Cyber Security

(Unit II)
Application security: Application
security is the process of making
apps more secure by finding, fixing, and enhancing the security of apps.
Much of this happens during the development phase, but it includes tools
and methods to protect apps once they are deployed. This is becoming
more important as hackers increasingly target applications with their
attacks.
Application security is getting a lot of attention. Hundreds of tools are
available to secure various elements of your applications portfolio, from
locking down coding changes to assessing inadvertent coding threats,
evaluating encryption options and auditing permissions and access rights.
There are specialized tools for mobile apps, for network-based apps, and
for firewalls designed especially for web applications.
Why application security is important: The faster and sooner in the
software development process you can find and fix security issues, the
safer your enterprise will be. And, because everyone makes mistakes, the
challenge is to find those mistakes in a timely fashion. For example, a
common coding error could allow unverified inputs. This mistake can
turn into SQL injection attacks and then data leaks if a hacker finds
them. 
Application security tools that integrate into your application
development environment can make this process and workflow simpler
and more effective. These tools are also useful if you are doing
compliance audits, since they can save time and the expense by catching
problems before the auditors see them. 
The rapid growth in the application security segment has been helped by
the changing nature of how enterprise apps are being constructed in the
last several years. Gone are the days where an IT shop would take
months to refine requirements, build and test prototypes, and deliver a
finished product to an end-user department. The idea almost seems quaint
nowadays.
Instead, we have new working methods, called continuous deployment
and integration, that refine an app daily, in some cases hourly. This
means that security tools have to work in this ever-changing world and
find issues with code quickly.
Application security tools: While there are numerous application
security software product categories, the meat of the matter has to do
with two: security testing tools and application shielding products.
The former is a more mature market with dozens of well-known vendors;
some of them are lions of the software industry such as IBM, CA and
MicroFocus. These tools are well enough along that Gartner has created
its Magic Quadrant and classified their importance and success. Review
sites such as IT Central Station have been able to survey and rank these
vendors, too.
Gartner categorizes the security testing tools into several broad buckets,
and they are somewhat useful for how you decide what you need to
protect your app portfolio:
 Static testing, which analyzes code at fixed points during its
development. This is useful for developers to check their code as they are
writing it to ensure that security issues are being introduced during
development.
 Dynamic testing, which analyzes running code. This is more
useful, as it can simulate attacks on production systems and reveal more
complex attack patterns that use a combination of systems.
 Interactive testing, which combines elements of both static and
dynamic testing.
 Mobile testing is designed specifically for the mobile environments
and can examine how an attacker can leverage the mobile OS and the
apps running on them in its entirety.
Another way to look at the testing tools is how they are delivered, either
via an on-premises tool or via a SaaS-based subscription service where
you submit your code for online analysis. Some even do both.
They encompass a few different broad categories:
 Runtime application self-protection (RASP): These tools could
be considered a combination of testing and shielding. They provide a
measure of protection against possible reverse-engineering attacks. RASP
tools are continuously monitoring the behavior of the app, which is useful
particularly in mobile environments when apps can be rewritten, run on a
rooted phone or have privilege abuse to turn them into doing nefarious
things. RASP tools can send alerts, terminate errant processes, or
terminate the app itself if found compromised.
RASP will likely become the default on many mobile development
environments and built-in as part of other mobile app protection tools.
Expect to see more alliances among software vendors that have solid
RASP solutions.  
 Code obfuscation: Hackers often use obfuscation methods to hide
their malware, and now tools allow developer to do this to help protect
their code from being attacked.
 Encryption and anti-tampering tools: These are other methods
that can be used to keep the bad guys from gaining insights into your
code.
 Threat detection tools: These tools examine the environment or
network where your apps are running and make an assessment about
potential threats and misused trust relationships. Some tools can provide
device “fingerprints” to determine whether a mobile phone has been
rooted or otherwise compromised.
Data Security: Data security is the protection of programs and data in
computers and communication systems against unauthorized access,
modification, destruction, disclosure or transfer whether accidental or
intentional by building physical arrangements and software checks. It
refers to the right of individuals or organizations to deny or restrict the
collection and use of information about unauthorized access. Data
security requires system managers to reduce unauthorized access to the
systems by building physical arrangements and software checks.
Data security uses various methods to make sure that the data is correct,
original, kept confidentially and is safe. It includes-
o Ensuring the integrity of data.

o Ensuring the privacy of the data.

o Prevent the loss or destruction of data.

Data security consideration involves the protection of data against

unauthorized access, modification, destruction, loss, disclosure or
transfer whether accidental or intentional. Some of the important data
security consideration is described below:
Backups: Data backup refers to save additional copies of our data in
separate physical or cloud locations from data files in storage. It is
essential for us to keep secure, store, and backup our data on a regular
basis. Securing of the data will help us to prevent from-
o Accidental or malicious damage/modification to data.

o Theft of valuable information.

o Breach of confidentiality agreements and privacy laws.

o Premature release of data which can avoid intellectual properties

claims.
o Release before data have been checked for authenticity and
accuracy.
Keeping reliable and regular backups of our data protects against the risk
of damage or loss due to power failure, hardware failure, software or
media faults, viruses or hacking, or even human errors.
To use the Backup 3-2-1 Rule is very popular. This rule includes:
o Three copies of our data

o Two different formats, i.e., hard drive tape backup or DVD (short
term)+flash drive
o One off-site backup, i.e., have two physical backups and one in the
cloud
Some important backup options are as follows-
1. Hard drives - personal or work computer
 2. Departmental or institution server
3. External hard drives
4. Tape backups
5. Discipline-specific repositories
6. University Archives
7. Cloud storage
Some of the top considerations for implementing secure backup and
recovery are-
1. Authentication of the users and backup clients to the backup server.
2. Role-based access control lists for all backup and recovery
operations.
3. Data encryption options for both transmission and the storage.
4. Flexibility in choosing encryption and authentication algorithms.
5. Backup of a remote client to the centralized location behind
firewalls.
6. Backup and recovery of a client running Security-Enhanced Linux
(SELinux).
7. Using best practices to write secure software.

