SNS COLLEGE OF TECHNOLOGY

(An Autonomous Institution, Affiliated to Anna University)

Coimbatore – 641 035.

Reg. No. :

19CSE304– CYBER SECURITY

Possible Questions

ANSWER ALL QUESTIONS

Part A

1. Examine the term cyber security.

2. Build the elements of cyber security.
3. What are the advantages of cyber security?
4. Contrast active and passive attack with example.
5. Differentiate between IDS and IPS.
6. What is a Firewall?
7. Explain Traceroute.
8. Differentiate between HIDS and NIDS.
9. Construct CIA.
10. Categorize the different layers of the OSI model.
11. Model the working process of ARP.
12. List out some of the common cyber-attack.
13. What do you mean by data leakage?
14. Discuss honey pot types.
15. Construct the types of Classification of Intrusion Detection System.
16. Identify the top web security threats.
17. Explain the brute force attack. How to prevent it?
18. What are black hat hackers?
19. How to reset a password-protected BIOS configuration?
20. Define ARP and its working process.

Part B
1. Explain botnet.
2. Construct the concepts of seven layers of cyber security and its uses.
3. Build the types of Cyber Attacks and its uses.
4. Organize in detail about the Functions, types and Limitations of Firewall.
5. Discuss the importance of steps taken by the computer forensics specialist.
6. Construct the different phases or steps in the digital forensics life cycle.
7. Analyze the brief note on Remote Access Server Security for Mobile device.
8. Classify the mobility types and its implications.
9. Categorize the techniques and types of credit card Frauds.
10. Categorize in detail about honey pot and its types.
11. List the classifications and elaborate the detection methods of Intrusion Detection System
(IDS).
1
12. Construct about the cost of cybercrimes and IPR issues in lessons for Organizations.
13. Build the concepts of Web Threats for Organizations: The Evils and Perils.
14. Construct the Ransomware Attack and its usage. Build the types of Attacks and apply
in any one case.
15. Elaborate the Attacks on Mobile/Cell Phones and discuss about the advantages and
disadvantages.

2
 ANSWERS

Part – A

1. Examine the term cyber security.

Cybersecurity is the protection of internet-connected systems such as hardware,

software and data from cyberthreats. The practice is used by individuals and
enterprises to protect against unauthorized access to data centers and other
computerized systems.

A strong cybersecurity strategy can provide a good security posture against

malicious attacks designed to access, alter, delete, destroy or extort an
organization's or user's systems and sensitive data.

2. Build the elements of cyber security.

▪ Application Security

▪ Information Security

▪ Network Security

▪ Business continuity planning

▪ Operational Security

▪ End-user Education

▪ Leadership Commitment

3
3. What are the advantages of cyber security?

▪ It protects an individual's and an organization's personal and sensitive

data from being stolen.

▪ The most important aspect is that it improves the system's cyber-

security.

▪ It defends the computer against spyware, viruses, malicious codes,

trojan horses, worms, and a variety of other harmful programmes.

▪ With a strong security framework in place, the company credentials

are more credible.

4. Contrast active and passive attack with example?

4
5. Differentiate B/w IDS & IPS?

6. What is a Firewall?

▪ A firewall is a security device — computer hardware or software —

that can help protect your network by filtering traffic and blocking
outsiders from gaining unauthorized access to the private data on
your computer.
▪ Not only does a firewall block unwanted traffic, it can also help
block malicious software from infecting your computer.
▪ Firewalls can provide different levels of protection.

7. Explain Traceroute?

▪ Traceroute is a network diagnostic tool used to track the pathway taken

by a packet on an IP network from source to destination. Traceroute also
records the time taken for each hop the packet makes during its route to
the destination.
▪ Traceroute uses Internet Control Message Protocol (ICMP) echo packets
with variable time to live (TTL) values. The response time of each hop is
calculated. To guarantee accuracy, each hop is queried multiple times
(usually three times) to better measure the response of that particular
hop.
▪ Traceroute exists as part of most operating systems in one form or
another.
▪ A traceroute is also known as a tracert.

