Professional Documents
Culture Documents
Unit2 CyberSecurity Shared
Unit2 CyberSecurity Shared
SECURITY
undoubtedly, the leading challenge for organizations.
• Attackers, in the last decade, not only targeted the servers and
operating systems (OSs) but also attacked the Client Applications. APPLICATION SECURITY
• Application security is the use of software hardware and procedural
• Organizations and individuals use various types of client-side methods to protect applications from external threats.
applications that include Browsers, Multimedia Programs, and
Document Readers. • Security is becoming one of the important concern during
application development.
• The most common attacks on the client-side applications include • There are three types of application security:
Phishing and Social Engineering.
• Database security
• Attacker may send malware through e-mail. • Email Security
• Internet security
• Attacker may ask to download a plug-in or a cookie to help you
improve your search, but that may turn you into a victim of social
engineering attack.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 3 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 4
1
Application Security (CO2) Application Security (CO2)
DATABASE SECURITY DATABASE SECURITY
• It is used to protect the data, database applications or
• Data corruption and loss caused by the entry of invalid data or commands
stored functions, the database systems, server and the
• Many layers and type of information security are appropriate to database
associated network links.
including
• It involves various categories of controls, such as technical, procedural/administrative,
physical. • Access Control : In the fields of physical security and information
Security risk to database system includes security access control is selective restriction of access to a place or other
• Unauthorized or unintended activity or misuse by authorized database user, or hackers. resource.
• Malware infections causing incidents such as unauthorized access, leakage or disclosure of • Auditing : Involves observing a database so as to be aware of the actions
personal or proprietary data of database users.
• Unanticipated failure of database services • Authentication : It is the act of confirming the truth of an attribute of a
• Overloads, performance constraints resulting in the inability of authorized users to use single piece of data or entity.
database as intended.
• Physical damage to servers by fire, electronic breakdown…etc.
• Encryption : A process of converting the data within a database, in plain
text form to a meaningless cipher text by means of suitable algorithm. It is
• Design flaws and programming bugs in database and associated programs and systems
creating various vulnerabilities
done to encrypt sensitive data like credit card details, medical Records etc.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 5 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 6
Application
Application
Security
Security
(CO2) Application Security (CO2)
EMAIL SECURITY
• E-MAIL is one of the uses of WWW which is fast and secures methods of
sending information to the other computers users.
DATABASE SECURITY • A typical email contains four elements
• Post offices : where outgoing message temporary stored
• Backup : A process of backing up refers to copying and archiving • Message transfer agents (MTA) : Used for forwarding message
between post offices and to destinations client
the data so it may be used to restore the original after the loss or Gateways Translate different email system, different email addressing
an event schemes and messaging protocols.
• Integrity control : It refers to maintaining the accuracy and • Email Clients Computer that connects to Post offices.
consistency of data over its entire life cycle and is a critical aspect to • MAIL SEVER uses SMTP,POP,IMAPv4 protocol.
the design and implementation and usage of any system which
store processes or retrieves data.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 7 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 8
2
APPLICATION SECURITY (CO2) APPLICATION SECURITY (CO2)
Security Services
Email Security issues
• Most Electronics System Provides Variety of Security Services For
• Email can allow attacker to exploit an organization user to gather Electronic Mail as given below:
information. • Privacy
• Flaws in mail server application may be exploited • Authentication
• DoS attacks may be directed to the mail server • Integrity
• Sensitive information on mail servers may be read by unauthorized • Non-repudiation
users • Proof of Submission
• Information may be altered • Proof of Delivery
• Users may send inappropriate message via email which may lead to • Audit
action against company • Accounting
• Missed configuration may allow malicious entities to use organization • Self Destructs
server to send email based advertisement. • Containment
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 11 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 12
3
INTERNET SECURITY THREATS (CO2) INTERNET SECURITY THREATS (CO2)
Types of Internet Security Threats and Its Prevention Phishing Threats:
Phishing means, when any website
Viruses : VITAL INFORMATION RESOURCES UNDER SIEGE impersonates itself as a trustworthy and
• A computer program developed intentionally to
corrupt the files, applications, data, etc. of a
well established brand most probably to
computer. It gets back door entry (from storage steal the information as well as money
devices, internet, USB etc.) without the by misleading the online users.
knowledge of the user, and exploits the system
mercilessly. Prevention:
• Install updated version of antivirus tool.
