-detection engine to Android devices with Kaspersky Internet Security
for Android, which costs $14.95 per year for the premium version. While we found the app
interface somewhat lacking, Kaspersky recovered with a good range of antitheft and privacy
features.

5. Norton Mobile Security: - Owned by anti-virus giant Symantec, Norton is another


wellreputed PC anti-malware company that now also covers the mobile space. We can't argue
with Norton's malware-detection abilities, but the mobile app's limited feature set hold it
back. At $29.99 per year for the premium app, Norton gets the job done, but users may want
to look elsewhere.

9.4 ENCRYPTION FOR MOBILE


31
Encryption stores your phone‘s data in an unreadable, seemingly scrambled form. When you
power on your phone, you‘ll have to enter the encryption PIN or password, which is the same
as your phone‘s lock-screen PIN or password. Your phone uses your PIN or password to
decrypt your data, making it understandable. If someone doesn‘t know the encryption PIN
or password, they can‘t access your data.

This is ideal if your phone contains particularly sensitive data. For example, corporations with
sensitive business data on company phones will want to use encryption to help protect that
data from corporate espionage. An attacker won‘t be able to access the data without the
encryption key, although the dreaded freezer attack is always a possibility.

For the average person without sensitive data on their phone, encryption isn‘t likely to matter as
much. If your phone is stolen, most thieves would also be deterred from accessing your data
by a standard unlock code. The thief would likely be more interested in wiping and selling
the phone rather than accessing your personal data.

Some recent legal rulings have suggested that encryption can protect against warrantless searches.
The California Supreme Court has ruled that police officers can lawfully search your cell
phone without a warrant if it‘s taken from you during arrest – but they would require a

31
http://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/

Copyright © Intelligent Quotient System Pvt. Ltd. Page 105


CYBER SECURITY BOOK

warrant if it was encrypted. A Canadian court has also ruled that phones can be searched
without a warrant as long as they‘re unencrypted.

➢ Encryption Warnings

Before you enable encryption, be aware that there are some drawbacks:

• Slower Performance: Encryption always adds some overhead, so your device will be a
bit slower. The actual speed decrease depends on your phone‘s hardware.

• Encryption is One-Way Only: After encrypting your device‘s storage, you can only
disable encryption by resetting your phone to its factory default settings. This will also
erase all the data stored on your phone, so you‘ll have to set it up from scratch.

9.5 MOBILE COMMUNICATION TECHNOLOGY

A. BLUETOOTH:
Bluetooth is an open wireless protocol for
exchanging data over short distances from fixed
and mobile devices, creating personal area
networks (PANs). Bluetooth is a high-speed,
low-power microwave wireless link technology,
designed to connect phones, laptops, PDAs and
other portable equipment together with little or no
work by the user. It was originally conceived as a
wireless alternative to RS232 data cables. It can
connect several devices, overcoming problems of
synchronization.

Bluetooth is the name for a short-range radio frequency (RF) technology that operates at 2.4
GHz and is capable of transmitting voice and data. The effective range of Bluetooth devices
is 32 feet (10 meters). Bluetooth transfers data at the rate of 1 Mbps, which is from three to
eight times the average speed of parallel and serial ports, respectively. It is also known as the
IEEE 802.15 standards. It was invented to get rid of wires. Bluetooth is more suited for
connecting two point-to-point devices, whereas Wi-Fi is an IEEE standard intended for
networking.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 106


CYBER SECURITY BOOK

B. MOBILE HOTSOPTS32: -

Mobile hotspots are portable devices or features on smartphones that provide wireless Internet
access on many devices (your laptop, smartphone, MP3 player, tablet, portable gaming
device, etc.).

Like USB modems from wireless carriers, mobile hotspots typically use mobile broadband service
from cellular providers for 3G or 4G Internet access. Unlike those mobile USB sticks,
though, mobile hotspots allow multiple devices to connect at the same time.

One of the earliest mobile hotspots was the MiFi, a small credit-card sized device made by Novatel
and offered first by Verizon. It broadcasts the 3G cellular signal that can be shared wirelessly
by up to 4 devices. Besides the MiFi, which is also carried on AT&T and Virgin Mobile,
there are other similar mobile hotspots, such as Clear's iSpot for Apple iOS devices and
3G/4G Clear Spot.

Besides portable mobile wi-fi hotspots, some smartphones can act as mobile hotspots, sharing
their wireless data connection with several devices. The Palm Pre Plus and PixiPlus had this
feature built-in and Verizon offered the hotspot service for free Verizon introduced a unique
3G mobile hotspot feature with its launch of the iPhone 4.

If you have multiple devices that you use on the go, a mobile wi-fi hotspot can be a critical
accessory. Rather than using your cell phone as a modem and connecting it to your laptop
with a USB wire or via bluetooth for tethering, you can connect to a mobile hotspot (device

32
http://mobileoffice.about.com/od/glossary/g/mobile-hotspot.htm

Copyright © Intelligent Quotient System Pvt. Ltd. Page 107


CYBER SECURITY BOOK

or your smartphone) for Internet access anywhere you have a cellular signal. The major
downside is that you often need to pay an extra fee for mobile broadband service.

9.6 PREVENTING MOBILE RELATED CRIMES

(I) Keeping The Device In Non-Discoverable Bluetooth Mode –

Since leaving a Bluetooth-enabled mobile device in discoverable mode makes it vulnerable to


attacks by mobile malware and hackers that exploit the documented vulnerabilities in
Bluetooth, it is best to turn off the Bluetooth discovery mode on the mobile device.

(II) Installing An Anti-Virus / IDS On The Mobile Device –

Vendors such as Trend Micro sell anti-virus software and Intrusion Detection Systems (IDS) for
mobile devices. Installing these can protect the mobile devices from known malware. Some
vendors also sell firewalls for mobile devices. However, it is not clear whether common
users would go to the extent of installing such additional software on their devices.

(III) Installing Firmware Updates When They Are Made Available –

Mobile device manufacturers release updates to the firmware of the devices. These may contain
patches to the vulnerabilities that are exploited by mobile malware. Upgrading to new
firmware may reduce the threat of being infected by mobile malware.

(IV) Exercising Caution When Installing Applications From Entrusted Sources –

As in the case of PC viruses, it is best not to install applications or to download other software
from entrusted sources.

(V) Filtering Out Malware At Service Provider –

MMS messages that carry malicious payload can be detected at the service provider based on
their signatures and thus can be filtered out at the service provider itself.

The futuristic threats provided above can be equated to the metaphorical tip of the iceberg. The
possibilities of attacking mobile devices can only be limited by what the technology
permits and hence very strong measure need to be taken for protection against
such attacks. The protection mechanisms can be broadly classified on the basis of the
requirements of the protection systems. They are:-

Copyright © Intelligent Quotient System Pvt. Ltd. Page 108


CYBER SECURITY BOOK

▪ SYSTEM LEVEL SECURITY –

MOSES Architecture System level security aims to make the system more secure by
restricting the execution of unauthorized applications.

▪ NETWORK LEVEL SECURITY –

Proactive Approach Network level security aims to provide a basis of filtering out
malware transitioning over the network between various devices.

❖ CASE STUDY ON MOBILE SECURITY:

Check Point Software Rises to Mobile Security Challenge


Securing mobile computing applications and devices has been a major challenge for IT
environments in terms of both time and expense. Looking to bring mobile computing back into the
larger enterprise security fold, Check Point Software today introduced a mobile security offering
that can be centrally managed from an existing Check Point security management console.

Check Point Capsule works by first encapsulating an application and then applying governance
policies to any file or document within that application. In effect, that enables IT organizations to
apply the same security policies they use on traditional desktop applications to mobile computing
environments.
Rules, can be extended to the device that an end user shares those documents with because all the
files within the Check Point Capsule environment are encrypted.

Check Point Capsule also provides the ability to scan all traffic coming from iOS, Android,
Windows and MacOS devices in the cloud to prevent malicious files and code from infecting the
rest of the enterprise.

Regardless of who actually owns them, mobile devices have become a major security headache
for IT organizations. To address that issue, many of them have invested in additional mobile
security products that come complete with their own console. In effect, Check Point is now moving
to reunify security management by making it possible to apply a consistent set of rules to all the
applications and devices, which exists throughout the extended enterprise from within the confines
of a single management console.33

33
http://www.itbusinessedge.com/blogs/it-unmasked/check-point-software-rises-to-mobile-security-challenge.html

Copyright © Intelligent Quotient System Pvt. Ltd. Page 109


CYBER SECURITY BOOK

❖ CASE STUDY ON MOBILE SECURITY:

Question:

I had, in my cell phone some personal photographs taken with my college friends during our
Industrial tour. I recently got a new cell phone after exchanging my old one but not before deleting
all the photos. Am I fully secured by this act of deletion?

Answer:

Good and very relevant question. Cellphone storage consists of the data stored in the SIM or the
hand set or the memory card or all of these. The storage and retrieval technology in cell phones
does not conform to any specific standard. In PCs and servers, we just have mostly Windows or
UNIX or Linux as the O/s. The operating systems in cell phones are diverse and are not
standardized. Technologically, in cell phones, there is nothing like deletion. Almost everything,
which is ‗deleted‘ in the operating system of the cell phone handset, can be recovered by
sophisticated and latest software. The technology or the act of recovering the data from discarded
pieces of hardware like cell phones or surrendered hard disks etc. is called 'Scavenging' and such
data when used for cyber harassment or blackmail etc. become an offence. Hence any cell phone
surrendered under buyback or lost, always exposes the owner to the risk of data retrieval including
photos or text or any other confidential even bank related information if any stored in it. No one
can predict how the surrendered instruments are going to be used and what recovery tools are
going to be run and how much data is going to be recovered from it. It would be always prudent
NOT to store any confidential information or personal data in cell phones and never to surrender
them under payback option.34

UNIT – 10

34
www.Google.com

Copyright © Intelligent Quotient System Pvt. Ltd. Page 110


CYBER SECURITY BOOK

CRYPTOGRAPHY

Objectives: -

10.1 Understanding of Cryptography


10.2 Goal of Cryptography
10.3 Methods of Cryptography
10.4 Types of Cryptography
10.5 Hash Function in Cryptography
10.6 Digital Signature in Cryptography
10.7 Digital Certificate

The idea behind concealing written information in a coded list of letters and then transmitting it to
the intended recipient without others being able to understand it has been around for centuries.
Historically, cryptography has been used by governments, empires, or the military to conceal or
encode top secret information.

Safeguarding your data is critical to running your business and protecting the privacy of employees
and customers. The news is rife with reports of data being lost or stolen from laptops left, USB
flash drives dropped, or unencrypted CDs and DVDs.

10.1 UNDERSTANDING of CRYPTOGRAPHY

Cryptography is the science of using mathematics to encrypt and


decrypt data. Cryptography enables you to store sensitive
information or transmit it across insecure networks (like the
Internet) so that it cannot be read by anyone except the intended
recipient. While cryptography is the science of securing data,
cryptanalysis is the science of analyzing and breaking secure
communication. Classical cryptanalysis involves an interesting
combination of analytical reasoning, application of mathematical
tools, pattern finding, patience, determination, and luck.
The origin of the word cryptology lies in ancient Greek. The science of cryptology is the science
of secure communications, formed from the Greek words crypto‘s, "hidden", and logos, "word".

Copyright © Intelligent Quotient System Pvt. Ltd. Page 111


CYBER SECURITY BOOK

Cryptology is the practice and study of hiding information. Cryptology is as old as writing itself,
and has been used for thousands of years to safeguard military and diplomatic communications.
Within the field of cryptology one can see two separate divisions:

Cryptography and Cryptanalysis: The cryptographer seeks methods to ensure the safety and
security of conversations while the cryptanalyst tries to undo the former's work by breaking his
systems. The main goals of modern cryptography can be seen as: user authentication, data
authentication data integrity, non-repudiation of origin, and data confidentiality.

❖ Cryptography: derived from the Greek words kryptos, meaning hidden, and graphy,
meaning writing. Cryptography is the art of ―secret writing"; it‘s intend is to provide
secure communication over insecure channels.

❖ Cryptanalysis: It is the art of breaking into secure communications. More precisely, a


cryptanalyst tries to obtain the plaintext or the decryption function in a cryptosystem by
eavesdropping into the insecure channel.

10.1.1 CRYPTOGRAPHY TERMINOLOGY

PLAINTEXT - The simple message is called plaintext It is also called as clear

text Language that we normally use

CIPHERTEXT - The encrypted form of the PLAINTEXT.


ENCRYPTION - The process of converting the PLAINTEXT into CIPHER.
DECRYPTION - The process of converting the CIPHER back into PLAINTEXT.
KEY- The secret information known only to the transmitter and theReceiver which is used to
secure the PLAINTEXT.

10.2 GOAL OF CRYPTOGRAPHY

1) Confidentially or Privacy: -

Confidentiality refers to limiting information access and disclosure to authorized users --


"the right people" -- and preventing access by or disclosure to unauthorized ones -- "the
wrong people." Confidentiality is necessary but not sufficient for maintaining the privacy
of the people whose personal information a system holds.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 112


CYBER SECURITY BOOK

The aspect of confidentially is the protection of traffic flow from analysis. This requires
that an attacker not be able to observe to source and destination, frequency, length or any
other characteristics of the traffic on a communication facility.

2) Data Integrity: -

Ensuring the information has not been altered by unauthorized or unknown means. One
must have the ability to detect data manipulation by unauthorized parties. Data
manipulation includes such things as insertion, deletion, and substitution

3) Authentication: -

Authentication is a service related to identification. This function applies to both entities


and information. The sender and receiver can confirm each other‘s identity and the
origin/destination of the information.

4) Non-Repudiation: -

Non-repudiation prevents either sender or receiver from denying a message. Thus, when a
message is sent, the receiver can prove that the message was in fact send by the alleged
sender. Similarly, when a message is received, the sender can prove the alleged receiver in
fact received that message.

10.3 METHODS OF CRYTOGRAPHY

❖ Rotation: In rotation ciphers letters are rotate by other letters. The transformation can
be represented by aligning two alphabets; the cipher alphabet is the plain alphabet
rotated left or right by some number of positions.

❖ Substitution: The name substitution cipher comes from the fact that each letter that
you want to encipher is substituted by another letter or symbol, but the order in which
these appear is kept the same.

❖ Transposition: In transposition ciphers the letters are arranged in a different order.

➢ Rotational Ciphers

Copyright © Intelligent Quotient System Pvt. Ltd. Page 113


CYBER SECURITY BOOK

Rotation ciphers have a long history, a famous example being the Caesar Cipher, a substitution
cipher used to encode messages by substituting letters by other letters a fixed number of positions
(rotating) away in alphabetic location.

Double-encoding ROT13 results in a shift of 26, which is exactly the original message and is the
same as no encoding. This is often humorously termed 2ROT13 or ROT26.

Decrypting a rotationally encrypted message requires no key. It only requires the knowledge that
rotational substitution is being used.

➢ Substitution Cipher

The simple substitution cipher is a cipher that has been in use for many hundreds of years. It
basically consists of substituting every plaintext character for a different cipher text character. It
differs from Caesar cipher in that the cipher alphabet is not simply the alphabet shifted, it is
completely jumbled.

There are several types of substitution cryptosystems:

A. Monoalphabetic substitution involves replacing each letter in the message with another
letter of the alphabet

B. Polyalphabetic substitution involves using a series of monoalphabetic ciphers that are


periodically reused.

A. Monoalphabetic substitution

The encryption and decryption steps involved with the simple substitution cipher. The text we will
encrypt is ―defend the east wall of the castle‖.