Archival Storage: Data archiving is the process of retaining or keeping

of data at a secure place for long-term storage. The data might be stored
in safe locations so that it can be used whenever it is required. The
archive data is still essential to the organization and may be needed for
future reference. Also, data archives are indexed and have search
capabilities so that the files and parts of files can be easily located and
retrieved. The Data archival serve as a way of reducing primary storage
consumption of data and its related costs.
Data archival is different from data backup in the sense that data backups
created copies of data and used as a data recovery mechanism to restore
data in the event when it is corrupted or destroyed. On the other hand,
data archives protect the older information that is not needed in day to
day operations but may have to be accessed occasionally.
Data archives may have many different forms. It can be stored as Online,
offline, or cloud storage-
o Online data storage places archive data onto disk systems where it
is readily accessible.
o Offline data storage places archive data onto the tape or other
removable media using data archiving software. Because tape can
be removed and consumes less power than disk systems.
o Cloud storage is also another possible archive target. For example,
Amazon Glacier is designed for data archiving. Cloud storage is
inexpensive, but its costs can grow over time as more data is added
to the cloud archive.
The following list of considerations will help us to improve the long-term
usefulness of our archives:
1. Storage medium
2. Storage device
3. Revisiting old archives
4. Data usability
5. Selective archiving
6. Space considerations
7. Online vs. offline storage
Storage medium: The first thing is to what storage medium we use for
archives. The archived data will be stored for long periods of time, so we
must need to choose the type of media that will be lost as long as our
retention policy dictates.
Storage device: This consideration takes into account about the storage
device we are using for our archives which will be accessible in a few
years. There is no way to predict which types of storage devices will
stand the best. So, it is essential to try to pick those devices that have the
best chance of being supported over the long term.
Revisiting old archives: Since we know our archive policies and the
storage mechanisms we use for archiving data would change over time.
So we have to review our archived data at least once a year to see that if
anything needs to be migrated into a different storage medium.
For example, about ten years ago, we used Zip drives for archival then
we had transferred all of my archives to CD. But in today’s, we store
most of our archives on DVD. Since modern DVD drives can also read
CDs, so we haven't needed to move our extremely old archives off CD
onto DVD.
Data usability: In this consideration, we have seen one major problem in
the real world is archived data which is in an obsolete format.
For example, a few years ago, document files that had been archived in
the early 1990s were created by an application known as PFS Write. The
PFS Write file format was supported in the late 80s and early 90s, but
today, there are not any applications that can read that files. To avoid this
situation, it might be helpful to archive not only the data but also copies
the installation media for the applications that created the data.
Selective archiving: In this consideration, we have to sure about what
should be archived. That means we will archive only a selective part of
data because not all data is equally important.
Space considerations: If our archives become huge, we must plan for
the long-term retention of all our data. If we are archiving our data to
removable media, capacity planning might be simple which makes sure
that there is a free space in the vault to hold all of those tapes, and it
makes sure that there is a room in our IT budget to continue purchasing
tapes.
Online vs. offline storage: In this consideration, we have to decide
whether to store our archives online (on a dedicated archive server) or
offline (on removable media). Both methods of archival contain
advantages and disadvantages. Storing of data online keeps the data
easily accessible. But keeping data online may be vulnerable to theft,
tampering, corruption, etc. Offline storage enables us to store an
unlimited amount of data, but it is not readily accessible.

Disposal of Data: Data destruction or disposal of data is the method of

destroying data which is stored on tapes, hard disks and other electronic
media so that it is completely unreadable, unusable and inaccessible for
unauthorized purposes. It also ensures that the organization retains
records of data for as long as they are needed. When it is no longer
required, appropriately destroys them or disposes of that data in some
other way, for example, by transfer to an archives service.
The managed process of data disposal has some essential benefits-
o It avoids the unnecessary storage costs incurred by using office or
server space in maintaining records which is no longer needed by
the organization.
o Finding and retrieving information is easier and quicker because
there is less to search.
The disposal of data usually takes place as part of the normal records
management process. There are two essential circumstances in which the
destruction of data need to be handled as an addition to this process-
o The quantity of a legacy record requires attention.