Hackers:
• An intruder or probably an enemy of a particular entity with malicious • Do not click blindly on the hyperlinks appearing in the e-mail that
intentions creates and injects malicious content to steal sensitive information came from the unknown sources.
or money or sometimes to destroy some part of data or applications.
Prevention: • Secure your website with anti spam and phishing detection tools.
• Beware of downloading applications, files (mp3, mp4, gif, etc) from the • Always look for the “https:” before trusting the website especially,
sites and also from the attachments of the e-mails.
before providing credit card information and personal information.
• Use/buy certified and secured products from the vendors.
• Keep a habit of regularly scanning the system also keep updating the virus • Guard the walls of the server with updated firewalls.
scanning tools/software.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 13 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 14
4
Data Security Considerations(CO2) Reasons for Data Loss (CO2)
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 17 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 18
• One could restore the most recent form of data. • Time machine (backup mechanism of macOS)
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 19 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 20
5
Data Backup Modes (CO2) Data Backup Modes (CO2)
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 21 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 22
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 23 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 24
6
Data Backup vs Data Archival (CO2) Data Backup vs Data Archival (CO2)
Backup Archive
The original data remains
Archived data is moved
in place, while a backup
Data Backup Data Archival Data Storage Method
copy is stored in another
from its original location to
an archive storage location
location
Once you create an
Backed up data is
It is the storage of data that can Data archiving requires Data State
constantly changing
archive, you do not modify
it
be used later to recover data retaining data that has become You periodically delete or
overwrite data backups Data archives are designed
lost due to disaster or malicious obsolete for current purposes Data Retention Policy
that are too old to be for long-term storage
useful
activities such as hacking. but can be required, at a later Hot cloud storage or easily
Cold cloud storage or
Storage Type accessible local storage
stage, for reference. locations
tape archives
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 25 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 26
• Reduce cost • Records being rarely changed or accessed and important but less
• Save storage space in the online system accessed information are most suitable data for archival.
• Reduce access complexity • The criteria can be defined by the user or the archiving products
• Improve system performance may take metadata for files and contexts of objects as defining
criteria to select the information to be archived.
• Efficient identification of preserved data
• Archived data is stored according to the object context and indexed
• Use archived data for historical researches
so that finding them becomes easy whenever required in future.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 27 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 28
7
Selection of the best archival solutions(CO2) Selection of the best archival solutions
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 29 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 30
Selection of the best archival solutions Data Disposal Security Considerations (CO2)
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 31 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 32
8
Data Disposal Security Considerations (CO2) Data Disposal Security Considerations (CO2)
Ways of item. Each area on your hard drive should be overwritten a number
Overwriting
Degaussing Destroying
hard drive
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 33 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 34
Data Disposal Security Considerations (CO2) Data Disposal Security Considerations (CO2)
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 35 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 36
9
Topic Firewall (CO2)
FIREWALL
network and incoming traffic from external sources (such as
the internet) in order to block malicious traffic like viruses and
hackers.
Source : https://iotlabs.dyndns.biz/ • Only authorized traffic will be allowed to pass from a firewall.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 39 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 40
10
Functions of Firewall (CO2) Firewall Characteristics(CO2)
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 41 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 42
2. Direction Control:
The control defines the path in which a complex service request can be Packet filtering Circuit-level Gateway
launched and passed across the firewall.