5
8. Difference B/w HIDS & NIDS

9. Construct CIA

6
10. Categorize the different layers of the OSI model

11. Model the working process of ARP

The devices of the network peel the header of the data link layer from
the protocol data unit (PDU) called frame and transfer the packet to the network
layer (layer 3 of OSI) where the network ID of the packet is validated with the
destination IP’s network ID of the packet and if it’s equal then it responds to the
source with the MAC address of the destination, else the packet reaches the
gateway of the network and broadcasts packet to the devices it is connected with
and validates their network ID
The above process continues till the second last network device in the path
reaches the destination where it gets validated and ARP, in turn, responds with the
destination MAC address.

7
12. List out some of the common cyber-attack

▪ Ransomware

▪ Malware

▪ DoS & DDoS Attacks

▪ Phishing

▪ Cross-Site Scripting

▪ SQL Injections

▪ DNS Tunneling

▪ Password Attacks

13.What do you mean by Data Leakage?

Data leakage is the unauthorized transmission of data from within an

organization to an external destination or recipient. The term can be used to
describe data that is transferred electronically or physically. Data leakage
threats usually occur via the web and email, but can also occur via mobile
data storage devices such as optical media, USB keys, and laptops.

14.Discuss honey pot types

There are three main tiers of honeypots: pure honeypots, low-

interaction honeypots, and high-interaction honeypots.

Pure honeypots

Pure honeypots are full-scale production systems that contain what may
appear to be sensitive or confidential data. These systems monitor the attacker’s
activities through a bug tap that is installed on the link connecting the honeypot to
the network. While pure honeypots can be complex, they provide a lot of valuable
information about attacks.

8
 Low-interaction honeypots

Low-interaction honeypots simulate only the systems and services that

attackers most commonly target. As a result, they are not very resource-intensive
and are easier to deploy and maintain. These honeypots gather information about
the type of attack and where it originated from. They are commonly used as early
detection mechanisms by security teams.

High-interaction honeypots

High-interaction honeypots are complex systems that run a variety of

services, just like real production systems. These kinds of honeypots are used to
provide attackers with many potential targets to infiltrate, allowing researchers to
observe their techniques and behaviors while collecting extensive cybersecurity
insights.

15.Construct the types of Classification of Intrusion Detection System

▪ Network Intrusion Detection System (NIDS)

▪ Host Intrusion Detection System (HIDS)

▪ Protocol-based Intrusion Detection System (PIDS)

▪ Application Protocol-based Intrusion Detection System (APIDS)

▪ Hybrid Intrusion Detection System

16.Identify the top web security threats

▪ Distributed denial of service (DDoS)

▪ Man in the Middle (MitM)

▪ Social engineering

▪ Malware and spyware

▪ Password attacks

▪ Advanced persistent threats (APT)

9
17.Explain the brute force attack. How to prevent it?

A Brute Force Attack is the simplest method to gain access to a site or server
(or anything that is password protected). It tries various combinations of usernames
and passwords again and again until it gets in. This repetitive action is like an army
attacking a fort.

It can be prevented by taking some precautionary measures like:

▪ Password Length.

▪ Password Complexity.

▪ Limit Login Attempts.

▪ Modifying .htaccess file.

▪ Using Captcha.

▪ Two Factor Authentication.

▪ Cloudflare.

18.What are black hat hackers?

Black hat hackers are the evil guys who want to use their technical skills to
defraud and blackmail others. They usually have the expertise and knowledge to
break into computer networks without the owners’ permission, exploit security
vulnerabilities, and bypass security protocols. To make money, they are ready to do
all illegal activities such as:

▪ Sending phishing emails and SMS messages.

▪ Writing, distributing, and selling malware like viruses, worms, trojan
horses, etc.

10
19.How to reset a password-protected BIOS configuration?

There are various ways to reset BIOS password. Some of them are as follows:

▪ Remove CMOS battery.

▪ By utilizing the software.

▪ By utilizing a motherboard jumper.

▪ By utilizing MS-DOS.

20.Define ARP and its working process.

Address Resolution Protocol (ARP) is a protocol or procedure that connects

an ever-changing Internet Protocol (IP) address to a fixed physical machine address,
also known as a media access control (MAC) address, in a local-area network (LAN).

