Professional Documents
Culture Documents
CCS Unit 5
CCS Unit 5
CCS Unit 5
Cyber Crime and Information Security – classifications of Cyber Crimes – Tools and
Methods – Password Cracking, Key loggers, Spywares, SQL Injection – Network Access
Control – Cloud Security – Web Security – Wireless Security
Cybercrime is criminal activity that either targets or uses a computer, a computer network
or a networked device .Cybercrime is committed by cybercriminals or hackers who want to
make money. Cybercrime is carried out by individuals or organizations. Some
cybercriminals are organized, use advanced techniques and are highly technically skilled.
Others are novice hackers.
● Some cybercriminals are organized, use advanced techniques and are highly
technically skilled. Others are novice hackers.
● Rarely, cybercrime aims to damage computers for reasons other than profit. These
could be political or personal.
● Most cybercrime falls under two main categories: Criminal activity that targets
Criminal activity that uses computers to commit other crimes.
● Cybercrime that targets computers often involves viruses and other types of
malware. Cybercriminals may infect computers with viruses and malware to damage
devices or stop them working.
● They may also use malware to delete or steal data. Cybercrime that stops users using
a machine or network, or prevents a business providing a software service to its
customers, is called a Denial-of-Service (DoS) attack. Cybercrime that uses
computers to commit other crimes may involve using computers or networks to
spread malware, illegal information or illegal images.
● Sometimes cybercriminals conduct both categories of cybercrime at once. They may
target computers with viruses first. Then, use them to spread malware to other
machines or throughout a network.
Cybercriminals may also carry out what is known as a Distributed-Denial-of-Service (DDos)
attack. This is similar to a DoS attack but cybercriminals use numerous compromised
computers to carry it out.
Information Security
Types of cybercrime
● Email and internet fraud - Email fraud (or email scam) is intentional deception for
either personal gain or to damage another individual by means of email. Internet
fraud is the use of Internet services or software with Internet access to defraud
victims or to otherwise take advantage of them.
● Identity fraud (where personal information is stolen and used) - is the use by one
person of another person's personal information, without authorization, to commit
a crime or to deceive or defraud that other person or a third person.
● Theft of financial or card payment data - The purpose may be to obtain goods or
services, or to make payment to another account which is controlled by a criminal.
● Theft and sale of corporate data - Data theft is the act of stealing information
stored on corporate databases, devices, and servers. This form of corporate theft is a
significant risk for businesses of all sizes and can originate both inside and outside
an organization.
● Cyberextortion (demanding money to prevent a threatened attack) -
Cyberextortion is a crime involving an attack or threat of an attack coupled with a
demand for money or some other response in return for stopping or remediating the
attack. Cyberextortion attacks start with a hacker gaining access to an organization's
systems and seeking points of weakness or targets of value. While ransomware
attacks can be automated through malware spread by email, infected websites or ad
networks, these attacks tend to spread indiscriminately, and they may result in only
a small percentage of victims paying the extortionists. More targeted attacks can
produce less collateral damage while providing more lucrative targets for the
extortion attempt.
● Ransomware attacks (a type of cyberextortion) - Ransomware is a type of
malicious software (malware) that threatens to publish or blocks access to data or a
computer system, usually by encrypting it, until the victim pays a ransom fee to the
attacker. In many cases, the ransom demand comes with a deadline. If the victim
doesn’t pay in time, the data is gone forever.
● Cryptojacking (where hackers mine cryptocurrency using resources they do
not own) - Cryptojacking is the unauthorized use of someone else’s computer to
mine cryptocurrency. Hackers do this by either getting the victim to click on a
malicious link in an email that loads cryptomining code on the computer, or by
infecting a website or online ad with JavaScript code that auto-executes once loaded
in the victim’s browser.
● Cyberespionage (where hackers access government or company data) - Cyber
espionage is a form of cyber attack that steals classified, sensitive data or intellectual
property to gain an advantage over a competitive company or government entity.
Drug Trafficking
● Drug traffickers generally use encrypted messaging tools to build communications
with drug mules.
● There have been several instances of dark web site, such as the site ‘Silk Road’ was a
notorious online marketplace for drugs, before it was shut down by law
enforcement. It got reopened again under new management, but got shut down
again later on.
● Another site emerged later on with the same name just to use the brand value. A big
example of drug trafficking by way of cyber crime would be cyber attack on the port
Antwerp of Belgium by 2011 - 2013.
● It was reported that hackers were hired by drug traffickers with the objective of
breaching the IT systems which used to control the movements and location of the
containers. Even in a police raid earlier, large amount of drugs, cash, along with
several equipments for computer hacking were seized.
● Several persons were charged as well. It was reported by the prosecutors that a
Netherlands based trafficking group had hid drugs like cocaine and other in several
legitimate cargo containers.
● At the same time the hackers group was in function at the computer networks of
Antwerp port.