3. User Control:
It regulates access to a program that the customer attempts to enter. Application Gateway
4. Behaviour Control:
It regulates how specific services need to be employed.
5/24/2022 43 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 44
11
Packet Filtering Firewalls(CO2) Packet Filtering Firewalls(CO2)
Inspects the packets of data that are passed through the network
It controls network access by analyzing incoming and and accepts or rejects the packets on the basis of the default or
outgoing packets user-defined rules.
Security Perimeter
Packet filter is also known as network layer firewall.
Private
Internet Network
Packet
filtering
router
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 45 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 46
1. Stateful- Stateful firewalls maintain the state information of • It filters the inbound traffic to certain specific applications
connection’s lifetime.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 47 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 48
12
Application Gateway Firewalls(CO2) Circuit-Level Gateway Firewalls(CO2)
Applies security mechanisms to specific applications such as File It monitors the TCP data packets handshaking to ensure legitimate
session
Transfer Protocol (FTP) and Telnet servers.
• Application layer firewalls are based on the application level of
the TCP/IP stack. These firewalls intercept all packets that are
sent or received from an application.
• Application layer firewalls help you in preventing unwanted
outside traffic from reaching to protected machines.
• These firewalls can restrict or prevent spreading of computer
worms and Trojans over a network.
Source: Swyam
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 49 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 50
13
Virtual Private Network (VPN) (CO2) Virtual Private Network (VPN) (CO2)
• It creates the virtual tunnel through which the data travels from
one computer to the other over the network.
• Due to this, an attacker gets the way to use the remote client to
relay attacks through the VPN tunnel.
Source: CISCO
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 53 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 54
How does a virtual private network (VPN) work? (CO2) Virtual Private Network (VPN) (CO2)
• Because the traffic is encrypted between the device and the network,
traffic remains private as it travels.
• An employee can work outside the office and still securely connect to
the corporate network.
Source: CISCO
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 55 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 56
14
Types VPNs (CO2) Remote-Access VPNs (CO2)
• Remote Access VPN permits a user to connect to a private network and
• Virtual Private Network (VPN) is basically of 2 types:
access all its services and resources remotely. The connection between
1. Remote Access VPN the user and the private network occurs through the Internet and the
2. Site to Site VPN connection is secure and private. Remote Access VPN is useful for home
users and business users both.
• Users aware of Internet security also use VPN services to enhance their
Internet security and privacy.
Source: CISCO
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 59 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 60
15
Site-to-Site VPNs (CO2) Site-to-Site VPNs (CO2)
• A Site-to-Site VPN is also called as Router-to-Router VPN and is
• Intranet based VPN: When several offices of the same company are
commonly used in the large companies. Companies or organizations, connected using Site-to-Site VPN type, it is called as Intranet based VPN.
with branch offices in different locations, use Site-to-site VPN to
• Extranet based VPN: When companies use Site-to-site VPN type to connect
connect the network of one office location to the network at another to the office of another company, it is called as Extranet based VPN.
office location. • Site-to-site VPN create a imaginary bridge between the networks at
• A site-to-site VPN connects the corporate office to branch offices over geographically distant offices and connect them through the Internet
the Internet. and sustain a secure and private communication between the
networks. In Site-to-site VPN one router acts as a VPN Client and
• Site-to-site VPNs are used when distance makes it impractical to have
another router as a VPN Server as it is based on Router-to-Router
direct network connections between these offices.
communication. When the authentication is validated between the two
• Dedicated equipment is used to establish and maintain a connection. routers only then the communication starts.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 61 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 62
• Secure remote access provides a safe, secure way to connect users and
devices remotely to a corporate network. It includes VPN technology
that uses strong ways to authenticate the user or device.
Source: CISCO
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 63 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 64
16
Secure Remote-Access VPNs (CO2) VPN Components (CO2)
Source: CISCO
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 65 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 66
Intrusion Detection • Anomaly detection and reporting are two main functions
• A SIEM system integrates outputs from multiple sources and uses alarm
filtering techniques to differentiate malicious activity from false alarms.
17
Intrusion Detection Systems(IDS) Components of Intrusion Detection System
Source: CISCO
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 69 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 70
Decision Alarm
Detection Engine
Table
Monitors Malicious Response IDS
Detection
Configuration
Sensor Decision Engine
Hosts and Manages and Reports
Networks Action
Information Recorded NIDS NNIDS HIDS
Report
Management Console Network Node Network Host
Intrusion Intrusion Detection Intrusion
Detection System Detection
System System
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 71 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 72
18
Network Intrusion Detection System (NIDS) Network Intrusion Detection System
Source: Swayam
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 73 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 74
Network Node Intrusion Detection System (NNIDS) Host Intrusion Detection System (HIDS)
• The Host Intrusion Detection System (HIDS) runs on all the devices
• It is similar to NIDS in the network with access to the internet and other parts of the
• The traffic in NNIDS is only monitored on a single host unlike enterprise network.
NIDS • HIDS takes an Image of entire system’s file set and compares it to
the preceding picture
• HIDS have some advantages over NIDS, due to their ability to look
more closely at internal traffic, as well as working as a second line of
defense against malicious packets a NIDS has failed to detect.
Source: Swayam
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 75 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 76
19
Host Intrusion Detection System (HIDS) Topic
Access Control
Source: Swayam
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 79 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 80
20
Identification versus Authentication Access Control (CO2)
Identification Authentication
• Identification refers to the • Authentication refers to the
Rule-Based Access Mandatory Access
process of labeling and process of verifying whether the Control Control
recognizing a user. user is a valid user or not.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 81 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 82
Advantage
•MAC defines the Applicability
accessibility of
Exhaustive Problem
functionality, Enabling This model finds its
information in a applicability in the Advantage Despite the fact that
the detection and
consistent manner. environments where •DAC model offers this model offers a
repair of security It ensures dynamic
•Unless the the confidentiality of flexibility related to flexible environment,
breaches. exchange of
organization of information is the the exchange of unauthorized
information with
information crux of the matter. information to the information
other users.
exchange is put It allows outright network users disclosure is always
into place by the control over the the likely possibility
administrators, management of .
users can’t share information, and if
the information. required, can lock
down the network.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 83 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 84
21
Role-Based Access Control (CO2) Rule-Based Access Control (CO2)
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 85 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 86
SECURITY THREATS
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 87 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 88
22
Viruses (CO2) Viruses (CO2)
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 89 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 90
• Refers to the virus types that change from one form to another
to avoid being detected.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 91 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 92
23
Stealth Viruses (CO2) Retroviruses
• Refers to a virus type that masks itself from application in • Refer to the virus types that bypass installed antivirus
order to avoid being detected. software.
• This virus is one that, while active, hides the modifications its
has made to files or boot records. • The retrovirus is capable of making direct attack on an
• Programs that try to read infected files or sectors, see the antivirus.
original uninfected form instead of the actual, infected form.
• Virus must be resident in memory when the antivirus programs • A retrovirus will attempt to disable and infect the
executed to be undetected. antivirus software in order to avoid detection in the computer
• The stealth virus gets attached to the boot sector of a hard system. Also called anti-antivirus virus.
disk.
• The infected file is of different size than the original.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 93 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 94
• Refers to a virus type that has the ability to react in multiple • Refers to a virus type that is difficult to detect.
ways.
• A type of virus that has been designed to thwart attempts by
• Also called a multi-part virus, a virus that attempts to attack
analysts from examining its code by using various methods to
both the boot sector and the executable, or program, files at
make tracing, disassembling and reverse engineering more
the same time.
difficult.
• When the virus attaches to the boot sector, it will in turn affect
the system files, and when the virus attaches to the files, it will • It may also protect itself from antivirus programs, making it
in turn infect the boot sector. more difficult to trace. To do this, the it attempts to trick
• This type of virus can re-infect a system over and over again if the antivirus program into believing its location is somewhere
all parts of the virus are not eradicated. other than where it really is on the system.
• Ghostball was the first multipartite virus, discovered by Fridrik Example- Whale virus.
Skulason in October 1989. Other examples are Invader, Flip,
etc.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 95 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 96
24
Macro Viruses Other Viruses
The Global Template • Companion: Refers to a virus type that gets spread by
is used as the basis attaching itself with other programs. The companion virus
for the document when attached with legitimate programs gets saved with a
settings and macros different file extension and is saved in a temporary directory of
a computer.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 99 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 100
25
Logic bombs Logic bombs
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 101 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 102
Worms(CO2) Worms
Source: Swayam
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 103 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 104
26
Similarities and differences between Spoofing(CO2)
Virus, Worms and Trojan horse
Steal information Self-replicates
• Spoofing means to provide false information about your
Alter data
Delete data Virus identity to gain unauthorized access to others’ computer
Passive transmission systems.
Software code Can mutate
• IP spoofing and DNS spoofing are the most popular spoofing
Steal information Self-replicates attacks.
Delete data Alter data
Worm • The objective of IP spoofing is to make the data look as if it
Active transmission has come from a trusted host, when it did not.
Self-contained
Software Can mutate
• In DNS spoofing, the DNS server is given information about a
Non Self-replicates name server and the server assumes this information as
Steal information
Conscript host for legitimate, when it is not.
Open backdoor Trojan botnet
Disguised as a horse Keystroke and
useful program webcam logging
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 105 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 106
IP Spoofing(CO2) Trapdoor
Source IP: 192.168.1.3 • A trap door is kind of a secret entry point into a program that
Destination IP: 10.0.0.23 allows anyone gain access to any system without going through
Spoofed source IP address the usual security access procedures.
• Other definition of trap door is it is a method of bypassing
normal authentication methods. Therefore it is also known as
192.168.1.2
back door.
10.0.0.23 • Programmers use Trap door legally to debug and test programs.
Source IP: 10.0.0.23 • Trap doors turns to threats when any dishonest programmers to
Destination IP: 192.168.1.3 gain illegal access.
• Program development and software update activities should be
first focus of security measures.
192.168.1.3 • Operating system that controls the trap doors is difficult to
Source: Swayam
implement.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 107 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 108
27
Trapdoor Malicious Software(CO2)
• The back door term is referred to as gaining access to a • Malicious code is a new kind of threat in the form of an auto-
network. executable application.
• The backdoor attack lets malicious user to enter illicit code at
the time of its execution. Moreover, a backdoor attack is
primarily an access or a modification attack. However, it • It can be in the form of scripting languages, such as Java
requires user ID and password to gain administrative Applets, ActiveX controls, or various new programming
privileges. languages designed to enhance Web pages.
• Some of the tools that are used to create backdoor attacks are
Back Orifice and NetBus.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 109 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 110
Malicious code can be categorized into the following types: • DoS Attack (Denial of Service Attack)
• DDoS Attack (Distributed Denial of Service Attack)
• Code that causes access violations: Refers to the category • DoS makes the system unresponsive to the actual service
of malicious code that tries to delete, steal, alter, or execute requests
unauthorized files. It can steal passwords, files, and other
confidential data. • It does so by overpowering the system resources
• Code that enables DoS attacks: Refers to the category of • Difference is that the attack is launched from a series of host
malicious code that prevents the user from using the system. It machines
may destroy the files that are open at the time of the attack.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 111 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 112
28
Denial of Services Attack Denial of Services Attack
Source: swayam
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 113 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 114
29
Denial of Services Attack Denial of Services Attack
THREATS TO E-COMMERCE
(CO2)
90,000 bytes
30,000 bytes per fragment
90,000 bytes Error!
