UNIT V

Introduction and Overview of Cyber crime

 Cybercrime is criminal activity that either targets or uses a computer, a computer network or a
networked device.
 Most, but not all, cybercrime is committed by cybercriminals or hackers who want to make money.
Cybercrime is carried out by individuals or organizations.
 Some cybercriminals are organized, use advanced techniques and are highly technically skilled. Others are novice
hackers.
 Rarely, cybercrime aims to damage computers for reasons other than profit. These could be political or
personal.

Most cybercrime falls under two main categories:

 Criminal activity that targets
 Criminal activity that uses computers to commit other crimes.

Cybercrime that targets computers often involves viruses and other types of malware.
Cybercriminals may infect computers with viruses and malware to damage devices or stop them working. They may
also use malware to delete or steal data.
Cybercrime that stops users using a machine or network, or prevents a business providing a software service
to its customers, is called a Denial-of-Service (DoS) attack.
Cybercrime that uses computers to commit other crimes may involve using computers or networks to spread malware,
illegal information or illegal images.
Sometimes cybercriminals conduct both categories of cybercrime at once. They may target computers with viruses first.
Then, use them to spread malware to other machines or throughout a network.
Cybercriminals may also carry out what is known as a Distributed-Denial-of-Service (DDos) attack. This is similar to a
DoS attack but cybercriminals use numerous compromised computers to carry it out.

Nature and Scope of Cyber crime

Nature – Cyber crime is Transnational in nature. These crimes are committed without being physically present at the crime
location. These crimes are committed in the im-palpable world of computer networks.
To commit such crimes the only thing a person needs is a computer which is connected with the internet. With the advent
of lightening fast internet, the time needed for committing the cybercrime is decreasing.
The cyberspace, being a boundary-less world has become a playground of the perpetrators where they commit crimes and
remain conspicuously absent from the site of crime. It is an Open challenge to the law which derives its lifeblood
from physical proofs and evidence.
The cybercrime has spread to such proportion that a formal categorization of this crime is no more possible. Every single
day gives birth to a new kind of cybercrime making every single effort to stop it almost a futile exercise.
Identification possess major challenge for cybercrime. One thing which is common it comes to identification part in
cybercrime is Anonymous identity. It is quite an easy task to create false identity and commit crime over internet using
that identity. Cybercrime being technology driven evolves continuously and ingeniously making it difficult for cyber
investigators in finding solution related to cyber law crimes. Crimes committed over internet are very different in nature
when compared to the physical world. In crimes relating to cyber space there is nothing sort of physical foot prints,
tangible traces or objects to track cyber criminals down. Cybercrimes possess huge amount complications when it comes
to investigation. There can be scenario where crimes committed over internet involve two or more different places in
completely different direction of the world. This complicates the jurisdictional aspect of crimes relating to internet.

Scope – Cybercrime can be basically categorized into three parts:

 Cybercrimes against persons.
 Cybercrimes against property.
 Cybercrimes against government.
Cybercrimes against persons - Cybercrimes committed against persons include various crimes like transmission of
child-pornography, harassment of any one with the use of a computer such as e-mail. The trafficking, distribution,
posting, and dissemination of obscene material including pornography and indecent exposure, constitutes one of the most
important Cybercrimes known today. The potential harm of such a crime to humanity can hardly be amplified.

Cybercrimes against property - The second category of Cyber-crimes is that of Cybercrimes against all forms of
property. These crimes include computer vandalism (destruction of others' property), transmission of harmful
programmes.

Cybercrimes against government - The third category of Cyber-crimes relate to Cybercrimes against Government.
Cyber terrorism is one distinct kind of crime in this category. The growth of internet has shown that the medium of
Cyberspace is being used by individuals and groups to threaten the international governments as also to terrorize the
citizens of a country. This crime manifests itself into terrorism when an individual "cracks" into a government or military
maintained website.

Types of cybercrime
Here are some specific examples of the different types of cybercrime:
 Email and internet fraud - Email fraud (or email scam) is intentional deception for either personal gain or to
damage another individual by means of email. Internet fraud is the use of Internet services or software with
Internet access to defraud victims or to otherwise take advantage of them.
 Identity fraud (where personal information is stolen and used) - is the use by one person of another person's
personal information, without authorization, to commit a crime or to deceive or defraud that other person or a
third person.
 Theft of financial or card payment data - The purpose may be to obtain goods or services, or to make
payment to another account which is controlled by a criminal.
 Theft and sale of corporate data - Data theft is the act of stealing information stored on corporate databases,
devices, and servers. This form of corporate theft is a significant risk for businesses of all sizes and can originate
both inside and outside an organization.
 Cyberextortion (demanding money to prevent a threatened attack) - Cyberextortion is a crime
involving an attack or threat of an attack coupled with a demand for money or some other response in return for
stopping or remediating the attack.
Cyberextortion attacks start with a hacker gaining access to an organization's systems and seeking points of
weakness or targets of value. While ransomware attacks can be automated through malware spread by email,
infected websites or ad networks, these attacks tend to spread indiscriminately, and they may result in only a
small percentage of victims paying the extortionists. More targeted attacks can produce less collateral damage
while providing more lucrative targets for the extortion attempt.
 Ransomware attacks (a type of cyberextortion) - Ransomware is a type of malicious software
(malware) that threatens to publish or blocks access to data or a computer system, usually by encrypting it, until
the victim pays a ransom fee to the attacker. In many cases, the ransom demand comes with a deadline. If the
victim doesn’t pay in time, the data is gone forever.
 Cryptojacking (where hackers mine cryptocurrency using resources they do not own) - Cryptojacking
is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting
the victim to click on a malicious link in an email that loads cryptomining code on the computer, or by infecting
a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.
 Cyberespionage (where hackers access government or company data) - Cyber espionage is a form of cyber
attack that steals classified, sensitive data or intellectual property to gain an advantage over a competitive company
or government entity.

Drug Trafficking
Drug traffickers generally use encrypted messaging tools to build communications with drug mules. There have been
several instances of dark web site, such as the site ‘Silk Road’ was a notorious online marketplace
for drugs, before it was shut down by law enforcement. It got reopened again under new management, but got shut down
again later on. Another site emerged later on with the same name just to use the brand value.

A big example of drug trafficking by way of cyber crime would be cyber attack on the port Antwerp of Belgium
by 2011 - 2013. It was reported that hackers were hired by drug traffickers with the objective of breaching the IT systems
which used to control the movements and location of the containers. Even in a police raid earlier, large amount of drugs,
cash, along with several equipments for computer hacking were seized. Several persons were charged as well. It was
reported by the prosecutors that a Netherlands based trafficking group had hid drugs like cocaine and other in several
legitimate cargo containers. At the same time the hackers group was in function at the computer networks of Antwerp
port. They could access the secure data with regard to the location and security details of the containers, and by a few
methods stole their marked cargo before the legitimate owner arrived. The suspicion first arose when the containers
were found to be disappearing from the port without any reasonable explanation. It was found that hackers had used
malicious softwares to e-mail the staffs and access data remotely. Even after the initial breach was discovered and a firewall
was created to prevent any attacks, the attackers were reported to have entered the premises and installed key-loggers into
the computers.

To take any measure to prevent illegal drug trafficking is not that easy, and when at the same time it happens by way of
cyber crimes, it becomes more difficult, as cyberspace has no limits. Drug trade is international in nature, and law
enforcement agencies are not always effective because of the wide and complex nature of cyber attackers. However,
since the profit of drug trafficking and cyber crimes are equally big, mere one or two arrests here and there won’t bode
any measure. International laws and partnerships across nations will have to be strong. One nation should help another
in case of investigation or extradition of a criminal to the other. Overall, to neutralise drug trafficking by cyber crimes
one nation’s law is never sufficient. These are the places where United Nations, or INTERPOL can come up with some
measures.