11
 Part – B

1. Explain Botnet?

Reference: https://usa.kaspersky.com/resource-center/threats/botnet-
attacks

Botnet Definition
Botnets are networks of hijacked computer devices used to carry out various scams and
cyberattacks. The term “botnet” is formed from the word’s “robot” and “network.”
Assembly of a botnet is usually the infiltration stage of a multi-layer scheme. The bots serve
as a tool to automate mass attacks, such as data theft, server crashing, and malware
distribution.

Botnets use your devices to scam other people or cause disruptions — all without your
consent. You might ask, “what is a botnet attack and how does it work?” To expand this
botnet definition, we’ll help you understand how botnets are made and how they are used.

How Botnet Works

Botnets are built to grow, automate, and speed up a hacker’s ability to carry out larger
attacks.

One person or even a small team of hackers can only carry out so many actions on their
local devices. But, at little cost and a bit of time invested, they can acquire tons of additional
machines to leverage for more efficient operations.

A bot herder leads a collective of hijacked devices with remote commands. Once they’ve
compiled the bots, a herder uses command programming to drive their next actions. The
party taking command duties may have set up the botnet or be operating it as a rental.
Zombie computers, or bots, refer to each malware-infected user device that’s been taken
over for use in the botnet. These devices operate mindlessly under commands designed by
the bot herder.

Basic stages of building a botnet can be simplified into a few steps:

1. Prep and Expose — hacker exploits a vulnerability to expose users to malware.

2. Infect — user devices are infected with malware that can take control of their
device.
3. Activate — hackers mobilize infected devices to carry out attacks.
Stage 1 exposure starts with hackers finding a vulnerability in a website, application, or
human behavior. The goal is to set the user up for being unknowingly exposed to a malware

12
infection. You’ll commonly see hackers exploit security issues in software or websites or
deliver the malware through emails and other online messages.
In stage 2, the user gets infected with the botnet malware upon taking an action that
compromises their device. Many of these methods either involve users being persuaded via
social engineering to download a special Trojan virus. Other attackers may be more
aggressive by using a drive-by download upon visiting an infected site. Regardless of the
delivery method, cybercriminals ultimately breach the security of several users’ computers.
Once the hacker is ready, stage 3 initiates by taking control of each computer. The attacker
organizes all of the infected machines into a network of “bots” that they can remotely
manage. Often, the cybercriminal will seek to infect and control thousands, tens of
thousands, or even millions of computers. The cybercriminal can then act as the boss of a
large “zombie network” — i.e. a fully assembled and active botnet.

You’re probably still are asking, “what does a botnet do?” Once infected, a zombie
computer allows access to admin-level operations, such as:

• Reading and writing system data

• Gathering the user’s personal data
• Sending files and other data
• Monitoring the user’s activities
• Searching for vulnerabilities in other devices
• Installing and running any applications
What is Botnet Controllable?
Candidates for botnet recruitment can be any device that can access an internet connection.

Many devices we use today have some form of computer within them — even ones you
might not consider. Nearly any computer-based internet device is vulnerable to a botnet
meaning the threat is growing constantly. To protect yourself, take note of some common
devices that are hijacked into botnets:

Traditional computers like desktops and laptops that run on Windows OS or macOS have
long been popular targets for botnet construction.
Mobile devices have become another target as more people continue to use them.
Smartphones and tablets have notably been included in botnet attacks of the past.
Internet infrastructure hardware used to enable, and support internet connections may also
be co-opted into botnets. Network routers and web servers are known to be targets.
Internet of Things (IoT) devices include any connected devices that share data between each
other via the internet. Alongside computers and mobile devices, examples might include:
• Smart home devices (thermometers, security cameras, televisions, speakers, etc.)

• In-vehicle infotainment (IVI)

• Wearable devices (smartwatches, fitness trackers, etc.)
Collectively, all these devices can be corrupted to create massive botnets. The technology
market has become oversaturated with low-cost, low-security devices, leaving you

13
particularly vulnerable as a user. Without anti-virus malware, bot herders can infect your
devices unnoticed.

How Do Hackers Control a Botnet?