o The functions are being transferred to another authority and

disposal of data records becomes part of the change process.
The following list of considerations will help us for the secure disposal of
data-
1. Eliminate access
2. Destroy the data
3. Destroy the device
4. Keep the record of which systems have been decommissioned
5. Keep careful records
6. Eliminate potential clues
7. Keep systems secure until disposal
Eliminate access: In this consideration, we have to ensure that
eliminating access account does not have any rights to re access the
disposed of data again.
Destroy the Data: In this consideration, there is not necessary to remove
data from storage media will be safe. Even these days reformatting or
repartitioning a drive to "erase" the data that it stores is not good enough.
Today's many tools available which can help us to delete files more
securely. To encrypt the data on the drive before performing any deletion
can help us to make data more difficult to recover later.
Destroy the device: In the most cases, storage media need to be
physically destroyed to ensure that our sensitive data is not leaked to
whoever gets the drives next. In such cases, we should not destroy them
itself. To do this, there should be experts who can make probably a lot
better at safely and effectively rendering any data on our drives
unrecoverable. If we can't trust this to an outsider agency that specializes
in the secure destruction of storage devices, we should have a specialized
team within our organization that has the same equipment and skills as
outside contractors.
Keep the record of which systems have been decommissioned: In this,
we have to make sure that the storage media has been fully
decommissioned securely and they do not consist of something easily
misplaced or overlooked. It is best if storage media that have not been
fully decommissioned are kept in a specific location, while
decommissioned equipment placed somewhere else so that it will help us
to avoid making mistakes.
Keep careful records: In this consideration, it is necessary to keep the
record of whoever is responsible for decommissioning a storage media. If
more than one person is assigned for such responsibility, he should sign
off after the completion of the decommissioning process. So that, if
something happened wrong, we know who to talk to find out what
happened and how bad the mistake is.
Eliminate potential clues: In this consideration, we have to clear the
configuration settings from networking equipment. We do this because it
can provide crucial clues to a security cracker to break into our network
and the systems that reside on it.
Keep system secure until disposal of data: In this consideration, we
should have to make clear guidelines for who should have access to the
equipment in need of secure disposal. It will be better to ensure that
nobody should have access authentication to it before disposal of data
won't get his or her hands on it.
Firewall: Firewalls can be understood as a piece of software running on
an individual’s PC, notebook or host. It is designed to allow or restrict
data transferred on a network based on a set of rules. A firewall is used to
protect a network from intrusions and concurrently allow legitimate data
pass through. Usually a firewall should have at least two network traffics,
one for private network and one for public network activities such as the
Internet. At that time it acts as a gate controlling outgoing/incoming data
streams of an intranet.

Firewall Characteristics: Lists the following design goals for a firewall:

1. All traffic from inside to outside, and vice versa, must pass through
the firewall. This is achieved by physically blocking all access to
the local network except via the firewall. Various configurations are
possible, as explained later in this chapter.
2. Only authorized traffic, as defined by the local security policy, will
be allowed to pass. Various types of firewalls are used, which
implement various types of security policies, as explained later in
this chapter. 3. The firewall itself is immune to penetration. This
implies the use of a hardened system with a secured operating
 system. Trusted computer systems are suitable for hosting a firewall
and often required in government applications.
Lists four general techniques that firewalls use to control access and
enforce the site’s security policy. Originally, firewalls focused primarily
on service control, but they have since evolved to provide all four:
 Service control: Determines the types of Internet services that can
be accessed, inbound or outbound. The firewall may filter traffic on
the basis of IP address, protocol, or port number; may provide
proxy software that receives and interprets each service request
before passing it on; or may host the server software itself, such as
a Web or mail service.
 Direction control: Determines the direction in which particular
service requests may be initiated and allowed to flow through the
firewall.
 User control: Controls access to a service according to which user
is attempting to access it. This feature is typically applied to users
inside the firewall perimeter (local users). It may also be applied to
incoming traffic from external users; the latter requires some form
of secure authentication technology, such as is provided in IPsec.
 Behavior control: Controls how particular services are used. For
example, the firewall may filter e-mail to eliminate spam, or it may
enable external access to only a portion of the information on a
local Web server.
VPN: VPN (Virtual Private Network) Definition: VPN meaning that it is
a private point-to-point connection between two machines or networks
over a shared or public network such
as the internet. A Virtual Private Network is a combination of software
and hardware. VPN (Virtual Private Network) technology can be use in
organization to extend its safe encrypted connection over less secure
internet to connect remote users, branch offices, and partner private,
internal network. VPN turn the Internet into a simulated private WAN.
It uses “virtual” connections routed through the internet from a business’s
private network to the
remote site. A Virtual Private Network is a technology which creates a
network, and that network
is virtually private.
The letter V in VPN stands for “virtual” means that it shares physical
circuits with other traffic A Virtual Private Network is a connection
method used to add security and privacy to private and public networks,
like Wi-Fi Hotspots and the Internet. Virtual Private Networks are most
often used by corporations to protect sensitive data. However, using a
personal VPN is increasingly becoming more popular as more
interactions that were previously face-to-face transition to the Internet.
Privacy is increased with a Virtual Private Network because the user's
initial IP address is replaced with one from the Virtual Private Network
provider. Subscribers can obtain an IP address from any gateway city the
VPN service provides and it has no corresponding physical network.
A virtual private network (VPN) allows the provisioning of private
network services for an organization or organizations over a public or
shared infrastructure such as the Internet or service provider backbone
network. The shared service provider backbone network is known as
the VPN backbone and is used to transport traffic for multiple VPNs, as
well as possibly non-VPN traffic.
VPN (Virtual Private Network) is a generic term used to describe a
communication network that uses any combination of technologies to
secure a connection tunneled through an otherwise unsecured or
untrusted network. Instead of using a dedicated connection, such as
leased line, a "virtual" connection is made between geographically
dispersed users and networks over a shared or public network, like the
Internet. Data is transmitted as if it were passing through private
connections.
VPN Devices: Before describing the various VPN technologies and
models, it is useful to first describe the various customer and provider
network devices that are relevant to the discussion.
Devices in the customer network fall into one of two categories:
 Customer (C) devices—C devices are simply devices such as
routers and switches located within the customer network. These
 devices do not have direct connectivity to the service provider
network. C devices are not aware of the VPN.
 Customer Edge (CE) devices—CE devices, as the name suggests,
are located at the edge of the customer network and connect to the
provider network.
 Service Provider (P) devices—P devices are devices such as
routers and switches within the provider network that do not
directly connect to customer networks. P devices are unaware of
customer VPNs.
 Service Provider Edge (PE) devices—PE devices connect directly
to customer networks via CE devices. PE devices are aware of the
VPN in PE-based VPNs, but are unaware of the VPN in CE-based
VPNs.
There are three types of PE device:
— Provider Edge routers
— Provider Edge switches
— Provider Edge devices that are capable of both routing and
switching

