Professional Documents
Culture Documents
NIS Unit 5
NIS Unit 5
5.1 Kerberos:
• Database(SS):
The Authentication Server verifies the access rights of users in the database.
Kerberos Overview:
• Step-1:
User login and request services on the host. Thus user requests for ticket-
granting service.
• Step-2:
Authentication Server verifies user’s access right using database and then
gives ticket-granting-ticket and session key. Results are encrypted using the
Password of the user.
• Step-3:
The decryption of the message is done using the password then send the ticket
to Ticket Granting Server. The Ticket contains authenticators like user names
and network addresses.
• Step-4:
Ticket Granting Server decrypts the ticket sent by User and authenticator
verifies the request then creates the ticket for requesting services from the
Server.
• Step-5:
The user sends the Ticket and Authenticator to the Server.
• Step-6:
The server verifies the Ticket and authenticators then generate access to the
service. After this User can access the services.
5.2 IPSec (IP Security) architecture uses two protocols to secure the traffic or
data flow. These protocols are ESP (Encapsulation Security Payload) and AH
(Authentication Header).
We can group these binary digits into sets of 6: 010101 000110 010101 011101
0 A
1 B
25 Z
26 a
27 b
51 z
52 0
53 1
61 9
62 +
010101 -> V 0 1 0 1 0 1
32 16 8 4 2 1
000110 -> G
010101 -> V
011101 -> d
PGP was designed to provide all four aspects of security, i.e., privacy,
integrity, authentication, and non-repudiation in the sending of email.
Following are the steps taken by PGP to create secure e-mail at the sender site:
o The e-mail message is hashed by using a hashing function to create a digest.
o The digest is then encrypted to form a signed digest by using the sender's
private key, and then signed digest is added to the original email message.
o The original message and signed digest are encrypted by using a one-time
secret key created by the sender.
o The secret key is encrypted by using a receiver's public key.
o Both the encrypted secret key and the encrypted combination of message and
digest are sent together.
Following are the steps taken to show how PGP uses hashing and a combination
of three keys to generate the original message:
o The receiver receives the combination of encrypted secret key and message
digest is received.
o The encrypted secret key is decrypted by using the receiver's private key to
get the one-time secret key.
o The secret key is then used to decrypt the combination of message and digest.
o The digest is decrypted by using the sender's public key, and the original
message is hashed by using a hash function to create a digest.
o Both the digests are compared if both of them are equal means that all the
aspects of security are preserved.
Techniques:
PKI identifies a public key along with its purpose. It usually consists of the
following components:
• A digital certificate also called a public key certificate
• Private Key tokens
• Registration authority
• Certification authority
• CMS or Certification management system
Working of PKI:
The working of Public Key Infrastructure (PKI):
- CA verifies the user's identity and issues a digital certificate containing the
public key, signed by the CA.
5. Secure Communication:
Certificates:
It verifies the software code comes from who they say it does and to ensure code
has not been altered or tampered with before it reaches end users
2. Cyber Extortion –
Cyber extortion occurs when a website, e-mail server or computer system is
subjected to or threatened with repeated denial of service or other attacks by
malicious hackers. These hackers demand huge money in return for assurance
to stop the attacks and to offer protection.
3. Internet Fraud –
Internet fraud is a type of fraud or deceit which makes use of the Internet and
could include hiding of information or providing incorrect information for the
purpose of deceiving victims for money or property.
4. Cyber Stalking –
This is a kind of online harassment wherein the victim is subjected to a
barrage of online messages and emails. In this case, these stalkers know their
victims and instead of offline stalking, they use the Internet to stalk.
Hacking:
➢ Hacking is the unauthorized or illicit access into computer systems,
networks, or electronic devices.
➢ It involves gaining entry into these systems or devices without
permission, often with the intent to steal, alter, or destroy data, disrupt
operations, or exploit vulnerabilities for personal gain or malicious
purposes.
➢ One example of computer hacking is the use of a password cracking
technique to gain access to a computer system. The process of gaining
illegal access to a computer system, or a group of computer systems, is
known as hacking
The types of hackers are:
1. Black Hat Hackers: These types of hackers, often known as crackers.Their
goal is to make money by stealing secret organizational data, stealing funds
from online bank accounts, violating privacy rights to benefit criminal
organizations, and so on.
2. White Hat Hackers/Ethical Hackers: White hat hackers (sometimes referred
to as ethical hackers) are the polar opposites of black hat hackers. They employ
their technical expertise to defend the organization against malicious hackers.
3. Gray Hat Hackers: They fall somewhere between the above-mentioned types
of hackers, in that they gain illegal access to a system but does not perform any
malicious task.
Digital Forgery:
➢ Creating a fake copy or imitation of a document or an object with the
intention to deceive is called forgery.
➢ It can involve everything from forging a signature, faking a masterpiece,
creating a cheap replica of an expensive original device to faking
government documents like a licence, birth certificate etc.