● They could access the secure data with regard to the location and security details of
the containers, and by a few methods stole their marked cargo before the legitimate
owner arrived.
● The suspicion first arose when the containers were found to be disappearing from
the port without any reasonable explanation.
● It was found that hackers had used malicious softwares to e-mail the staffs and
access data remotely. Even after the initial breach was discovered and a firewall was
created to prevent any attacks, the attackers were reported to have entered the
premises and installed key-loggers into the computers.
● To take any measure to prevent illegal drug trafficking is not that easy, and when at
the same time it happens by way of cyber crimes, it becomes more difficult, as
cyberspace has no limits.
● Drug trade is international in nature, and law enforcement agencies are not always
effective because of the wide and complex nature of cyber attackers. However, since
the profit of drug trafficking and cyber crimes are equally big, mere one or two
arrests here and there won’t bode any measure.
● International laws and partnerships across nations will have to be strong. One
nation should help another in case of investigation or e
● xtradition of a criminal to the other. Overall, to neutralise drug trafficking by cyber
crimes one nation’s law is never sufficient.
● These are the places where United Nations, or INTERPOL can come up with some
measures.
Cyber Terrorism
● Cyberterrorism is the use of the Internet to conduct violent acts that result in, or
threaten, loss of life or significant bodily harm, in order to achieve political or
ideological gains through threat or intimidation.
● It is also sometimes considered an act of Internet terrorism where terrorist
activities, including acts of deliberate, large-scale disruption of computer networks,
especially of personal computers attached to the Internet by means of tools such as
computer viruses, computer worms, phishing, and other malicious software and
hardware methods and programming scripts.
● Cyberterrorism is a controversial term. Some authors opt for a very narrow
definition, relating to deployment by known terrorist organizations of disruption
attacks against information systems for the primary purpose of creating alarm,
panic, or physical disruption.
● Other authors prefer a broader definition, which includes cybercrime.
● Participating in a cyberattack affects the terror threat perception, even if it isn't done
with a violent approach. By some definitions, it might be difficult to distinguish
which instances of online activities are cyberterrorism or cybercrime.
● Cyberterrorism can be also defined as the intentional use of computers, networks,
and public internet to cause destruction and harm for personal objectives.
● Experienced cyberterrorists, who are very skilled in terms of hacking can cause
massive damage to government systems, hospital records, and national security
programs, which might leave a country, community or organization in turmoil and in
fear of further attacks. The objectives of such terrorists may be political or
ideological since this can be considered a form of terror.
● There is much concern from government and media sources about potential
damage that could be caused by cyberterrorism, and this has prompted efforts by
government agencies such as the Federal Bureau of Investigations (FBI) and the
Central Intelligence Agency (CIA) to put an end to cyberattacks and cyberterrorism.
Conceptually, its use for this purpose falls into three categories:
(i) weapon of mass destruction;
(ii) weapon of mass distraction; and
(iii) weapon of mass disruption
Information Assurance
Information Assurance concerns implementation of methods that focused on protecting
and safeguarding critical information and relevant information systems by assuring
confidentiality, integrity, availability, and non-repudiation.
It is strategic approach focused which focuses more on deployment of policies rather than
building infrastructures. Information Assurance Model:
The security model is multidimensional model based on four dimensions :
1. Information States – Information is referred to as interpretation of data which can be
found in three states stored, processed, or transmitted.
2. Security Services – It is fundamental pillar of the model which provides security to
system and consists of five services namely availability, integrity, confidentiality,
authentication, and nonrepudiation.
3. Security Countermeasures – This dimension has functionalities to save system from
immediate vulnerability by accounting for technology, policy & practice, and people.
4. Time – This dimension can be viewed in many ways. At any given time, data may be
available offline or online, information and system might be in flux thus, introducing risk of
unauthorized access. Therefore, in every phase of System Development Cycle, every
aspect of Information Assurance model must be well defined and well implemented in
order to minimize risk of unauthorized access.
Information States:
1. Transmission – It defines time wherein data is between processing steps. Example: In
transit over networks when user sends email to reader, including memory and storage
encountered during delivery.
2. Storage –It defines time during which data is saved on medium such as hard drive.
Example: Saving document on file server’s disk by user.
3. Processing – It defines time during which data is in processing state. Example: Data is
processed in random access memory (RAM) of workstation.
Security Services:
1. Confidentiality – It assures that information of system is not disclosed to unauthorized
access and is read and interpreted only by persons authorized to do so. Protection of
confidentiality prevents malicious access and accidental disclosure of information.