Keys for the simple substitution cipher usually consist of 26 letters (compared to the caser cipher's
single number). An example key is:

plain alphabet : abcdefghijklmnopqrstuvwxyz

Copyright © Intelligent Quotient System Pvt. Ltd. Page 114


CYBER SECURITY BOOK

cipher alphabet: phqgiumeaylnofdxjkrcvstzwb

An example encryption using the above key:


plaintext : defend the east wall of the castle

Ciphertext: giuifgceiiprctpnn du ceiqprcni

It is easy to see how each character in the plaintext is replaced with the Corresponding letter in the
cipher alphabet.

B. Polyalphabetic substitution

Several substitutions are used. It is used to hide the statistics of the plain-text. For example:

Suppose that a Polyalphabetic cipher of period 3 is being used, with the three monoalphabetic
ciphers M1, M2, M3 as defined below.

To encrypt a message, the first 3 letters of the plaintext are enciphered according to ciphers M1,
M2, M3 respectively, with the process being repeated for each subsequent block of 3 plaintext
letters.

a b c d e f g h i j k l m n o p q r s t u v w x y z M1: K
D N H P A W X C Z I M Q J B Y E T U G V R F O S L M2: P
AGUKHJBYDSOEMQNWFZITCVLXR
M3: J M F Z R N L D O W G I A K E S U C Q V H Y X T P B
Example:-

Plaintext Cipher text

Now is the time for every good man JCQ CZ VXK VCER AQC PCRTX LBQZ QPK

➢ Transposition Cipher

Copyright © Intelligent Quotient System Pvt. Ltd. Page 115


CYBER SECURITY BOOK

Transposition (or anagram) ciphers are where the letters are jumbled up together. Instead of
replacing characters with other characters, this cipher just changes the order of the characters.

A transposition cipher is a rearrangement of the letters in the plaintext according to some specific
system & key (i.e. a permutation of the plaintext).

Key

Example:-

Plaintext Ciphertext

Please transfer one million dollars to my AFLLSKSOSELAWAIATOOSSCTCL


Swiss bank account six two NMOMANTESILYNTWRNNTSOWD
PAEDOBUOERIRICXB

10.4 TYPES OF CRYPTOGRAPHY


There are two main types of cryptography:

1. Secret key cryptography


2. Public key cryptography

In cryptographic systems, the term key refers to a numerical value used by an algorithm to alter
information, making that information secure and visible only to individuals who have the
corresponding key to recover the information.
❖ Secret-key encryption uses one key, the secret key, to both encrypt and decrypt messages.
This is also called symmetric encryption. The term "private key" is often used
inappropriately to refer to the secret key.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 116


CYBER SECURITY BOOK

❖ Public key cryptography, also called asymmetric encryption, uses a pair of keys for
encryption and decryption. With public key cryptography, keys work in pairs of matched
public and private keys. The public key can be freely distributed without compromising
the private key, which must be kept secret by its owner. Because these keys work only
as a pair, encryption initiated with the public key can be decrypted only with the
corresponding private key.

1. SYMMETRIC KEY CRYPTOGRAPHY

It is also called conventional or private-key or single-key or secret key. Sender and recipient share
a common key. With secret key cryptography, a single key is used for both encryption and
decryption. The sender uses the key (or some set of rules) to encrypt the plaintext and sends the
cipher text to the receiver. The receiver applies the same key (or rule set) to decrypt the message
and recover the plaintext.

Secret key cryptography is also known as symmetric key cryptography. With this type of
cryptography, both the sender and the receiver know the same secret code, called the key.
Messages are encrypted by the sender using the key and decrypted by the receiver using the same
key.

This method works well if you are communicating with only a limited number of people, but it
becomes impractical to exchange secret keys with large numbers of people. In addition, there is
also the problem of how you communicate the secret key securely.

Secret-key cryptography is often used to encrypt data on hard drives. The person encrypting the
data holds the key privately and there is no problem with key distribution. Secret-key cryptography
is also used for communication devices like bridges that encrypt all data that cross the link. A
network administrator programs two devices with the same key, and then personally transports
them to their physical locations.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 117


CYBER SECURITY BOOK

If secret-key cryptography is used to send secret messages between two parties, both the sender
and receiver must have a copy of the secret key. However, the key may be compromised during
transit. If you know the party you are exchanging messages with, you can give them the key in
advance. However, if you need to send an encrypted message to someone you have never met;
you'll need to figure out a way to exchange keys in a secure way.

➢ Symmetric Key Algorithms

Symmetric key cryptography Algorithm

Algorithm Key Length Additional Information

DES 56 bits Data Encryption Standard

Triple DES 128 bits to 192 bits in 64 bit A triple application of DES.
increments.

AES 128, 192, or 256 bits Advanced Encryption


Standard

RC2, RC4 40 bits to 1024 bits in 8 bit Replacement for DES.


increments.

IDEA 128-bit key International Data Encryption


Algorithm

BLOWFISH Varies from 32 bit to 448 bits. Blowfish is a 64 bit block


cipher

2. ASYMMETRIC CRYPTOGRAPHY (PUBLIC-KEY CRYPTOGRAPHY)

Asymmetric cryptography or public-key cryptography is cryptography in which a pair of keys is


used to encrypt and decrypt a message so that it arrives securely. Initially, a network user receives
a public and private key pair from a certificate authority. Any other user who wants to send an
encrypted message can get the intended recipient's public key from a public directory. They use
this key to encrypt the message, and they send it to the recipient. When the recipient gets the
message, they decrypt it with their private key, which no one else should have access to.
The following example illustrates how public key cryptography works:

❖ Alice wants to communicate secretly with Tom. Alice encrypts her message using Tom‘s
public key (which Tom made available to everyone) and Alice sends the scrambled
message to Tom.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 118


CYBER SECURITY BOOK

❖ When Tom receives the message, he uses his private key to unscramble the message so that
he can read it.

❖ When Tom sends a reply to Alice, he scrambles the message using Alice‘s public key.

❖ When Alice receives Tom‘s reply, she uses her private key to unscramble his message.

➢ Public Key (Asymmetric Key ) Algorithms:


Diffie-Hellman Key exchange protocol

RSA Public key encryption and digital signatures

ElGamal Public key encryption and digital signatures

DSA Digital signatures

10.5 HASH FUNCTION IN CRYPTOGRAPHY


35
A Hash function is any function that can be used to map data of arbitrary size to data of fixed
size, with slight differences in input data producing very big differences in output data. The
values returned by a hash function are called hash values, hash codes, hash sums, or simply
hashes. Hash values are commonly used to differentiate between data. For example, in
implementing a set in software, one has to avoid including an element more than once. Recent
developments in internet payment networks also uses a form of 'hashing' for producing
checksums, bringing additional attention to the term

35
http://crypto.stackexchange.com/

Copyright © Intelligent Quotient System Pvt. Ltd. Page 119


CYBER SECURITY BOOK

Hash functions are primarily used to generate fixed-length output data that acts as a shortened
reference to the original data. This is useful when the original data is too cumbersome to use in
its entirety.

One practical use is a data structure called a hash table where the data is stored associatively.
Searching linearly for a person's name in a list becomes cumbersome as the length of the list
increases, but the hashed value can be used to store a reference to the original data and retrieve
constant time (barring collisions). Another use is in cryptography, the science of encoding and
safeguarding data. It is easy to generate hash values from input data and easy to verify that the
data matches the hash, but for certain hash functions hard to 'fake' a hash value to hide malicious
data. This is the principle behind the PGP algorithm for data validation.

Hash functions are also frequently used to accelerate table lookup or data comparison tasks such
as finding items in a database, detecting duplicated or similar records in a large file and finding
similar stretches in DNA sequences.

There is several well-known hash functions used in cryptography. These include the messagedigest
hash functions MD2, MD4, and MD5, used for hashing digital signatures into a shorter value called
a message-digest, and the Secure Hash Algorithm (SHA), a standard algorithm, that makes a larger
(60-bit) message digest and is similar to MD4.

Hash algorithms that are in common use today include:


MD5 was developed by Rivest in 1991. It is basically MD4 with "safety-belts" and while it is
slightly slower than MD4, it is more secure. The algorithm consists of four distinct rounds, which
have a slightly different design from that of MD4.

SHA (Secure Hash Algorithm) the algorithm specified in the Secure Hash Standard (SHS), was
developed by NIST. SHA-1 was a revision to SHA that was published in 1994. The revision
corrected an unpublished flaw in SHA. Its design is very similar to the MD4 family of hash
functions developed by Rivest.

The algorithm takes a message of less than 264 bits in length and produces a 160-bit message digest.
The algorithm is slightly slower than MD5, but the larger message digest makes it more secure
against brute-force collision and inversion attacks.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 120


CYBER SECURITY BOOK

10.6 DIGITAL SIGNATURE IN CRYPTOGRAPHY

Signatures are commonly used to authenticate documents. When you sign a physical document,
you are authenticating its contents. Similarly, digital signatures are used to authenticate the
contents of electronic documents.

A digital signature is an electronic signature that can be used to authenticate the identity of the
sender of a message or the signer of a document, and possibly to ensure that the original content
of the message or document that has been sent is unchanged. Digital signatures are easily
transportable, cannot be imitated by someone else, and can be automatically time-stamped. The
ability to ensure that the original signed message arrived means that the sender cannot easily
repudiate it later.

Example of Digital Signature

Assume you were going to send the draft of a contract to your lawyer in another town. You want
to give your lawyer the assurance that it was unchanged from what you sent and that it is really
from you.

1. You copy-and-paste the contract (it's a short one!) into an e-mail note.
2. Using special software, you obtain a message hash (mathematical summary) of the
contract.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 121


CYBER SECURITY BOOK

3. You then use a private key that you have previously obtained from a public-private key
authority to encrypt the hash.
4. The encrypted hash becomes your digital signature of the message. (Note that it will be
different each time you send a message.)

At the other end, your lawyer receives the message.

1. To make sure it's intact and from you, your lawyer makes a hash of the received message.
2. Your lawyer then uses your public key to decrypt the message hash or summary.
3. If the hashes match, the received message is valid.

Feature of Digital Signature

Sender
• Calculates Message Digest Encrypts digest with own Secret Key Appends it
to message.
Receiver

• Calculates Message Digest


• Decrypts encrypted digest with Senders Public Key
• Compares with calculated value
Authenticity and Confidentiality

• A signs message with his own private key


• A then encodes the resulting message with B‘s Public key
• B decodes the message with his own Private key
• B applies A‘s Public key on the digital signature

Authenticity and Integrity

• B needs to know that A and only A sent the message


• B uses A‘s public key on the signature
• Only A‘s public key can decode the message
• A cannot repudiate his signature
• Digital signature cannot be reproduced from the message
• No one can alter a ciphered message without changing the result of The
decoding operation

Copyright © Intelligent Quotient System Pvt. Ltd. Page 122


CYBER SECURITY BOOK

10.7 DIGITAL CERTIFICATE36

A digital certificate is an electronic "passport" that allows a person, computer or organization to


exchange information securely over the Internet using the public key infrastructure (PKI). A digital
certificate may also be referred to as a public key certificate.

Just like a passport, a digital certificate provides identifying information is forgery resistant and can be
verified because it was issued by an official, trusted agency. The certificate contains the name of
the certificate holder, a serial number, expiration dates, a copy of the certificate holder's public key
(used for encrypting messages and digital signatures) and the digital signature of the certificate-
issuing authority (CA) so that a recipient can verify that the certificate is real.

To provide evidence that a certificate is genuine and valid, it is digitally signed by a root certificate
belonging to a trusted certificate authority. Operating systems and browsers maintain lists of
trusted CA root certificates so they can easily verify certificates that the CAs have issued and
signed. When PKI is deployed internally, digital certificates can be self-signed.

➢ What makes up a digital certificate?


The electronic files that comprise the digital certificate contain:

1. The person's name


2. An email address
3. A serial number
4. A public key
5. An expiration date (certificates are valid for five years)
6. A digital signature

When you download a digital certificate, you will receive both public and private keys. The public
keys are the ones that you will use to sign and encrypt documents. The private keys are the ones
that will be stored on your computer. You should never, ever share the private keys.

➢ Why should I use Digital Certificate?


There are several benefits to using Digital Certificates:
• Send signed email messages. This ensures the recipients that the message came from you
and not someone pretending to be you. This is particularly important when sending out
official university messages, such as from the President's Office.
• Encrypt the contents of email messages and attachments, protecting them from being read
by online intruders. Only your intended recipient can decrypt them.

36
http://searchsecurity.techtarget.com/definition/digital-certificate

Copyright © Intelligent Quotient System Pvt. Ltd. Page 123


CYBER SECURITY BOOK

• Encrypt files and/or folders on your computer. This is helpful for lost or stolen mobile
devices and laptops because thieves would need to know your password to access any of
the encrypted files or folders.
• Streamline business processes by allowing people to use digital certificates to
electronically sign documents or approve something at a given stage of the process.

❖ CASE STUDY ON FINANCIAL MANAGEMENT PERSPECTIVE:

Information is one of a financial institution's most important assets. Protection of information


assets is necessary to establish and maintain trust between the financial institution and its
customers, maintain compliance with the law, and protect the reputation of the institution. Timely
and reliable information is necessary to process transactions and support financial institution and
customer decisions. A financial institution's earnings and capital can be adversely affected if
information becomes known to unauthorized parties, is altered, or is not available when it is
needed.

Information security is the process by which an organization protects and secures its systems,
media, and facilities that process and maintains information vital to its operations. On a broad
scale, the financial institution industry has a primary role in protecting the nation's financial
services infrastructure. The security of the industry's systems and information is essential to its
safety and soundness and to the privacy of customer financial information.

❖ Practical application of security protocols:


• IPSec is a complex aggregation of protocols that together provide authentication and
confidentiality services to individual IP packets. It can be used to create a VPN over
the Internet or other untrusted network, or between any two computers on a trusted
network. Since IPSec has many configuration options, and can provide authentication
and encryption using different protocols, implementations between vendors and
products may differ.
• SSL and TLS are frequently used to establish encrypted tunnels between the financial
institution and Internet banking users. They are also used to provide a different type of
VPN than that provided by IPSec.
• Secure Shell (SSH) is frequently used for remote server administration. SSH
establishes an encrypted tunnel between a SSH client and a server, as well as
authentication services.
• Encryption may also be used to protect data in storage. The implementation may
encrypt a file, a directory, a volume, or a disk.37

37
http://ithandbook.ffiec.gov/it-booklets/information-security

Copyright © Intelligent Quotient System Pvt. Ltd. Page 124


CYBER SECURITY BOOK

UNIT – 11

ETHICAL HACKING

Objectives: -

11.1 Concept of Ethical Hacking


11.2 Steps of Ethical Hacking
11.3 Google Hacking

11.1 CONCEPT OF ETHICAL HACKING

Ethical hacking and ethical hacker are terms that describe


hacking performed to help a company or individual identify
potential threats on the computer or network. An ethical
hacker attempts to hack their way past the system security,
finding any weak points in the security that could be
exploited by other hackers. The organization uses what the
ethical hacker finds to improve the system security, in an
effort to minimize, if not eliminate any potential hacker attacks.

➢ In order for hacking to be deemed ethical, the hacker must obey the below rules.

• You have permission to probe the network and attempt to identify potential security
risks. It is recommended that if you are the person performing the tests that you get
written consent.
• You respect the individual's or company's privacy and only go looking for security
issues.
• You report all security vulnerabilities you detect to the company, not leaving anything
open for you or someone else to come in at a later time.
• You let the software developer or hardware manufacturer know of any security
vulnerabilities you locate in their software or hardware if not already known by the
company.