➢ Market places are full of convincing fakes of expensive originals items
like designers shoes, clothes etc. All of these fakes can be called as
forgeries.
➢ Digital forgery involves creating the same fakes in electronic form.
Cyber Stalking/harassment:
➢ Cyber stalking involves using electronic means such as the internet, email,
social media, or other digital communications to harass, intimidate, or
threaten an individual.
➢ This can include repeatedly sending unwanted messages, monitoring
someone's online activity without their consent, or even impersonating them
online.
➢ Cyber Harassment is defined as a repeated, unsolicited, hostile behaviour by
a person through cyberspace with a intent to terrify, intimidate, humiliate,
threaten, harass or stalk someone.
➢ Any harassment caused through electronic media is considered to have a
similar impact as traditional offence of harassment.
Identity Theft:
Cyber terrorism:
Cyber defamation:
2. Online Platforms: With the proliferation of social media and other digital
platforms, false information can spread rapidly and reach a wide audience. Cyber
defamation can occur through posts, comments, reviews, articles, or other content
shared online.
➢ Cyber law, also known as internet law or digital law, signifies the legal
regulations and frameworks governing digital activities. It covers a large
range of issues, including online communication, e-commerce, digital
privacy, and the prevention and prosecution of cybercrimes.
➢ Cyberlaw offers legal protections for people who are using the Internet as
well as running an online business. It is most important for Internet users to
know about the local area and cyber law of their country by which they
could know what activities are legal or not on the network.
2. Protecting Children Online: It puts rules in place to keep kids safe from
harmful content and online dangers, ensuring they can explore the internet
securely.
Types of Laws
1. Data Protection Laws
Data protection laws ensure that users’ personal and sensitive data are
meticulously shielded from unauthorized breaches and misuse. These laws, in
essence, are the backbone of our online privacy, safety, and dignity.
2. Copyright and Intellectual Property Laws
➢ When creators ask, “What is cyber law doing for my digital creations?”
the answer lies in these laws. They are meticulously crafted to protect
the rights of creators.
➢ This ensures that their digital innovations remain safeguarded from
unauthorized
use or replication, providing a haven for creativity.
3. E-commerce Laws
➢ For those navigating the bustling lanes of online business, e-commerce
laws serve as guiding lights. They meticulously regulate online
transactions, ensuring they’re not only secure but also transparent, thus
fostering trust among all parties involved.
4. Cybercrime Laws
➢ The digital realm, while offering endless possibilities, also harbors
shadows of cybercriminal activities. They act as guardians by penalizing
activities ranging from malicious hacking to online harassment to keep
the digital space safe.
5. Digital Signature Laws
The digital signature laws validate the authenticity of digital signatures in
electronic documents. In essence, they are the pillars that uphold the
trustworthiness of digital agreements and contracts.
6. Privacy Laws
Every individual cherishes their privacy. Recognizing this universal truth,
these
laws ensure that the sanctity of users’ online privacy remains inviolable. This
allows the average person to explore the digital world with peace of mind.
1. Identity Theft:
- This crime involves stealing personal information, such as social security
numbers, credit card details, or login credentials, to impersonate individuals or
commit fraud online.
2. Phishing:
- Phishing attacks deceive individuals into providing sensitive information,
such as usernames, passwords, or financial data, by posing as legitimate
entities through deceptive emails, websites, or messages.
4. Ransomware Attacks:
- Ransomware infects individuals' devices or systems, encrypts their
files, and
demands payment in exchange for restoring access to their data, causing
financial
loss and disruption to their lives.
7. Cyberstalking:
- Individuals may be subjected to persistent and unwanted surveillance or
harassment online, causing fear, anxiety, and invasion of their privacy.
Government
1. Legislative Bodies:
- Legislative bodies create laws and regulations that govern cybersecurity
practices, establish penalties for cybercrimes, and promote data protection and
privacy rights.
3. Government Agencies:
- Government agencies develop and implement cybersecurity policies,
strategies,
and frameworks to protect critical infrastructure, secure government networks,
and
enhance national cybersecurity resilience.
4. Intelligence Agencies:
- Intelligence agencies gather and analyze cyber threat intelligence, conduct
cyber espionage operations, and provide early warnings to government and
private
sector entities to mitigate cyber risks.
5. Regulatory Bodies:
Property:
Intellectual property (IP) is often a key digital asset that organizations aim to
protect. However, cybersecurity threats like hacking, malware, and data
breaches can compromise these IP assets.
There are numerous types of tools of protection that come under the term
“intellectual property”. Notable among these are the following:
• Patent
• Trademark
• Geographical indications
• Layout Designs of Integrated Circuits
• Trade secrets
• Copyrights
• Industrial Designs
5.7 Compliance standards:
Implementing an Information Security Management System (ISMS) involves
adhering to various compliance standards and frameworks. Some of the key
standards and frameworks for information security management include:
OR
In simple terms: PCI DSS (Payment Card Industry Data Security Standard) plays
a crucial role in network security, especially for organizations that handle payment
card information.
COBIT: