Professional Documents
Culture Documents
19cse304-Cybersecurity Answer Key
19cse304-Cybersecurity Answer Key
Reg. No. :
Part A
Part B
1. Explain botnet.
2. Construct the concepts of seven layers of cyber security and its uses.
3. Build the types of Cyber Attacks and its uses.
4. Organize in detail about the Functions, types and Limitations of Firewall.
5. Discuss the importance of steps taken by the computer forensics specialist.
6. Construct the different phases or steps in the digital forensics life cycle.
7. Analyze the brief note on Remote Access Server Security for Mobile device.
8. Classify the mobility types and its implications.
9. Categorize the techniques and types of credit card Frauds.
10. Categorize in detail about honey pot and its types.
11. List the classifications and elaborate the detection methods of Intrusion Detection System
(IDS).
1
12. Construct about the cost of cybercrimes and IPR issues in lessons for Organizations.
13. Build the concepts of Web Threats for Organizations: The Evils and Perils.
14. Construct the Ransomware Attack and its usage. Build the types of Attacks and apply
in any one case.
15. Elaborate the Attacks on Mobile/Cell Phones and discuss about the advantages and
disadvantages.
2
ANSWERS
Part – A
▪ Application Security
▪ Information Security
▪ Network Security
▪ Operational Security
▪ End-user Education
▪ Leadership Commitment
3
3. What are the advantages of cyber security?
4
5. Differentiate B/w IDS & IPS?
6. What is a Firewall?
7. Explain Traceroute?
5
8. Difference B/w HIDS & NIDS
9. Construct CIA
6
10. Categorize the different layers of the OSI model
The devices of the network peel the header of the data link layer from
the protocol data unit (PDU) called frame and transfer the packet to the network
layer (layer 3 of OSI) where the network ID of the packet is validated with the
destination IP’s network ID of the packet and if it’s equal then it responds to the
source with the MAC address of the destination, else the packet reaches the
gateway of the network and broadcasts packet to the devices it is connected with
and validates their network ID
The above process continues till the second last network device in the path
reaches the destination where it gets validated and ARP, in turn, responds with the
destination MAC address.
7
12. List out some of the common cyber-attack
▪ Ransomware
▪ Malware
▪ Phishing
▪ Cross-Site Scripting
▪ SQL Injections
▪ DNS Tunneling
▪ Password Attacks
Pure honeypots
Pure honeypots are full-scale production systems that contain what may
appear to be sensitive or confidential data. These systems monitor the attacker’s
activities through a bug tap that is installed on the link connecting the honeypot to
the network. While pure honeypots can be complex, they provide a lot of valuable
information about attacks.
8
Low-interaction honeypots
High-interaction honeypots
▪ Social engineering
▪ Password attacks
9
17.Explain the brute force attack. How to prevent it?
A Brute Force Attack is the simplest method to gain access to a site or server
(or anything that is password protected). It tries various combinations of usernames
and passwords again and again until it gets in. This repetitive action is like an army
attacking a fort.
▪ Password Length.
▪ Password Complexity.
▪ Using Captcha.
▪ Cloudflare.
Black hat hackers are the evil guys who want to use their technical skills to
defraud and blackmail others. They usually have the expertise and knowledge to
break into computer networks without the owners’ permission, exploit security
vulnerabilities, and bypass security protocols. To make money, they are ready to do
all illegal activities such as:
10
19.How to reset a password-protected BIOS configuration?
There are various ways to reset BIOS password. Some of them are as follows:
▪ By utilizing MS-DOS.
11
Part – B
1. Explain Botnet?
Reference: https://usa.kaspersky.com/resource-center/threats/botnet-
attacks
Botnet Definition
Botnets are networks of hijacked computer devices used to carry out various scams and
cyberattacks. The term “botnet” is formed from the word’s “robot” and “network.”
Assembly of a botnet is usually the infiltration stage of a multi-layer scheme. The bots serve
as a tool to automate mass attacks, such as data theft, server crashing, and malware
distribution.
Botnets use your devices to scam other people or cause disruptions — all without your
consent. You might ask, “what is a botnet attack and how does it work?” To expand this
botnet definition, we’ll help you understand how botnets are made and how they are used.
One person or even a small team of hackers can only carry out so many actions on their
local devices. But, at little cost and a bit of time invested, they can acquire tons of additional
machines to leverage for more efficient operations.
A bot herder leads a collective of hijacked devices with remote commands. Once they’ve
compiled the bots, a herder uses command programming to drive their next actions. The
party taking command duties may have set up the botnet or be operating it as a rental.
Zombie computers, or bots, refer to each malware-infected user device that’s been taken
over for use in the botnet. These devices operate mindlessly under commands designed by
the bot herder.
12
infection. You’ll commonly see hackers exploit security issues in software or websites or
deliver the malware through emails and other online messages.
In stage 2, the user gets infected with the botnet malware upon taking an action that
compromises their device. Many of these methods either involve users being persuaded via
social engineering to download a special Trojan virus. Other attackers may be more
aggressive by using a drive-by download upon visiting an infected site. Regardless of the
delivery method, cybercriminals ultimately breach the security of several users’ computers.
Once the hacker is ready, stage 3 initiates by taking control of each computer. The attacker
organizes all of the infected machines into a network of “bots” that they can remotely
manage. Often, the cybercriminal will seek to infect and control thousands, tens of
thousands, or even millions of computers. The cybercriminal can then act as the boss of a
large “zombie network” — i.e. a fully assembled and active botnet.
You’re probably still are asking, “what does a botnet do?” Once infected, a zombie
computer allows access to admin-level operations, such as:
Many devices we use today have some form of computer within them — even ones you
might not consider. Nearly any computer-based internet device is vulnerable to a botnet
meaning the threat is growing constantly. To protect yourself, take note of some common
devices that are hijacked into botnets:
Traditional computers like desktops and laptops that run on Windows OS or macOS have
long been popular targets for botnet construction.
Mobile devices have become another target as more people continue to use them.
Smartphones and tablets have notably been included in botnet attacks of the past.
Internet infrastructure hardware used to enable, and support internet connections may also
be co-opted into botnets. Network routers and web servers are known to be targets.
Internet of Things (IoT) devices include any connected devices that share data between each
other via the internet. Alongside computers and mobile devices, examples might include:
• Smart home devices (thermometers, security cameras, televisions, speakers, etc.)
13
particularly vulnerable as a user. Without anti-virus malware, bot herders can infect your
devices unnoticed.
Command-and-control (C&C) is the server source of all botnet instruction and leadership.
This is the bot herder's main server, and each of the zombie computers gets commands
from it.
Each botnet can be led by commands either directly or indirectly in the following models:
Most of the motives for building a botnet are similar to those of other cybercrimes. In many
cases, these attackers either want to steal something valuable or cause trouble for others.
In some cases, cybercriminals will establish and sell access to a large network of zombie
machines. The buyers are usually other cybercriminals that pay either on a rental basis or as
an outright sale. For example, spammers may rent or buy a network to operate a large-scale
spam campaign.
Despite the many potential benefits for a hacker, some people create botnets just because
they can. Regardless of motive, botnets end up being used for all types of attacks both on
the botnet-controlled users and other people.
14
Types of Botnet Attacks
While botnets can be an attack in themselves, they are an ideal tool to execute secondary
scams and cybercrimes on a massive scale. Common botnet schemes include some of the
following:
Fortunately, software protections and small changes to your computer habits can help.
1. Improve all user passwords for smart devices. Using complex and long passwords will
help your devices stay safer than weak and short passwords. Such as ‘pass12345.
2. Avoid buying devices with weak security. While this isn’t always easy to spot, many
cheap smart home gadgets tend to prioritize user convenience over security.
Research reviews on a product’s safety and security features before buying.
3. Update admin settings and passwords across all your devices. You’ll want to check all
possible privacy and security options on anything that connects device-to-device or
to the internet. Even smart refrigerators and Bluetooth-equipped vehicles have
default manufacturer passwords to access their software systems. Without updates
to custom login credentials and private connectivity, hackers can breach and infect
each of your connected devices.