Issuing commands is a vital part of controlling a botnet. However, anonymity is just as
important to the attacker. As such, botnets are operated via remote programming.

Command-and-control (C&C) is the server source of all botnet instruction and leadership.
This is the bot herder's main server, and each of the zombie computers gets commands
from it.

Each botnet can be led by commands either directly or indirectly in the following models:

• Centralized client-server models

• Decentralized peer-to-peer (P2P) models
Centralized models are driven by one bot herder server. A variation on this model may
insert additional servers tasked as sub-herders, or “proxies.” However, all commands trickle
down from the bot herder in both centralized and proxy-based hierarchies. Either structure
leaves the bot herder open to being discovered, which makes these dated methods less
than ideal.
Decentralized models embed the instruction responsibilities across all the zombie
computers. As long as the bot herder can contact any one of the zombie computers, they
can spread the commands to the others. The peer-to-peer structure further obscures the
identity of the bot herder party. With clear advantages over older centralized models, P2P is
more common today.

What Are Botnets Used For?

Botnet creators always have something to gain, whether for money or personal satisfaction.

• Financial theft — by extorting or directly stealing money

• Information theft — for access to sensitive or confidential accounts
• Sabotage of services — by taking services and websites offline, etc.
• Cryptocurrency scams — using users’ processing power to mine for cryptocurrency
• Selling access to other criminals — to permit further scams on unsuspecting users

Most of the motives for building a botnet are similar to those of other cybercrimes. In many
cases, these attackers either want to steal something valuable or cause trouble for others.

In some cases, cybercriminals will establish and sell access to a large network of zombie
machines. The buyers are usually other cybercriminals that pay either on a rental basis or as
an outright sale. For example, spammers may rent or buy a network to operate a large-scale
spam campaign.

Despite the many potential benefits for a hacker, some people create botnets just because
they can. Regardless of motive, botnets end up being used for all types of attacks both on
the botnet-controlled users and other people.

14
Types of Botnet Attacks
While botnets can be an attack in themselves, they are an ideal tool to execute secondary
scams and cybercrimes on a massive scale. Common botnet schemes include some of the
following:

Distributed Denial-of-Service (DDoS) is an attack based on overloading a server with web

traffic to crash it. Zombie computers are tasked with swarming websites and other online
services, resulting in them being taken down for some time.
Phishing schemes imitate trusted people and organizations for tricking them out of their
valuable information. Typically, this involves a large-scale spam campaign meant to steal
user account information like banking logins or email credentials.
Brute force attacks run programs designed to breach web accounts by force. Dictionary
attacks and credential stuffing are used to exploit weak user passwords and access their
data.

How to Protect Yourself from Botnets

Considering the threats to the safety of yourself and others, it is imperative that you protect
yourself from botnet malware.

Fortunately, software protections and small changes to your computer habits can help.

6 Tips for protecting yourself against Botnets

1. Improve all user passwords for smart devices. Using complex and long passwords will
help your devices stay safer than weak and short passwords. Such as ‘pass12345.
2. Avoid buying devices with weak security. While this isn’t always easy to spot, many
cheap smart home gadgets tend to prioritize user convenience over security.
Research reviews on a product’s safety and security features before buying.
3. Update admin settings and passwords across all your devices. You’ll want to check all
possible privacy and security options on anything that connects device-to-device or
to the internet. Even smart refrigerators and Bluetooth-equipped vehicles have
default manufacturer passwords to access their software systems. Without updates
to custom login credentials and private connectivity, hackers can breach and infect
each of your connected devices.
4. Be wary of any email attachments. The best approach is to completely avoid
downloading attachments. When you need to download an attachment, carefully
investigate, and verify the sender’s email address. Also, consider using antivirus
software that proactively scans attachments for malware before you download.
5. Never click links in any message you receive. Texts, emails, and social media
messages can all be reliable vehicles for botnet malware. Manually entering the link
into the address bar will help you avoid DNS cache poisoning and drive-by
downloads. Also, take an extra step to search for an official version of the link.
6. Install effective anti-virus software. A strong internet security suite will help to
protect your computer against Trojans and other threats. Be sure to get a product
that covers all your devices, including Android phones and tablets.

