1.

Security challenges posed by Mobile devices

ANS)As mobile devices become increasingly important,

they have received additional attention from
cybercriminals. As a result, cyber threats against these
devices have become more diverse. Mobile devices can be
attacked at different levels.
 One at the device level: microchallenges

 Another at the organization level: macrochallenges

Well known challenges in mobile security:

1. Managing the registry setting and configuration

 Microsoft Active Sync : synchronize PCs and MS Outlook

 Gateway between Windows-Powered PC and Windows mobile-Powered device

 Enables transfer of Outlook information, MS Office documents, pictures, music, videos and
applications

 Active sync can synchronize directly with MS Exchange Sever so that the user can keep their
E-Mails, calendar, notes and contacts updated wirelessly.

2. Authentication Service Security

Two components of security in mobile computing:

 Security of Devices

 Security in Networks

o Involves mutual authentication between the device and the base station/ servers.

o Ensures that only authenticated devices can be connected to the network

o Hence, no malicious code can impersonate the service provider to trick the device.

Eminent kinds of attacks on mobile devices:

 Push attacks

 Pull attacks

 Crash attack

3. Cryptography Security

 Cryptographically Generated Address (CGA)

 CGA is IPv6: generated by hashing owner’s public-key address

 The address owner uses the corresponding private key to assert address ownership and to
sign messages sent from the address without a Public-Key Infrastructure(PKI)

 CGA-based Authentication can be used to protect IP-Layer signaling protocols

 Also used in key –exchange and create an IPSec security association for encryption and data
authentication

4. Lightweight Directory Access protocol(LADP) Security

 LDAP is a software protocol for enabling anyone to locate individuals, organizations and
other resources like files and devices on the network

 LDAP is light weight version of Directory Access Protocol(DAP) since it does not include
security features in its initial version.

 It originated at the University of Michigan

 Endorsed by atleast 40 companies

 Centralized directories such as LDAP make revoking permissions quick and easy.

5. Remote Access Server(RAS) security

https://www.ninjaone.com/it-hub/remote-access/what-is-a-remote-access-server/

 RAS is important for protecting business sensitive data that may reside on the employee’s
mobile devices.

 Vulnerable to unauthorized access : resulting in providing a route into the systems with
which they connect

o By impersonating or masquerading to these systems, a cracker is able to steal data or

compromise corporate systems in other ways.

 Another threat is by port scanning: DNS server- locate IP address- scan the port on this IP
address that are unprotected.

 Precautions: a personal firewall

6. Media Player Control Security

 Potential security attacks on mobile devices through the “music gateways”

 Windows media player: MS warned about security loop holes

 Corrupt files posing as normal music and video files

o May open a website from where the Javascript can be operated.

o Allow attacker to download and use the code on user’s machine

o Create buffer overrun errors.

7. Network Application Program Interface (API) security

  Development of various API’s to enable software and hardware developers to write single
applications to target multiple security platforms

2. Vishing Attack PPT

ANS) Vishing is a combined form of “Voice + Phishing”. Most of the time a

war dialer is used or an automated recording is being played over the call but
the active involvement of human operators has also been reported. It
uses “Caller ID Spoofing“ to convince the victim that the call is from a
legitimate source.
Example: Imagine a scenario where you receive a phone call saying that your
bank account has been compromised or there is something wrong with your
credit card. Immediately after that, an SMS pops up instructing to call a
specific telephone number. And when you make a call, they ask you to enter
your bank account details/credit card information to look into the matter. This
is where Vishing comes into the picture.
Examples of a vishing call:
 Fraud customer care asking your OTP and CVV.
 Fraud delivery services asking for your address and personal
information practicing an active reconnaissance.

Common types of Vishing:

 Fake computer tech support asking to remotely access the PC to fix

certain problems.
 Phishing under the mask of government agencies or banks.
 Fake cash winning information asking for the credit card details.
 Fake contest/prize-winning.
Preventive Measures:

 Never ever provide any confidential data over the phone or SMS.
 Do not call the number provided in any SMS. Instead, try to directly
contact the concerned legitimate source from which it appears to have
come.
 Think twice before receiving an unknown call.

3. Encrypting Organizational Databases

ANS) Organizational Measures for Handling Mobile Device-Related Security Issues

 Encrypting Organizational Databases

1. Critical and sensitive data resides on databases

 2. To protect organization’s data loss, such databases need encryption.

3. Algorithms used to implement strong encryption of database files

a. Rijndael AES – Block Cipher

b. Multi-Dimensional Space Rotation(MDSR)

4. Not to store the key on mobile device

 Including Mobile Devices in Security Strategy

1. Implement strong asset management, virus checking, loss prevention and other controls
for mobile systems that will prohibit unauthorized access and the entry of corrupted
data.

2. Investigate alternatives that allow a secure access to the company information through a
firewall, such as mobile VPNs.

3. Develop a system of more frequent and thorough security audits for mobile devices.

4. Incorporate security awareness into your mobile training and support programs so that
everyone understands just how important an issue security is within a company’s overall
IT strategy.

5. Notify the appropriate law-enforcement agency and change passwords. User accounts
are closely monitored for any unusual activity for a period of time.

5.Protecting data on lost Devices

ANS)

 Encrypting sensitive data

  Encrypting entire file system

 Encrypting servers: third party solutions

 Create a database action to delete the entire data on the user’s device

 Always use a strong password or passcode to restrict access to your device.