4. Be wary of any email attachments. The best approach is to completely avoid
downloading attachments. When you need to download an attachment, carefully
investigate, and verify the sender’s email address. Also, consider using antivirus
software that proactively scans attachments for malware before you download.
5. Never click links in any message you receive. Texts, emails, and social media
messages can all be reliable vehicles for botnet malware. Manually entering the link
into the address bar will help you avoid DNS cache poisoning and drive-by
downloads. Also, take an extra step to search for an official version of the link.
6. Install effective anti-virus software. A strong internet security suite will help to
protect your computer against Trojans and other threats. Be sure to get a product
that covers all your devices, including Android phones and tablets.
15
Botnets are difficult to stop once they’ve taken root in user’s devices. To reduce phishing
attacks and other issues, be sure you guard each of your devices against this malicious
hijack.
2. Construct the concepts of seven layers of cyber security and its uses.?
Reference: https://www.ciso-portal.com/what-are-the-7-
cybersecurity-layers/
• Users
• Systems
• Applications
• Data
It also includes identification management, authorization management, network access
control (NAC). Also, the identity-based security policies, identity federation, and access
provisioning.
2. Network Security Layer
This layer is for the protection of the network infrastructure itself. It includes the following:
• firewalls
• intrusion detection systems (IDS)
• intrusion prevention systems (IPS)
• anti-virus software
• encryption
• restricting access to networks
This layer aims to prevent an attack from happening in the first place.
• Backup
• Encryption
• Patching systems
• Updating systems
• Upgrading systems
• Data storage
This layer aims to prevent data from being stolen or lost by unauthorized individuals. So if
an attack occurs through the system.
The main concern here is to ensure that the data cannot be accessed. By anyone other than
authorized users who are using authorized devices within authorized locations.
16
4. Application Security Layer
This layer is for the protection of applications that are used by multiple users over
different systems or devices. It includes authentication processes like the following:
• multi-factor authentication
• application hardening
• penetration testing
• code reviews
• vulnerability assessment
Hackers can exploit these vulnerabilities leading to loss of money or confidential
information. Which can result in serious repercussions to brand reputation and customer
loyalty.
This layer aims to prevent attacks against applications themselves through firewalls. Also,
IDS/IPS tools inspect traffic to applications for malicious content.
• Encryption
• Tokenization
• MFA mechanisms
This layer also provides a level of protection for data that is at rest or in motion. This is
accomplished through encryption, tokenization, and multi-factor authentication (MFA).
Also, applications on those devices are against known vulnerabilities. So they cannot be
exploited by the bad guys.
This layer also provides a level of protection for endpoints themselves and the data that is
stored on them.
So like business impact analysis (BIA), risk assessments, disaster recovery planning. It is
already done and it will be too late to reverse the effects of the attack and prevent any
further attacks.
17
3. Build the types of Cyber Attacks and its uses.
Reference: 1. https://blog.netwrix.com/2018/05/15/top-10-most-
common-types-of-cyber-attacks/
2. https://onlinedegrees.und.edu/blog/types-of-cyber-
security-threats/
Reference: https://blog.netwrix.com/2018/05/15/top-10-most-
common-types-of-cyber-attacks/
Limitations:
▪ The firewall cannot protect against attacks that bypass the firewall. Internal systems
may have dial-out capability to connect to an ISP. An internal LAN may support a
modem pool that provides dial-in capability for traveling employees and
telecommuters.
▪ The firewall does not protect against internal threats. The firewall does not protect
against internal threats, such as a disgruntled employee or an employee who
unwittingly cooperates with an external attacker.
▪ The firewall cannot protect against the transfer of virus-infected programs or files.
Because of the variety of operating systems and applications supported inside the
perimeter, it would be impractical and perhaps impossible for the firewall to scan all
incoming files, e-mail, and messages for viruses.
--------
18
6. Construct the different phases or steps in the digital forensics life cycle.
Reference: https://www.startertutorials.com/blog/digital-forensics-life-
cycle.html
7. Analyze the brief note on Remote Access Server Security for Mobile
device.
------
19