Information that is considered to be confidential is called as sensitive information. To
ensure confidentiality data is categorized into different categories according to damage
severity and then accordingly strict measures are taken. Example: Protecting email content
to read by only desired set of users. This can be insured by data encryption. Two-factor
authentication, strong passwords, security tokens, and biometric verification are some
popular norms for authentication users to access sensitive data
2. Integrity – It ensures that sensitive data is accurate and trustworthy and can not be
created, changed, or deleted without proper authorization. Maintaining integrity involves
modification or destruction of information by unauthorized access. To ensure integrity
backups should be planned and implemented in order to restore any affected data in case of
security breach. Besides this cryptographic checksum can also be used for verification of
data. Example: Implementation of measures to verify that e-mail content was not modified
in transit. This can be achieved by using cryptography which will ensure that intended user
receives correct and accurate information.
3. Availability – It guarantees reliable and constant access to sensitive data only by
authorized users. It involves measures to sustain access to data in spite of system failures
and sources of interference. To ensure availability of corrupted data must be eliminated,
recovery time must be sped up and physical infrastructure must be improved. Example:
Accessing and throughput of e-mail service.
4. Authentication – It is security service that is designed to establish validity of
transmission of message by verification of individual’s identity to receive specific category
of information. To ensure availability of various single factors and multi-factor
authentication methods are used. A single factor authentication method uses single
parameter to verify users’ identity whereas two-factor authentication uses multiple factors
to verify user’s identity. Example: Entering username and password when we log in to
website is example of authentication. Entering correct login information lets website verify
our identity and ensures that only we access sensitive information.
5. Non-Repudiation – It is mechanism to ensure sender or receiver cannot deny fact that
they are part of data transmission. When sender sends data to receiver, it receives delivery
confirmation. When receiver receives message, it has all information attached within
message regarding sender. Example: A common example is sending SMS from one mobile
phone to another. After message is received confirmation message is displayed that receiver
has received message. In return, message received by receiver contains all information
about sender.
Cyber Security
● Cyber security is the practice of defending computers, servers, mobile devices,
electronic systems, networks, and data from malicious attacks. It's also known as
information technology security or electronic information security.
● The term applies in a variety of contexts, from business to mobile computing, and
can be divided into a few common categories.
● Network security is the practice of securing a computer network from intruders,
whether targeted attackers or opportunistic malware.
● Application security focuses on keeping software and devices free of threats. A
compromised application could provide access to the data its designed to protect.
Successful security begins in the design stage, well before a program or device is
deployed.
● Information security protects the integrity and privacy of data, both in storage and
in transit.
● Operational security includes the processes and decisions for handling and
protecting data assets.
● The permissions users have when accessing a network and the procedures that
determine how and where data may be stored or shared all fall under this umbrella.
● Disaster recovery and business continuity define how an organization responds to a
cyber-security incident or any other event that causes the loss of operations or data.
● Disaster recovery policies dictate how the organization restores its operations and
information to return to the same operating capacity as before the event.
● Business continuity is the plan the organization falls back on while trying to operate
without certain resources.
● End-user education addresses the most unpredictable cyber-security factor: people.
Anyone can accidentally introduce a virus to an otherwise secure system by failing
to follow good security practices.
● Teaching users to delete suspicious email attachments, not plug-in unidentified USB
drives, and various other important lessons is vital for the security of any
organization.
The basic stages of an attack are described under the following section to understand how
an attacker can compromise a network here:
1. Initial uncovering: Two steps are involved here-In the firststep called as reconnaissance,
the attacker gathers information, as much as possible, about the targetby legitimate means
— searching the information about the target on the Internet by Googling socialnetworking
websites and people finder websites. In thesecond step, the attacker uncovers as much
information as possible on the company’s internal network,such as, Internet domain,
machine names and the company’s Internet Protocol (IP) address ranges.
2.Network probe: At the network probe stage, the attacker uses more invasive techniques
to scan the information. Usually, a “ping sweep” of the network IP addresses is performed to
seek out potential targets, and then a “port scanning” tool is used to discover exactly which
services are running on the target system. At this point, the attacker has still not done
anything that would be considered as an abnormal activity on the network or anything that
can be classified as an intrusion.
3.Crossing the line toward electronic crime (E-crime): Now the attacker is toward
committing what is technically a “computer crime.” He/she does this by exploiting possible
holes on the target system. The attacker usually goes through several stages of exploits to
gain access to the system. Once the attackers are able to access a user account without
many privi-leges, they will attempt further exploits to get an administrator or “root” access.
Root access is a Unix term and is associated with the system privileges required to run all
services and acces all files on the system
4. Capturing the network: At this stage, the attacker attempts to “own” the network. The
attacker gains a foothold in the internal network quickly and easily, by compromising
low-priority target systems.the next step is to remove any evidence of the attack. The
attacker will usually install a set of tools that replace existing files and services with Trojan
files and services that have a backdoor password.
5.Grab the data: Now that the attacker has “captured the network,” he/she takes advantage
of his/her position to steal confidential data,customer credit card information, deface
webpages, alter processesand even launch attacks at other sites from your network,
causing a potentially expensive and embarrassing situation for an individual and/or for an
organization.