Intrusion detection: Intrusion detection systems (IDSs) help detect

attacks on systems and networks. Intrusions in an information system are
the activities that violate the security policy of the system, and intrusion
detection is the process used to identify intrusions. Intrusion detection has
been studied for approximately 20 years. It is based on the beliefs that an
intruder’s behavior will be noticeably different from that of a legitimate
user and that many unauthorized actions will be detectable An IDS can
only detect an attack. It cannot prevent attacks. In contrast, an IPS
prevents attacks by detecting them and stopping them before they reach
the target. An attack is any attempt to compromise confidentiality,
integrity, or availability.
Intrusion detection systems (IDSs) are usually deployed along with other
preventive security mechanisms, such as access control and
authentication, as a second line of defense that protects information
systems. There are several reasons that make intrusion detection a
necessary part of the entire defense system. First, many traditional
systems and applications were developed without security in mind. In
other cases, systems and applications were developed to work in a
different environment and may become vulnerable when deployed in the
current environment. (For example, a system may be perfectly secure
when it is isolated but become vulnerable when it is connected to the
Internet.) Intrusion detection provides a way to identify and thus allow
responses to, attacks against these systems. Second, due to the limitations
of information security and software engineering practice, computer
systems and applications may have design flaws or bugs that could be
used by an intruder to attack the systems or applications. As a result,
certain preventive mechanisms (e.g., firewalls) may not be as effective as
expected
The two primary methods of detection are signature-based and
anomaly-based. Any type of IDS (HIDS or NIDS) can detect attacks
based on signatures, anomalies, or both. The HIDS monitors the network
traffic reaching its NIC, and the NIDS monitors the traffic on the
network.
Signature-Based Detection: Signature-based IDSs (also called
definition-based) use a database of known vulnerabilities or known attack
patterns. For example, tools are available for an attacker to launch a SYN
flood attack on a server by simply entering the IP address of the system
to attack. The attack tool then floods the target system with synchronize
(SYN) packets, but never completes the three-way Transmission Control
Protocol (TCP) handshake with the final acknowledge (ACK) packet. If
the attack isn’t blocked, it can consume resources on a system and
ultimately cause it to crash.
However, this is a known attack with a specific pattern of successive
SYN packets from one IP to another IP. The IDS can detect these patterns
when the signature database includes the attack definitions. The process
is very similar to what antivirus software uses to detect malware. You
need to update both IDS signatures and antivirus definitions from the
vendor on a regular basis to protect against current threats.
Anomaly-Based Detection: Anomaly-based (also called heuristic-based
or behavior-based) detection first identifies normal operation or normal
behavior. It does this by creating a performance baseline under normal
operating conditions.
The IDS provides continuous monitoring by constantly comparing
current network behavior against the baseline. When the IDS detects
abnormal activity (outside normal boundaries as identified in the
baseline), it gives an alert indicating a potential attack.
Anomaly-based detection is similar to how heuristic-based antivirus
software works. Although the internal methods are different, both
examine activity and make decisions that are outside the scope of a
signature or definition database.
This can be effective at discovering zero-day exploits. A zero-day
vulnerability is usually defined as one that is unknown to the vendor.
However, in some usage, administrators define a zero-day exploit as one
where the vendor has not released a patch. In other words, the vendor
may know about the vulnerability but has not written, tested, and released
a patch to close the vulnerability yet.
In both cases, the vulnerability exists and systems are unprotected. If
attackers discover the vulnerabilities, they try to exploit them. However,
the attack has the potential to create abnormal traffic allowing an
anomaly-based system to detect it.
Any time administrators make any significant changes to a system or
network that cause the normal behavior to change, they should re-create
the baseline. Otherwise, the IDS will constantly alert on what is now
normal behavior.

Access controls: Access control is a method of guaranteeing that users

are who they say they are and that they have the appropriate access to
company data. At a high level, access control is a selective restriction of
access to data. It consists of two main components: authentication and
authorization,Authentication is a technique used to verify that someone is
who they claim to be. Authentication isn’t sufficient by itself to protect
data, Crowle. What’s needed is an additional layer, authorization, which
determines whether a user should be allowed to access the data or make
the transaction they’re attempting. Without authentication and
authorization, there is no data security,“In every data breach, access
controls are among the first policies investigated,”
Types of access control: Organizations must determine the appropriate
access control model to adopt based on the type and sensitivity of data
they’re processing, says Wagner. Older access models include
discretionary access control (DAC) and mandatory access
control (MAC), role based access control (RBAC) is the most common
model today, and the most recent model is known as attribute based
access control (ABAC).
Discretionary access control (DAC): With DAC models, the data owner

decides on access. DAC is a means of assigning access rights based on

rules that users specify.

Mandatory access control (MAC): MAC was developed using a

nondiscretionary model, in which people are granted access based on an

information clearance. MAC is a policy in which access rights are

assigned based on regulations from a central authority.

Role based action control (RBAC): RBAC grants access based on a

user’s role and implements key security principles, such as “least

privilege” and “separation of privilege.” Thus, someone attempting to

access information can only access data that’s deemed necessary for their

role.

Attribute Based Access Control (ABAC): In ABAC, each resource and

user are assigned a series of attributes, Wagner explains. “In this dynamic

method, a comparative assessment of the user’s attributes, including time

of day, position and location, are used to make a decision on access to a

resource.”

Access control solutions: A number of technologies can support the

various access control models. In some cases, multiple technologies may

need to work in concert to achieve the desired level of access control,

Wagner says.

“The reality of data spread across cloud service providers and SaaS

applications and connected to the traditional network perimeter dictate

the need to orchestrate a secure solution,” he notes. “There are multiple

vendors providing privilege access and identity management solutions

that can be integrated into a traditional Active Directory construct from

Microsoft. Multi factor authentication can be a component to further

enhance security.”

Cyber security Threats:

Computer virus: A computer virus is very similar. Designed to replicate

relentlessly, computer viruses infect your programs and files, alter the

way your computer operates or stop it from working altogether. Some

computer viruses are programmed to harm your computer by damaging

programs, deleting files, or reformatting the hard drive. Others simply

replicate themselves or flood a network with traffic, making it impossible

to perform any internet activity. Even less harmful computer viruses can

significantly disrupt your system’s performance, sapping computer

memory and causing frequent computer crashes.

How does a computer virus find me?

Even if you’re careful, you can pick up computer viruses through normal
Web activities like:

• Sharing music, files, or photos with other users

• Visiting an infected website

• Opening spam email or an email attachment

• Downloading free games, toolbars, media players and other system

utilities

• Installing mainstream software applications without thoroughly

reading license agreements

What does a computer virus do? Some computer viruses are

programmed to harm your computer by damaging programs, deleting
files, or reformatting the hard drive. Others simply replicate themselves
or flood a network with traffic, making it impossible to perform any
internet activity. Even less harmful computer viruses can significantly
disrupt your system’s performance, sapping computer memory and
causing frequent computer crashes.
What are the symptoms of a computer virus?

Your computer may be infected if you recognize any of these malware

symptoms:  

• Slow computer performance

• Erratic computer behavior

• Unexplained data loss

• Frequent computer crashes

How to protect against computer viruses? When you arm yourself

with information and resources, you’re wiser about computer security
threats and less vulnerable to threat tactics. Take these steps to safeguard
your PC with the best computer virus protection:  

• Use antivirus protection and a firewall

• Get antispyware software

• Always keep your antivirus protection and antispyware software

up-to-date

• Update your operating system regularly

• Increase your browser security settings

• Avoid questionable Web sites

• Only download software from sites you trust.

• Carefully evaluate free software and file-sharing applications before

downloading them.  

• Don't open messages from unknown senders

• Immediately delete messages you suspect to be spam.

Computer worm: A computer worm is a software program that can copy

itself from one computer to another, without human interaction. Worms
can replicate in great volume and with great speed. For example, a worm
can send copies of itself to every contact in your email address book and
then send itself to all the contacts in your contacts’ address books.

A computer worm is a type of malware that spreads copies of itself from

computer to computer. A worm can replicate itself without any human
interaction, and it does not need to attach itself to a software program in
order to cause damage.

Because of their speed of infection, worms often gain notoriety overnight

infecting computers across the globe as quickly as victims around the
world switch them on and open their email. This happened with the
Conficker worm (also known as Downadup), which, in just four days, had
more than tripled the number of computers it infected to 8.9 million.
How do computer worms work? Worms can be transmitted via software
vulnerabilities. Or computer worms could arrive as attachments in spam
emails or instant messages (IMs). Once opened, these files could provide
a link to a malicious website or automatically download the computer
worm. Once it’s installed, the worm silently goes to work and infects the
machine without the user’s knowledge.
Worms can modify and delete files, and they can even inject additional
malicious software onto a computer. Sometimes a computer worm’s
purpose is only to make copies of itself over and over — depleting
system resources, such as hard drive space or bandwidth, by overloading
a shared network. In addition to wreaking havoc on a computer’s
resources, worms can also steal data, install a backdoor, and allow a
hacker to gain control over a computer and its system settings.
Torjan Horse: A Trojan horse, or Trojan, is a type of malicious code or
software that looks legitimate but can take control of your computer. A
Trojan is designed to damage, disrupt, steal, or in general inflict some
other harmful action on your data or network.
A Trojan acts like a bona fide application or file to trick you. It seeks to
deceive you into loading and executing the malware on your device.
Once installed, a Trojan can perform the action it was designed for.
A Trojan is sometimes called a Trojan virus or a Trojan horse virus, but
that’s a misnomer. Viruses can execute and replicate themselves. A
Trojan cannot. A user has to execute Trojans. Even so, Trojan malware
and Trojan virus are often used interchangeably.
Whether you prefer calling it Trojan malware or a Trojan virus, it’s smart
to know how this infiltrator works and what you can do to keep your
devices safe. Here’s a Trojan malware example to show how works.You
might think you’ve received an email from someone you know and click
on what looks like a legitimate attachment. But you’ve been fooled. The
email is from a cybercriminal, and the file you clicked on — and
downloaded and opened — has gone on to install malware on your
device.
When you execute the program, the malware can spread to other files and
damage your computer.
How? It varies. Trojans are designed to do different things. But you’ll
probably wish they weren’t doing any of them on your device.