Cyber Terrorism
 Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, loss of life or significant
bodily harm, in order to achieve political or ideological gains through threat or intimidation.
 It is also sometimes considered an act of Internet terrorism where terrorist activities, including acts of deliberate,
large-scale disruption of computer networks, especially of personal computers attached to the Internet by means
of tools such as computer viruses, computer worms, phishing, and other malicious software and hardware
methods and programming scripts.
 Cyberterrorism is a controversial term. Some authors opt for a very narrow definition, relating to deployment
by known terrorist organizations of disruption attacks against information systems for the primary purpose of
creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes
cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a
violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are
cyberterrorism or cybercrime.
 Cyberterrorism can be also defined as the intentional use of computers, networks, and public internet to cause
destruction and harm for personal objectives.
 Experienced cyberterrorists, who are very skilled in terms of hacking can cause massive damage to government
systems, hospital records, and national security programs, which might leave a country, community or organization
in turmoil and in fear of further attacks. The objectives of such terrorists may be political or ideological since this
can be considered a form of terror.
 There is much concern from government and media sources about potential damage that could be caused by
cyberterrorism, and this has prompted efforts by government agencies such as the Federal Bureau of Investigations
(FBI) and the Central Intelligence Agency (CIA) to put an end to cyber- attacks and cyberterrorism.
 Conceptually, its use for this purpose falls into three categories: (i)
weapon of mass destruction;
(ii) weapon of mass distraction; and
(iii) weapon of mass disruption
Need of Information Security
Information system means to consider available countermeasures or controls stimulated through uncovered
vulnerabilities and identify an area where more work is needed. The purpose of data security management is to make
sure business continuity and scale back business injury by preventing and minimising the impact of security incidents. The
basic principle of Information Security is:
 Confidentially
 Authentication
 Non-Repudiation
 Integrity

The need for Information security:

1. Protecting the functionality of the organisation: The decision maker in organisations must set policy and operates
their organisation in compliance with the complex, shifting legislation, efficient and capable applications.
2. Enabling the safe operation of applications: The organisation is under immense pressure to acquire and operates
integrated, efficient and capable applications. The modern organisation needs to create an environment that
safeguards application using the organisations IT systems, particularly those application that serves as important
elements of the infrastructure of the organisation.
3. Protecting the data that the organisation collects and use: Data in the organisation can be in two
forms that are either in rest or in motion, the motion of data signifies that data is currently used or processed by
the system. The values of the data motivated the attackers to seal or corrupts the data. This is essential for the
integrity and the values of the organisation’s data. Information security ensures protection od both data in motion
as well as data in rest.
4. Safeguarding technology assets in organisations: The organisation must add intrastate services based on
the size and scope of the organisation. Organisational growth could lead to the need for public key infrastructure,
PKI an integrated system of the software, encryption methodologies. The information security mechanism
used by the large organisation is complex in comparison to a small organisation. The small organisation generally
prefers symmetric key encryption of data.

Threats to Information Systems

In Information Security threats can be many like Software attacks, theft of intellectual property, identity theft, theft of
equipment or information, sabotage, and information extortion.

Threat can be anything that can take advantage of a vulnerability to breach security and negatively alter, erase, harm
object or objects of interest.

Software attacks means attack by Viruses, Worms, Trojan Horses etc. Many users believe that malware, virus,
worms, bots are all same things. But they are not same, only similarity is that they all are malicious software that behave
differently.

Malware is a combination of 2 terms- Malicious and Software. So Malware basically means malicious software
that can be an intrusive program code or a anything that is designed to perform malicious operations on system. Malware
can be divided in 2 categories:
1. Infection Methods
2. Malware Actions

Malware on the basis of Infection Method are following:

1. Virus – They have the ability to replicate themselves by hooking them to the program on the host computer
like songs, videos etc and then they travel all over the Internet. Ther Creeper Virus was first detected on ARPANET.
Examples include File Virus, Macro Virus, Boot Sector Virus, Stealth Virus etc.
2. Worms – Worms are also self replicating in nature but they don’t hook themselves to the program on
host computer. Biggest difference between virus and worms is that worms are network aware. They can easily
travel from one computer to another if network is available and on the target machine they
 will not do much harm, they will for example consume hard disk space thus slowing down the
computer.
3. Trojan – The Concept of Trojan is completely different from the viruses and worms. The name Trojan derived
from the ‘Trojan Horse’ tale in Greek mythology, which explains how the Greeks were able to enter the fortified
city of Troy by hiding their soldiers in a big wooden horse given to the Trojans as a gift. The Trojans were very
fond of horses and trusted the gift blindly. In the night, the soldiers emerged and attacked the
city from the inside. Their purpose is to conceal themselves inside the software that seem
legitimate and when that software is executed they will do their task of either stealing information or any other
purpose for which they are designed.
They often provide backdoor gateway for malicious programs or malevolent users to enter your system and steal
your valuable data without your knowledge and permission. Examples include FTP Trojans, Proxy Trojans,
Remote Access Trojans etc.
4. Bots –: can be seen as advanced form of worms. They are automated processes that are designed to interact over
the internet without the need of human interaction. They can be good or bad. Malicious bot can infect one host
and after infecting will create connection to the central server which will provide commands to all infected
hosts attached to that network called Botnet.

Malware on the basis of Actions:

1. Adware – Adware is not exactly malicious but they do breach privacy of the users. They display ads on computer’s
desktop or inside individual programs. They come attached with free to use software, thus main source of revenue
for such developers. They monitor your interests and display relevant ads. An attacker can embed malicious
code inside the software and adware can monitor your system activities and can even compromise your
machine.
2. Spyware – It is a program or we can say a software that monitors your activities on computer and reveal
collected information to interested party. Spyware are generally dropped by Trojans, viruses or worms. Once
dropped they installs themselves and sits silently to avoid detection. One of the most common
examples of spyware is KEYLOGGER. The basic job of keylogger is to record user keystrokes with timestamp.
Thus, capturing interesting information like username, passwords, credit card details etc.
3. Ransomware – It is type of malware that will either encrypt your files or will lock your computer making it
inaccessible either partially or wholly. Then a screen will be displayed asking for money i.e., ransom in
exchange.
4. Scareware – It masquerades as a tool to help fix your system but when the software is executed it will infect your
system or completely destroy it. The software will display a message to frighten you and force to take some action
like pay them to fix your system.
5. Rootkits – are designed to gain root access or we can say administrative privileges in the user system.
Once gained the root access, the exploiter can do anything from stealing private files to private data.
6. Zombies – They work similar to Spyware. Infection mechanism is same but they don’t spy and steal information
rather they wait for the command from hackers.
 Theft of intellectual property means violation of intellectual property rights like copyrights, patents
etc.
 Identity theft means to act someone else to obtain person’s personal information or to access vital information
they have like accessing the computer or social media account of a person by login into the account by using
their login credentials.
 Theft of equipment and information is increasing these days due to the mobile nature of devices and increasing
information capacity.
 Sabotage means destroying company’s website to cause loss of confidence on part of its customer.
 Information extortion means theft of company’s property or information to receive payment in exchange.
For example, ransomware may lock victims file making them inaccessible thus forcing victim to make
payment in exchange. Only after payment victim’s files will be unlocked.
Information Assurance
Information Assurance concerns implementation of methods that focused on protecting and safeguarding critical
information and relevant information systems by assuring confidentiality, integrity, availability, and non-repudiation. It is
strategic approach focused which focuses more on deployment of policies rather than building infrastructures.

Information Assurance Model:

The security model is multidimensional model based on four dimensions :
1. Information States – Information is referred to as interpretation of data which can be found in three states stored,
processed, or transmitted.
2. Security Services – It is fundamental pillar of the model which provides security to system and consists of
five services namely availability, integrity, confidentiality, authentication, and non- repudiation.
3. Security Countermeasures – This dimension has functionalities to save system from immediate vulnerability
by accounting for technology, policy & practice, and people.
4. Time – This dimension can be viewed in many ways. At any given time, data may be available offline or online,
information and system might be in flux thus, introducing risk of unauthorized access. Therefore, in every
phase of System Development Cycle, every aspect of Information Assurance model must be well defined and
well implemented in order to minimize risk of unauthorized access.

Information States:
1. Transmission – It defines time wherein data is between processing steps.
Example: In transit over networks when user sends email to reader, including memory and storage
encountered during delivery.
2. Storage –It defines time during which data is saved on medium such as hard drive.
Example: Saving document on file server’s disk by user.
3. Processing – It defines time during which data is in processing state.
Example: Data is processed in random access memory (RAM) of workstation.

