1) Name – Aditi Deb

2) College – Dr. B. C. Roy Engineering College

3) Course – B.Tech. in CSE
4) College Roll Number – 2003053
5) University Roll Number – 12000120083
6) Subject – Cyber Security
 1) Define Cyber Security.
➢ Cyber means internet-oriented technology.
➢ Security means safety/protection.
➢ Therefore, Cyber Security is meant as protection of internet-based
devices (mobile phones, computer-devices) from malicious threats, virus
attacks, hackers and unauthorized users.
 2) Types of Cyber Security.
➢ Network Security – It involves in implementation of hardware and software
devices, to secure a system from malicious threats.
➢ Application Security – It involves in protection of any system from virus attacks,
by means of updating apps.
➢ Mobile Security – It involves in protection of mobile-devices from hackers and
unauthorized users.
 3) Types of Cyber Threats
➢ Cyber-terrorism – Such threat is a political attack which causes harm to
Computer Science and IT, by using means of internet.
➢ Malware – It is a software, developed by hackers, with an intent of stealing
data, and damaging internet-based devices (mobile-phones, computer
systems). For Example : Viruses, Worms, Trojans, Spyware, and so on.
➢ SQL injection – It is a technique used by hackers, to gain unauthorized access
to DBMSes, by adding a string of malicious codes to database queries.
 4) Define : i) Cyber-space, ii) Cyber-terrorism,
iii) Cyberpunk.
➢ Cyber-space – It is a virtual space, created by inter-connection of
computer systems over internet. It does not have any boundary, due to
distances or any other physical limitations.
➢ Cyber-terrorism – It is a sort of political attack, which causes harm to
Computer Science and IT, by means of internet.
➢ Cyber-punk – A sort of hacker who breaks into a computer system, to
steal data/information, is known as Cyber-punk.
 4) Define : i) Cyber-squatting, ii) Cyber-war
➢ Cyber-squatting – It is a sort of cyber crime, where a cyber criminal uses
the domain name of a user, to purchase an item.
➢ Cyber-war – It is a sort of war taking place between 2 nations, by means
of internet. In such case, the former nation causes damage to the
internet-based belongings of the latter one.
 5) Define Active-attack.
Active attack is a type of cyber-attack, in which an attacker attempts to destroy
or to cause damage to the normal functioning of a system, by taking direct
actions against it. They are of the following types :
➢ Masquerade – It is a type of cyber-attack, where an attacker pretends to be
an original user, in order to gain access over a system. Here, an attacker can
impersonate the original user, to trick other users and systems.
➢ IP address masquerade – Here, an attacker imitates an IP address, to make it
appear as if the original user accesses the trusted system, thereby misleading
the user.
➢ Email masquerade – Here, an attacker sends an email, which pretends to
belong to a trusted source (namely : back, government agency), to mislead
and trick a recipient.
 5) Define CIA Triad.
CIA Triad is an important model, designed to ensure the security of data within a
network. It stands for :
➢ Confidentiality – Only authorized individuals or systems can view information
within an organization. The data within a network, should not be accessed by
any unauthorized individual. A hacker can use some tools to capture the
information in a network, and can gain unauthorized access over it. A
primary way to save data from hackers, is to use encryption techniques, so
that even if a hacker gains unauthorized access to the data, he/she won’t be
able to decrypt it.

(Continued onto next page).

➢ Integrity – It involves in maintaining the accuracy and trustworthiness of
data, throughout its entire time. Data should not be changed during its
transit, and steps should be taken to protect it from getting altered by
unauthorized people.
➢ Availability – Data should be readily accessible for authorized people.
 6) Define Malware.
➢ Malware is a type of malicious software which damages, modifies and
steals information from a system.
➢ It enters a system through e-mails, file transfers or 3rd party random
software.
➢ By this, an attacker attains full control over a target system.
➢ For Example : Virus, Trojan Horse, Worm, Spyware, Rootkit, and so on.
 7) Define Malware Attack.
➢ Malware attack is a cyber-attack where a malware performs unauthorized
actions on a user’s system, or causes harm to Computer Science and IT,
by means of internet. For Example : Stealing password or money.
 8) Types of Malware.
➢ Malware Virus – It self-replicates itself. The following are the types of
Malware Virus :
• File Virus – They are themselves infected executable files, which infect
other files, when opened.
• Macro-Virus – They are infected Excel Files, which infects other files.
➢ Trojan Malware – It hides itself in other legitimate files. But when files
and software are bundled with them, then they execute. The following
are the types of Trojan Malwares :
• Data Stealer – They steal data from systems, and forward them to an
attacker.
• Destructive Trojan Horse – They destroy files and services.
 9) What is Ethical Hacking?
Ethical Hacking is a process of detecting vulnerabilities of an application, to
identify threats in a network. Its aim is to detect the weak points of a system
or network, which are easily vulnerable to exploitation by hackers. So, ethical
hackers can improve the security of the system, to withstand attacks better.
 10) Types of Hackers.
➢ Black-Hat Hackers – They are cyber-criminals. They illegally crack systems,
with a malicious intent of gaining unauthorized access over a system.
Once a hacker finds any vulnerability of a system, they often try to
implant a malware. Therefore, they are called “Illegal Hackers”.
➢ White-Hat Hackers – They are ethical security hackers, identify and fix
vulnerabilities. They hack into a system, with permission of organization,
and try to strengthen the weakness of that system. Therefore, they are
called “Ethical Hackers”.
➢ Grey-Hat Hackers – They are a midway between Black-Hat and White-Hat
Hackers. They find vulnerabilities in a system, without permission of
owner. They have no malicious intention. Yet, such hacking is illegal. They
don’t share such information with Black-Hat Hackers. They find issues,
and report the owner, requesting for a small amount of money, to fix it.
 11) Benefits of Ethical Hacking.
➢ Prevents data from being stolen and misused by malicious hackers.
➢ Detect the vulnerable weaknesses of a system, and take measures to
improve them.
➢ Improve the security of a system, to withstand attacks better.
➢ Fight against cyber-terrorism.
 12) Penetration Testing.
Penetration Testing is an authorized simulated attack, performed on a
computer, to evaluate its security. Penetration Testers use the same sort of
tools, like hackers, to find the weaknesses of a system. They can examine
whether the system is strong enough to withstand attacks.
 13) Benefits of Penetration Testing.
➢ Find weaknesses in a system.
➢ Determine the strength of the system, to withstand attacks.
➢ Take measures to improve the strength of the system.
14) Types of Penetration Testing.
➢ Web Apps
➢ Mobile Apps
➢ Networks
➢ Cloud
➢ Mobile devices
➢ Containers
 15) Pen Testing vs Automated Testing.
Pen Testing Automated Testing
It is less accurate, since manual tests are It is more accurate, since tools and scripts
more prone to human error. used.
It takes more time. It takes less time.
Low Investment Cost. High Investment Cost.
 16) Pros of Penetration Testing.
➢ Find weakness in a system.
➢ Determine the strength of the system, to withstand attacks.
➢ Take measures to improve the strength of the system.
 17) Cons of Penetration Testing.
➢ Crash servers.
➢ Slow down network.
➢ Untrustworthiness of Pen-Testers.
➢ Misleading Pen-testers.
➢ It is quite expensive.