Common types of Trojan malware, from A to Z. Here’s a look at some of

the most common types of Trojan malware, including their names and
what they do on your computer:

Backdoor Trojan: This Trojan can create a “backdoor” on your

computer. It lets an attacker access your computer and control it. Your
data can be downloaded by a third party and stolen. Or more malware can
be uploaded to your device.
Distributed Denial of Service (DDoS) attack Trojan: This Trojan
performs DDoS attacks. The idea is to take down a network by flooding
it with traffic. That traffic comes from your infected computer and others.
Downloader Trojan: This Trojan targets your already-infected computer.
It downloads and installs new versions of malicious programs. These can
include Trojans and adware.
Fake AV Trojan: This Trojan behaves like antivirus software, but
demands money from you to detect and remove threats, whether they’re
real or fake.
Game-thief Trojan: The losers here may be online gamers. This Trojan
seeks to steal their account information.
Infostealer Trojan: As it sounds, this Trojan is after data on your
infected computer.
Mailfinder Trojan: This Trojan seeks to steal the email addresses
you’ve accumulated on your device.
Ransom Trojan: This Trojan seeks a ransom to undo damage it has done
to your computer. This can include blocking your data or impairing your
computer’s performance.
Remote Access Trojan: This Trojan can give an attacker full control
over your computer via a remote network connection. Its uses include
stealing your information or spying on you.
Rootkit Trojan: A rootkit aims to hide or obscure an object on your
infected computer. The idea? To extend the time a malicious program
runs on your device.
SMS Trojan: This type of Trojan infects your mobile device and can
send and intercept text messages. Texts to premium-rate numbers can
drive up your phone costs.
Trojan banker: This Trojan takes aim at your financial accounts. It’s
designed to steal your account information for all the things you do
online. That includes banking, credit card, and bill pay data.
Trojan IM: This Trojan targets instant messaging. It steals your logins
and passwords on IM platforms.
That’s just a sample. There are a lot more.
Bombs: A logic bomb is a malicious program that uses a trigger to
activate the malicious code. The logic bomb remains non-functioning
until that trigger event happens. Once triggered, a logic bomb implements
a malicious code that causes harm to a computer. Cyber security
specialists recently discovered logic bombs that attack and destroy the
hardware components in a workstation or server including the cooling
fans, hard drives, and power supplies. The logic bomb overdrives these
devices until they overheat or fail.
A logic bomb is malware that is triggered by a response to an event, such
as launching an application or when a specific date/time is reached.
Attackers can use logic bombs in a variety of ways. They can embed
arbitrary code within a fake application, or Trojan horse, and will be
executed whenever you launch the fraudulent software. Attackers can
also use a combination of spyware and logic bombs in an attempt to steal
your identity. For example, cyber-criminals use spyware to covertly
install a keylogger on your computer. The keylogger can capture your
keystrokes, such as usernames and passwords. The logic bomb is
designed to wait until you visit a website that requires you to log in with
your credentials, such as a banking site or social network. Consequently,
this will trigger the logic bomb to execute the key logger and capture
your credentials and send them to a remote attacker.
Time Bomb: When a logic bomb is programmed to execute when a
specific date is reached, it is referred to as a time bomb. Time bombs are
usually programmed to set off when important dates are reached, such as
Christmas or Valentine’s Day. Disgruntled employees have created time
bombs to execute within their organizations’ networks and destroy as
much data as possible in the event that they are terminated. The malicious
code will remain dormant as long as the programmer exists in the
organization’s payroll system. However, once removed, the malware is
executed.
Prevention: Logic bombs are difficult to prevent because they can be
deployed from almost anywhere. An attacker can plant the logic bomb
via a variety of means on multiple platforms, such as hiding the malicious
code in a script or deploying it on a SQL server. For organizations,
segregation of duties might offer protection against logic bombs. By
restricting employees to specific tasks, a potential attacker will be
exposed to carry out the logic bomb deployment, which may deter the
subject to carry out the attack. Most organizations implement a business
continuity and disaster recovery plan that includes processes such as data
backups and recovery. If a logic bomb attack were to purge critical data,
the organization can enforce the disaster recovery plan and follow the
necessary steps to recover from the attack. To protect your personal
systems, follow these tasks:
Do not download pirated software. Logic bombs can be distributed by
exploits that promote software piracy.
Be careful with installing shareware/freeware applications. Ensure
you acquire these applications from a reputable source. Logic bombs can
be embedded within Trojan horses. Therefore, beware of fake software
products.
Be cautious when opening email attachments. Email attachments may
contain malware such as logic bombs. Use extreme caution when
handling emails and attachments.
Do not click on suspicious web links. Clicking on an unsafe link may
direct you to an infected website that may host the logic bomb malware.
Always update your antivirus software. Most antivirus applications
can detect malware such as Trojan horses (which may contain logic
bombs). Configure your antivirus software to routinely check for updates.
If your antivirus software does not contain the latest signature files, it will
be rendered useless against new malware threats.
Install the latest operating system patches. Not keeping up
with operating system updates will make your PC vulnerable to the latest
malware threats. Use the Automatic Updates feature in Windows to
automatically download and install Microsoft security updates.
Apply patches to other software installed on your computer. Ensure
that you have the latest patches installed on all of your software
applications, such as Microsoft Office software, Adobe products, and
Java. These vendors often release software patches for their products to
fix vulnerabilities that can be used by cyber-criminals as means to deploy
an attack, such as logic bombs.
Denial of Service (DoS) : Denial of service implies that an attacker
disables or corrupts networks, systems, or services with the intent to deny
services to intended users. DoS attacks involve either crashing the system
or slowing it down to the point that it is unusable. But DoS can also be as
simple as deleting or corrupting information. In most cases, performing
the attack simply involves running a hack or script. The attacker does not
need prior access to the target because a way to access it is all that is
usually required. For these reasons, DoS attacks are the most feared.
A denial-of-service attack is a security event that occurs when an attacker
takes action that prevents legitimate users from accessing targeted
computer systems, devices or other network resources. In a DoS attack,
the attacker usually sends excessive messages asking the network or
server to authenticate requests that have invalid return addresses. The
network or server will not be able to find the return address of the
attacker when sending the authentication approval, causing the server to
wait before closing the connection. When the server closes the
connection, the attacker sends more authentication messages with invalid
return addresses. Hence, the process of authentication and server wait
will begin again, keeping the network or server busy.
A DoS attack can be done in a several ways. The basic types of DoS
attack include:
1. Flooding the network to prevent legitimate network traffic
2. Disrupting the connections between two machines, thus
preventing access to a service
3. Preventing a particular individual from accessing a service.
4. Disrupting a service to a specific system or individual
5. Disrupting the state of information, such resetting of TCP
sessions