6. Covering tracks: This is the last step in any cyberattack, which refers to the activities
undertaken by the attacker to extend misuse of the system without being detected. The
attacker can remainds or use this phase either to start a fresh reconnaissance to a related
target system of resources, removing evidence of hacking, avoiding legal action, etc.
l.ELSave: It is a tool to save and/or clear an NT event log. ELSave is written by Jesper
Lauritsen. The executable is available on theweblink, but source code is not available.
2 .WinZapper: This tool enables to erase event records selectivelyfrom the security log in
Windows NT 4.0 and Windows 2000
3.Evidence eliminator: It is simple and one of the top-quality professional PC cleaning
program that is capable of defeating allknown investigative Forensic analysis becomes
impossible. 4.Traceless: It is a privacy cleaner for Internet explorer that can delere common
Internet tracks, including history, cache, typedURLs, cookies, etc.
4. Tracks Eraser Pro: It deletes following history data:
* Delete address bar history of IE, Netscape, AOL, Opera.
* Delete cookies of IE, Netscape, AOL, Opera.
* Delete Internet cache (temporary Internet files),
* Delete Internet history files.
Password Cracking
Password is like a key to get an entry into computerized systems recovering passwords
from data thatlike a lock. Password cracking is a process ofhave been stored in or
transmitted by a computer system. The purpose of password cracking is as follows:
1. To recover a forgotten password.
2. As a preventive measure by system administrators to check for easily crackable
passwords.
3. To gain unauthorized access to a system,
Manual password cracking is to attempt to logon with different passwords. The attacker
follows the following steps.
1.Blank (none)
2.the words like “password,” “passcode” and “admin”
3.series of letters from the “QWERTY” keyboard, for example, qwerty, asdf or qwertyuiop
4.user's name or login name;
5.name of user's friend/relative/ pet;
6.user’s birthplace or date of birth, or a relative’s or a friend's;
7.user’s vehicle number, office number, residence number or mobile number;
8.name of a celebrity who is considered to be an idol (e.g. actors, actress, spiritual gurus) by
the user;
9.simple modification of one of the preceding, such as suffixing a digit, particularly 1, or
reversing the
1.Default password(s):
Network devices such as switches, hubs and routersare equipped with “default passwords”
and usually these passwords are not changed after commissioning these devices into the
network (i.c., into LAN)
This password recovery tool is typically used for Microsoft Operating Systems (OSs). It
allows to crack the passwords by sniffing the network, cracking encrypted passwords using
dictionary, brute force attacks, decoding scrambled passwords and recovering wireless
network keys.
‘This is a free and open-source software — fast password cracker, compatible with many
OSs like different favors of Unix, Windows, DOS, BeOS and OpenVMS. Its primary purpose is
to detect weak Unix passwords.
4.THC-Hydra:
5.Aircrack-ng:
It is a set of tools used for wireless networks. This tool is used for 802.1 1a/b/g wired
equivalent privacy (WEP) and Wi-Fi Protected Access (WPA) cracking.
6.Solar Winds:
7. Pwdump:
It is a Window password recovery tool, Pwdump is able to extractpwdump NTLM and
LanMan hashes from a Windows target, regardless of whetherSyskey is enabled. It is also
capable of displaying password histories if they are available.
8. RainbowCrack:
9. Brutus:
It is one of the fastest, most flexible remote password crackers available for free. It is
available for Windows 9x, NT and 2000.
Online Attacks
The most popular online attack is man-in-the middle (MITM) attack, also termed as
“bucket-brigade attack” or sometimes “Janus attack.”. When a victim client connects to the
fraudulent server,the MITM server intercepts the call, hashes the password and passes the
connection to the victim server.This type of attack is used to obtain the passwords for
E-Mail accounts on public websites such as Yahoo, Hotmail and Gmail and can also used to
get the passwords for financial websites that would like to gain the access to banking
websites.
Offline Attacks
Mostly offline attacks are performed from a location other than the target (i.e., either a
computer system or while on the network) where these passwords reside or are used.
Offline attacks usually require physical access to the computer and copying the password
file from the system onto removable media.
Dictionary attack : Attempts to match all the words from the dictionary to get the password
Hybrid attack : Substitutes numbers and symbols to get the password
Brute force attack : Attempts all possible permutation-combinations of letters,numbers and
special characters
A weak password is one, which could be easily guessed, short, common and a system
default password that could be easily found by executing a brute force attack .Passwords
that can be easily guessed by acquaintances of the netizens (such as date of birth, pet’s
name and spouses’ name) are considered to be very weak.
Random Passwords
Forcing users to use system-created random passwords ensures that the password will
have no connection with that user and should not be found in any dictionary. Several OSs
have included such a feature. Almost all the OSs also include password aging; the users are
required to choose new passwords regularly, usually after 30 or 45 days. Many users dislike
these measures, particularly when they have not been taken through security awareness
training. The imposition of strong randompasswords may encourage the users to write
down passwords, store them in personal digital assistants (PDAs) or cell phones and share
them with others against memory failure, increasing the risk of disclosure.
The general guidelines applicable to the password policies, which can be implemented
organization-wide,are as follows:
1. Passwords and user logon identities (IDs) should be unique to each authorized user.
2. Passwords should consist of a minimum of eight alphanumeric characters (no common
names or phrases).
3. There should be computer-controlled lists of prescribed password rules and periodic
testing (e.g., letterand number sequences, character repetition, initials, common words and
standard names) to identify any password weaknesses.
4. Passwords should be kept private, that is, not shared with friends, colleagues, etc. They
shall not be coded into programs or noted down anywhere.
5. Passwords shall be changed every 30/45 days or less. Most operating systems (OSs) can
enforce a password with an automatic expiration and prevent repeated or reused
passwords.
6. User accounts should be frozen after five failed logon attempts. All erroneous password
entries should be recorded in an audit log for later inspection and action, as necessary.
7. Sessions should be suspended after 15 minutes (or other specified period) of inactivity
and require the passwords to be re-entered.
8. Successful logons should display the date and time of the last logon and logoff.
9. Logon IDs and passwords should be suspended after a specified period of non-use.
10. For high-risk systems, after excessive violations, the system should generate an alarm
and be able to simulate a continuing session (with dummy data) for the failed user (to keep
this user connected while personnel attempt to investigate the incoming connection).
Netizens should practice password guidelines to avoid being victim of getting their
personal EMailaccounts hacked/attacked by the attackers.
1. Passwords used for business E-Mail accounts, personal E-Mail accounts
(Yahoo/Hotmail/Gmail) and banking/financial user accounts (e.g., online
banking/securities trading accounts) should bekept separate.
2. Passwords should be of minimum eight alphanumeric characters (common names or
phrases should be phrased).
3. Passwords should be changed every 30/45 days.
4. Passwords should not be shared with relatives and/or friends.
5. Password used previously should not be used while renewing the password.
6. Passwords of personal E-Mail accounts (Yahoo/Hotmail/Gmail) and banking/financial
user accounts(e.g., online banking/securities trading accounts) should be changed from a
secured system, withincouple of days, if these E-Mail accounts has been accessed from
public Internet facilities such ascybercafes/hotels/libraries.
7. Passwords should not be stored under mobile phones/PDAs, as these devices are also
prone to cyber attacks.
8. In the case of receipt of an E-Mail from banking/financial institutions, instructing to
change thepasswords, before clicking the weblinks displayed in the E-Mail, legitimacy of the
E-Mail should be ensured to avoid being a victim of Phishing attacks.
9, Similarly, in case of receipt of SMS from banking/financial institutions, instructing to
change thepasswords, legitimacy of the E-Mail should be ensured to avoid being a victim of
Smishing attacks
10. In case E-Mail accounts/user accounts have been hacked, respective agencies/institutes
should becontacted immediately.
Keystroke logging, often called keylogging, is the practice of noting (or logging) the keys
struck on a keyboard, typically in a covert manner so that the person using the keyboard is
unaware that such actionsare being monitored. It can be classified as software keylogger
and hardware keylogger.
Software Keyloggers
Software keyloggers are software programs installed on the computer systems which
usuallyare located between the OS and the keyboard hardware, and every keystroke is
recorded. Software keyloggers are installed on a computer system by Trojans or
viruseswithout the knowledge of the user. Cybercriminals always install such tools on the
insecure computer systems available in public placesand can obtain the required
information about the victim very easily. A keylogger usually consists of two files that get
installed in the same directory: a dynamic link library (DLL) file and anEXEcutable (EXE)
file that installs che DLL file and triggers it to work. DLL does all the recording of
keystrokes.
Software keyloggers
1.SC-KeyLog PRO: It allows to secretly record computer user activities such asE-Mails, chat
conversations, visited websites, clipboard usage, etc. in a protected logfile. SC-KeyLog PRO
also captures Windows user logon Passwords.
2.Spytech SpyAgent Stealth: It provides a large variety of essential computer monitoring
features as well as website and application filtering, chat blocking and remote delivery of
logs via E-Mail or FTP.
3.All In One Keylogger: It is an invisible keystrokes recorder and a spy software tool that
registers every activity on the PC to encrypted logs. This keylogger allows secretly tracking
of all activities from all computer users and automatically receiving logs to a desired
E-Mail/FTP accounting.
Stealth Keylogger: It is a computer monitoring software that enables activity log report
where the entire PC keyboard activities are registered either at specific time or hourly on
daily basis. “The entire log reports are generated either in text or HTML file format as
defined by the user.