Security Services:
1. Confidentiality – It assures that information of system is not disclosed to unauthorized access and is read and
interpreted only by persons authorized to do so. Protection of confidentiality prevents malicious access and
accidental disclosure of information. Information that is considered to be confidential is called as sensitive
information. To ensure confidentiality data is categorized into different categories according to damage
severity and then accordingly strict measures are taken.
 Example: Protecting email content to read by only desired set of users. This can be insured by data encryption.
Two-factor authentication, strong passwords, security tokens, and biometric verification are some popular norms
for authentication users to access sensitive data.
2. Integrity – It ensures that sensitive data is accurate and trustworthy and can not be created, changed, or deleted
without proper authorization. Maintaining integrity involves modification or destruction of information by
unauthorized access.
To ensure integrity backups should be planned and implemented in order to restore any affected data
in case of security breach. Besides this cryptographic checksum can also be used for verification of data.
Example: Implementation of measures to verify that e-mail content was not modified in transit. This can be
achieved by using cryptography which will ensure that intended user receives correct and accurate information.
3. Availability – It guarantees reliable and constant access to sensitive data only by authorized users. It involves
measures to sustain access to data in spite of system failures and sources of interference.
To ensure availability of corrupted data must be eliminated, recovery time must be sped up and physical
infrastructure must be improved.
Example: Accessing and throughput of e-mail service.
4. Authentication – It is security service that is designed to establish validity of transmission of message by
verification of individual’s identity to receive specific category of information.
To ensure availability of various single factors and multi-factor authentication methods are used. A single factor
authentication method uses single parameter to verify users’ identity whereas two-factor authentication uses
multiple factors to verify user’s identity.
Example: Entering username and password when we log in to website is example of authentication. Entering
correct login information lets website verify our identity and ensures that only we access sensitive information.
5. Non-Repudiation – It is
mechanism to ensure sender or receiver cannot deny fact that they are part of data transmission. When sender
sends data to receiver, it receives delivery confirmation. When receiver receives message, it has all
information attached within message regarding sender.
Example: A common example is sending SMS from one mobile phone to another. After message is received
confirmation message is displayed that receiver has received message. In return, message received by receiver
contains all information about sender.

Security Countermeasures:
1. People – People are heart of information system. Administrators and users of information systems must follow
policies and practice for designing good system. They must be informed regularly regarding information
system and ready to act appropriately to safeguard system.
2. Policy & Practice – Every organization has some set of rules defined in form of policies that must be
followed by every individual working in organization. These policies must be practiced in order to properly handle
sensitive information whenever system gets compromised.
3. Technology – Appropriate technology such as firewalls, routers, and intrusion detection must be used
in order to defend system from vulnerabilities, threats. The technology used must facilitate quick response
whenever information security gets compromised.

Cyber Security
Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from
malicious attacks. It's also known as information technology security or electronic information security. The term applies
in a variety of contexts, from business to mobile computing, and can be divided into a few common categories.
 Network security is the practice of securing a computer network from intruders, whether targeted attackers
or opportunistic malware.
 Application security focuses on keeping software and devices free of threats. A compromised application
could provide access to the data its designed to protect. Successful security begins in the design stage, well before
a program or device is deployed.
  Information security protects the integrity and privacy of data, both in storage and in transit.
 Operational security includes the processes and decisions for handling and protecting data assets.
The permissions users have when accessing a network and the procedures that determine how and where
data may be stored or shared all fall under this umbrella.
 Disaster recovery and business continuity define how an organization responds to a cyber-security incident or
any other event that causes the loss of operations or data. Disaster recovery policies dictate how the organization
restores its operations and information to return to the same operating capacity as before the event. Business
continuity is the plan the organization falls back on while trying to operate without certain resources.
 End-user education addresses the most unpredictable cyber-security factor: people. Anyone can accidentally
introduce a virus to an otherwise secure system by failing to follow good security
practices. Teaching users to delete suspicious email attachments, not plug-in unidentified USB drives,
and various other important lessons is vital for the security of any organization.

Security Risk analysis

Risk analysis refers to the review of risks associated with the particular action or event. The risk analysis is applied to
information technology, projects, security issues and any other event where risks may be analysed based on a quantitative
and qualitative basis. Risks are part of every IT project and business organizations. The analysis of risk should be
occurred on a regular basis and be updated to identify new potential threats. The strategic risk analysis helps to minimize
the future risk probability and damage.

Enterprise and organization used risk analysis:

 To anticipates and reduce the effect of harmful results occurred from adverse events.
 To plan for technology or equipment failure or loss from adverse events, both natural and human- caused.
 To evaluate whether the potential risks of a project are balanced in the decision process when
evaluating to move forward with the project.
 To identify the impact of and prepare for changes in the enterprise environment.

Benefits of risk analysis

Every organization needs to understand about the risks associated with their information systems to effectively and
efficiently protect their IT assets. Risk analysis can help an organization to improve their security in many ways. These
are:
 Concerning financial and organizational impacts, it identifies, rate and compares the overall impact of risks related
to the organization.
 It helps to identify gaps in information security and determine the next steps to eliminate the risks of security.
 It can also enhance the communication and decision-making processes related to information security.
 It improves security policies and procedures as well as develop cost-effective methods for implementing
information security policies and procedures.
 It increases employee awareness about risks and security measures during the risk analysis process and
understands the financial impacts of potential security risks.

Steps in the risk analysis process

The basic steps followed by a risk analysis process are:
1. Conduct a risk assessment survey: Getting the input from management and department heads is critical to
the risk assessment process. The risk assessment survey refers to begin documenting the specific risks or threats
within each department.
2. Identify the risks: This step is used to evaluate an IT system or other aspects of an organization to identify the
risk related to software, hardware, data, and IT employees. It identifies the possible adverse events that could occur
in an organization such as human error, flooding, fire, or earthquakes.
3. Analyse the risks: Once the risks are evaluated and identified, the risk analysis process should analyse each risk
that will occur, as well as determine the consequences linked with each risk. It also determines how they
might affect the objectives of an IT project.
 4. Develop a risk management plan: After analysis of the Risk that provides an idea about which assets are valuable
and which threats will probably affect the IT assets negatively, we would develop a plan for risk management to
produce control recommendations that can be used to mitigate, transfer, accept or avoid the risk.
5. Implement the risk management plan: The primary goal of this step is to implement the measures to remove
or reduce the analyses risks. We can remove or reduce the risk from starting with the highest priority and resolve
or at least mitigate each risk so that it is no longer a threat.
6. Monitor the risks: This step is responsible for monitoring the security risk on a regular basis for
identifying, treating and managing risks that should be an essential part of any risk analysis process.

Types of Risk Analysis

The essential number of distinct approaches related to risk analysis are:
Qualitative Risk Analysis
 The qualitative risk analysis process is a project management technique that prioritizes risk on the project by
assigning the probability and impact number. Probability is something a risk event will occur whereas impact
is the significance of the consequences of a risk event.
 The objective of qualitative risk analysis is to assess and evaluate the characteristics of individually
identified risk and then prioritize them based on the agreed-upon characteristics.
 The assessing individual risk evaluates the probability that each risk will occur and effect on the project objectives.
The categorizing risks will help in filtering them out.
 Qualitative analysis is used to determine the risk exposure of the project by multiplying the probability and impact.
Quantitative Risk Analysis
 The objectives of performing quantitative risk analysis process provide a numerical estimate of the overall
effect of risk on the project objectives.
 It is used to evaluate the likelihood of success in achieving the project objectives and to estimate contingency
reserve, usually applicable for time and cost.
 Quantitative analysis is not mandatory, especially for smaller projects. Quantitative risk analysis helps in
calculating estimates of overall project risk which is the main focus.
Unauthorized access to computers

Unauthorized computer access, popularly referred to as hacking, describes a criminal action whereby someone uses a
computer to knowingly gain access to data in a system without permission to access that data.

Computer Intrusion
Computer intrusions occur when someone tries to gain access to any part of your computer system. Computer intruders or
hackers typically use automated computer programs when they try to compromise a computer’s security. There are several
ways an intruder can try to gain access to your computer. They can:
1. Access your computer to view, change, or delete information on your computer.
2. Crash or slow down your computer.
3. Access your private data by examining the files on your system.
4. Use your computer to access other computers on the Internet.

Computer Viruses and Malicious codes

Viruses –
 A virus is a computer code or program, which is capable of affecting your computer data badly by
corrupting or destroying them.
 Computer virus has the tendency to make its duplicate copies at a swift pace, and also spread it across every
folder and damage the data of your computer system.
 A computer virus is actually a malicious software program or "malware" that, when infecting your system,
replicates itself by modifying other computer programs and inserting its own code.
 Infected computer programs may include data files, or even the "boot" sector of the hard drive.

Ways a virus can affect your computer system. The ways are mentioned below −
 By downloading files from the Internet.
 During the removable of media or drives.
 Through pen drive.
 Through e-mail attachments.
 Through unpatched software & services.
 Through unprotected or poor administrator passwords.