15
Botnets are difficult to stop once they’ve taken root in user’s devices. To reduce phishing
attacks and other issues, be sure you guard each of your devices against this malicious
hijack.

2. Construct the concepts of seven layers of cyber security and its uses.?
Reference: https://www.ciso-portal.com/what-are-the-7-
cybersecurity-layers/

1. Access Control Layer

This layer is for the identification and authentication of the following:

• Users
• Systems
• Applications
• Data
It also includes identification management, authorization management, network access
control (NAC). Also, the identity-based security policies, identity federation, and access
provisioning.
2. Network Security Layer
This layer is for the protection of the network infrastructure itself. It includes the following:

• firewalls
• intrusion detection systems (IDS)
• intrusion prevention systems (IPS)
• anti-virus software
• encryption
• restricting access to networks
This layer aims to prevent an attack from happening in the first place.

3. Data Security Layer

This layer is for the protection of data at rest or in transit. It includes the following:

• Backup
• Encryption
• Patching systems
• Updating systems
• Upgrading systems
• Data storage
This layer aims to prevent data from being stolen or lost by unauthorized individuals. So if
an attack occurs through the system.

The main concern here is to ensure that the data cannot be accessed. By anyone other than
authorized users who are using authorized devices within authorized locations.

16
4. Application Security Layer
This layer is for the protection of applications that are used by multiple users over
different systems or devices. It includes authentication processes like the following:
• multi-factor authentication
• application hardening
• penetration testing
• code reviews
• vulnerability assessment
Hackers can exploit these vulnerabilities leading to loss of money or confidential
information. Which can result in serious repercussions to brand reputation and customer
loyalty.

This layer aims to prevent attacks against applications themselves through firewalls. Also,
IDS/IPS tools inspect traffic to applications for malicious content.

5. Data Security Layer

This layer is for the protection of data in motion. It includes the following:

• Encryption
• Tokenization
• MFA mechanisms
This layer also provides a level of protection for data that is at rest or in motion. This is
accomplished through encryption, tokenization, and multi-factor authentication (MFA).

6. Endpoint Security Layer

This layer is for the protection of systems and devices as well as the users who use those
systems. It includes endpoint security software as well as patching operating systems.

Also, applications on those devices are against known vulnerabilities. So they cannot be
exploited by the bad guys.

This layer also provides a level of protection for endpoints themselves and the data that is
stored on them.

7. Business Continuity Management Layer

This layer focuses mainly on business continuity management (BCM) measures. Which
covers both physical business continuity (PBC) measures.

So like business impact analysis (BIA), risk assessments, disaster recovery planning. It is
already done and it will be too late to reverse the effects of the attack and prevent any
further attacks.

17
3. Build the types of Cyber Attacks and its uses.

Reference: 1. https://blog.netwrix.com/2018/05/15/top-10-most-
common-types-of-cyber-attacks/

2. https://onlinedegrees.und.edu/blog/types-of-cyber-
security-threats/

4. Organize in detail about the Functions, types and Limitations of Firewall.

Reference: https://blog.netwrix.com/2018/05/15/top-10-most-
common-types-of-cyber-attacks/

Functions & Types: https://byjus.com/govt-exams/firewall-computer-

network/

Limitations:

▪ The firewall cannot protect against attacks that bypass the firewall. Internal systems
may have dial-out capability to connect to an ISP. An internal LAN may support a
modem pool that provides dial-in capability for traveling employees and
telecommuters.
▪ The firewall does not protect against internal threats. The firewall does not protect
against internal threats, such as a disgruntled employee or an employee who
unwittingly cooperates with an external attacker.
▪ The firewall cannot protect against the transfer of virus-infected programs or files.
Because of the variety of operating systems and applications supported inside the
perimeter, it would be impractical and perhaps impossible for the firewall to scan all
incoming files, e-mail, and messages for viruses.

5. Discuss the importance of steps taken by the computer forensics specialist.

--------

18
6. Construct the different phases or steps in the digital forensics life cycle.

Reference: https://www.startertutorials.com/blog/digital-forensics-life-
cycle.html

7. Analyze the brief note on Remote Access Server Security for Mobile
device.

------

19