➢ SOMEOF THE ESSENTIAL SKILL SETS AN ETHICAL HACKER MUST HAVE –

▪ Thorough knowledge of computer programming, networking and operating systems

Copyright © Intelligent Quotient System Pvt. Ltd. Page 125


CYBER SECURITY BOOK

▪ In-depth knowledge about highly targeted platforms (such as Windows, Unix, and Linux)
▪ Criminal mindset
▪ Patience, persistence, and immense perseverance

11.2 STEPS OF ETHICAL HACKING

Following image describes five basic phases that a hacker generally follows while performing an
ethical hacking project.

PHASE 1 – PASSIVE AND ACTIVE RECONNAISSANCE

Passive reconnaissance involves gathering information regarding a potential target without the
targeted individual‘s or company‘s knowledge. Passive reconnaissance can be as simple as
watching a building to identify what time employees enter the building and when they leave.
However, this is usually done by performing Internet searches. This process is generally called
information gathering, Social engineering and dumpster diving are also considered passive
information-gathering methods.

E.g. Sniffing the networks another means of passive reconnaissance and can yield useful
information such as IP address ranges, naming conventions, hidden servers or networks, and other
available services on the system or network. Sniffing network traffic is similar to building
monitoring: A hacker watches the flow of data to see what time certain transactions take place and
where the traffic is going.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 126


CYBER SECURITY BOOK

Active reconnaissance involves probing the network to discover individual hosts, IP addresses,
and services on the network. This usually involves more risk of detection than passive
reconnaissance and is sometimes called rattling the doorknobs. The drawback to active
reconnaissance, however, is that it is easier to detect. For example, consider a criminal who walks
past a house she wants to burglarize (passive reconnaissance) versus looking into each window of
the house to see what goods are inside (active reconnaissance). Obviously, a burglar peeking into
the windows of a house is much more conspicuous than simply walking past it. The same is true
for active reconnaissance. It reveals more information but is detected easily. 38 Active
reconnaissance can give a hacker an indication of security measures in place (is the front door
locked?), but the process also increases the chance of being caught or at least raising suspicion.
Both passive and active reconnaissance can lead to the discovery of useful information to use in
an attack. For example, it‘s usually easy to find the type of web server and the operating system
(OS) version number that a company is using. This information may enable a hacker to find
vulnerability in that OS version and exploit the vulnerability to gain more access.

PHASE 2 – SCANNING

Scanning involves taking the information discovered during reconnaissance and using it to
examine the network. Tools that a hacker may employ during the scanning phase can include
dialers, port scanners, network mappers, sweepers, and vulnerability scanners. Hackers are seeking
any information that can help them perpetrate attack such as computer names, IP addresses, and
user accounts.

Scanning is a process of proactively identifying vulnerabilities of computing systems in a network


in order to determine if and where a system can be exploited and/or threatened. It is a computer
program designed to map systems and search for weaknesses in an application, computer or
network. While public servers are important for communication and data transfer over the Internet,
they open the door to potential security breaches by threat agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of
known flaws, testing systems for the occurrence of these flaws and generating a report of the
findings that an individual or an enterprise can use to tighten the network‘s security.

During scanning, the hacker continues to gather information regarding the network and its
individual host systems. Data such as IP addresses, operating system, services, and installed
applications can help the hacker decide which type of exploit to use in hacking a system.
Scanning is the process of locating systems that are alive and responding on the network. Ethical
hackers use it to identify target systems‘ IP addresses.

➢ TYPES OF SCANNING

38
Book: Penetration testing and Network Defense by Andrew Whitaker

Copyright © Intelligent Quotient System Pvt. Ltd. Page 127


CYBER SECURITY BOOK

Scanning is used to determine whether a system is on the network and available. Scanning tools
are used to gather information about a system such as IP addresses, the operating system, and
services running on the target computer. After the active and passive reconnaissance stages of
system hacking have been completed, scanning is performed.

Scanning Type Purpose


Port scanning Determines open ports and services
Network scanning IP addresses
Vulnerability scanning Presence of known weaknesses

SCANNING METHODOLOGY

Check for Live


Systems

Check for Open Ports

Service Identification

Banner Grabbing /

Vulnerability
Scanning

Draw Network
Diagrams of Vulnerable

Prepare Proxies

Attack

Copyright © Intelligent Quotient System Pvt. Ltd. Page 128


CYBER SECURITY BOOK

➢ SCANNING TOOLS
▪ Nmap
▪ Nessus
▪ SNMP Scanner
▪ THC-Scan
▪ Netscan
▪ IPSecScan

Phase 3 – GAINING ACCESS

This is the phase where the real hacking takes place. Vulnerabilities discovered during the
reconnaissance and scanning phase are now exploited to gain access. The method of connection
the hacker uses for an exploit can be a local area network (LAN, either wired or wireless), local
access to a PC, the Internet, or offline. Examples include stack-based buffer overflows, denial of
service (DoS), and session hijacking. These topics will be discussed in later chapters. Gaining
access is known in the hacker world as owning the system.

Phase 4 – MAINTAINING ACCESS

Once a hacker has gained access, they want to keep that access for future exploitation and attacks.
Sometimes, hackers harden the system from other hackers or security personnel by securing their
exclusive access with backdoors, rootkits, and Trojans. Once the hacker owns the system, they can
use it as a base to launch additional attacks. In this case, the owned systems sometimes referred to
as a zombie system.

Phase 5 – COVERING TRACKS

Once hackers have been able to gain and maintain access, they cover their tracks to avoid detection
by security personnel, to continue to use the owned system, to remove evidence of hacking, or to
avoid legal action. Hackers try to remove all traces of the attack, such as log files or intrusion
detection system (IDS) alarms. Examples of activities during this phase of the attack include
Steganography, the use of tunneling protocols, and altering log files. Steganography and use of
tunneling for purposes of hacking will be discussed in later chapters.

11.3 GOOGLE HACKING

Google hacking is a computer hacking technique that uses Google Search and other Google
applications to find security holes in the configuration and computer code that websites use.
Google hacking is the use of a search engine, such as Google, to locate a security vulnerability on
the Internet. There are generally two types of vulnerabilities to be found on the Web: software

Copyright © Intelligent Quotient System Pvt. Ltd. Page 129


CYBER SECURITY BOOK

vulnerabilities and mis-configurations. Although there are some sophisticated intruders who target
a specific system and try to discover vulnerabilities that will allow them access, the vast majority
of intruders start out with a specific software vulnerability or common user misconfiguration that
they already know how to exploit, and simply try to find or scan for systems that have this
vulnerability.

➢ CHECK FOR GOOGLE HACKING VULNERABILITIES


The easiest way to check whether your web site & applications have Google hacking
vulnerabilities is to use a Web Vulnerability Scanner. A Web Vulnerability Scanner scans your
entire website and automatically checks for pages that are identified by Google hacking queries.
(Note: Your web vulnerability scanner must be able to launch Google hacking queries).

The Acunetix Web Vulnerability Scanner scans for SQL injection, Cross site scripting and many
more vulnerabilities.

➢ GOOGLE HACKING TECHNIQUES


▪ Anonymity with Caches
▪ Using google as a proxy server
▪ Directory listings
▪ Traversal techniques

➢ ENUMERATION

Enumeration occurs after scanning and is the process of gathering and compiling usernames,
machine names, network resources, shares, and services. It also refers to actively querying or
connecting to a target system to acquire this information.

During the enumeration stage, the hacker connects to computers in the target network and pokes
around these systems to gain more information. While the scanning phase might be compared to a
knock on the door or a turn of the door knob to see if it is locked, enumeration could be compared
to entering an office and rifling through a file cabinet or desk drawer for information. It is definitely
more intrusive.

Many hacking tools are designed for scanning IP networks to locate NetBIOS name information.
For each responding host, the tools list IP address, NetBIOS computer name, logged in username,
and MAC address information. On a Windows 2000 domain, the built-in tool net view can be used
for NetBIOS enumeration. To enumerate NetBIOS names using the net view command, enter the
following at the command prompt –

Copyright © Intelligent Quotient System Pvt. Ltd. Page 130


CYBER SECURITY BOOK

▪ net view / domain


▪ nbtstat -A IP address
The net view command is a great example of a built-in enumeration tool. net view is an
extraordinarily simple command-line utility that will list domains available on the network and
then lay bare all machines in a domain. Here‗s how to enumerate domains on the network using
net view:

C:\>net view /domain

Another great built-in tool is nbtstat, which calls up the NetBIOS Name Table from a remote
system. The Name Table contains a great deal of information, as seen in the following example:

C:\>nbtstat -A 192.168.202.33

➢ ENUMERATION STEPS
Hackers need to be methodical in their approach to hacking. The following steps are an example
of those a hacker might perform in preparation for hacking a target system:

(I) Extract usernames using enumeration.


(II) Gather information about the host using null sessions.
(III) Perform Windows enumeration using the Superscan tool.
(IV) Acquire the user accounts using the tool GetAcct.
(V) Perform SNMP port scanning.

➢ TOOLS FOR ENUMERATION


▪ DumpSec
▪ Hyena
▪ SMB Auditing Tool
▪ User2SID
▪ Enum

➢ SQL INJECTION39

Web applications allow legitimate website visitors to submit and retrieve data to/from a database
over the Internet using their preferred web browser. Databases are central to modern websites –
they store data needed for websites to deliver specific content to visitors and render information
to customers, suppliers, employees and a host of stakeholders. User credentials, financial and
payment information, company statistics may all be resident within a database and accessed by

39
https://www.acunetix.com/websitesecurity/sql-injection

Copyright © Intelligent Quotient System Pvt. Ltd. Page 131


CYBER SECURITY BOOK

legitimate users through off-the-shelf and custom web applications. Web applications and
databases allow you to regularly run your business.

SQL injection is a code injection technique that exploits or bypasses security vulnerability
occurring in the database layer of an application.

The vulnerability is present when user input is either incorrectly filtered for string literal escape
characters embedded in SQL statements or user input is not strongly typed and thereby
unexpectedly executed.

During a SQL injection attack, malicious code is inserted into a web form field or the website‘s
code to make a system execute a command shell or other arbitrary commands. Just as a legitimate
user enters queries and additions to the SQL database via a web form, the hacker can insert
commands to the SQL server through the same web form field.

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from
organizations. It is perhaps one of the most common application layer attack techniques used
today. It is the type of attack that takes advantage of improper coding of your web applications
that allows hacker to inject SQL commands into say a login form to allow them to gain access to
the data held within your database.

For example, an arbitrary command from a hacker might open a command prompt or display a
table from the database. A database table may contain personal information such as credit card
numbers, social security numbers, or passwords. SQL servers are very common database servers
and used by many organizations to store confidential data. This makes a SQL server a high value
target and therefore a system that is very attractive to hackers.

In essence, SQL Injection arises because the fields available for user input allow SQL statements
to pass through and query the database directly.

➢ STEPS TO CONDUCT SQL INJECTION


SQL Injection is the hacking technique which attempts to pass SQL commands or statements
through a web application for execution by the backend database. If not sanitized properly, web
applications may result in SQL Injection attacks that allow hackers to view information from the
database and/or even wipe it out.

Such features as login pages, support and product request forms, feedback forms, search pages,
shopping carts and the general delivery of dynamic content, shape modern websites and provide
businesses with the means necessary to communicate with prospects and customers. These website

Copyright © Intelligent Quotient System Pvt. Ltd. Page 132


CYBER SECURITY BOOK

features are all susceptible to SQL Injection attacks which arise because the fields available for
user input allow SQL statements to pass through and query the database directly.

Before launching a SQL injection attack, the hacker determines whether the configuration of the
database and related tables and variables is vulnerable. The steps to determine the SQL server‘s
vulnerability are as follows:

(I) Using your web browser, search for a website that uses a login page or other database input
or query fields (such as an ―I forgot my password‖ form). Look for web pages that display the
POST or GET HTML commands by checking the site‘s source code.

(II) Test the SQL server using single quotes (‗). Doing so indicates whether the user-input
variable is sanitized or interpreted literally by the server. If the server responds with an error
message that says use „a‟=„a‟ (or something similar), then it‘s most likely susceptible to a SQL
injection attack.

(III) Use the SELECT command to retrieve data from the database or the INSERT command to
add information to the database.

UNIT 12

Copyright © Intelligent Quotient System Pvt. Ltd. Page 133


CYBER SECURITY BOOK

MALWARES

Objectives:
12.1 Computer Viruses
12.2 Worms
12.3 Trojan Horse.
12.4 Malware
12.5 Spyware
12.6 Adware

12.1 COMPUTER VIRUSES

A virus is a program, which reproduces its own code by


attacking other programs in such a way that the virus
code is executed. It is acts as a parasite. The virus does
this without the permission or knowledge of the user.
There are several ways to get a computer infected by a
virus. Depending on the type of virus and the files it
attacks, the consequences will be different. In general,
viruses need a host to infect. Computers and programs
are the ideal support for virus attacks. The potential of viruses is to destroy software, modify
programs, delete files etc. This all happens at the same time as the virus spreads itself. The end
result is that you are no longer in control of your computer. Every time you boot your computer or
execute a program, the virus will be executing and spreading too.
true virus can only spread from one computer to another in some form of executable code when
its host is taken to the target computer; for instance because a user sent it over a network or the
Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.

12.1.1 HOW VIRUS SPREADS?


40
A virus has two phases to execution: the infection phase and the attack phase. The time span
between the infection and the attack of a virus can vary depending on the type of virus.

(i) Infection Phase -Some viruses infect programs each time the program is executed
whereas other viruses infect only upon a certain trigger. For example, at a specific

40
http://beastlad.tripod.com/id12.html

Copyright © Intelligent Quotient System Pvt. Ltd. Page 134


Intelligent Quotient System Pvt. Ltd.

date, the virus will infect a program. There are many other kinds of triggers. Some
viruses are called "resident viruses", this means that they reside in the memory of the
computer. The virus is inactive and is only triggered by certain events such as inserting
a disk, copying a file or executing a program.

(ii) Attack Phase –This is when the virus goes into action. It will for example, delete
files, change random data on your disk or slow down the computer. Other kinds of
viruses do less harmful things, such as play music, create messages or animation on
your screen. This might not seem to be a virus but be aware of these kinds of
behaviors. Once a virus infects a computer—by e-mail, disk, or some other
method—the program to which the virus is attached only has to be executed to trigger
the virus into action. On top of mere replication, viruses may include a malicious
payload, a mark that invites the user to perform an operation, such as opening an
email attachment. For example, the tag "ILOVE YOU" in the worm virus of the same
name in 2000 constituted that virus's payload.

Viruses work in a variety of ways to disrupt a system, but the most common method was to simply
overburden it by repeating the same messages over and over via rapid self-replications, resulting
in crashing the system. In addition, a computer virus may not take effect immediately. It can sit
undetected in computer systems for months waiting for the right operation to trigger it into action.
By that time, it may be quite difficult to retrace the steps of how a virus was lodged in a system to
begin with.

12.1.2 DIFFERENT TYPES OF COMPUTER VIRUSES41

Computer Virus is a kind of malicious software written


intentionally to enter a computer without the user‘s
permission or knowledge, with an ability to replicate itself,
thus continuing to spread. Some viruses do little but replicate
others can cause severe harm or adversely affect program
and performance of the system. A virus should never be
assumed harmless and left on a system. Most common types
of viruses are mentioned below:

41
http://www.studymode.com/essays/Computer-Virus-380631.html

Copyright © Intelligent Quotient System Pvt. Ltd. Page 135


Intelligent Quotient System Pvt. Ltd.

