3) Course – B.Tech. in CSE 4) College Roll Number – 2003053 5) University Roll Number – 12000120083 6) Subject – Cyber Security 1) Define Cyber Security. ➢ Cyber means internet-oriented technology. ➢ Security means safety/protection. ➢ Therefore, Cyber Security is meant as protection of internet-based devices (mobile phones, computer-devices) from malicious threats, virus attacks, hackers and unauthorized users. 2) Types of Cyber Security. ➢ Network Security – It involves in implementation of hardware and software devices, to secure a system from malicious threats. ➢ Application Security – It involves in protection of any system from virus attacks, by means of updating apps. ➢ Mobile Security – It involves in protection of mobile-devices from hackers and unauthorized users. 3) Types of Cyber Threats ➢ Cyber-terrorism – Such threat is a political attack which causes harm to Computer Science and IT, by using means of internet. ➢ Malware – It is a software, developed by hackers, with an intent of stealing data, and damaging internet-based devices (mobile-phones, computer systems). For Example : Viruses, Worms, Trojans, Spyware, and so on. ➢ SQL injection – It is a technique used by hackers, to gain unauthorized access to DBMSes, by adding a string of malicious codes to database queries. 4) Define : i) Cyber-space, ii) Cyber-terrorism, iii) Cyberpunk. ➢ Cyber-space – It is a virtual space, created by inter-connection of computer systems over internet. It does not have any boundary, due to distances or any other physical limitations. ➢ Cyber-terrorism – It is a sort of political attack, which causes harm to Computer Science and IT, by means of internet. ➢ Cyber-punk – A sort of hacker who breaks into a computer system, to steal data/information, is known as Cyber-punk. 4) Define : i) Cyber-squatting, ii) Cyber-war ➢ Cyber-squatting – It is a sort of cyber crime, where a cyber criminal uses the domain name of a user, to purchase an item. ➢ Cyber-war – It is a sort of war taking place between 2 nations, by means of internet. In such case, the former nation causes damage to the internet-based belongings of the latter one. 5) Define Active-attack. Active attack is a type of cyber-attack, in which an attacker attempts to destroy or to cause damage to the normal functioning of a system, by taking direct actions against it. They are of the following types : ➢ Masquerade – It is a type of cyber-attack, where an attacker pretends to be an original user, in order to gain access over a system. Here, an attacker can impersonate the original user, to trick other users and systems. ➢ IP address masquerade – Here, an attacker imitates an IP address, to make it appear as if the original user accesses the trusted system, thereby misleading the user. ➢ Email masquerade – Here, an attacker sends an email, which pretends to belong to a trusted source (namely : back, government agency), to mislead and trick a recipient. 5) Define CIA Triad. CIA Triad is an important model, designed to ensure the security of data within a network. It stands for : ➢ Confidentiality – Only authorized individuals or systems can view information within an organization. The data within a network, should not be accessed by any unauthorized individual. A hacker can use some tools to capture the information in a network, and can gain unauthorized access over it. A primary way to save data from hackers, is to use encryption techniques, so that even if a hacker gains unauthorized access to the data, he/she won’t be able to decrypt it.
(Continued onto next page).
➢ Integrity – It involves in maintaining the accuracy and trustworthiness of data, throughout its entire time. Data should not be changed during its transit, and steps should be taken to protect it from getting altered by unauthorized people. ➢ Availability – Data should be readily accessible for authorized people. 6) Define Malware. ➢ Malware is a type of malicious software which damages, modifies and steals information from a system. ➢ It enters a system through e-mails, file transfers or 3rd party random software. ➢ By this, an attacker attains full control over a target system. ➢ For Example : Virus, Trojan Horse, Worm, Spyware, Rootkit, and so on. 7) Define Malware Attack. ➢ Malware attack is a cyber-attack where a malware performs unauthorized actions on a user’s system, or causes harm to Computer Science and IT, by means of internet. For Example : Stealing password or money. 8) Types of Malware. ➢ Malware Virus – It self-replicates itself. The following are the types of Malware Virus : • File Virus – They are themselves infected executable files, which infect other files, when opened. • Macro-Virus – They are infected Excel Files, which infects other files. ➢ Trojan Malware – It hides itself in other legitimate files. But when files and software are bundled with them, then they execute. The following are the types of Trojan Malwares : • Data Stealer – They steal data from systems, and forward them to an attacker. • Destructive Trojan Horse – They destroy files and services. 9) What is Ethical Hacking? Ethical Hacking is a process of detecting vulnerabilities of an application, to identify threats in a network. Its aim is to detect the weak points of a system or network, which are easily vulnerable to exploitation by hackers. So, ethical hackers can improve the security of the system, to withstand attacks better. 10) Types of Hackers. ➢ Black-Hat Hackers – They are cyber-criminals. They illegally crack systems, with a malicious intent of gaining unauthorized access over a system. Once a hacker finds any vulnerability of a system, they often try to implant a malware. Therefore, they are called “Illegal Hackers”. ➢ White-Hat Hackers – They are ethical security hackers, identify and fix vulnerabilities. They hack into a system, with permission of organization, and try to strengthen the weakness of that system. Therefore, they are called “Ethical Hackers”. ➢ Grey-Hat Hackers – They are a midway between Black-Hat and White-Hat Hackers. They find vulnerabilities in a system, without permission of owner. They have no malicious intention. Yet, such hacking is illegal. They don’t share such information with Black-Hat Hackers. They find issues, and report the owner, requesting for a small amount of money, to fix it. 11) Benefits of Ethical Hacking. ➢ Prevents data from being stolen and misused by malicious hackers. ➢ Detect the vulnerable weaknesses of a system, and take measures to improve them. ➢ Improve the security of a system, to withstand attacks better. ➢ Fight against cyber-terrorism. 12) Penetration Testing. Penetration Testing is an authorized simulated attack, performed on a computer, to evaluate its security. Penetration Testers use the same sort of tools, like hackers, to find the weaknesses of a system. They can examine whether the system is strong enough to withstand attacks. 13) Benefits of Penetration Testing. ➢ Find weaknesses in a system. ➢ Determine the strength of the system, to withstand attacks. ➢ Take measures to improve the strength of the system. 14) Types of Penetration Testing. ➢ Web Apps ➢ Mobile Apps ➢ Networks ➢ Cloud ➢ Mobile devices ➢ Containers 15) Pen Testing vs Automated Testing. Pen Testing Automated Testing It is less accurate, since manual tests are It is more accurate, since tools and scripts more prone to human error. used. It takes more time. It takes less time. Low Investment Cost. High Investment Cost. 16) Pros of Penetration Testing. ➢ Find weakness in a system. ➢ Determine the strength of the system, to withstand attacks. ➢ Take measures to improve the strength of the system. 17) Cons of Penetration Testing. ➢ Crash servers. ➢ Slow down network. ➢ Untrustworthiness of Pen-Testers. ➢ Misleading Pen-testers. ➢ It is quite expensive.