Impact of Virus
Let us now see the impact of virus on your computer system −
 Disrupts the normal functionality of respective computer system.
 Disrupts system network use.
 Modifies configuration setting of the system.
 Destructs data.
 Disrupts computer network resources.
 Destructs of confidential data.

Malicious Code - is the kind of harmful computer code or web script designed to create system vulnerabilities leading to
back doors, security breaches, information and data theft, and other potential damages to files and computing systems. It's
a type of threat that may not be blocked by antivirus software on its own. Malware specifically refers to malicious software,
but malicious code includes website scripts that can exploit vulnerabilities in order to upload malware.
It is an auto-executable application that can activate itself and take on various forms, including Java Applets, ActiveX
controls, pushed content, plug-ins, scripting languages or other programming languages that are designed to enhance Web
pages and email.
The code gives a cybercriminal unauthorized remote access to the attacked system — called an application back door
— which then exposes sensitive company data. By unleashing it, cybercriminals can even wipe out a computer's data or
install spyware.
Internet Hacking and Cracking
Hacking is the activity of identifying weaknesses in a computer system or a network to exploit the security to gain access
to personal data or business data. An example of computer hacking can be: using a password cracking algorithm to gain
access to a computer system.
Computers have become mandatory to run a successful business. It is not enough to have isolated computers systems; they
need to be networked to facilitate communication with external businesses. This exposes them to the outside world and
hacking. System hacking means using computers to commit fraudulent acts such as fraud, privacy invasion, stealing
corporate/personal data, etc. Cybercrimes cost many organizations millions of dollars every year. Businesses need to
protect themselves against such attacks.

A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain access.
Hackers are usually skilled computer programmers with knowledge of computer security.

Hackers are classified according to the intent of their actions. The following list classifies types of hackers according to
their intent:
 Ethical Hacker (White hat): A security hacker who gains access to systems with a view to fix the identified
weaknesses. They may also perform penetration Testing and vulnerability assessments.
 Cracker (Black hat): A hacker who gains unauthorized access to computer systems for personal gain.
The intent is usually to steal corporate data, violate privacy rights, transfer funds from bank accounts etc.
 Grey hat: A hacker who is in between ethical and black hat hackers. He/she breaks into computer systems
without authority with a view to identify weaknesses and reveal them to the system owner.
 Script kiddies: A non-skilled person who gains access to computer systems using already made tools.
 Hacktivist: A hacker who use hacking to send social, religious, and political, etc. messages. This is usually
done by hijacking websites and leaving the message on the hijacked website.
 Phreaker: A hacker who identifies and exploits weaknesses in telephones instead of computers.

Cracking
 Cracking is a technique used to breach computer software or an entire computer security system, and with
malicious intent.
 Cracking is when someone performs a security hack for criminal or malicious reasons, and the person is
called a “cracker.” Just like a bank robber cracks a safe by skilfully manipulating its lock, a cracker breaks into a
computer system, program, or account with the aid of their technical wizardry.
 it’s always with the aim of doing something naughty when you’re there: stealing data, impersonating someone,
or even just using paid software for free.

Some common types of cracking:

 Password cracking - is the act of obtaining a password from stored data. Most common password cracking
methods.
 Brute force cracking: The cracking algorithm outputs random strings of characters until it gets a
match.
 Dictionary cracking: It’s similar to brute-force cracking, but rather than using random characters,
dictionary cracking limits itself to actual words.
 Rainbow table cracking: A rainbow table uses precomputed hash values to figure out the encryption
used to hash a password.
 Software cracking - is when someone alters a piece of software to disable or entirely remove one or more of its
features. Most software cracking uses at least one of the following tools or techniques:
 Keygen: Short for “key generator,” a keygen is a program a cracker builds to generate valid serial
numbers for a software product.
 Patch: Patches are small bits of code that modify existing programs. Developers release patches
for software all the time. Crackers can make them too, and when they do, the patch’s job is to alter the
way the program works by removing the unwanted features.
  Loader: A loader’s job is to block the software’s protection measures as the software starts up.
Some loaders bypass copy protections, while others are popular with gamers who enjoy cheating
in online multiplayer games.
 Network cracking - is when someone breaks through the security of a LAN, or “local area network.”
Cracking a wired network requires a direct connection, but cracking a wireless network is much more convenient,
because the cracker just needs to be close to the wireless signal. A common example of a wireless LAN is the Wi-
Fi system in your home.

Viruses and Worms

1. Worms: Worms is similar to virus but it does not modify the program. It replicate itself more and more to cause slow
down the computer system. Worms can be controlled by remote. The main objective of worms to eat the system resources.
2. Virus: A virus is a malicious executable code attached to another executable file which can be harmless or
can modify or delete data. When the computer program runs attached with virus it perform some action such as deleting
a file from the computer system. Virus can’t be controlled by remote.

Difference between Worms and Virus :

S.No. WORMS VIRUS
A Worm is a form of malware that replicates itself A Virus is a malicious executable code attached to
1. and can spread to different computers via Network. another executable file which can be harmless or can
modify or delete data.
The main objective of worms to eat the system The main objective of virus is to modify the
2.
resources. information.
It doesn’t need a host to replicate from one
3. It require host is needed for spreading.
computer to another.
4. It is less harmful as compared. It is more harmful.
Worms can be detected and removed by the Antivirus software are used for protection against
5.
Antivirus and firewall. viruses.
6. Worms can be controlled by remote. Virus can’t be controlled by remote.
7. Worms are executed via weaknesses in system. Viruses are executed via executable files.
Morris Worm, Storm Worm and SQL Slammer are Resident and Non -resident viruses are two types of
8.
some of the examples of worms. Virus.
9. It does not needs human action to replicate. It needs human action to replicate.
10. Its spreading speed is faster. Its spreading speed is slower as compared.

Software Piracy
Software piracy is the act of stealing software that is legally protected. This stealing includes copying, distributing,
modifying or selling the software.
Copyright laws were originally put into place so that the people who develop software (programmers, writers, graphic
artists, etc.) would get the proper credit and compensation for their work. When software piracy occurs, compensation
is stolen from these copyright holders.

Types of Software Piracy

There are five main types of software piracy.
 Softlifting - is when someone purchases one version of the software and downloads it onto multiple computers,
even though the software license states it should only be downloaded once. This often occurs in business or
school environments and is usually done to save money. Softlifting is the most common type of software piracy.
 Client-server overuse - is when too many people on a network use one main copy of the program at the same
time. This often happens when businesses are on a local area network and download the
 software for all employees to use. This becomes a type of software piracy if the license doesn’t entitle you to
use it multiple times.
 Hard disk loading - is a type of commercial software piracy in which someone buys a legal version of the
software and then reproduces, copies or installs it onto computer hard disks. The person then sells the product.
This often happens at PC resale shops and buyers aren’t always aware that the additional software they are buying
is illegal.
 Counterfeiting - occurs when software programs are illegally duplicated and sold with the appearance of
authenticity. Counterfeit software is usually sold at a discounted price in comparison to the legitimate
software.
 Online Piracy - also known as Internet piracy, is when illegal software is sold, shared or acquired by means of
the Internet. This is usually done through a peer-to-peer (P2P) file-sharing system, which is
usually found in the form of online auction sites and blogs.

The Dangers of Software Piracy

Software piracy may have a cheaper price point, but there are many dangers that software pirates should be aware of.
Consequences of software piracy are:
 Increased chances that the software will malfunction or fail
 Forfeited access to support for the program such as training, upgrades, customer support and bug fixes
 No warranty and the software can’t be updated
 Increased risk of infecting your PC with malware, viruses or adware
 Slowed down PC
 Legal repercussions due to copyright infringement

Intellectual property Rights

Intellectual property rights are the legal rights that cover the privileges given to individuals who are the owners and inventors
of a work, and have created something with their intellectual creativity. Individuals related to areas such as literature,
music, invention, etc., can be granted such rights, which can then be used in the business practices by them.
The creator/inventor gets exclusive rights against any misuse or use of work without his/her prior information. However,
the rights are granted for a limited period of time to maintain equilibrium.

Types of Intellectual Property Rights

Intellectual Property Rights can be further classified into the following categories −
 Copyright
 Patent
 Patent
 Trade Secrets, etc.
Advantages of Intellectual Property Rights
Intellectual property rights are advantageous in the following ways −
 Provides exclusive rights to the creators or inventors.
 Encourages individuals to distribute and share information and data instead of keeping it confidential.
 Provides legal defense and offers the creators the incentive of their work.
 Helps in social and financial development.

Intellectual Property in Cyber Space

 Every new invention in the field of technology experiences a variety of threats. Internet is one such threat,
which has captured the physical marketplace and have converted it into a virtual marketplace.
 To safeguard the business interest, it is vital to create an effective property management and protection mechanism
keeping in mind the considerable amount of business and commerce taking place in the Cyber Space.
 Today it is critical for every business to develop an effective and collaborative IP management mechanism
and protection strategy. The ever-looming threats in the cybernetic world can thus be monitored and confined.
 Various approaches and legislations have been designed by the law-makers to up the ante in delivering a secure
configuration against such cyber-threats. However, it is the duty of the intellectual property right (IPR) owner
to invalidate and reduce such mala fide acts of criminals by taking proactive measures.

Mail Bombs
An email bomb is an attack against an email inbox or server designed to overwhelm an inbox or inhibit the server’s normal
function, rendering it unresponsive, preventing email communications, degrading network performance, or causing
downtime. The intensity of an email bomb can range from an inconvenience to a complete denial of service. Typically,
these attacks persist for hours or until the targeted inbox or server implements a mitigation tactic to filter or block the
attacking traffic. Such attacks can be carried out intentionally or unintentionally by a single actor, group of actors, or
a botnet.

There are five common email bomb techniques:

1. Mass mailing – intentionally or unintentionally sending large quantities of random email traffic to targeted
email addresses. This attack is often achieved using a botnet or malicious script, such as by the automated filling
out of online forms with the target email inserted as the requesting/return address.
2. List linking – signing targeted email addresses up for numerous email subscriptions, which indirectly flood the
email addresses with subscribed content. Many subscription services do not ask for verification, but if they do
these emails can be used as the attack emails. This type of attack is difficult to prevent because the traffic originates
from multiple legitimate sources.
3. ZIP bomb – sending very large compressed archive files to an email address, which when decompressed,
consume available server resources to damage performance.
4. Attachment – sending multiple emails with large attachments designed to overload the storage space on a server
and cause the server to stop responding.
5. Reply-all – responding “Reply All” to large dissemination lists instead of just to the original sender.
This inundates inboxes with a cascade of emails, which are compounded by automated replies, such as out-of-
office messages. These are often accidental in nature. This can also occur when a malicious actor spoofs an email
address and the automatic replies are directed toward the spoofed address.

Effects of Mail Bombs

Email bombs can create denial of service conditions that may impede election offices from conducting routine or election
day activities. For example, a successful email bomb may inhibit election offices from accessing inboxes for citizen
engagement, voter registration, or other services. The impact of such an attack is highly likely to compound if occurring
around polling or registration dates. Additionally, cyber actors sometimes use email bomb attacks to mask other malicious
activity, distract users, or prevent the regular flow of notifications associated with critical or abnormal account activity.
Exploitation
An exploit is a code that takes advantage of a software vulnerability or security flaw. It is written either by security
researchers as a proof-of-concept threat or by malicious actors for use in their operations. When used, exploits allow an
intruder to remotely access a network and gain elevated privileges, or move deeper into the network.
In some cases, an exploit can be used as part of a multi-component attack. Instead of using a malicious file, the exploit
may instead drop another malware, which can include backdoor Trojans and spyware that can steal user information from
the infected systems.

Common types of computer exploit

 Known exploits - When someone discovers a software vulnerability, they’ll often alert the software’s developer,
who can then fix the vulnerability immediately with a security patch. They may also spread the word about the
vulnerability on the internet to warn others. Either way, the developer will (hopefully) be able to respond
and repair the vulnerability before an exploit can take advantage of it.
 Zero-day exploits (unknown exploits) - Sometimes, exploits catch everyone by surprise. When a hacker
discovers a vulnerability and immediately creates an exploit for it, it’s called a zero-day exploit
— because the exploit attack happens on the same day the vulnerability is found. At that point, the developer has
known about the vulnerability for “zero days.”
 Hardware exploits - While software exploits get most of the media attention, they’re not the only types of
exploits out there. Sometimes, hackers can exploit flaws in the physical hardware (and its firmware) in your
device.

Stalking and Obscenity in Internet

Cyberstalking
 Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, group, or
organization. It may include false accusations, defamation, slander and libel. It may also include monitoring,
identity theft, threats, vandalism, solicitation for sex, or gathering information that may be used to threaten,
embarrass or harass.
 Cyberstalking is often accompanied by real time or offline stalking. In many jurisdictions, such as
California, both are criminal offenses. Both are motivated by a desire to control, intimidate or influence a victim. A
stalker may be an online stranger or a person whom the target knows. They may be anonymous and solicit
involvement of other people online who do not even know the target.
 Cyberstalking is a criminal offense under various state anti-stalking, slander and harassment laws. A
conviction can result in a restraining order, probation, or criminal penalties against the assailant, including jail.

Cyberstalking can take many forms, including:

1. harassment, embarrassment and humiliation of the victim
2. emptying bank accounts or other economic control such as ruining the victim's credit score
3. harassing family, friends and employers to isolate the victim
4. scare tactics to instil fear and more

Key factors in cyberstalking:

 False accusations
 Attempts to gather information about the victim
 Monitoring their target's online activities and attempting to trace their IP address in an effort to gather more
information about their victims.
 Encouraging others to harass the victim
 False victimization
 Attacks on data and equipment
 Arranging to meet
 The posting of defamatory or derogatory statements
Obscenity in Internet
Obscenity refers to a narrow category of pornography that violates contemporary community standards and has no
serious literary, artistic, political or scientific value. For adults at least, most pornography — material of a sexual nature
that arouses many readers and viewers — receives constitutional protection. However, two types of pornography receive
no First Amendment protection: obscenity and child pornography. Sometimes, material is classified as “harmful to minors”
(or obscene as to minors), even though adults can have access to the same material.

Password Cracking
 Password cracking techniques are used to recover passwords from the data that have stored in or
transmitted by computer systems.
 Attackers use password-cracking techniques to gain unauthorized access to the vulnerable system.
 Most of the password cracking techniques are successful due to weak or easily guessable passwords.
 Password cracking may use to recover the forgot password of any user to help him/her to recover the password.

Types of Password Attacks

 Non-Technical Attacks – The attacker need not possess the technical knowledge to crack the password,
hence known as a non-technical attack.
These types of attacks involve the following terms:
 Shoulder Surfing - is the technique that we need to do when we are in contact with that person, Basically,
we guess the password by seeing their hands moving or his/her shoulder movements.
 Social Engineering - is one of the best concepts in the non-technical attacks. Social Engineering
is to collect more and more information about the target to get or guess the password by direct
contact or indirectly.
 Dumpster Diving - In the dumpster diving technique we try to collect info about passwords through
the dump of that person’s office or from home. Sometimes it really works too good.
 Active Online Attack -
 Dictionary Attack - is loaded into the cracking application that runs against user accounts.
 Brute Forcing Attack - The program tries every combination of characters until the password is broken.
 Rule-Based Attack - This attack is used when the attacker gets some information about the password.
 Password Guessing - The attacker crates a list of all possible passwords from the information collected
through social engineering or any other way and tries them manually on the victim’s machine to crack
the passwords.
 Trojan/Spyware/Keylogger - The attacker installs Trojan/Spyware/Keylogger on the victim’s machine
to collect the victim’s user names and passwords. Trojan/Spyware/Keylogger runs in the background and
sends back all user credentials to the attacker.
 Hash Injection Attack - allows an attacker to inject a compromised hash into a local session and use
the hash to validate network resources. The attacker finds and extracts a logged on
domain admin account hash. The attacker uses the extracted hash to log on to the domain
controller.
 Passive Online Attacks -
 Wire Sniffing - Attackers run packet sniffer tools on the local area network (LAN) to access and record
the raw network traffic. The captured data may include sensitive information such as passwords (FTP,
login sessions, etc.) and emails. Sniffed credentials are used to gain unauthorized access to the target
system.
 Man-in-the-Middle and Replay Attack - Gain access to the communication channels: In a MITM
attack, the attacker acquires access to the communication channels between victim and server to extract
the information. Use Sniffer: In a replay attack, packets and authentication tokens are captured using a
sniffer. After the relevant into is extracted, the tokens are placed back on the network to gain access.
  Default Password - A default password is a password supplied by the manufacturer with new equipment
(switches, hubs, routers) that is password protected. Attackers use default passwords in the list of words or
dictionary that they use to perform password guessing attack.
 Offline Attack -
 Rainbow Table Attack - is a precomputed table that contains word lists like dictionary files and brute force
lists and their hash values. Capture the hash of passwords and compare them with the precomputed hash
table. If a match is found then the password is cracked.

Steganography
Steganography is the technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid
detection; the secret data is then extracted at its destination.

Use of Steganography
There are many ways to conceal information using Steganography. The most common method is by embedding
information into digital images. We all know that digital images say, a JPEG image, contains several megabytes of
data in the form of pixels. This allows some room for someone to embed steganographic information within the digital
file. With the use of steganographic applications, a hacker alters the least significant bits of the data file and embeds
a malicious code into the image. Once the targeted user downloads and opens the image file in their computer, the malware
is activated. Depending on its programming, the malware can now open a leeway for the attacker to gain control over the
user’s device or network. The danger of Steganography is that the difference between the original image and the
steganographic image is subtle and the two cannot be distinguished by the naked eye.

3 Techniques used in Steganography

1. Least Significant Bit - In this Steganography method, the attacker identifies the least significant bits of
information in the carrier image and substitutes it with their secret message, in this case, malicious code. When
the target downloads the carrier file, they introduce the malware into their computer which allows the attacker
access to this device and the hack begins. Cybersecurity professionals commonly use sandboxes to detect
these corrupt files. However, black hat hackers have invented various methods of bypassing sandboxes like
sleep patching. Sleep patched malware is not easily detected by the sandbox since it poses as benign and buys
time while studying the timing artifacts of the sandbox and executes when the sandbox is vulnerable.
2. Palette Based Technique - This technique also uses digital images as malware carriers. Here, the attackers
first encrypt the message and then hide it in a stretched palette of the cover image. Even though this technique
can carry a limited amount of data, it frustrates threat hunters since the malware is encrypted and takes a
lot of time to decrypt.
3. Secure Cover Selection - This is a very complex technique where the cyber criminals compare the blocks of
the carrier image to the blocks of their specific malware. If an image with the same blocks as the malware is
found, it is chosen as the candidate to carry the malware. The identical malware blocks are then carefully fitted
into the carrier image. The resulting image is identical to the original and the worst part is that this image is not
flagged as a threat by detection software and applications.

These are just but a few methods by which black hat hackers frustrate ethical hackers using Steganography. Steganography
allows attackers to operate in stealth mode while conducting a serious attack. Most of these attacks are zero-day exploits
which give threat hunters sleepless nights. Some preventive measures against Steganography include the deployment of
security patches, updating software, and educating end-users.

Key loggers and spyware

Keylogger –
 Keyloggers are a serious threat to users and the users' data, as they track the keystrokes to intercept passwords
and other sensitive information typed in through the keyboard. This gives hackers the benefit of access to
PIN codes and account numbers, passwords to online shopping sites, email ids, email logins, and other confidential
information, etc.
  When the hackers get access to the users' private and sensitive information, they can take advantage of the
extracted data to perform online money transaction the user's account. Keyloggers can sometimes be used
as a spying tool to compromise business and state-owned company's data.
 The main objective of keyloggers is to interfere in the chain of events that happen when a key is pressed and when
the data is displayed on the monitor as a result of a keystroke.
 A keylogger can be done by introducing a wiring or a hardware bug in the keyboard, to achieve video surveillance;
terminating input and/or output; or by also implementing the use of a filter driver in the keyboard stack; and
demanding data from the user's keyboard using generalized documented methods.
There are two other rootkit methods used by hackers: masking in kernel mode and masking in user mode.

Types of Keyloggers
Keylogger tools are mostly constructed for the same purpose. But they’ve got important distinctions in terms of the
methods they use and their form factor.
Here are the two forms of keyloggers
1. Software keyloggers
2. Hardware keyloggers

Software Keyloggers - Software keyloggers are computer programs that install onto your device’s hard drive. Common
keylogger software types may include:
 API-based keyloggers directly eavesdrop between the signals sent from each keypress to the program you’re
typing into. Application programming interfaces (APIs) allow software developers and hardware
manufacturers to speak the same “language” and integrate with each other. API keyloggers quietly intercept
keyboard APIs, logging each keystroke in a system file.
 “Form grabbing”-based keyloggers eavesdrop all text entered into website forms once you send it to the
server. Data is recorded locally before it is transmitted online to the web server.
 Kernel-based keyloggers work their way into the system’s core for admin-level permissions. These loggers can
bypass and get unrestricted access to everything entered in your system.

Hardware Keyloggers - Hardware keyloggers are physical components built-in or connected to your device. Some
hardware methods may be able to track keystrokes without even being connected to your device. For brevity, we’ll include
the keyloggers you are most likely to fend against:
 Keyboard hardware keyloggers can be placed in line with your keyboard’s connection cable or built into the
keyboard itself. This is the most direct form of interception of your typing signals.
 Hidden camera keyloggers may be placed in public spaces like libraries to visually track keystrokes.
 USB disk-loaded keyloggers can be a physical Trojan horse that delivers the keystroke logger malware
once connected to your device.

Prevention from Keystroke logging

 Always read your terms of service or any contracts before accepting.
 Install internet security software on all your devices.
 Make sure your security programs are updated on the latest threats.
 Don’t leave your mobile and computer devices unsupervised.
 Keep all other device software updated.
 Do not use unfamiliar USB drives or external hard drives.

Spyware
 Spyware is a broad category of malware designed to secretly observe activity on a device and send those
observations to a snooper. That data can be used to track your activity online and that information can be sold to
marketers.
 Spyware can also be used to steal personal information, such as account passwords and credit card numbers,
which can result in identity theft and fraud.
  Spyware is unwanted software that infiltrates your computing device, stealing your internet usage data and sensitive
information.
 Spyware is classified as a type of malware — malicious software designed to gain access to or damage your
computer, often without your knowledge. Spyware gathers your personal information and relays it to advertisers,
data firms, or external users.

Types of spyware
Spyware can take a number of forms. They include:
 Adware: It eyes your online activity and displays ads it thinks you'll be interested in based on that information.
Although benign compared to some other forms of spyware, adware can have an impact on the performance of
a device, as well as just being annoying.
 Tracking cookies: They're similar to adware, although they tend to be less intrusive.
 Trojans: After landing on a device, they look for sensitive information, such as bank account information,
and send it to a seedy third-party who will use it to steal money, compromise accounts or make fraudulent
purchases. They can also be used to gain control of a computer through the installation of a backdoor or a remote
access Trojan (RAT).
 Keyloggers: They allow a miscreant to capture every keystroke from your keyboard, including the
keystrokes you use when you log into your online accounts.
 Stalkerware: It's typically installed on a mobile phone so the owner of the phone can be tracked by a third party.
For example, during the trial of Joaquín “El Chapo” Guzmán, it was revealed the drug kingpin installed spyware
on the phones of his wife, associates and female friends so he could read their text messages, listen to their
conversations and follow their movements.
 Stealware: It's crafted to take advantage of online shopping sites awarding credits to websites that send traffic
to their product pages. When a user goes to one of those sites, stealware intercepts the request and takes credit for
sending the user there.
 System monitors: They record everything that's happening on a device—from keystrokes, emails and
chat room dialogs to websites visited, programs launched, and phone calls made—and send it to a snoop or
cyber-criminal. They can also monitor a system's processes and identify any vulnerabilities on it.

Prevention from spyware

Here are four main steps to help prevent spyware.
 Don’t open emails from unknown senders.
 Don’t download files from untrustworthy sources.
 Don’t click on pop-up advertisements.
 Use reputable antivirus software.

Spyware can be harmful, but it can be removed and prevented by being cautious and using an antivirus tool. If you’ve
been infected with spyware, take steps to remove it. Be proactive by changing your passwords and notifying your bank
to watch for fraudulent activity.

Trojan and backdoors

 A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software.
 Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems.
 Users are typically tricked by some form of social engineering into loading and executing Trojans on their
systems.
 Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor
access to your system. These actions can include:
 Deleting data
 Blocking data
 Modifying data
 Copying data
 Disrupting the performance of computers or computer networks
 Unlike computer viruses and worms, Trojans are not able to self-replicate.
Trojan and its impact
 Backdoor - A backdoor Trojan gives malicious users remote control over the infected computer. They enable the
author to do anything they wish on the infected computer – including sending, receiving, launching and deleting
files, displaying data and rebooting the computer. Backdoor Trojans are often used to unite a group of victim
computers to form a botnet or zombie network that can be used for criminal purposes.
 Exploit - are programs that contain data or code that takes advantage of a vulnerability within application
software that’s running on your computer.
 Rootkit - are designed to conceal certain objects or activities in your system. Often their main purpose is to prevent
malicious programs being detected – in order to extend the period in which programs can run on an infected
computer.
 Trojan-Banker - programs are designed to steal your account data for online banking systems, e- payment
systems and credit or debit cards.
 Trojan-Downloader - can download and install new versions of malicious programs onto your computer
– including Trojans and adware.

Protection against Trojan

Here are some dos and don’ts to help protect against Trojan malware. First, the dos:
 Computer security begins with installing and running an internet security suite. Run periodic diagnostic
scans with your software. You can set it up so the program runs scans automatically during regular intervals.
 Update your operating system’s software as soon as updates are made available from the software company.
Cybercriminals tend to exploit security holes in outdated software programs. In addition to operating system
updates, you should also check for updates on other software that you use on your computer.
 Protect your accounts with complex, unique passwords. Create a unique password for each account using a
complex combination of letters, numbers, and symbols.
 Keep your personal information safe with firewalls.
 Back up your files regularly. If a Trojan infects your computer, this will help you to restore your data.
 Be careful with email attachments. To help stay safe, scan an email attachment first.

A lot of things you should do come with a corresponding thing not to do — like, do be careful with email
attachments and don’t click on suspicious email attachments. Here are some more don’ts.
 Don’t visit unsafe websites. Some internet security software will alert you that you’re about to visit an unsafe site,
such as Norton Safe Web.
 Don’t open a link in an email unless you’re confident it comes from a legitimate source. In general, avoid
opening unsolicited emails from senders you don’t know.
 Don’t download or install programs if you don’t have complete trust in the publisher.
 Don’t click on pop-up windows that promise free programs that perform useful tasks.
 Don’t ever open a link in an email unless you know exactly what it is.

Phishing
 Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone
posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable
information, banking and credit card details, and passwords.
 The information is then used to access important accounts and can result in identity theft and financial loss.
 Phishing is an example of social engineering techniques used to deceive users. Users are lured by
communications purporting to be from trusted parties such as social networking websites, auction sites, banks,
mails/messages from friends or colleagues/executives, online payment systems or IT administrators.

Types of phishing
 Spear phishing - Phishing attempts directed at specific individuals or companies
  Catphishing and catfishing - is a type of online deception that involves getting to know someone closely in
order to gain access to information or resources, usually in the control of the mark, or to otherwise get control over
the conduct of the target.
 Clone phishing - is a type of phishing attack whereby a legitimate, and previously delivered, email containing
an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or
cloned email.
 Voice phishing - uses fake caller-ID data to give the appearance that calls come from a trusted organization.
 SMS phishing - or smishing uses cell phone text messages to deliver the bait to induce people to divulge
their personal information.

Prevention against Phishing

 To protect against spam mails, spam filters can be used. Generally, the filters assess the origin of the message,
the software used to send the message, and the appearance of the message to determine if it’s spam. Occasionally,
spam filters may even block emails from legitimate sources, so it isn’t always
100% accurate.
 The browser settings should be changed to prevent fraudulent websites from opening. Browsers keep a list of
fake websites and when you try to access the website, the address is blocked or an alert message is shown. The
settings of the browser should only allow reliable websites to open up.
 Many websites require users to enter login information while the user image is displayed. This type of system may
be open to security attacks. One way to ensure security is to change passwords on a regular basis, and never use the
same password for multiple accounts. It’s also a good idea for websites to use a CAPTCHA system for added
security.
 Banks and financial organizations use monitoring systems to prevent phishing. Individuals can report
phishing to industry groups where legal actions can be taken against these fraudulent websites.
Organizations should provide security awareness training to employees to recognize the risks.
 Changes in browsing habits are required to prevent phishing. If verification is required, always contact the company
personally before entering any details online.
 If there is a link in an email, hover over the URL first. Secure websites with a valid Secure Socket
Layer (SSL) certificate begin with “https”. Eventually all sites will be required to have a valid SSL.

DOS Attack
 A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible
to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that
triggers a crash. In both instances, the DoS attack deprives legitimate users (i.e., employees, members, or account
holders) of the service or resource they expected.
 Victims of DoS attacks often target web servers of high-profile organizations such as banking, commerce,
and media companies, or government and trade organizations. Though DoS attacks do not typically result in the
theft or loss of significant information or other assets, they can cost the victim a great deal of time and money to
handle.
 A denial-of-service (DoS) attack is a type of cyber attack in which a malicious actor aims to render a computer
or other device unavailable to its intended users by interrupting the device's normal functioning.
 DoS attacks typically function by overwhelming or flooding a targeted machine with requests until normal
traffic is unable to be processed, resulting in denial-of-service to addition users.
 A DoS attack is characterized by using a single computer to launch the attack.

There are two general methods of DoS attacks: flooding services or crashing services.
Flood attacks occur when the system receives too much traffic for the server to buffer, causing them to slow down and
eventually stop.
Popular flood attacks include:
 Buffer overflow attacks – the most common DoS attack. The concept is to send more traffic to a network
address than the programmers have built the system to handle. It includes the attacks listed
 below, in addition to others that are designed to exploit bugs specific to certain applications or networks
 ICMP flood – leverages misconfigured network devices by sending spoofed packets that ping every computer
on the targeted network, instead of just one specific machine. The network is then triggered to amplify the traffic.
This attack is also known as the smurf attack or ping of death.
 SYN flood – sends a request to connect to a server, but never completes the handshake. Continues until all
open ports are saturated with requests and none are available for legitimate users to connect to.

Other DoS attacks simply exploit vulnerabilities that cause the target system or service to crash. In these attacks,
input is sent that takes advantage of bugs in the target that subsequently crash or severely destabilize the system, so that
it can’t be accessed or used.

Protection from DoS attack

A general rule: The earlier you can identify an attack-in-progress, the quicker you can contain the damage. Here are
some things you can do.
 Method 1: Get help recognizing attacks - Companies often use technology or anti-DDoS services to help defend
themselves. These can help you recognize between legitimate spikes in network traffic and a DDoS attack.
 Method 2: Contact your Internet Service provider - If you find your company is under attack, you should
notify your Internet Service Provider as soon as possible to determine if your traffic can be rerouted. Having a
backup ISP is a good idea, too. Also, consider services that can disperse the massive DDoS traffic among a network
of servers. That can help render an attack ineffective.
 Method 3: Investigate black hole routing - Internet service providers can use “black hole routing.” It directs
excessive traffic into a null route, sometimes referred to as a black hole. This can help prevent the targeted website
or network from crashing. The drawback is that both legitimate and illegitimate traffic is rerouted in the same
way.
 Method 4: Configure firewalls and routers - Firewalls and routers should be configured to reject bogus traffic.
Remember to keep your routers and firewalls updated with the latest security patches.
 Method 5: Consider front-end hardware - Application front-end hardware that’s integrated into the network
before traffic reaches a server can help analyze and screen data packets. The hardware classifies the data
as priority, regular, or dangerous as they enter a system. It can also help block threatening data.

DDOS Attack
 A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted
server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet
traffic.
 DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack
traffic. Exploited machines can include computers and other networked resources such as IoT devices.
 From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular
traffic from arriving at its destination.

Working
 DDoS attacks are carried out with networks of Internet-connected machines.
 These networks consist of computers and other devices (such as IoT devices)which have been infected with
malware, allowing them to be controlled remotely by an attacker. These individual devices are referred to as bots
(or zombies), and a group of bots is called a botnet.
 Once a botnet has been established, the attacker is able to direct an attack by sending remote instructions
to each bot.
  When a victim’s server or network is targeted by the botnet, each bot sends requests to the target’s IP address,
potentially causing the server or network to become overwhelmed, resulting in a denial-of- service to normal
traffic.
 Because each bot is a legitimate Internet device, separating the attack traffic from normal traffic can be difficult.