Spoofing mean: Spoofing, in general, is a fraudulent or malicious

practice in which communication is sent from an unknown source
disguised as a source known to the receiver. Spoofing is most prevalent
in communication mechanisms that lack a high level of security.
Email spoofing is one of the best known spoofs. Since core SMTP fails
to offer authentication, it is simple to forge and impersonate emails.
Spoofed emails may request personal information and may appear to be
from a known sender. Such emails request the recipient to reply with an
account number for verification. The email spoofer then uses this account
number for identity theft purposes, such as accessing the victim's bank
account, details changing contact etc.
The attacker (or spoofer) knows that if the recipient receives a spoofed
email that appears to be from a known source, it is likely to be opened
and acted upon. So a spoofed email may also contain additional threats
like Trojans or other viruses. These programs can cause significant
computer damage by triggering unexpected activities, remote access,
deletion of files and more.
Email virus: An email virus is a virus that is sent with or attached to
email communications. While many different types of email viruses work
in different ways, there also are a variety of methods used to counteract
such challenging cyber attacks.
Email viruses are often connected with phishing attacks in which hackers
send out malicious email messages that look as if they are originated
from legitimate sources, including the victim's bank, social media,
internet search sites or even friends and co-workers. The attacker's goal,
in these cases, is to trick users into revealing personal information, such
as the victim's usernames, full names and addresses, passwords, Social
Security numbers or payment card numbers.
Macro Virus: A macro virus is a computer virus that replaces a macro,
which is what enables a program to work and instigates a designated
group of actions and commands. When these actions and commands are
replaced by a virus, this can cause significant harm to a computer. 
Malicious Software (Malware): Malicious software, commonly known
as malware, is any software that brings harm to a computer system.
Malware can be in the form of worms, viruses, Trojans, spyware, adware
and rootkits, etc., which steal protected data, delete documents or add
software not approved by a user.
Malicious software (malware) is any software that gives partial to full
control of your computer to do whatever the malware creator wants.
Malware can be a virus, worm, trojan, adware, spyware, root kit, etc. The
damage done can vary from something slight as changing the author's
name on a document to full control of your machine without your ability
to easily find out. Most malware requires the user to initiate it's operation.
Some vectors of attack include attachments in e-mails, browsing a
malicious website that installs software after the user clicks ok on a
pop-up, and from vulnerabilities in the operating system or programs.
Malware is not limited to one operating system.
Threat to E-Commerce
E-Commerce refers to the activity of buying and selling things over the
internet. Simply, it refers to the commercial transactions which are
conducted online. E-commerce can be drawn on many technologies such
as mobile commerce, Internet marketing, online transaction processing,
electronic funds transfer, supply chain management, electronic data
interchange (EDI), inventory management systems, and automated data
collection systems.
E-commerce threat is occurring by using the internet for unfair means
with the intention of stealing, fraud and security breach. There are
various types of e-commerce threats. Some are accidental, some are
purposeful, and some of them are due to human error. The most common
security threats are an electronic payments system, e-cash, data misuse,
credit/debit card frauds, etc.
Electronic payments system: With the rapid development of the
computer, mobile, and network technology, e-commerce has become a
routine part of human life. In e-commerce, the customer can order
products at home and save time for doing other things. There is no need
of visiting a store or a shop. The customer can select different stores on
the Internet in a very short time and compare the products with different
characteristics such as price, colour, and quality.
The electronic payment systems have a very important role in
e-commerce. E-commerce organizations use electronic payment systems
that refer to paperless monetary transactions. It revolutionized the
business processing by reducing paperwork, transaction costs, and labour
cost. E-commerce processing is user-friendly and less time consuming
than manual processing. Electronic commerce helps a business
organization expand its market reach expansion. There is a certain risk
with the electronic payments system.
Some of them are:
The Risk of Fraud: An electronic payment system has a huge risk of
fraud. The computing devices use an identity of the person for
authorizing a payment such as passwords and security questions. These
authentications are not full proof in determining the identity of a person.
If the password and the answers to the security questions are matched, the
system doesn't care who is on the other side. If someone has access to our
password or the answers to our security question, he will gain access to
our money and can steal it from us.
The Risk of Tax Evasion: The Internal Revenue Service law requires
that every business declare their financial transactions and provide paper
records so that tax compliance can be verified. The problem with
electronic systems is that they don't provide cleanly into this paradigm. It
makes the process of tax collection very frustrating for the Internal
Revenue Service. It is at the business's choice to disclose payments
received or made via electronic payment systems. The IRS has no way to
know that it is telling the truth or not that makes it easy to evade taxation.
The Risk of Payment Conflicts: In electronic payment systems, the
payments are handled by an automated electronic system, not by humans.