Perfect Keylogger: It has its advanced keyword detection and notification. User can create a
list of “on alert” words or phrases and keylogger will continually monitor keyboard typing,
URLs and webpages for these words or phrases .When a keyword is detected, perfect
keylogger makes screenshot and sends EMail notification to the user.
Hardware Keyloggers
Hardware keyloggers are small hardware devices. These are connected to the PC and/or to
the keyboard and save every keystroke intoa file or in the memory of the hardware device.
Cybercriminals install such devices on ATM machines to capture ATM Cards’ PINs. Each
keypress on the keyboard of the ATM gets registered by these keyloggers. Listed are few
websites where more information about hardware keyloggers can be found:
http://www.keyghost.com
http://www.keelog.com
http://www.keydevil.com
http://www.keykatcher.com
Antikeylogger
Antikeylogger is a tool that can detect the keylogger installed on the computer system and
also can remove the tool. Advantages of using antikeylogger are as follows:
1.Firewalls cannot detect the installations of keyloggers on the systems; hence,
antikeyloggers can detect installations of keylogger.
2.This software does not require regular updates of signature bases to work effectively such
as other antivirus and antispy programs; if not updated, it does not serve the purpose,
which makes the users at risk.
3.It Prevents Internet banking frauds. Passwords can be easily gained with the help of
installing keyloggers.
4.It prevents ID theft.
5.It secures E-Mail and instant messaging/chatting.
Spywares
3. eBlaster:
Besides keylogger and website watcher, it also records E-Mails sent and received, files
uploaded/downloaded, logging users’ activities, record online searches, recording MySpace
and Facebook activities and any other program activity.
4.Remotespy:
Besides remote computer monitoring, silently and invisibly, italso monitors and records
users’ PC without any need for physical access, Moreover, it records keystrokes (keylogger),
screenshots, E-Mail, passwords, chats, instant messenger conversations and websites
visited.
6. Stealth Website Logger: It records all accessed websites and a detailed report can be
available on a specified E-Mail address. It has following key features:
* Monitor visited websites * reports sent to an E-Mail address
* daily log
* global log for a specified period * log deletion after a specified period
* hotkey and password protection * not visible in add/remove programs or task manager.
7. Flexispy:
It is a tool that can be installed on a cell/mobile phone. After installation, Flexispy secretly
records coversation that happens on the phone and sends this information to a specified
E-Mail address.
9. PC PhoneHome: It is a software that tracks and locates lost or stolen laptop and desktop
computers, Every time a computer system on which PC PhoneHome has been installed,
conneced to the Internet, a stealth E-Mail is sent to a specified E-Mail address of the user's
choice and to PC PhoneHome Product Company.
SQL Injection
● SQL injection, also known as SQLI, is a common attack vector that uses malicious
SQL code for backend database manipulation to access information that was not
intended to be displayed. This information may include any number of items,
including sensitive company data, user lists or private customer details.
● The impact SQL injection can have on a business is far-reaching.
● A successful attack may result in the unauthorized viewing of user lists, the deletion
of entire tables and, in certain cases, the attacker gaining administrative rights to a
database, all of which are highly detrimental to a business.
● When calculating the potential cost of an SQLi, it’s important to consider the loss of
customer trust should personal information such as phone numbers, addresses, and
credit card details be stolen.
● While this vector can be used to attack any SQL database, websites are the most
frequent targets.
In-band SQLi - The attacker uses the same channel of communication to launch their
attacks and to gather their results. In-band SQLi’s simplicity and efficiency make it one of
the most common types of SQLi attack. There are two sub-variations of this method:
Error-based SQLi—the attacker performs actions that cause the database to produce error
messages. The attacker can potentially use the data provided by these error messages to
gather information about the structure of the database.
Union-based SQLi—this technique takes advantage of the UNION SQL operator, which fuses
multiple select statements generated by the database to get a single HTTP response. This
response may contain data that can be leveraged by the attacker.
Inferential (Blind) SQLi - The attacker sends data payloads to the server and observes the
response and behavior of the server to learn more about its structure. This method is called
blind SQLi because the data is not transferred from the website database to the attacker,
thus the attacker cannot see information about the attack in-band. Blind SQL injections rely
on the response and behavioral patterns of the server so they are typically slower to
execute but may be just as harmful. Blind SQL injections can be classified as follows:
Boolean—that attacker sends a SQL query to the database prompting the application to
return a result. The result will vary depending on whether the query is true or false.
Based on the result, the information within the HTTP response will modify or stay
unchanged. The attacker can then work out if the message generated a true or false result.
Time-based—attacker sends a SQL query to the database, which makes the database wait
(for a period in seconds) before it can react. The attacker can see from the time the
database takes to respond, whether a query is true or false. Based on the result, an HTTP
response will be generated instantly or after a waiting period. The attacker can thus work
out if the message they used returned true or false, without relying on data from the
database. Out-of-band SQLi - The attacker can only carry out this form of attack when
certain features are enabled on the database server used by the web application. This form
of attack is primarily used as an alternative to the in-band and inferential SQLi techniques.