Source: swayam
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 119 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 120
30
Threats to E-Commerce(CO2) Threats to E-Commerce
• Unauthorized internal users who may access confidential
• E-Commerce refers to the activity of buying and selling things
information by using passwords for committing fraud or theft.
over the internet.
• E-commerce can be drawn on many technologies such as
mobile commerce, Internet marketing, online transaction • Former employees of an organization who have maintained
processing, electronic funds transfer, supply chain access to the information sources directly by creating
management, electronic data interchange (EDI), inventory alternative password. “back doors” into the computer systems
management systems, and automated data collection or indirectly through former co- workers.
systems.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 123 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 124
31
Types of EPS E-cash Threats
Smart Card:
• A smart card, is any pocket-sized card with embedded integrated
circuits which can process data.
• This implies that it can receive input which is processed and delivered
as an output.
Credit Card :
• It is a Plastic Card having a Magnetic Number and code on it.
• It has Some fixed amount to spend.
• Customer has to repay the spend amount after sometime.
Debit Card :
• Similar to Credit card on coding and encryption.
• Purchase limit depends on the available balance in the account.
Source: javatpoint
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 125 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 126
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 127 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 128
32
Credit/Debit card fraud Credit/Debit card fraud
• A credit card allows us to borrow money from a recipient bank to make Some of the important threats associated with the debit/credit card are-
purchases. ATM (Automated Teller Machine)-
• The issuer of the credit card has the condition that the cardholder will • It is the favourite place of the fraudster from there they can steal our
pay back the borrowed money with an additional agreed-upon charge. card details. Some of the important techniques which the criminals opt
• A debit card is of a plastic card which issued by the financial organization for getting hold of our card information is:
to account holder who has a savings deposit account that can be used
instead of cash to make purchases. 1. Skimming-
• The debit card can be used only when the fund is available in the • It is the process of attaching a data-skimming device in the card reader
account. of the ATM. When the customer swipes their card in the ATM card
reader, the information is copied from the magnetic strip to the device.
• By doing this, the criminals get to know the details of the Card number,
name, CVV number, expiry date of the card and other details.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 129 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 130
33
Credit/Debit card fraud Credit/Debit card fraud
Some of the important threats associated with the debit/credit card are- Some of the important threats associated with the debit/credit card are-
Online Transaction
• Online transaction can be made by the customer to do shopping and pay POS Theft
their bills over the internet. • It is commonly done at merchant stores at the time of POS transaction.
• It is as easy as for the customer, also easy for the customer to hack into • In this, the salesperson takes the customer card for processing payment
our system and steal our sensitive information. and illegally copies the card details for later use.
• Some important ways to steal our confidential information during an
online transaction are-
– By downloading software which scans our keystroke and steals our password and card
details.
– By redirecting a customer to a fake website which looks like original and steals our
sensitive information.
– By using public Wi-Fi
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 133 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 134
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 135 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 136
34
Process of Digital Signature Process of Digital Signature
Digital signatures use ‘Public key Cryptography’.
Digital Signature Creation:
• They employ an algorithm that uses two different but mathematically
related ‘keys’ => Public Key and Private Key • It is performed by the signer. It uses a hash result which is
• Private key is used for creating a digital signature. It is known only to computed from the signed message and the given private key.
the signer.
This hash result is unique.
• Public key is for verifying a digital signature.
• Computer equipment and software are collectively called “Asymmetric
Digital signature verification:
Cryptosystem.” • It is performed by the receiver of the digital signature.
• It involves two processes-
• A digital signature is verified by computing a new hash result of
1. Digital Signature Creation
the original message using the same hash function that was
2. Digital Signature Verification
used to create the digital signature.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 137 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 138
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 139 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 140
35
Applications of Digital Signatures Cryptography and Encryption
• Filing of income tax online • Cryptography ensures secure transfer of data over an unsecured
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 141 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 142
36