(i) RESIDENT VIRUS

This type of virus is a permanent which dwells in the RAM memory. From there it can
overcome and interrupt all of the operations executed by the system: corrupting file sand
programs that are opened, closed, copied, renamed etc.

Examples include: Randex, CMJ, Meve, and MrKlunky.

(ii) DIRECT ACTION VIRUS

The main purpose of this virus is to replicate and take action


when it is executed.

When a specific condition is met, the virus will go into action


and infect files in the directory or folder that it is in and in
directories that are specified in the AUTOEXEC.BAT file PATH. This batch file is always located
in the root directory of the hard disk and carries out certain operations when the computer is booted.

(iii) OVERWRITE VIRUS

Virus of this kind is characterized by the fact that it deletes the information contained in the files
that it infects, rendering them partially or totally useless once they have been infected.

The only way to clean a file infected by an overwrite virus is to delete the file completely, thus
losing the original content. Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.

(iv) BOOT VIRUS

This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk,
in which information on the disk itself is stored together with a program that makes it possible to
boot (start) the computer from the disk. The best way of avoiding boot viruses is to ensure that
floppy disks are write-protected and never start your computer with an unknown floppy disk in the
disk drive. Examples of boot viruses include: Polyboot.B, AntiEXE, Form, Disk Killer,
Michelangelo and Stone virus

(v) MACRO VIRUS

Macro viruses infect files that are created using certain applications or programs that contain
macros. These mini-programs make it possible to automate series of operations so that they are

Copyright © Intelligent Quotient System Pvt. Ltd. Page 136


Intelligent Quotient System Pvt. Ltd.

performed as a single action, thereby saving the user from having to carry them out one by one.
Examples of macro viruses: Relax Melissa.A, Bablas, and O97M/Y2K.

(vi) DIRECTORY VIRUS

Directory viruses change the paths that indicate the location of a file. By executing a program (file
with the extension .EXE or .COM) which has been infected by a virus, you are unknowingly
running the virus program, while the original file and program have been previously moved by the
virus. Once infected it becomes impossible to locate the original files.

(vii) FILE INFECTORS

This type of virus infects programs or executable files (files with an .EXE or .COM extension).
When one of these programs is run, directly or indirectly, the virus inactivated, producing the
damaging effects it is programmed to carry out. The majority of existing viruses belongs to this
category, and can be classified depending on the actions that they carry out.

(viii) COMPANION VIRUS

Companion virus can be considered as file infector virus like resident or direct action types. They
are known as companion viruses because once they get into the system they ―accompany" the
other files that already exist. In other words, in order to carry out their infection routines,
companion viruses can wait in memory until a program is run (resident viruses) or act immediately
by making copies of themselves (direct action viruses).Some examples include: Stator,
Asimov.1539, and Terrax.1069

(ix) POLYMORPHIC VIRUS

Polymorphic viruses encrypt or encode themselves in a


different way (using different algorithms and encryption keys)
every time they infect a system.
This makes it impossible for anti-viruses to find them using
string or signature searches (because they are different in each
encryption) and also enables them to create a large number of
copies of themselves. Examples include: Elkern, Marburg,
Satan Bug, and Tuareg.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 137


Intelligent Quotient System Pvt. Ltd.

(x) FAT VIRUS

The file allocation table or FAT is the part of a disk used to connect information and is a vital part
of the normal functioning of the computer.

This type of virus attack can be especially dangerous, by preventing access to certain sections of
the disk where important files are stored. Damage caused can result in information losses from
individual files or even entire directories.

12.1.3 Some Other Popular Viruses

(I) 42Anna Kournikova is a famous Russian model and a former professional tennis player.
She is more famous for her beauty and celebrity status than tennis. At the peak of her fame,
she was one of the most common search strings on Google.

In February, 2001, a Dutch programmer Jan de Wit created Anna Kournikova computer virus. It
was designed to trick email users into opening a mail message purportedly containing a picture
of Anna Kournikova, while actually hiding a malicious program. The Kournikova virus tempts
users with the message: "Hi: Check this!‖ with what appears to be a picture file labeled
"AnnaKournikova.jpg.vbs". The worm arrives in an email with the subject line "Here you have,
;0)" and an attached file called AnnaKournikova.jpg.vbs. When launched under Microsoft
Windows OS, the file does not display a picture of Anna Kournikova but launches a viral
Visual Basic Script that forwards itself to everybody in the Microsoft Outlook address book of
the victim.

(II) Autorun
This virus primarily targeted USBs and flash drives and established them as its major source of
movement and propagation. It affected networks and all the computers present on them. Once
affected, the folder options would be disabled, the task manager too would be unavailable and
the virus itself would become the system administrator. The virus would replicate itself in all
the folders, therefore eating up useful space on the hard disk and making it eventually
extremely slow. The loss was in terms of useful data on millions of computers across the world.

(III) Michelangelo
Michelangelo was the first virus the media really got into advertising. The media said that this
virus would wipe out millions of computers on March 6, so many people went out, and bought
antivirus software and that helped to lower the number of affected computer to almost

42
http://www.techopedia.com/definition/16156/anna-kournikova-virus

Copyright © Intelligent Quotient System Pvt. Ltd. Page 138


Intelligent Quotient System Pvt. Ltd.

ten thousand. Michelangelo virus did erase hard drives around the nation. That is one way the
media actually helped to alert the public to a threat that was real, we all know how the media
scared millions of people over the Y2K episode.

12.2 WORMS

Worm is a self-replicating malware that does not alter files but resides
in active memory and duplicates itself. Worms use parts of an
operating system that are automatic and usually invisible to the user.
It is common for worms to be noticed only when their uncontrolled
replication consumes system resources, slowing or halting other tasks.
Examples of worms include: PSWBugbear.B, Lovgate.F, Trile.C,
Sobig.D, and Mapson.

12.2.1. TYPES OF WORMS43

Worms can be classified according to the propagation method they use, i.e. how they deliver copies
of themselves to new victim machines. Worms can also be classified by installation method, launch
method etc. Many of the worms which managed to cause significant outbreaks use more than one
propagation method, as well as more than one infection technique. Some of the popular types of
worms are listed below.

(I) EMAIL WORMS

Email worms spread via infected email messages. The worm may be in the
form of an attachment or the email may contain a link to an infected website.
However, in both cases, email is the vehicle. In the first case the worm will be
activated when the user clicks on the attachment. In the second case the worm
will be activated when the user clicks on the link leading to the infected site.

Email worms normally use one of the following methods to spread –


▪ Direct connection to SMTP servers using a SMTP API library coded into the worm
▪ MS Outlook services
▪ Windows MAPI functions
▪ Malicious email attachment
Email worms harvest email addresses from victim machines in order to spread further.

43
http://csusm.wordpress.com/

Copyright © Intelligent Quotient System Pvt. Ltd. Page 139


Intelligent Quotient System Pvt. Ltd.

Worms use one or more of the following techniques –


i) Scanning the local MS Outlook address book ii) Scanning the WAB address database iii)
Scanning files with appropriate extensions for email address-like text strings iv) Sending copies
of itself to all mail in the user's mailbox (worms may even 'answer' unopened items in the
inbox) While these techniques are the most common, some worms even construct new sender
addresses based lists of possible names combined with common domain names.

(II) INSTANT MESSAGING (ICQ AND MSN) WORMS

These worms have a single propagation method. They spread using


instant messaging applications by sending links to infected websites
to everyone on the local contact list. The only difference between
these worms and email worms which send links is the media chosen
to send the links.

(III) INTERNET WORMS

Internet worms are truly autonomous virtual viruses, spreading across the
net, breaking into computers, and replicating without human assistance and
usually without human knowledge. An Internet worm can be contained in
any kind of virus, programmer script. Sometimes their inventor will release
them into the wild.

(IV) IRC WORMS

These worms target chat channels, IRC worms also use the propagation methods listed above -
sending links to infected websites or infected files to contacts harvested from the infected user.
Sending infected files is less effective as the recipient needs to confirm receipt, save the file and
open it before the worm is able to penetrate the victim machine.

(V) FILE - SHARING NETWORKS OR P2P WORMS

P2P worms copy themselves into a shared folder, usually located on the local machine. Once the
worm has successfully placed a copy of itself under a harmless name in a shared folder, the P2P
network takes over: the network informs other users about the new resource and provides the
infrastructure to download and execute the infected file. More complex P2P worms imitate the
network protocol of specific file-sharing networks: they respond affirmatively to all requests and
offer infected files containing the worm body to all comers.

12.2.2 SOME OF THE POPULAR WORMS

Copyright © Intelligent Quotient System Pvt. Ltd. Page 140


Intelligent Quotient System Pvt. Ltd.

(I) ILOVEYOU

ILOVEYOU, sometimes referred to as Love Letter, was a computer worm that attacked tens of
millions of Windows personal computers on and after 5 May 2000 local time in the Philippines
when it started spreading as an email message with the subject line "ILOVEYOU" and the
attachment "LOVE-LETTER-FOR-YOU.txt.". The first file extension 'VBS' was most often
hidden by default on Windows computers of the time, leading unwitting users to think it was a
normal text file. Opening the attachment activated the Visual Basic script. The worm did damage
on the local machine, overwriting image files, and sent a copy of itself to the first 50 addresses in
the Windows. Address Book used by Microsoft Outlook.

(II) MELISSA

Generated over a decade ago, this clever piece of virtual disease operated through Microsoft
Outlook. This is how it worked: you receive an email titled ―Here is the Document you asked for‖
from an unknown sender, you got infected as soon as you opened the email, and the virus would
replicate and delivers itself to the top 50 people on your list without you getting a hint of it. Some
major US government departments were hit and the damage is thought to be around $1 billion at
least. A 20 month jail sentence well deserved.

(III) My Doom

Spell it backwards and you will understand its prime targets: yes, the "Admin" and servers. It was
basically a worm and has the record of being the fastest ever virus to spread; it took only 22 minutes
to break into the list of top ten most deadly viruses of all times. It basically targeted internet servers
and websites, creating a mass crater through which thousands of computers were affected at the
same time. Once infected, the systems became exposed to open attacks by the outsiders.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 141


Intelligent Quotient System Pvt. Ltd.

12.3 TROJANS OR TROJAN HORSE

The term is derived from the Trojan horse story in Greek mythology. A Trojan, sometimes referred
to as a Trojan horse, is non-self-replicating malware that appears to perform a desirable function
for the user but instead facilitates unauthorized access to the user's computer system. It infects
your computer and allows a hacker to run hidden tasks behind your back. A Trojan infection can
allow total remote access to your computer by a third party.

➢ How Trojan horse work?44

Trojan horses are designed to allow a hacker remote access to a target computer system. Once a
Trojan horse has been installed on a target computer system, it is possible for a hacker to access it
remotely and perform various operations. The operations that a hacker can perform are limited by
user privileges on the target computer system and the design of the Trojan horse.

Operations that could be performed by a hacker on a target computer system include –

➢ Use of the machine as part of a botnet which is used to perform spamming or to perform
Distributed Denial-of-service (DDoS) attacks.
➢ Data theft e.g. passwords, credit card information, etc.
➢ Installation of software including other malware
➢ Downloading or uploading of files
➢ Modification or deletion of files
➢ Keystroke logging
➢ Viewing the user's screen
➢ Wasting computer storage space
➢ Crashing the computer

44
http://bobthepcbuilder.com/virus-removal/

Copyright © Intelligent Quotient System Pvt. Ltd. Page 142


Intelligent Quotient System Pvt. Ltd.

12.3.1 TROJAN HORSES CAN BE INSTALLED THROUGH THE FOLLOWING


METHODS

▪ Software downloads e.g., a Trojan horse included as part of a software application


downloaded from a file sharing network
▪ Websites containing executable content e.g., a Trojan horse in the form of an ActiveX
control
▪ Email attachments
▪ Application exploits e.g., flaws in a web browser, media player, messaging client, or
other software that can be exploited to allow installation of a Trojan horse

12.3.2 TYPES OF TROJAN:

(I) REMOTE ACCESS TROJAN

These are probably the most widely used Trojans, just because they give the attackers the power
to do more things on the victim's machine than the victim itself while being in front of the

machine. Most of these Trojans are often a combination of the other variations described below.
The idea of these Trojans is to give the attacker a total access to someone's machine and therefore
access to files, private conversations, accounting data, etc.

(II) PASSWORD SENDING TROJAN

The purpose of these Trojans is to rip all the cached passwords and also look for other passwords
you're entering and then send them to a specific mail address without the user noticing anything.
Passwords for ICQ, IRC, FTP, HTTP or any other application that require a user to enter a login
+ password are being sent back to the attacker's email address, which in most cases is located at
some free web based email provider.

(III) KEY LOGGER TROJAN

Copyright © Intelligent Quotient System Pvt. Ltd. Page 143


Intelligent Quotient System Pvt. Ltd.

These Trojans are very simple. The only thing they do is logging the keystrokes of the victim and
then letting the attacker search for passwords or other sensitive data in the log file. Most of them
come with two functions like online and offline recording. Of course, they could be configured to
send the log file to a specific email address on a scheduled basis.

(IV) PROXY/WINGATE TROJAN

The interesting feature implemented in many Trojans is turning the victim's computer into a
proxy/Wingate server available to the whole world or to the attacker only. It's used for anonymous
Telnet, ICQ, IRC, etc., and also for registering domains with stolen credit cards and for many other
illegal activities. This gives the attacker complete anonymity and the chance to do everything from
your computer, and if he/she gets caught, the trace leads back to you.

12.4 MALWARE
Malware is a set of instructions that run on your computer and make your system do
something that an attacker wants it to do.

12.4.1. Malware Repartition45

13%

9% Trojan
1%
3% Worm
Other
Adware
74% Spyware

45
http://upload.wikimedia.org/wikipedia/commons/thumb/e/ec/Malware_statics_2011-03-16-en.svg

Copyright © Intelligent Quotient System Pvt. Ltd. Page 144


Intelligent Quotient System Pvt. Ltd.

(I) STUXNET

Lately STUXNET has been the hottest topic mainly because of its unusual nature. For the first
time in the history that a malware bypass the cyberspace to get directly to the physical
environment, the virus not only damages the code and data but also it destroyed the real machine.

Reversing STUXNET allowed security professionals to discover 4 zero-days in Microsoft


windows operating system, and as a result proved that even the industrial systems which are
usually isolated not only from public networks, but also on internal enterprise are not 100% safe.

The worm drivers certificate were signed with JMicron Technology and Realtek which makes it
bypass HIPS security measures, so if the malware is executed it will not be prevented by HIPS as
the signature of the driver related to an authorized firms.

(II) ZeuS 2.0

ZEUS Botnet was active in 2010. On July 14, 2010, security firm Trusteer filed a report which
says that the credit cards of more than 15 unnamed US banks have been compromised. The
outbreak was called Kneber.

On 1 October 2010, FBI announced it had discovered a major international cyber crime network
which had used Zeus to hack into US computers and steal around $70m. More than 90 suspected
members of the ring were arrested in the US, and arrests were also made in UK and Ukraine.

12.5 SPYWARE
Spyware is software that sends your personal information to a third party without your permission
or knowledge. This can include information about Web sites
you visit or something more sensitive like your user name and
password. Unscrupulous companies often use this data to send
you unsolicited targeted advertisements.