The system is prone to errors when it handles large amounts of payments
on a frequent basis with more than one recipients involved. It is essential
to continually check our pay slip after every pay period ends in order to
ensure everything makes sense. If it is a failure to do this, may result in
conflicts of payment caused by technical glitches and anomalies.
E-cash: E-cash is a paperless cash system which facilitates the transfer
of funds anonymously. E-cash is free to the user while the sellers have
paid a fee for this. The e-cash fund can be either stored on a card itself or
in an account which is associated with the card. The most common
examples of e-cash system are transit card, PayPal, GooglePay, Paytm,
etc.
Backdoors Attacks:
It is a type of attacks which gives an attacker to unauthorized access to a
system by bypasses the normal authentication mechanisms. It works in
the background and hides itself from the user that makes it difficult to
detect and remove.
Denial of service attacks: A denial-of-service attack (DoS attack) is a
security attack in which the attacker takes action that prevents the
legitimate (correct) users from accessing the electronic devices. It makes
a network resource unavailable to its intended users by temporarily
disrupting services of a host connected to the Internet.
Direct Access Attacks: Direct access attack is an attack in which an
intruder gains p hysical access to the computer to perform an
unauthorized activity and installing various types of software to
compromise security. These types of software loaded with worms and
download a huge amount of sensitive data from the target victims.
Eavesdropping: This is an unauthorized way of listening to private
communication over the network. It does not interfere with the normal
operations of the targeting system so that the sender and the recipient of
the messages are not aware that their conversation is tracking.
Credit/Debit card fraud: A credit card allows us to borrow money
from a recipient bank to make purchases. The issuer of the credit card has
the condition that the cardholder will pay back the borrowed money with
an additional agreed-upon charge.
A debit card is of a plastic card which issued by the financial
organization to account holder who has a savings deposit account that can
be used instead of cash to make purchases. The debit card can be used
only when the fund is available in the account.
ATM (Automated Teller Machine): It is the favourite place of the
fraudster from there they can steal our card details. Some of the important
techniques which the criminals opt for getting hold of our card
information is:
Skimming: It is the process of attaching a data-skimming device in the
card reader of the ATM. When the customer swipes their card in the
ATM card reader, the information is copied from the magnetic strip to the
device. By doing this, the criminals get to know the details of the Card
number, name, CVV number, expiry date of the card and other details.
Unwanted Presence: It is a rule that not more than one user should use
the ATM at a time. If we find more than one people lurking around
together, the intention behind this is to overlook our card details while we
were making our transaction.
Vishing/Phishing: Phishing is an activity in which an intruder obtained
the sensitive information of a user such as password, usernames, and
credit card details, often for malicious reasons, etc.
Vishing is an activity in which an intruder obtained the sensitive
information of a user via sending SMS on mobiles. These SMS and Call
appears to be from a reliable source, but in real they are fake. The main
objective of vishing and phishing is to get the customer's PIN, account
details, and passwords.
Online Transaction: Online transaction can be made by the customer to
do shopping and pay their bills over the internet. It is as easy as for the
customer, also easy for the customer to hack into our system and steal our
sensitive information. Some important ways to steal our confidential
information during an online transaction are-
• By downloading software which scans our keystroke and
steals our password and card details.
• By redirecting a customer to a fake website which looks like
original and steals our sensitive information.
• By using public Wi-Fi
POS Theft: It is commonly done at merchant stores at the time of POS
transaction. In this, the salesperson takes the customer card for
processing payment and illegally copies the card details for later use.
Digital Signature Certificate: Digital Signature Certificates (DSC) are
the digital equivalent (that is electronic format) of physical or paper
certificates. Few Examples of physical certificates are drivers' licenses,
passports or membership cards. Certificates serve as proof of identity of
an individual for a certain purpose; for example, a driver's license
identifies someone who can legally drive in a particular country.
Likewise, a digital certificate can be presented electronically to prove
one’s identity, to access information or services on the Internet or to sign
certain documents digitally.
A licensed Certifying Authority (CA) issues the digital signature.
Certifying Authority (CA) means a person who has been granted a
license to issue a digital signature certificate under Section 24 of the
Indian IT-Act 2000.
Issuing Authority: NIC, IDRBT, SAFE SCRYPT, CDAC etc.
Public Key Cryptography (PKC): Public key cryptography (PKC) is an
encryption technique that uses a paired public and private key (or
asymmetric key) algorithm for secure data communication. A message
sender uses a recipient's public key to encrypt a message. To decrypt the
sender's message, only the recipient's private key may be used.
The two types of PKC algorithms are RSA, which is an acronym named
after this algorithm's inventors: Rivest, Shamir and Adelman, and Digital
Signature Algorithm (DSA). PKC encryption evolved to meet the
growing secure communication demands of multiple sectors and
industries, such as the military.
PKC is also known as public key encryption, asymmetric encryption,
asymmetric cryptography, asymmetric cipher, asymmetric key encryption
and Diffie-Hellman encryption.