Out-of-band SQLi is performed when the attacker can’t use the same channel to launch the
attack and gather information, or when a server is too slow or unstable for these actions to
be performed. These techniques count on the capacity of the server to create DNS or HTTP
requests to transfer data to an attacker.
Input validation - The validation process is aimed at verifying whether or not the type of
input submitted by a user is allowed. Input validation makes sure it is the accepted type,
length, format, and so on. Only the value which passes the validation can be processed. It
helps counteract any commands inserted in the input string.
Parametrized queries - are a means of pre-compiling an SQL statement so that you can then
supply the parameters in order for the statement to be executed. This method makes it
possible for the database to recognize the code and distinguish it from input data.
Stored procedures - require the developer to group one or more SQL statements into a
logical unit to create an execution plan. Subsequent executions allow statements to be
automatically parameterized. Simply put, it is a type of code that can be stored for later and
used many times.
Escaping - Always use character-escaping functions for user-supplied input provided by
each database management system (DBMS). This is done to make sure the DBMS never
confuses it with the SQL statement provided by the developer.
Avoiding administrative privileges - Don't connect your application to the database using an
account with root access. This should be done only if absolutely needed since the attackers
could gain access to the whole system.
Web application firewall - A WAF operating in front of the web servers monitors the traffic
which goes in and out of the web servers and identifies patterns that constitute a threat.
Essentially, it is a barrier put between the web application and the Internet.
Network access control (NAC), also known as network admission control, is the process of
restricting unauthorized users and devices from gaining access to a corporate or private
network. NAC ensures that only users who are authenticated and devices that are
authorized and compliant with security policies can enter the network.
Further, cyber criminals are well aware of this increase in endpoint usage and continue to
design and launch sophisticated campaigns that exploit any vulnerabilities in corporate
networks. With more endpoints, the attack surface increases, which means more
opportunities for fraudsters to gain access. NAC solutions can be configured to detect any
unusual or suspicious network activity and respond with immediate action, such as
isolating the device from the network to prevent the potential spread of the attack.
Although IoT and BYOD have changed NAC solutions, NAC also serves as a perpetual
inventory of users, devices, and their level of access. It serves as an active discovery tool to
uncover previously unknown devices that may have gained access to all or parts of the
network, requiring IT administrators to adjust security policies.
Further, organizations can choose how NAC will authenticate users who attempt to gain
access to the network. IT admins can choose multi-factor authentication (MFA), which
provides an additional layer of security to username and password combinations.
Restricting network access also means control of the applications and data within the
network, which is normally the target of cyber criminals. The stronger the network
controls, the more difficult it will be for any cyberattack to infiltrate the network.
Cloud Security
Cloud security is a responsibility that is shared between the cloud provider and the
customer. There are basically three categories of responsibilities in the Shared
Responsibility Model: responsibilities that are always the provider’s, responsibilities that
are always the customer’s, and responsibilities that vary depending on the service model:
Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service
(SaaS), such as cloud email.
The security responsibilities that are always the provider’s are related to the safeguarding
of the infrastructure itself, as well as access to, patching, and configuration of the physical
hosts and the physical network on which the compute instances run and the storage and
other resources reside.
The security responsibilities that are always the customer’s include managing users and
their access privileges (identity and access management), the safeguarding of cloud
accounts from unauthorized access, the encryption and protection of cloud-based data
assets, and managing its security posture (compliance).
Because the public cloud does not have clear perimeters, it presents a fundamentally
different security reality. This becomes even more challenging when adopting modern
cloud approaches such as automated Continuous Integration and Continuous Deployment
(CI/CD) methods, distributed serverless architectures, and ephemeral assets like Functions
as a Service and containers.
Some of the advanced cloud-native security challenges and the multiple layers of risk faced
by today’s cloud-oriented organizations include:
The term Zero Trust was first introduced in 2010 by John Kindervag who, at that time, was
a senior Forrester Research analyst. The basic principle of Zero Trust in cloud security is
not to automatically trust anyone or anything within or outside of the network—and verify
(i.e., authorize, inspect and secure) everything.
Zero Trust, for example, promotes a least privilege governance strategy whereby users are
only given access to the resources they need to perform their duties. Similarly, it calls upon
developers to ensure that web-facing applications are properly secured. For example, if the
developer has not blocked ports consistently or has not implemented permissions on an “as
needed” basis, a hacker who takes over the application will have privileges to retrieve and
modify data from the database.
While cloud providers such as Amazon Web Services (AWS), Microsoft Azure (Azure), and
Google Cloud Platform (GCP) offer many cloud native security features and services,
supplementary third-party solutions are essential to achieve enterprise-grade cloud
workload protection from breaches, data leaks, and targeted attacks in the cloud
environment. Only an integrated cloud-native/third-party security stack provides the
centralized visibility and policy-based granular control necessary to deliver the following
industry best practices:
Web Security
Web Security is very important nowadays. Websites are always prone to security
threats/risks. Web Security deals with the security of data over the internet/network or
web or while it is being transferred to the internet. For e.g. when you are transferring data
between client and server and you have to protect that data that security of data is your
web security.
Hacking a Website may result in the theft of Important Customer Data, it may be the credit
card information or the login details of a customer or it can be the destruction of one’s
business and propagation of illegal content to the users while somebody hacks your
website they can either steal the important information of the customers or they can even
propagate the illegal content to your users through your website so, therefore, security
considerations are needed in the context of web security.
Security Threats:
A Threat is nothing but a possible event that can damage and harm an information system.
Security Threat is defined as a risk that which, can potentially harm Computer systems &
organizations. Whenever an Individual or an Organization creates a website, they are
vulnerable to security attacks.
Security attacks are mainly aimed at stealing altering or destroying a piece of personal and
confidential information, stealing the hard drive space, and illegally accessing passwords.
So whenever the website you created is vulnerable to security attacks then the attacks are
going to steal your data alter your data destroy your personal information see your
confidential information and also it accessing your password.
Web security threats are constantly emerging and evolving, but many threats consistently
appear at the top of the list of web security threats. These include:
● Cross-site scripting (XSS)
● SQL Injection
● Phishing
● Ransomware
● Code Injection
● Viruses and worms
● Spyware
● Denial of Service
Security Consideration:
● Updated Software: You need to always update your software. Hackers may be
aware of vulnerabilities in certain software, which are sometimes caused by bugs
and can be used to damage your computer system and steal personal data. Older
versions of software can become a gateway for hackers to enter your network.
Software makers soon become aware of these vulnerabilities and will fix
vulnerable or exposed areas. That’s why It is mandatory to keep your software
updated, It plays an important role in keeping your personal data secure.
● Beware of SQL Injection: SQL Injection is an attempt to manipulate your data or
your database by inserting a rough code into your query. For e.g. somebody can
send a query to your website and this query can be a rough code while it gets
executed it can be used to manipulate your database such as change tables,
modify or delete data or it can retrieve important information also so, one should
be aware of the SQL injection attack.
● Cross-Site Scripting (XSS): XSS allows the attackers to insert client-side script
into web pages. E.g. Submission of forms. It is a term used to describe a class of
attacks that allow an attacker to inject client-side scripts into other users’
browsers through a website. As the injected code enters the browser from the
site, the code is reliable and can do things like sending the user’s site
authorization cookie to the attacker.
● Error Messages: You need to be very careful about error messages which are
generated to give the information to the users while users access the website and
some error messages are generated due to one or another reason and you should
be very careful while providing the information to the users. For e.g. login
attempt – If the user fails to login the error message should not let the user know
which field is incorrect: Username or Password.
● Data Validation: Data validation is the proper testing of any input supplied by the
user or application. It prevents improperly created data from entering the
information system. Validation of data should be performed on both server-side
and client-side. If we perform data validation on both sides that will give us the
authentication. Data validation should occur when data is received from an
outside party, especially if the data is from untrusted sources.
● Password: Password provides the first line of defense against unauthorized
access to your device and personal information. It is necessary to use a strong
password. Hackers in many cases use sophisticated software that uses brute
force to crack passwords. Passwords must be complex to protect against brute
force. It is good to enforce password requirements such as a minimum of eight
characters long must including uppercase letters, lowercase letters, special
characters, and numerals.
Wireless Security
As a result, it is very important that enterprises define effective wireless security policies
that guard against unauthorized access to important resources.] Wireless Intrusion
Prevention Systems (WIPS) or Wireless Intrusion Detection Systems (WIDS) are commonly
used to enforce wireless security policies.
The risks to users of wireless technology have increased as the service has become more
popular. There were relatively few dangers when wireless technology was first introduced.
Hackers had not yet had time to latch on to the new technology, and wireless networks
were not commonly found in the work place. However, there are many security risks
associated with the current wireless protocols and encryption methods, and in the
carelessness and ignorance that exists at the user and corporate IT level.
Hacking methods have become much more sophisticated and innovative with wireless
access. Hacking has also become much easier and more accessible with easy-to-use
Windows- or Linux-based tools being made available on the web at no charge.
Some organizations that have no wireless access points installed do not feel that they need
to address wireless security concerns.
In-Stat MDR and META Group have estimated that 95% of all corporate laptop computers
that were planned to be purchased in 2005 were equipped with wireless cards. Issues can
arise in a supposedly non-wireless organization when a wireless laptop is plugged into the
corporate network. A hacker could sit out in the parking lot and gather information from it
through laptops and/or other devices, or even break in through this wireless
card–equipped laptop and gain access to the wired network.