Spyware software is such software that covertly gathers user


information through the user's Internet connection without his
or her knowledge, usually for advertising purposes. Spyware
applications are typically bundled as a hidden component of
freeware or shareware programs that can be downloaded from
the Internet; however, it should be noted that the majority of
shareware and freeware applications do not come with spyware. Once installed, the spyware
monitors user activity on the Internet and transmits that information in the background to someone
else. Spyware can also gather information about e-mail addresses and even passwords and credit
card numbers.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 145


Intelligent Quotient System Pvt. Ltd.

Spyware is similar to a Trojan horse in that users unwittingly install the product when they install
something else. A common way to become a victim of spyware is to download certain peer-topeer
file swapping products that are available today.

Aside from the questions of ethics and privacy, spyware steals from the user by using the
computer's memory resources and also by eating bandwidth as it sends information back to the
spyware's home base via the user's Internet connection. Because spyware is using memory and
system resources, the applications running in the background can lead to system crashes or general
system instability.

Because spyware exists as independent executable programs, they have the ability to monitor
keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word
processors, install other spyware programs, read cookies, change the default home page on the
Web browser, consistently relaying this information back to the spyware author who will either
use it for advertising/marketing purposes or sell the information to another party.

12.5.1 SOME OF THE POPULAR SPYWARES

(I) COOLWEBSEARCH

With over 50 variations, this one is a rather typical representative of the vulnerable family of
Internet browser hijackers. If your computer gets infected by this spyware, web browsing becomes
a nightmare. Instead of visiting your favorite social networking website, you will be redirected to
an online gambling outfit and instead of checking your email you will be asked to check out xxx…!
Well, I'm not going to even mention it here.

(II) INTERNET OPTIMIZER

This is a rather flattering name for a spyware program that redirects your browser to an
advertisement when you try to login to a website where a password is required.

(III) KEY LOGGER

A keylogger is a hardware device or a software program that records the real time activity of a
computer user including the keyboard keys they press.

Keyloggers are used in IT organizations to troubleshoot technical problems with computers and
business networks. Keyloggers can also be used by a family (or business) to monitor the network

Copyright © Intelligent Quotient System Pvt. Ltd. Page 146


Intelligent Quotient System Pvt. Ltd.

usage of people without their direct knowledge. Finally, malicious individuals may use keyloggers
on public computers to steal passwords or credit card information.

Keylogger software is freely available on the Internet. These keyloggers allow not only keyboard
keystrokes to be captured but also are often capable of collecting screen captures from the
computer. Normal keylogging programs store their data on the local hard drive, but some are
programmed to automatically transmit data over the network to a remote computer or Web server.

Detecting the presence of a keylogger on a computer can be difficult. So-called anti-keylogging


programs have been developed to thwart keylogging systems, and these are often effective when
used properly.
➢ Types of Keyloggers

Keyloggers primarily are of two types –

(I) Hardware keylogger


(II) Software keylogger

(i) HARDWARE KEYLOGGER

Hardware keyloggers requires physical installation on machine.


The downside to this is of course that you will briefly need access
to their machine, which can be hard to pull off in some
circumstances.

You might also think that it would be a dead giveaway; however


these are usually the safest and least detectable computer
monitoring devices. Yes, it has to be plugged in from the keyboard
to the computer, but it's not a separate plug. It attaches to the end of the keyboard plug that's
already in the back of the computer.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 147


Intelligent Quotient System Pvt. Ltd.

The tiny size and ideal location ensures it almost never gets found; and if it does get found, nobody
would necessarily know what it was anyway! You can set it up so you can get the data in another
location and you don't need to be able to log on to the person's machine to install it successfully.

(ii) SOFTWARE KEYLOGGER

Software keylogger can typically be installed remotely. One advantage to this is that depending on
the version you use, you could potentially have screen capture technology in addition to keylogger
capacities. You also never need to be able to physically access the other person's computer.

The downside is that these could potentially slow down the other person's computer, making them
more suspicious. If you use a spy software version, be sure to find one that ensures minimal
memory usage to avoid arousing suspicion and risking being caught.

12.6 ADWARE
46
Adware displays advertisements on your computer, it displays popup ads or other ad related
screens. These are ads that strangely pop up on your display screen, even if you're not browsing
the Internet. Some companies provide "free" software in exchange for advertising on your display.
It's how they make their money.

This can also be spyware since they are very close to spyware in what they do. Although Adware
is strictly tracking and displaying ads, spy ware can alter a lot of things on your PC. The main way
you get Adware is by visiting suspect sites like porn sites where the sites are setup to draw a lot of
traffic, but then they use browser security holes to force your browser to automatically download
and install their software. ActiveX controls through IE have been known to have a lot of security
holes, as have Java in browsers.

Adware can also arrive by downloading freeware software and installing it, as often rogue software
can be installed with it. It is one of the reasons one should always download shareware also called
"free trials" instead. Shareware includes free trials but it is not freeware, since shareware requires
a small fee to be paid to purchase after trying it first. Typically, shareware and "free trial" software
are safe, while you have to be more careful with freeware as they can incorporate adware and
spyware to help make money.

46
www.qbs-pchelp.co.uk/windowstechnicalsupportlist.php

Copyright © Intelligent Quotient System Pvt. Ltd. Page 148


Intelligent Quotient System Pvt. Ltd.

Downloading email attachments is another way adware can arrive, they use this method the same
way virus writers used it so often in the past, although this method is rather remote today compared
to other methods.

Case Study: - FBI Warns of Valentine’s Day E-Mail Virus


Thursday, February 14, 2008

Happy Valentine‘s Day! You‘ve got a computer virus!

IT managers around the world braced themselves Thursday for an unexpected onslaught of
romantic ―e-cards‖ surreptitiously carrying the nastiest virus around: the Strom Worm.

―Once the user clicks on the [e-mail] link, malware id downloaded to the Internet-Connected
device and causes it to become infected and part of the storm Worm botnet,‖ warns a public alert
posted on the FBI‘s Web site Monday.

―The Strom Worm virus has capitalized on various holidays in the last year by sending millions
of e-mail advertising an e-card link within the text of the spam e-mail,‖ says the FBI. ―Valentine‘s
day has been identified as the next target.‖

Haven‘t heard of the Storm Worm? That‘s because it hasn‘t ―struck‖ yet, even though researchers
first noticed it more than a year ago after it cropped up in e-mails showing photos of damage from
European windstorms in January 2007.

Since then, it‘s steadily infected an estimated 10 million Windows- based PCs around the world,
all under the command of unknown ―bot herders‖ who‘ve silently fashioned them in to a
―zombie army‖ or ―botnet‖—a massive network of ―enslaved‖ PCs awaiting the signal to launch
a cyber attack.47

47
http://www.foxnews.com

Copyright © Intelligent Quotient System Pvt. Ltd. Page 149


Intelligent Quotient System Pvt. Ltd.

UNIT – 13 ISO

27001

Objectives: -
13.1 Introduction of ISO 27001
13.2 General Requirements for ISO Standardization
13.3 Establishing and Managing Isms
13.4 Monitor and Review Isms
13.5 Maintain and Improve Isms

13.1 INTRODUCTION OF ISO 27001

ISO 27001 is an information security management standard. It defines a set of information security
management requirements. These requirements are defined later sections

The purpose of ISO IEC 27001 is to help organizations establish and maintain an information
security management system (ISMS). ISO 27001 applies to all types of organizations. It doesn‘t
matter what your organization does or what size it is. ISO 27001 can help your organization meet
its information security management needs and requirements.

ISO 27001 is designed to be used for certification purposes. In other words, once you‘ve
established ISMS that meets both the ISO IEC 27001 requirements and your organization‘s
needs; you can ask a registrar to audit your system. If your registrar likes what it sees, it will
issue an official certificate that states that you‘re ISMS meets the
ISO IEC 27001 requirements. According to ISO 27001, you must meet every requirement if you
wish to claim that your ISMS complies with the standard.

However, while you must meet every requirement, the size and complexity of information security
management systems varies quite a bit. How you meet each of the ISO 27001 requirements, and
to what extent, depends on many factors, including your organizations –

❖ Size and structure


❖ Needs and objectives
❖ Security requirements
❖ Business processes

Copyright © Intelligent Quotient System Pvt. Ltd. Page 150


Intelligent Quotient System Pvt. Ltd.

13.2 GENERAL REQUIREMENTS FOR ISO STANDRADIZATION

ISO 27001 is made up of security management requirements.


It contains two kinds of information security requirements:

1. METHODOLOGICAL REQUIREMENTS
2. SECURITY CONTROL REQUIREMENTS

Sections 4 to 8 of ISO IEC 27001 contain methodological requirements.


We refer to them as methodological requirements because they tell you
how to develop and manage an information security management system (without telling you what
kind of controls ought to make up the system).

According to ISO 27001, you must meet each one of these methodological requirements if you
wish to claim that your ISMS comply with the new standard. As these methodological
requirements tell you how to reach your destination (an ISMS), you can think of them as a general
roadmap.

ISO 27001 Annex A contains two kinds of security control requirements:


control objectives and security controls. These control requirements were copied directly from ISO
27002 2005 (sections 5 to 15). We refer to them as security control requirements because they
pinpoint the controls that ought to make up an information security management system.

Since these security control requirements tell you what your ISMS should look like, you can think
of them as a general blueprint.

According to ISO IEC 27001, you may exclude or ignore Annex A control objectives and controls
whenever they address risks that you can live with and whenever doing so will not impair your
ability or obligation to meet all relevant legal and security requirements.

This International Standard covers all types of organizations (e.g. commercial enterprises,
government agencies, non-profit organizations) The ISMS is designed to ensure the selection of
adequate and proportionate security controls that protect information assets and give confidence
to interested parties.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 151


Intelligent Quotient System Pvt. Ltd.

Plan (Establish ISMS) Establish ISMS Policy, objectives, processes and


procedures relevant to managing risk and
improving information security to deliver results in
accordance with an organization‘s overall policies
and objectives

Do (Implement and operate ISMS) Implement and operate the ISMS policy, controls,
processes and procedures.

Check (monitor and review the ISMS) Assess and, where applicable, measure process
performance against ISMS policy, objectives and
practical experience and report the results to
management for review

Act (maintain and Improve the ISMS) Take corrective and preventive actions, based on
the results of the internal ISMS audit and
management review or other relevant information,
to achieve continual improvement of ISMS.

➢ APPLICABILITY
The requirements set out in this International Standard are generic and are intended to be applicable
to all organizations, regardless of type, size and nature. Excluding any of the requirements
specified in Clauses 4,5,6,7 and 8 is not applicable when an organization claims conformity to this
International Standard.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 152


Intelligent Quotient System Pvt. Ltd.

Any exclusion of controls found to be necessary to satisfy the risk acceptance criteria needs to be
justified and evidence needs to be provided that the associated risks have been accepted by any
persons who is accountable.

➢ IMPORTANT DEFINITIONS –
1. Assets – anything that has value to the organization
2. Availability – the property of being accessible and usable upon demand by an authorized
entity.
3. Confidentiality – that the information is not made available or disclosed to unauthorized
individuals, entities or processes.
4. Information security – preservation of confidentiality, integrity and availability of
information.
5. Information security event: an identified occurrence of a system, service or network state
indicating a possible breach of information security policy or failure safeguards or a
previously unknown situation that may be security relevant.
6. Information Security Incident: a single or a series of unwanted to unexpected information
security events that have a significant probability of compromising business operations
and threatening information security.
7. Information security management system: that part of the overall management system,
based on a business risk approach, to establish, implement, operate, monitor, review,
maintain and improve information security.
8. Integrity: the property of safeguarding the accuracy and completeness of assets.
9. Residual Risk: the risk remaining after the risk treatment.
10. Risk acceptance: decision to accept the risk.
11. Risk Analysis: systematic use of information to identify sources and to estimate the risk.
12. Risk Assessment: overall process of risk analysis and risk evaluation.
13. Risk Evaluation: process of comparing the estimated risk against given risk criteria to
determine the significance of the risk.
14. Risk Management: coordinated activities to direct and control an organization with
regard to risk.
15. Risk treatment: process of selection and implementation of measures to modify risk

13.3 ESTABLISHING AND MANAGING ISMS –

i) ESTABLISHING ISMS: Following are the steps are required to be done by the senior
management for the implementation of ISMS within their organization‘s environment
(a) Define the scope and boundaries of ISMS in terms of the characteristics of the business, its
location, assets and technology etc.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 153


Intelligent Quotient System Pvt. Ltd.

(b) Define the ISMS policy in terms of the characteristics of the business, the organization, its
location and assets. While designing the policy one must take into account of business and
legal or regulatory requirements, and contractual security obligations. Evaluate the criteria
against which risk will be evaluated. This policy has to be approved by the senior management.
(c) Define the risk assessment approach: Identify the risk assessment methodology and business
information security, legal and regulatory requirements. Develop the criteria for accepting the
risk and identify the acceptable level of risk.
(d) Identify the risk: Firstly identify the assets belonging to the organization, identify the
vulnerabilities and threats associated with them. Calculate the impact on confidentiality,
integrity and availability on the assets.
(e) Analyse and evaluate the risks: Estimate the levels of risk. Decide whether the risk should be
accepted or treated.
(f) Identify and evaluate options for the treatment of risks: risk treatment can be done in following
four manners:
1. Apply controls;
2. Accept the risk;
3. Avoid the risk;
4. Transfer the risk.
Finally Management approval must be taken to approve the proposed residual risk and to
implement and operate the ISMS.

13.4 MONITOR AND REVIEW ISMS


The organization shall do the following in order to monitor and review the ISMS:

(a) Execute and monitoring and reviewing procedures and other controls to detect errors and
identify security breaches.
(b) Undertake regular reviews of effectiveness of the ISMS by taking feed backs, suggestions from
employees, third parties whose vested interest lies within the organization.
(c) Measure the effectiveness of controls to verify that security requirements have been met.
(d) Review the risk assessment at planned intervals and review the residual risk and identified
acceptable levels of risks.
(e) Conduct the internal audits
(f) Update the security plans and policies.

13.5 MAINTAIN AND IMPROVE ISMS:


The organization should do following on a regular basis –

(a) Implement and identify improvements in the ISMS


(b) Take corrective and preventive actions

Copyright © Intelligent Quotient System Pvt. Ltd. Page 154


Intelligent Quotient System Pvt. Ltd.

(c) Communicate the actions and improvements to the interested parties (d) Ensure that the
improvements achieve their intended objectives

➢ DOCUMENTATION
Documentation shall include –

(a) Record of the management decisions


(b) Ensure that actions are traceable to management decisions and policies; (c) Ensure
that the recorded results are reproducible

Documents required by the ISMS shall be protected and controlled. Records shall be established
and maintained to provide evidence of conformity to requirements and the effective operation of
the ISMS.

❖ CASE STUDY ON ISO 27001:2013 - CALLIGO ACHIEVES THE


LATEST ISO 27001:2013 GLOBAL SECURITY CERTIFICATION
St. Helier, Jersey, 30th September 2014 – Calligo, the only global offshore cloud service provider;
delivering the highest levels of data protection and privacy combined with residency guarantees,
today announced it has achieved full ISO 27001:2013 Information Security certification, the
industry standard in global security management, becoming the first offshore cloud service
provider to achieve certification to the latest version of the standard. Calligo‘s successful
certification was awarded following detailed and extensive external audits, carried out by QEC
Certification, the industry leader in information security management system (ISMS) certification
and fully accredited by UKAS (United Kingdom Accreditation Service).48

48
http://jersey.isle-news.com/archives/calligo-achieves-the-latest-iso-270012013-global-security-
certification/23008/

Copyright © Intelligent Quotient System Pvt. Ltd. Page 155


Intelligent Quotient System Pvt. Ltd.

UNIT – 14

INCIDENT RESPONSE AND COMPUTER


FORENSICS

Objectives: -

14.1 Computer Emergency Response Team (CERT)


14.2 Role of Computer Emergency Response Team
14.3 Goals of CERT
14.4 Incident Response and its Goals
14.5 Introduction of Computer Forensics
14.6 Types and Importance of Computer Forensics
14.7 Role of Computer Forensics Investigator
14.8 Importance of computer Evidence
14.9 Life cycle of computer evidence
14.10 Types of evidence

14.1 COMPUTER EMERGENCYRESPONSE TEAM

CERT-In (Indian Computer Emergency Response Team) is a government-mandated information


technology (IT) security organization. The purpose of CERT-In is to respond to computer security
incidents, report on vulnerabilities and promote effective IT security practices throughout the
country.

CERT-In was created by the Indian Department of Information Technology in 2004 and operates
under the auspices of that department. According to the provisions of the Information Technology
Amendment Act 2008, CERT-In is responsible for overseeing administration of the Act.

CERT organizations throughout the world are independent entities, although there may be
coordinated activates among groups.

14.2 ROLE OF COMPUTER EMERGENCY RESPONSE TEAM

Computer emergency response teams are the human counterparts to anti-virus software. When new
viruses or computer security threats are discovered, these teams document these problems and
work to fix them. Because these teams are made up of people who can react to new situations, they

Copyright © Intelligent Quotient System Pvt. Ltd. Page 156


Intelligent Quotient System Pvt. Ltd.

are much more capable of dealing with new virus threats than anti-virus programs would be by
themselves. When the computer security experts that make up the response teams discover a new
dangerous virus, they work around the clock to create a remedy for it. They often work closely
with anti-virus software companies to establish virus definitions and solutions, and they work with
other software makers help to patch up any security holes that allowed the virus to propagate.

14.3 GOALS OF CERT

1. Establish a capability to quickly and effectively coordinate communication among experts


during security emergencies in order to prevent future incidents.

2. Build an awareness of security issues across the Internet community.49

14.4 INCIDENT RESPONSE AND ITS GOALS

Incident response is an organized approach to addressing and managing the aftermath of a security
breach or attack also known as an incident. The goal is to handle the situation in a way that limits
damage and reduces recovery time and costs. An incident response plan includes a policy that
defines, in specific terms, what constitutes an incident and provides a step-by-step process that
should be followed when an incident occurs.

Hence, Incident response is the practice of detecting a problem, determining its cause, minimizing
the damage it causes, resolving the problem, and documenting each step of the response for future
reference.

➢ Goals of Incident Response

▪ Prevents a disjointed, non-cohesive response (which could be disastrous)


▪ Confirms or dispels whether an incident occurred
▪ Promotes accumulation of accurate information
▪ Establishes controls for proper retrieval and handling of evidence
▪ Protects privacy rights established by law and policy
▪ Minimizes disruption to business and network operations
▪ Allows criminal or civil action against perpetrators
▪ Provides accurate reports and useful recommendations
▪ Provides rapid detection and control
▪ Minimizes exposure and compromise of proprietary data

49
http://cs.stanford.edu/people/eroberts/cs181/projects/viruses/cert.html

Copyright © Intelligent Quotient System Pvt. Ltd. Page 157


Intelligent Quotient System Pvt. Ltd.

▪ Protects organization‘s reputation and assets


▪ Educates senior management
▪ Promotes rapid detection and/or prevention of such incidents in the future (via lessons
learned, policy changes, and so on)

14.5 INTRODUCTION OF COMPUTER FORENSICS


Computer Forensics is the science of obtaining, preserving, and documenting evidence from digital
electronic storage devices, such as computers, personal digital assistants (PDA), digital cameras,
mobile phones, and various memory storage devices. All must be done in a manner designed to
preserve the probative value of the evidence and to assure its admissibility in a legal proceeding.

It is a forensic science applied in a digital environment. But where a traditional forensics specialist
might collect and preserve fingerprints or other physical evidence, the computer forensics
specialist collects and preserves digital evidence.

This collection of digital evidence must be done through carefully prescribed and recognized
procedures so that the probative value of digital evidence is preserved to ensure its admissibility
in a legal proceeding.

As traditional forensics may involve people with different specialties, computer forensics similarly
involves a multitude of professional specialties working together to gather, preserve and analyze
digital evidence.

14.6 TYPES AND IMPORTANCE OF COMPUTER FORENSICS

Computer forensics will help you ensure the overall integrity and survivability of your network
infrastructure. You can help your organization if you consider computer forensics as a new basic
element in what is known as a “defense-in-depth”50 approach to network and computer security.
For instance, understanding the legal and technical aspects of computer forensics will help you
capture vital information if your network is compromised and will help you prosecute the case if
the intruder is caught.

What happens if you ignore computer forensics or practice it badly?

50
―Defense in depth is designed on the principle that multiple layers of different types of protection from
different vendors provide substantially better protection‖
<http://netsecurity.about.com/cs/generalsecurity/a/aa112103.htm>.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 158


Intelligent Quotient System Pvt. Ltd.

The risk of destroying vital evidence or having forensic evidence ruled inadmissible in a court of
law. Also, you or your organization may run afoul of new laws that mandate regulatory compliance
and assign liability if certain type of data is not adequately protected. Recent legislations make it
possible to hold organizations liable in civil or criminal court if they fail to protect customer data.51

Knowledge of Computer forensics is essential for system administrators and security personnel to
enhance ability to recover data that may be critical to the identification and analysis of a security
incident.

➢ TYPES OF COMPUTER FORENSICS

The two most prominent types are pulling the plug (dead digital forensics), or exercising the
analysis on a live, running system (live digital forensics).

The basic Cyber Forensic methodology consists of three important principles –

▪ Acquire the evidence without altering or damaging the original;


▪ Authentication of recovered evidence is the same as the originally seized data; and ▪
Analysis of data without modifying it.

➢ ADVANTAGES OF LIVE FORENSICS –

▪ At times evidence may be only in the computer memory and not in any files on the hard
disk.
▪ The suspect could configure his computer to clear the paging file automatically on
shutdown.
▪ If the suspect is using cryptography to secure his data, then pulling the plug may mean
that the data will no longer be available in an unencrypted format.
▪ Hence it is prudent for an investigator to first carry out preliminary investigations on
the live system and then pull the plug.

14.7 ROLE OF COMPUTER FORENSICS INVESTIGATOR

Computer Forensic Investigator (CFI) performs a critical role in Forensic investigation. Some of
the duties of CFI are –

51
Laws such as the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley,
California Act 1798, Sec. 43A of the IT Act, 2000 and others hold businesses liable for breaches in the security or integrity of
computer networks.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 159


Intelligent Quotient System Pvt. Ltd.

❖ Plan preparation
The key to a successful computer forensic project is thorough preparation. Preparation is
necessary not only for the most effective performance of the tasks at hand, but it is also critical
for preserving any and all evidence for potential use in court. If there is even a hint that the
evidence has been contaminated in any way, it cannot be used against the potentially guilty
party at the time of prosecution.

❖ Evidence Collection and Chain of Custody


A critical part of any computer forensic investigation is ensuring proper evidence
collection and proper maintenance of the chain of custody of the evidence collected. Positive
control is the phrase most often used to describe the standard of care taken in the handling of
potential evidentiary material (e.g., suspect computer systems, hard drives, and any backup
copies). You need to be sure that you can identify who, what, when, where, how and why of
each piece of evidence or material that you collect during the investigation –

(a) Who - Who handled the evidence?


(b) What - What procedures were performed on the evidence?
(c) When - When was the evidence collected and/or transferred to another party?
(d) Where - Where was the evidence collected and stored?
(e) How - How was the evidence collected and stored?
(f) Why - For what purpose was the evidence collected?

❖ Driving image
Imaging a suspect's hard drive is one of the most important functions of the computer forensic
process. Imaging means attaching the suspect's hard drive to the analysis system and copying
all of its data to a file on the analysis drive. This file contains everything that was originally
stored on the suspect's drive, including the logical file structure and unallocated space. It is
extremely important that no data be written to the suspect's hard drive during this process.

❖ Review of logical file structure

Copyright © Intelligent Quotient System Pvt. Ltd. Page 160


Intelligent Quotient System Pvt. Ltd.

After imaging the suspect hard drives, the next step is reviewing the logical file structure.
Review can be done with the help of software‘s such as EnCase, WinHex, X-Ways etc. With
EnCase we can open each raw data file and begin to analyze. EnCase has the built-in
technology to read the file and present the data as if it were actually connected to a hard drive.
The view that is represented is similar to what an average Windows-based computer user sees
when accessing the Windows Explorer utility.

A review of logical file structure involves both automated and manual procedures. The
computer forensic software being utilized facilitates the automated procedures. By using
Encase, we are able to search through the directories of the suspect's computer system and
quickly locate any files that seemed pertinent to our investigation. As a follow-up method, we
should look through the directories manually to identify any files that might not have been
detected during our automated search with Encase. Each file located that is deemed to be
relevant is copied to the analysis drive, to be included in computer forensic analysis report.
When performing this step it is important to record the logical address of the file.

For example, the full path of the System32 directory on Windows computers is
C:\Winnt\System32.

❖ Review of unallocated space and file slack


After completing the logical file structure review, CFI has to focus on analyzing the
unallocated space and file slack. Unallocated space, also called free space, is defined as the
unused portion of the hard drive; file slack is the unused space that is created between the end-
of-file marker and the end of the hard drive cluster in which the file is stored. Sometimes data
is written to these spaces that may be of value to investigators. As in logical file structure
review, when potential evidence is found, its address on the hard drive must be recorded.
However, because unallocated space and file slack are outside of the logical addressing scheme
in this review, we must record the physical address of any evidence, essentially including its
cluster and sector address (e.g., cluster 11155, sector 357517).

❖ Report
When analysis is completed, CFI should draft a report. This is another critical step in the
computer forensic process, and investigator should make sure that the report drafted is right.
Each and every part of the information, evidence collected should be drafted in a report. Each
and every activity should be documented. Report drafted should be clear, complete and concise
so that there is no or very little chance of misunderstanding. Reports should be in both in soft
copy and hard copy and should be able to be presented when required.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 161


Intelligent Quotient System Pvt. Ltd.

14.8 INTRODUCTION AND IMPORTANCE OF EVIDENCE


Computer Evidence & the Internet provide an introduction to the relationship between computer
forensic evidence and the Internet:

▪ ―Computer Forensics deals with the preservation, identification, extraction and


documentation of computer evidence.‖

▪ ―Computer forensics has also been described as the autopsy of a computer hard disk
drive because specialized software tools and techniques are required to analyse the
various levels at which computer data is stored after the fact.‖
▪ Recovering Information which can be considered as evidence in the court at the time of
prosecution.
The course clarifies and explains the common Internet terms encountered during legal cases
where computer evidence is involved, and also identifies the typical online sources of such
evidence.

➢ IMPORTANCE OF EVIDENCE
"Evidence" is anything the judge allows a jury to consider in reaching a verdict. This can include
the testimony of witnesses, photographs of the scene and "demonstrative evidence" such as charts
or sample equipment. The evidence heard by the jury is the most important factor in determining
whether or not you will win your lawsuit and if so, how much compensation you will receive.

➢ SOURCES OF DIGITAL EVIDENCE


▪ Slack space, Swap, Recycle Bin.
▪ Event Logs.
▪ Registry.
▪ Application files, temp files ▪ E-mails.
▪ Browser history and cache.

14.9 LIFE CYCLE OF COMPUTER EVIDENCE


The life cycle of evidence starts with the discovery and collection of the evidence. It progresses
through the following series of states until it is finally returned to the victim or owner:

i. Collection and identification.


ii. Storage, preservation and transportation.
iii. Presentation in the court. iv. Returned to the victim (i.e., the owner).

Copyright © Intelligent Quotient System Pvt. Ltd. Page 162


Intelligent Quotient System Pvt. Ltd.

14.10 TYPES OF EVIDENCE

The Indian Evidence Act, 1872 deals with procurement, preservation and presentation of the
evidence before the court of law.

Many types of evidence exist that can be offered in court to prove the truth or falsity of a given
fact.

The most common forms of evidence are –

▪ Documentary evidence and;


▪ Oral evidence
Further it can be classified as –

i. Direct evidence – Indirect evidence


ii. Primary evidence – Secondary evidence

Copyright © Intelligent Quotient System Pvt. Ltd. Page 163


Intelligent Quotient System Pvt. Ltd.

i. DIRECT EVIDENCE

Direct evidence is oral testimony, whereby the knowledge is obtained from any of the witness‘s
five senses and is in itself proof or disproof of a fact in issue. Direct evidence is called to prove a
specific act (e.g., an eyewitness statement). It is evidence which comes from one who speaks
directly of his or her own knowledge on the main or ultimate fact to be proved, or who saw or
heard the factual matters which are the subject of the testimony. It is not necessary that this direct
knowledge be gained through the senses of sight and hearing alone, but it may be obtained from
any of the senses through which outside knowledge is acquired, including the senses of touch or
pain. It is evidence which stands on its own to prove an alleged fact, such as testimony of a witness
who says he/she saw a defendant pointing a gun at a victim during a robbery. Direct proof of a
fact, such as testimony by a witness about what that witness personally saw or heard or did.

As its name suggests, direct evidence relates immediately to the allegation being tested. If the
direct evidence is true, the allegation is established. Direct evidence, on the other hand, is evidence
of a fact based on a witness's personal knowledge or observation of that fact. An example of direct
evidence would be the surveillance video of a person robbing a convenience store, or a witness
who saw a person stealing a car. A person's guilt of a charged crime may be proven by direct
evidence alone, if that evidence satisfies a judge or jury beyond a reasonable doubt of the
defendant's guilt regarding that crime. Direct evidence can have varying degrees of clout (power)
depending on the actual witness delivering the testimony. Direct evidence from a legitimate, trust-
worthy source will have a stronger bearing on the jury than that of a shady character, even under
oath. Bending the truth a little here and there can skew direct evidence and is not uncommon with
defense testimony.

ii. REAL EVIDENCE

Real evidence also known as associative or physical evidence is made up of tangible objects that
prove or disprove guilt. Physical evidence includes such things as tools used in the crime, fruits of
the crime, or perishable evidence capable of reproduction. The purpose of the physical evidence
is to link the suspect to the scene of the crime. It is the evidence that has material existence and
can be presented to the view of the court and jury for consideration. It consists of objects that were
involved in a case or actually played a part in the incident or transaction in question. Examples
include the written contract, the defective part, the murder weapon, the gloves used by an alleged
murderer. Trace evidence, such as fingerprints is a species of real evidence. Admission of real
evidence requires authentication, a showing of relevance, and a showing that the object is in ―the
same or substantially the same condition‖ now as it was on the relevant date. An object of real
evidence is authenticated through the senses of a witness or by circumstantial evidence called chain
of custody.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 164


Intelligent Quotient System Pvt. Ltd.

iii. DOCUMENTARY EVIDENCE

Documentary evidence is evidence presented to the court in the form of business records, manuals,
and printouts, for example. Much of the evidence submitted in a computer crime case is
documentary evidence. Documentary evidence is often a kind of real evidence, as for example
where a contract is offered to prove its terms. When a document is used this way it is authenticated
the same way as any other real evidence; by a witness who identifies it or, less commonly, by
witnesses who establish a chain of custody for it. However, because they contain human language,
and because of the historical development of the common law, documents present special problems
not presented by other forms of real evidence, such as when they contain hearsay. When we deal
with documentary evidence, should ask ourselves following four questions:

• Is there an oral evidence problem?


• Is there a best evidence problem?
• Is there an authentication problem?
• Is there a hearsay problem?

In addition, some documents, such as certified copies of public records, official documents,
newspapers, periodicals, trade inscriptions, acknowledged documents to prove the
acknowledgment, certificates of the custodians of business records, and certain commercial paper
and related documents are, to one extent or another, self-authenticating.

iv. DEMONSTRATIVE EVIDENCE

Demonstrative evidence is just what the name implies; it demonstrates or illustrates the testimony
of a witness. These evidences are used to aid (help) the judge or jury. It will be admissible when,
with accuracy sufficient for the task at hand, it fairly and accurately reflects that testimony and is
otherwise unobjectionable. Typical examples of demonstrative evidence are photographs, model,
maps, diagrams of the scene of an occurrence, animations, experiment, chart, or an illustration
offered as proof. The main purpose of demonstrative evidence is to illustrate the testimony so they
are authenticated by the witness whose testimony is being illustrated. That witness will usually
identify salient features of the exhibit and testify that it fairly and accurately reflects what he saw
or heard on a particular occasion, such as the location of people or things on a diagram. When
seizing evidence from a computer-related crime, the investigator should collect any and all
physical evidence, such as the computer, peripherals, notepads, or documentation, in addition to
computer-generated evidence. Four types of computer-generated evidence are:

• Visual output on the monitor. Printed evidence on a printer.


• Printed evidence on a plotter.
• Film recorder (i.e. a magnetic representation on disk and optical representation on CD)

Copyright © Intelligent Quotient System Pvt. Ltd. Page 165


Intelligent Quotient System Pvt. Ltd.

Photographs can be either real or demonstrative evidence depending on how they are
authenticated. When a photograph is authenticated by a witness who observed what is
depicted in it and can testify that it accurately reflects what he saw, the photograph is
demonstrative evidence. When it is authenticated by a technician or other witness who
testifies about the operation of the equipment used to take it, it is real evidence and is, in
the language of the courts, a "silent witness."

UNIT 15

PROTECTION OF INFORMATION
ASSETS BC/DR PLANNING &
DEVELOPMENT

15.1 Need for BCDR.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 166


Intelligent Quotient System Pvt. Ltd.

15.2 Types of Disaster.


15.3 Steps of Business Continuity and Disaster Recovery Plan.

15.1 NEED FOR BCDR


―The role of BIS (Business Innovation and Skills) within the national cyber security strategy is
to enable growth by helping businesses to operate safely in cyberspace‖.

Businesses need to embed cyber security in corporate governance processes, treating it like any
other business risk, and establish confidence that the basic controls are in place.

The CES (Cyber Essentials Scheme) identified five essential security controls that organizations
must have within their IT systems to ensure that they started mitigating the risk from internetbased
threats.

―Just by establishing a basic level of cyber hygiene through implementing the basic controls will
solve a lot of problems and protect against most low-level threats‖.

The CES will also offer a way to win customer confidence and competitive advantage by certifying
the level of an organization‘s compliance with the five controls set out in the guidance. 52A wise
enterprise should ask a question to itself or its directors or partners or even senior management
that how much risk their business can afford and what is the best BCDR solution for their
business. This shows the need of BCDR shall be as certain by each and every organization
irrespective of Industry.

According to the American Management Association, ―About50% of businesses that suffer from
a major disaster without a disaster recovery plan in place never re-open for business. ‖Corporate
governance using IT governance has increased a corporate officer‘s liability for business
continuity. The organization need to meet the business needs, so that more senior executives and
security officers are turning to Business Continuity / Disaster Recovery (BC/DR)services that
help them to protect their business in the event of a disaster.

An expert consultancy should be provided to have a comprehensive BC/DR program. The


program should effectively and efficiently meet corporate governance requirement by
minimizing BC/DR projects spending. The organization must work in partnership with their

52
http://www.computerweekly.com/news/2240221170/Government-to-help-UK-business-get-cyber-
securitybasicsright?asrc=EM_EDA_29532497&utm_medium=EM&utm_source=EDA&utm_campaign=20140523_
Govern ment%20to%20help%20UK%20business%20get%20cyber%20security%20basics%20right_

Copyright © Intelligent Quotient System Pvt. Ltd. Page 167


Intelligent Quotient System Pvt. Ltd.

employees, vendors, partners and government to ensure the continuity of critical business
functions in the event of a disaster.53

15.2 TYPES OF DISASTER


A disaster is a natural or man-made (or technological) hazard resulting in an event of substantial
extent causing significant physical damage or destruction, loss of life, or drastic change to the
environment. A disaster can be extensively defined as any tragic event stemming from events such
as earthquakes, floods, catastrophic accidents, fires, or explosions. It is a phenomenon that can
cause damage to life and property and destroy the economic, social and cultural life of people.

Naturaldisasters:
▪ Tornadoes
▪ Floods
▪ Blizzards
▪ Earthquakes
▪ Fire

Man-Made Disasters:

▪ Labor: strikes, walkouts, and slow-downs that disrupt services and supplies.
▪ Social-political: war, terrorism, vandalism, civil unrest, protests, demonstrations, cyber-
attacks, hacker activities.
▪ Materials: fires, hazardous materials spills
▪ Utilities: power failures, communications outages, water supply shortages, fuel shortages,
and radioactive fallout from power plant accidents.

53
http://www.iim-edu.org/executivejournal/Whitepaper_BCDR_Best_Practices.pdf

Copyright © Intelligent Quotient System Pvt. Ltd. Page 168


Intelligent Quotient System Pvt. Ltd.

Disasters Further Can Be Classified Into Four Parts:

Disasters can take several different forms. Some primarily impacts that affect individuals e.g. hard
drive meltdowns while others have a larger, collective impact. Disasters can occur such as power
outages, floods, fires, storms, equipment failure, sabotage, terrorism. Each of these can cause
short-term disruptions in normal business operation. But recovering from the impact of many of
the fore mentioned disasters can take much longer, especially if organizations have not
made preparations in advance. However, if proper preparations have been made, the disaster
recovery process does not have to be exceedingly stressful. Instead the process can be streamlined,
but this facilitation of recovery will only happen where preparations have been made.
Organizations take the time to implement disaster recovery plans ahead of time often ride out
catastrophes with minimal or no loss of data, hardware, or business revenue. This in turn provides
them to maintain the faith and confidence of their customers and investors.54
Some disasters can be insured and loss can be minimized. For Example: Fire in the building will
minimize the loss of entire value of building as well as assets present in it due to Insurance

1150919
Claim. But not all losses can be insured. For For Example: System Administrator while leaving
the job formatted the hard drive and the company lost entire data of last 3 years for which no back
up present. This loss due to human behavior cannot be insured.

Preparedness: Every organization should anticipate all the threats associated with the type of
industry in which they are serving or doing business. For Example: For a petrol pump owner,
he/she can anticipate loss during transport i.e. road accidents, loss due to increase in temperature,

54
http://www.techradar.com/news/software/security-software/the-advantages-of-unified-threat-management-

Copyright © Intelligent Quotient System Pvt. Ltd. Page 169


Intelligent Quotient System Pvt. Ltd.

loss due to fire at the Petrol Pump, loss due to human error, negligence etc. and they have to
implement the necessary precautions.55

Response: With the same above example, the petrol pump should do transit insurance, install
fire extinguishers, train the employees for the emergency procedures, install the smoke detectors,
put the sand buckets ready etc.

Recovery: In case of actual fire, the sand buckets, and fire extinguishers to be used
appropriately. Since all the employees are trained & they know how to execute the emergency
recovery plan, the recovery can be done with minimum damage.

Mitigation: Either from own disasters faced or from the industry to which the organization
belongs, the disasters can be anticipated and accordingly new plans to mitigate such threats.

Business continuity planning (BCP)/ Disaster Recovery Planning (DRP) are the factors that
makes the critical difference between the organizations that can successfully manage crises with
minimal cost and effort, maximum speed, organizations forced to make decision out of
desperation.

Detailed disaster recovery plans can prevent many problems experienced by an organization in
times of disaster. By having practice plans, not only for equipment and network recovery, but also
plans that precisely outline what steps each person involved in recovery efforts should
undertake so that an organization can improve their recovery time and minimize the time
that their normal business functions are disrupted. Thus it is vitally important that disaster recovery
plans be carefully laid out and regularly updated. Organizations need to put systems in place to
regularly train their network engineers and managers.

There are several options available for organizations to use once they decide to begin creating
their disaster recovery plan. The first and often most accessible source a business can draw on
would be to have any experienced managers within the organization who will help to craft a plan
that will fit the recovery needs specific to their unique organization. For organizations that do
not have this type of expertise in house, there are a number of outside options that can be called
on, such as trained consultants and specially designed softwares.

One of the most common practices used by responsible organizations is a disaster recovery plan
template. While templates might not cover every need specific to every organization, they are a
great place from which to start one's preparation. Templates help make the preparation process
more straight forward. They provide guidance and can even reveal aspects of disaster recovery
that might otherwise be forgotten.

55
http://itfirstaid.ca/services/disaster-recovery/

Copyright © Intelligent Quotient System Pvt. Ltd. Page 170


Intelligent Quotient System Pvt. Ltd.

The primary goal of any BCP/disaster recovery plan is to help the organization maintain its
business continuity, minimize damage, and prevent loss. Thus the most important question to
ask when evaluating disaster recovery plan is, "Will the plan work? "The best way to ensure
reliability of one's plan is to practice it regularly. Have the appropriate people actually practice
what they would do to help recover business function, if disaster occurs. Also regular reviews
and updates of recovery plans should be scheduled. Some organizations find it helpful to do this
on a monthly basis. So that the plan stays current and reflects the organizations current scenario.

15.3 BUSINESS CONTINUITY AND DISASTER RECOVERY


PLANSTEPS:

The unfortunate event in life of mankind i.e. the attack on World Trade Center on 9/11 taught a
big lesson to the entire world as well as all the industries. Business Continuity (BC) and Disaster
Recovery (DR) are the watchwords of businesses in the Information Technology (IT) world.

The predominant role of Wide Area Networks (WANs) in almost all major fields of business
has made it an imperative for IT and Network managers across the globe to accelerate their
network infrastructure, and also devise workable BC/DR plans.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 171


Intelligent Quotient System Pvt. Ltd.

Best practice of business continuity planning56

Following are the reasons why management shall have a concrete tested plan for BC/DR:

▪ Customer expects supplies & service to continue or resume rapidly in all situations.
▪ Share holders expect management control to remain operational in any crisis.
▪ Employees expect both their lives & livelihoods to be protected.
▪ Suppliers expect their revenue stream to continue.
▪ Regulate agencies expect their requirements to be met, regardless of circumstances.

56
CISAuditor_Study_Guide.pdf

Copyright © Intelligent Quotient System Pvt. Ltd. Page 172


Intelligent Quotient System Pvt. Ltd.

The primary objective of a Disaster Recovery plan and Business Continuity plan is the
description of how an organization has to deal with potential natural or human-induced
disasters.

15.4 THEDISASTERRECOVERYPLANSTEPS:

Every enterprise incorporates as part of business management includes the guidelines and
procedures to be undertaken to effectively respond to and recover from disaster recovery
scenarios, which adversely impacts information systems and business operations. Plan steps
that are well-constructed and implemented will enable organizations to minimize the effects of the
disaster and resume mission-critical functions quickly.57

Business Continuity or DRP steps involve an extensive analysis of an organization‘s business


processes, IT infrastructure, data backup, resources, continuity requirements and disaster
prevention methods. As well as, it is the process of creating a comprehensive document
encompassing details that will aid businesses in recovering from catastrophic events.
Developing a disaster recovery plan differs between enterprises based on business type,
processes, the security levels needed, and the organization size. There are various stages
involved in developing an effective Disaster Recovery or Business Continuity planning.

Types of Business Continuity Plans

• Disaster Recovery Plan–Recovers mission-critical technology & applications at the


alternate site.

• Business Resumption Plan– Continues mission functions at the production site


through work- around until the application are restored.

• Business Recovery Plan – Recover mission-critical business processes at the alternate


site (may be called as ―workspace recovery‖)

• Contingency Plan– To manage an external event that has for- reaching impact on the
business.

57
http://www.iim-edu.org/executivejournal/Whitepaper_BCDR_Best_Practices.pdf

Copyright © Intelligent Quotient System Pvt. Ltd. Page 173


Intelligent Quotient System Pvt. Ltd.

How to create a BCDR plan:

BCDR Plan:
Business Continuity Policy:

BCP policy creation is important. The first step in this is to understand the organization and
identify its mission-critical processes, technology, data & people. The BCP policy designer
should know how the company works. The planner can create process chart to understand the
company. The process chartcoversallprocessesoftheorganizatione.g.operationalprocesses like
stationary supplies to Strategic processes like new product launch. The planner needs
to see following things.

• Data
• Process
• Network
• People
• Time required for process
• Interdependencies of processes

The BCP covers mainly on baking up data and providing system redundancy but this one small
part of BCP. The disaster recovery includes some things like shifting people to proper place,
developing ways of carrying out automated tasks manually documenting needed
configurations, alerting business processes to maintain critical functions.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 174


Intelligent Quotient System Pvt. Ltd.

Business continuity is also part of security policy and program. Every business organization is
there to make profit. This is rational objective of every business organization. So the plans are
prepared to achieve this objective. The main reason to develop the plans is to reduce risk of
financial loss by improving the company‘s ability to recover and restore operations. This includes
the goal of mitigating the effects of the disaster. Many companies feel that they do not have the
time or resources to devote to disaster recovery plan. BCP is ultimately responsibility of
top management. The disruptions in business need to be managed using wisdom and foresight.
The BCP policy can be designed by considering process management and incident management.

Incident Management:

The business activity is dynamic so incidents and crises are also dynamic, so it needs dynamic
management along with proactive action and need. An incident is any unexpected event. It may
cause damage or may not. Depending on as estimation of the level of damage to the organization,
all types of incidents should be categorized. A classification system could include the following
categories: negligible, minor, major and crisis. Any such classification is dynamically provisional
until the incident is resolved.

These levels can be described as follows:

• Negligible incidents: Negligible incidents are those causing no perceptible or significant


damage, such as very brief OS crashes with full information recovery or momentary power
outages with UPS backup or non-catastrophic failures.

• Minor events: Minor events are those that are not negligible; produce no negative material or
financial impact.

• Major incidents: Major incidents cause a negative material impact on business processes and
may affect other systems, departments or even outside clients.

• Crisis: Crisis is a major incident that can have serious material impact on the continued
functioning of the business and may also adversely impact other systems or third parties. How
serious they are depends on the industry and circumstances, but severity is generally directly
proportional to the time elapsed from the inception of the incident to incident resolution.

Risk Assessment:

Copyright © Intelligent Quotient System Pvt. Ltd. Page 175


Intelligent Quotient System Pvt. Ltd.

The risk assessment step is critical and has significant bearing on whether business continuity
planning efforts will be successful. If the threat scenarios developed are unreasonably limited,
the resulting BCP may be inadequate. During the risk assessment step, business processes and the
business impact analysis assumptions are stress tested with various threat scenarios. This will
result in a range of outcomes, some that require no action for business processes to be successful
and others that will require significant BCPs to be developed and supported with resources
(financial and personnel).The organization should develop realistic threat scenarios that may
potentially disrupt their business processes and ability to meet their client‘s expectations (internal,
business partners, or customers).

63

Risk Management Compliance

63
http://www.google.co.in/imgres?start=154&hl=en&client=firefox-a&rls=org.mozilla:en-
US:official&biw=1366&bih=622&tbm=isch&tbnid=LzCOAAftKkiNlM:&imgrefurl=http://www.spherebase.com/r
isk-

UNIT 16

Copyright © Intelligent Quotient System Pvt. Ltd. Page 176


Intelligent Quotient System Pvt. Ltd.

VIRTUALIZATION

Objectives:-
16.1 Basic Concept of Virtualization
16.2 Data Center Virtualization
16.3 Desktop Virtualization
16.4 Network Virtualization
16.5 Server Virtualization
16.6 Load Balancing with Virtualization

16.1 BASIC CONCEPT OF VIRTUALIZATION


In computing, virtualization means to create a virtual version of a device or resource, such as a
server, storage device, network or even an operating system where the framework divides the
resource into one or more execution environments. For e.g. Partitioning a hard drive is considered
virtualization because you take one drive and partition it to create two separate hard drives.
Devices, applications and human users are able to interact with the virtual resource as if it were a
real single logical resource.
Virtualization Architecture:

▪ OS assumes complete control of underlying hardware.


▪ Virtualization architecture provides this illusion through a hypervisor/VMM.
▪ Hypervisor/VMM is a software layer which:
▪ Allows multiple Guest OS (Virtual Machines) to run simultaneously on a single physical host.
▪ Provides hardware abstraction other running GuestOS‘s and efficiently multiplexes underlying
hardware resources.

Single OS:
• Hardware + software tightly coupled.
• If Application crashed it will affect whole machine.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 177


Intelligent Quotient System Pvt. Ltd.

• Resource under-utilization.

Virtual Machine:
• Independent of hardware.
• Multiple OS (isolated apps).
• Safely multiplex resources across virtual machines (VMs).

Normal machine Virtual machine

That ―aggregation‖ piece is important because unlike server virtualization that split servers;
network-based application virtualization abstracts applications, making many instances appear to
be one.

Network-based application virtualization resides in the network, in the application delivery tier of
architecture. This tier is normally physically deployed somewhere near the edge of the data center
(the perimeter) and acts as the endpoint for user requests. In other words, a client request to
http://www.example.com is answered by an application delivery controller (load balancer) which
in turn communicates internally with applications that may be virtualized or not, local or in a public
cloud.

Many, organizations take advantage of this type of virtualization as a means to implement a


scalable, load balancing based infrastructure for high-volume, high-availability applications.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 178


Intelligent Quotient System Pvt. Ltd.

❖ TYPES OF VIRTUALIZATION

There are mainly three types of virtualization.

• Full virtualization
• OS level virtualization
• Para virtualization

➢ Full virtualization

As the name suggests everything in a system is virtualized which includes the processor, storage,
networking components etc. Virtual Box, VMware are examples of ―Full Virtualization‖
solutions.

➢ OS Level virtualization:

In this type of virtualization only applications are run inside the software. In this case the
application is given a platform to work. Isolation is created and the application is made to believe
that it is the only thing running on the system.58

58
www.vmware.com

Copyright © Intelligent Quotient System Pvt. Ltd. Page 179


Intelligent Quotient System Pvt. Ltd.

➢ Paravirtualization:

It‘s a semi-virtualized environment created for the guest OS. A modified guest OS is created using
a hypervisor. ―The intent of the modified interface is to reduce the portion of the guest‘s execution
time spent performing operations which are substantially more difficult to run in a virtual
environment compared to a non-virtualized environment. The Paravirtualization provides specially
defined ‗hooks‘ to allow the guest(s) and host to request and acknowledge these tasks, which
would otherwise be executed in the virtual domain (where execution performance is worst). A
successful Paravirtualized platform may allow the virtual machine monitor (VMM) to be simpler
(by relocating execution of critical tasks from the virtual domain to the host domain), and/or reduce
the overall performance degradation of machine-execution inside the virtual-guest.

Advantages of Virtualization:

• One of the biggest advantages of virtualization is scalability i.e. the ability to expand.
Whenever there is excessive load on some part of application in a server you can easily
create a similar virtual environment on a different server and configure the setup.

• Hardware maintenance cost is reduced because you don‘t need many servers to install
different applications.

• You can save a huge amount of energy by running one physical server instead of many
and less power backup is required.

• You can get faster and safer backups by taking live snapshot while server is running.

• You will get centralized monitoring of your resources as virtualization provides easy way
of connecting and maintaining your virtual servers.59

59
http://www.technofreaky.com/a-beginners-guide-to-virtualization/

Copyright © Intelligent Quotient System Pvt. Ltd. Page 180


Intelligent Quotient System Pvt. Ltd.

16.2 DATA CENTER VIRTUALIZATION

A Virtual Datacenter is a pool of cloud infrastructure resources designed specifically for enterprise
business needs. Those resources include compute, memory, storage and bandwidth

Copyright © Intelligent Quotient System Pvt. Ltd. Page 181


Intelligent Quotient System Pvt. Ltd.

Data Center Virtualization

16.3 DESKTOP VIRTUALIZATION

Desktop virtualization can be used in conjunction with application virtualization and user profile
management systems, now termed "user virtualization", to provide a comprehensive desktop
environment management system. In this mode, all the components of the desktop are virtualized,
which allows highly flexible and much more secure desktop delivery model. In addition, this
approach supports a more complete desktop disaster recovery strategy as all components are
essentially saved in the data center and backed up through traditional redundant maintenance
systems. If a user's device or hardware is lost, the restore is much more straightforward and simple,
because basically all the components will be present at login from another device. In addition,
because no data is saved to the user's device, if that device is lost, there is much less chance that
any critical data can be retrieved and compromised. Below are more detailed descriptions of the
types of desktop virtualization technologies that will be used in a typical deployment.60

60
www.vmware.com

Copyright © Intelligent Quotient System Pvt. Ltd. Page 182


Intelligent Quotient System Pvt. Ltd.

16.4 SERVER VIRTUALIZATION

As companies continue to virtualize their server environment, they are facing new set of
challenges. The increasingly demanding business environment requires application services to be
deployed more quickly and updating and upgrading these services have to be done more rapidly
and efficiently. VM's application driven virtualization approach not only provides the traditional
server virtualization benefits of consolidation, reliability and flexibility but also delivers a unique
integrated solution to addressing critical business needs.

16.5 LOAD BALANCING WITH VIRTUALIZATION

Virtualization technologies are used to enhance the hardware load on server systems and allow a
more efficient use of those servers. Nowadays, there is a wide range of existing High Availability
(HA) solutions which guarantee the availability of all virtual machines. There are just a few
commercial solutions available for allocating virtual machines during their operation time to
optimize the actual server workload (e.g. Distributed Resource Scheduler (DRS), Virtual IronLive
Capacity).Virtualization technologies allow optimizing the actual server workload, but presenting a single
point of failure for all virtualized systems. The Red Hat Cluster Suite is an approved solution for high
availability and can be used in project to combine virtualization and load balancing

L
Load balancing with virtualization

Copyright © Intelligent Quotient System Pvt. Ltd. Page 183


Intelligent Quotient System Pvt. Ltd.

❖ CASE STUDY ON VIRTUALIZATION:


This U.S. insurance company‘s centralized IT team supports all infrastructure and services for the
company‘s tens of thousands of employees. The company was looking at virtual infrastructure to
combat server sprawl and meet its CTO‘s objective of consolidating servers in order to save money
and make better use of current resources. Further, the company wanted to speed time-to-market of
new financial services. If the IT infrastructure to support new services could be implemented more
quickly, the company could be more competitive.

The virtualization project far exceeded the company‘s goals, paying for itself in just six months.
The department experienced significant reductions in hardware, software and operations costs.
Virtualization helped make the company more agile and responsive to business unit needs. The
business units experienced dramatic reductions in the time to procure a new server. One business
unit remarked after the virtualization project that they received a new (virtual) machine in just
three hours from signing off on the internal order. In addition to cost savings, the virtualization
project improved the company‘s test and development environment and disaster recovery ability,
while minimizing planned downtime.

The company is enthusiastic about virtualization and is considering how it can be incorporated into
other aspects of its IT infrastructure. In its near-term projects, the company is looking to expand
its virtual infrastructure as well as engage VMware Capacity Planning Services for its remote
locations. The company plans to move legacy systems onto a virtual infrastructure, migrating these
applications from local storage to fully networked SAN storage. Meanwhile, the company is also
examining the rest of its infrastructure to see where additional servers can be targeted for
consolidation.

UNIT - 17

CLOUD COMPUTING

Copyright © Intelligent Quotient System Pvt. Ltd. Page 184


Intelligent Quotient System Pvt. Ltd.

Objectives:-
17.1 Definition of cloud
17.2 Cloud Architecture
17.3 Advantages of cloud
17.4 Types of Cloud
17.5 Cloud Services

Introduction:
When you store your photos online instead of on your home computer, or use webmail or a social
networking site, you are using a ―cloud computing‖ service. As an organization, we are using an
online invoicing service instead of updating the in-house one, that online invoicing service is a
―cloud computing‖ service.

17.1 DEFINITION OF CLOUD


Cloud computing refers to the delivery of computing resources over the Internet. Instead of
keeping data on your own hard drive or updating applications for your needs, you use a service
over the Internet, at another location, to store your information or use its applications.

17.2 CLOUD ARCHITECTURE

Cloud services allow individuals and businesses to use software and hardware that are managed
by third parties at remote locations. Examples of cloud services include online file storage, social
networking sites, webmail, and online business applications etc. The cloud computing model
allows access to information and computer resources from anywhere that a network connection is
available. Cloud computing provides a shared pool of resources, including data storage space,
networks, computer processing power, and specialized corporate and user applications.61

For e.g. One way to think of cloud computing is to consider your experience with email. Your
email client, if it is Yahoo!, Gmail, Hotmail, and so on, takes care of housing all of the hardware
and software necessary to support your personal email account. When you want to access your
email you open your web browser, go to the email client, and log in. The most important part of
the equation is having internet access. Your email is not housed on your physical computer; you
access it through an internet connection, and you can access it anywhere. If you are on a trip, at
work, or down the street getting coffee, you can check your email as long as you have access to
the internet. Your email is different than software installed on your computer, such as a word

61
http://csrc.nist.gov/groups/SNS/cloudcomputing/

Copyright © Intelligent Quotient System Pvt. Ltd. Page 185


Intelligent Quotient System Pvt. Ltd.

processing program. When you create a document using word processing software, that document
stays on the device you used to make it unless you physically move it. An email client is similar
to how cloud computing works. Except instead of accessing just your email, you can choose what
information you have access to within the cloud.62

17.3 ADVANTAGES OF CLOUD COMPUTING

1. Almost zero upfront infrastructure investment: If you have to build a large-scale system it
may cost to invest in real estate, hardware (racks, machines, routers, backup power supplies),
hardware management (power management, cooling), and operations personnel etc. Because
of the upfront costs, it would typically need several rounds of management approvals before
the project could even get started. Now, with utility-style computing, there is no fixed cost or
startup cost.

2. Just-in-time Infrastructure: In the past, if you got famous and your systems or your
infrastructure did not scale you became a victim of your own success. Conversely, if you
invested heavily and did not get famous, you became a victim of your failure. By deploying
applications in-the-cloud with dynamic capacity management software architects do not have
to worry about pre-procuring capacity for large scale systems. The solutions are low risk
because you scale only as you grow. Cloud Architectures can relinquish infrastructure as
quickly as you got them in the first place (in minutes).

3. More efficient resource utilization: System administrators usually worry about hardware
procuring (when they run out of capacity) and better infrastructure utilization (when they have
excess and idle capacity). With Cloud Architectures they can manage resources more
effectively and efficiently by having the applications request and relinquish resources only
what they need (on-demand).

4. Usage-based costing: Utility-style pricing allows billing the customer only for the
infrastructure that has been used. The customer is not liable for the entire infrastructure that
may be in place. This is a subtle difference between desktop applications and web applications.
A desktop application or a traditional client-server application runs on customer‘s own
infrastructure (PC or server), whereas in a Cloud Architectures application, the customer uses
a third party infrastructure and gets billed only for the fraction of it that was used.

5. Potential for shrinking the processing time: Parallelization is the one of the great ways to
speed up processing. If one compute data intensive job that can be run in parallel takes 500

62
http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 186


Intelligent Quotient System Pvt. Ltd.

hours to process on one machine, with Cloud Architectures, it would be possible to spawn and
launch 500 instances and process the same job in 1 hour. Having available an elastic
infrastructure provides the application with the ability to exploit parallelization in a
costeffective manner reducing the total processing time.

17.4 TYPES OF CLOUDS

There are different types of clouds that you can subscribe to depending on your needs. As a
home user or small business owner, you will most likely use public cloud services.

1. Public Cloud - A public cloud can be accessed by any subscriber with an internet connection
and access to the cloud space.

2. Private Cloud - A private cloud is established for a specific group or organization and limits
access to just that group.

3. Community Cloud - A community cloud is shared among two or more organizations that have
similar cloud requirements.

4. Hybrid Cloud - A hybrid cloud is essentially a combination of at least two clouds, where the
clouds included are a mixture of public, private, or community.

17.5 CLOUD SERVICES

Each provider serves a specific function, giving users more or less control over their cloud
depending on the type. When you choose a provider, compare your needs to the cloud services
available. Your cloud needs will vary depending on how you intend to use the space and resources
associated with the cloud. If it will be for personal home use, you will need a different cloud type
and provider than if you will be using the cloud for business. Keep in mind that your cloud provider
will be pay-as-you-go, means if your technological needs change at any point you can purchase
more storage space (or less for that matter) from your cloud provider.
There are three types of cloud providers that one can subscribe to: Software as a Service (SaaS),
Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). These three types differ in the
amount of control that you have over your information, and conversely, how much you can expect
your provider to do for you. Briefly, here is what you can expect from each type.

➢ Software as a Service - A SaaS provider gives subscribers access to both resources and
applications. In SaaS, it is not unnecessary for you to have a physical copy of software to install
on your devices. SaaS also makes it easier to have the same software on all of your devices at

Copyright © Intelligent Quotient System Pvt. Ltd. Page 187


Intelligent Quotient System Pvt. Ltd.

once by accessing it on the cloud. In a SaaS agreement, you have the least control over the
cloud.

➢ Platform as a Service - A PaaS system goes a level above the Software as a Service setup. A
PaaS provider gives subscribers access to the components that they require to develop and
operate applications over the internet.

➢ Infrastructure as a Service - An IaaS agreement, as the name states, deals primarily with
computational infrastructure. In an IaaS agreement, the subscriber completely outsources the
storage and resources, such as hardware and software, which they need.63

Cloud Architecture

REFERENCES of IMAGES

1. https://www.google.co.in/imghp?

63
http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 188


Intelligent Quotient System Pvt. Ltd.

2. http://www.keycarbon.com/wiki/keyloggers_software_vs_hardware
3. http://www.digitaltrends.com/computing/quick-guide-to-password-manager-apps/
4. http://www.clipartof.com/portfolio/djart/illustration/computer-hacker-at-work-6028.html
5. http://pcsupport.about.com/od/windows7/ht/create-password-windows-7.htm
6. http://vhxn.com/how-to-recover-administrator-password/
7. http://unlimitedzone.org
8. http://buddyard.com/?tag=software
9. http://way4hack.blogspot.in/2011/11/giveawaytop-5-ant-ivirus-softwares.html
10. http://www.cyberlaws.net/

* * *
**Disclaimer: We have mentioned all the links from where we have collected the material to develop this course to the best of
our knowledge & belief.

Copyright © Intelligent Quotient System Pvt. Ltd. Page 189