 Enable biometric authentication such as Face ID or Touch ID anytime your device
supports it.
 Turn on “Find My” or similar device tracking features that let you locate, lock, or
erase your device remotely if it is lost or stolen.
 Regularly backup your data to a secure cloud service or an external drive.
 Encrypt the data on your device (and on your backups).
 Install anti-theft and antivirus software on your device (and make sure you download
updates regularly or enable automatic updates)
 Avoid connecting work devices to public or unsecured Wi-Fi networks and always
use a VPN when browsing online.
 Enable Stolen Device Protection on your iPhone if you have iOS 17.3 or later (this
feature requires biometric authentication and time delays for certain actions when
your device is away from familiar locations).

6.Social media marketing: security risks and perils for organization

ANS) Social Media Marketing: Security Risks and Perils for Organizations

Usage of social media sites by large business-to-business (B2B) organizations (Fig. 4):

1. Facebook is used by 37% of the organizations.

2. LinkedIn is used by 36% of the organizations.

3. Twitter is used by 36% of the organizations.

4. YouTube is used by 22% of the organizations.

5. MySpace is used by 6% of the organizations.

Understanding Social Media Marketing

Most typical reasons why social media marketing is used to promote their products and services:

1. To be able to reach to a larger target audience.

2. To increase traffic to their website coming from other social media websites.

3. To reap other potential revenue benefits and to minimize advertising costs.

4. To build credibility by participating in relevant product promotion forums and responding to

potential customers’ questions immediately.

5. To collect potential customer profiles.

The Organizational Best Practices

1. Organization-wide information systems security policy

2. configuration/change control and management

 3. risk assessment and management

4. standardized software configurations that satisfy the information systems security policy

5. security awareness and training

6. contingency planning, continuity of operations and disaster recovery planning

7. certification and accreditation

7. Digital forensics investigation and Digital evidences

ANS) Digital Forensics Investigation and Digital Evidences

 Quality and availability of evidence is a passive aspect of the DFI.

 Cybercriminals are known to exploit the fact that investigation is costly and takes time.
 Real-life situations show that half an hour of attacker time requires an average investigation
time of 48 hours!

Digital evidence could:

 Help manage the impact of some important business risks.

 Support a legal defense.
 Support a claim to IPR.
 Show that due care (or due diligence) was taken in a particular process.
 Verify the terms of a commercial transaction.
 Lend support to internal disciplinary actions.

Key factors that affect evidence preservation and investigation time:

 1. How logging is done

 2. What is logged
 3. IDS under use
 4. Forensics acquisition (of the evidence)
 5. Evidence handling

8. Organizational implications of Software piracy (IPR Violation)

ANS) Organizational Implications of Software Piracy (IPR Violation)

 Software piracy is an IPR violation crime.

 Use of pirated software increases serious threats and risks of cybercrime and computer
security. Violation of copyright laws (pirated software).
 Knowing use is also a criminal offense under the Act.
 Use of unlicensed software (pirated software) should be discouraged.
 Vulnerability of non genuine computer software (see Fig. 3). The spread of this virus can be
partly attributed to the lack of automatic security updates for unlicensed software.
 Organizations should track software licenses to ensure that only genuine copies are used and
that the number of installations is not more than the allowed number by establishing a
software license tracker tool.
1. Mishimg

ANS)

Variants of Mishing

 Vishing : Mishing attacker makes call for phishing

 Smishing: Mishing attacker sends SMS for phishing
2. Hacking Bluetooth

ANS)

Common attacks

 Bluejacking
 Bluesnarfing
 Bluebugging
 Car whishperer

3. Bluejacking

ANS)

 Bluejacking is the sending of unrequested messages over Bluetooth to Bluetooth-enabled

devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically
contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-
enabled device .
 Bluejacking is also known as bluehacking.
 Bluejacking exploits a basic Bluetooth feature that allows devices to send messages to
contacts within range.
 Bluejacking is harmless
4. Bluesnarfing

ANS)

 Bluesnarfing is the unauthorized access of information from a wireless device through a

Bluetooth connection, often between phones, desktops, laptops, and PDAs (personal digital
assistant.).
 This allows access to a calendar, contact list, emails and text messages, and on some phones,
users can copy pictures and private videos.
 Both Bluesnarfing and Bluejacking exploit others' Bluetooth connections without their
knowledge.
 While Bluejacking is essentially harmless as it only transmits data to the target device,
Bluesnarfing is the theft of information from the target device.

5. Cost of Cyber crimes

ANS)

The consequences of cybercrimes and their associated costs:

1. Information loss/data theft (highest – 42%).

2. Business disruption (22%).
3. Damages to equipment, plant and property (13%).
4. Loss of revenue and brand tarnishing (13%).
5. Other costs (10%).

6. Security and Privacy Implications from Cloud Computing

ANS) Security and Privacy Implications from Cloud Computing

• There are data privacy risks associated with cloud computing.

• Basically, putting data in the cloud may impact privacy rights, obligations and status.
• There is much legal uncertainty about privacy rights in the cloud.
• Organizations should think about the privacy scenarios in terms of “user spheres.”

7. Incident Response System

ANS)

“Incident response,” “incident handling” and “incident management” have a relationship among
them. Incidents include but are not limited to the following list:

1. Loss of computing devices

2. Detection or discovery of a program agent

3. Detection or discovery of unauthorized users, or users with privileges in excess of authorized

privileges

4. Detection or discovery of critical or widespread vulnerabilities, or mis-configuration

Why to Have Incident Response Systems?

 Rising number of threats in the cyberspace.

 Strong need for instituting incident response management systems in organization.
 Cyber attacks frequently cause the compromise of personal and business data.
 Real incidents involving viruses, worms, Trojan Horses, Spyware and other forms of Malicious
Code.

Incident Response Team Work, Capabilities and Structure

 An active coordination and management role needs to be created.

 Incident response team needs to be formed.
 Staffing the incident response team is a tricky issue.
 Team success is about skills, competencies, capabilities and training.
 teams with inadequate skills will not work.