Identification of DDOS Attack

The most obvious symptom of a DDoS attack is a site or service suddenly becoming slow or unavailable. But since a
number of causes — such a legitimate spike in traffic — can create similar performance issues, further investigation is
usually required. Traffic analytics tools can help you spot some of these telltale signs of a DDoS attack:
 Suspicious amounts of traffic originating from a single IP address or IP range
 A flood of traffic from users who share a single behavioral profile, such as device type, geolocation, or web
browser version
 An unexplained surge in requests to a single page or endpoint
 Odd traffic patterns such as spikes at odd hours of the day or patterns that appear to be unnatural (e.g. a spike
every 10 minutes)

Types of DDOS attack

 Application layer attacks - Sometimes referred to as a layer 7 DDoS attack (in reference to the 7th layer of the
OSI model), the goal of these attacks is to exhaust the target’s resources to create a denial- of-service. The attacks
target the layer where web pages are generated on the server and delivered in response to HTTP requests. A single
HTTP request is computationally cheap to execute on the client side, but it can be expensive for the target server
to respond to, as the server often loads multiple files and runs database queries in order to create a web page. Layer
7 attacks are difficult to defend against, since it can be hard to differentiate malicious traffic from legitimate
traffic.
 Protocol attacks - also known as a state-exhaustion attacks, cause a service disruption by over- consuming
server resources and/or the resources of network equipment like firewalls and load balancers. Protocol
attacks utilize weaknesses in layer 3 and layer 4 of the protocol stack to render the target inaccessible.
 Volumetric attacks - This category of attacks attempts to create congestion by consuming all available bandwidth
between the target and the larger Internet. Large amounts of data are sent to a target by using a form of
amplification or another means of creating massive traffic, such as requests from a botnet.
 Fragmentation Attacks - are another common form of a DDoS attack. The cybercriminal exploits
vulnerabilities in the datagram fragmentation process, in which IP datagrams are divided into smaller packets,
transferred across a network, and then reassembled. In Fragmentation attacks, fake data packets unable to be
reassembled, overwhelm the server.

Protection from DDOS attack

Method 1: Take quick action
Method 2: Configure firewalls and routers
Method 3: Consider artificial intelligence
Method 4: Secure your Internet of Things devices

SQL Injection
 SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend
database manipulation to access information that was not intended to be displayed. This information may
include any number of items, including sensitive company data, user lists or private customer details.
 The impact SQL injection can have on a business is far-reaching.
 A successful attack may result in the unauthorized viewing of user lists, the deletion of entire tables and, in
certain cases, the attacker gaining administrative rights to a database, all of which are highly detrimental to a
business.
  When calculating the potential cost of an SQLi, it’s important to consider the loss of customer trust should
personal information such as phone numbers, addresses, and credit card details be stolen.
 While this vector can be used to attack any SQL database, websites are the most frequent targets.

Types of SQL Injections

SQL injections typically fall under three categories: In-band SQLi (Classic), Inferential SQLi (Blind) and Out- of-band
SQLi. You can classify SQL injections types based on the methods they use to access backend data and their damage
potential.

In-band SQLi - The attacker uses the same channel of communication to launch their attacks and to gather their results.
In-band SQLi’s simplicity and efficiency make it one of the most common types of SQLi attack. There are two sub-
variations of this method:
 Error-based SQLi—the attacker performs actions that cause the database to produce error messages.
The attacker can potentially use the data provided by these error messages to gather information about the structure
of the database.
 Union-based SQLi—this technique takes advantage of the UNION SQL operator, which fuses
multiple select statements generated by the database to get a single HTTP response. This response may contain
data that can be leveraged by the attacker.

Inferential (Blind) SQLi - The attacker sends data payloads to the server and observes the response and behavior of
the server to learn more about its structure. This method is called blind SQLi because the data is not transferred from the
website database to the attacker, thus the attacker cannot see information about the attack in-band.
Blind SQL injections rely on the response and behavioral patterns of the server so they are typically slower to execute but
may be just as harmful. Blind SQL injections can be classified as follows:
 Boolean—that attacker sends a SQL query to the database prompting the application to return a result.
The result will vary depending on whether the query is true or false. Based on the result, the information
within the HTTP response will modify or stay unchanged. The attacker can then work out if the message generated
a true or false result.
 Time-based—attacker sends a SQL query to the database, which makes the database wait (for a period in seconds)
before it can react. The attacker can see from the time the database takes to respond, whether a query is true
or false. Based on the result, an HTTP response will be generated instantly or after a waiting period. The attacker
can thus work out if the message they used returned true or false, without relying on data from the database.

Out-of-band SQLi - The attacker can only carry out this form of attack when certain features are enabled on the database
server used by the web application. This form of attack is primarily used as an alternative to the in-band and inferential
SQLi techniques.
Out-of-band SQLi is performed when the attacker can’t use the same channel to launch the attack and gather information,
or when a server is too slow or unstable for these actions to be performed. These techniques count on the capacity of the
server to create DNS or HTTP requests to transfer data to an attacker.

SQL Injection Prevention Techniques

 Input validation - The validation process is aimed at verifying whether or not the type of input submitted
by a user is allowed. Input validation makes sure it is the accepted type, length, format, and so on. Only the value
which passes the validation can be processed. It helps counteract any commands inserted in the input string.
 Parametrized queries - are a means of pre-compiling an SQL statement so that you can then supply the
parameters in order for the statement to be executed. This method makes it possible for the database to recognize
the code and distinguish it from input data.
 Stored procedures - require the developer to group one or more SQL statements into a logical unit to create an
execution plan. Subsequent executions allow statements to be automatically parameterized. Simply put, it is a
type of code that can be stored for later and used many times.
  Escaping - Always use character-escaping functions for user-supplied input provided by each database
management system (DBMS). This is done to make sure the DBMS never confuses it with the SQL statement
provided by the developer.
 Avoiding administrative privileges - Don't connect your application to the database using an account with
root access. This should be done only if absolutely needed since the attackers could gain access to the whole
system.
 Web application firewall - A WAF operating in front of the web servers monitors the traffic which goes
in and out of the web servers and identifies patterns that constitute a threat. Essentially, it is a barrier put
between the web application and the Internet.

CLOUD SECURITY

What is Cloud Security Architecture?

Cloud security starts with a cloud security architecture. An organization should first understand its current cloud security
posture, and then plan the controls and cloud security solutions it will use to prevent and mitigate threats. This planning is
critical to secure hyper-complex environments, which may include multiple public clouds, SaaS and PaaS services, on-
premise resources, all of which are accessed from both corporate and unsecured personal devices.

Why Do You Need a Cloud Security Architecture?

As organizations become more dependent on the cloud, they must also place a bigger focus on security. Most off-network
data flows through cloud-based services, yet many of these cloud services are used without any security planning. The use
of cloud service providers and multiple personal devices makes it difficult for companies to view and control data flows.
Cloud collaboration bypasses ordinary network control measures. Access to sensitive data on unmanaged personal devices
presents a major risk.

Security and risk management experts find it difficult to gain visibility over a complex mix of devices, networks and
clouds. These network security mosaics, fraught with hidden vulnerabilities, are an invitation for attackers to attempt
breaches. Many cloud service providers do not provide detailed information about their internal environment, and many
common internal security controls cannot be directly converted to a public cloud.

For all these reasons, organizations need to think about cloud security as a new challenge, and build a cloud security
architecture that will help them adequately secure this complex environment.

Cloud Security Architecture Patterns

The right pattern can help you implement security across your organization. For example, it can help you protect the CIA
(confidentiality, integrity, and availability) of your cloud data assets, as well as respond to security threats. You can
implement security controls directly, or use security controls as a service offered by your cloud provider or third-party
vendors. The cloud security architecture model is usually expressed in terms of:

• Security controls—which can include technologies and processes. Controls should take into account the location of each
service—company, cloud provider, or third party.

• Trust boundaries—between the different services and components deployed on the Cloud • Standard interfaces and
security protocols—such as SSL, IPSEC, SFTP, LDAPS, SSH, SCP,SAML, OAuth, etc.)

• Techniques used for token management—authentication, and authorization

• Encryption methods including algorithms like 128-bit AES, Triple DES, RSA, Blowfish.

• Security event logging—ensuring all relevant security events are captured, prioritized, and delivered to security
teams.Each security control should be clearly defined using the following attributes:

• Service function—what is the service’s role? For example, encryption, authorization,

event data collection.

Logical location—public cloud service, third party service, or on-premises. Location affects performance, availability,
firewall policies, and service management.

• Protocol—what protocol is used to access the service? For example, REST, HTTPS, SSH.

• Input/Output – what does the service receive and what is it expected to deliver? For example, input is a JSON feed and
output is the same feed with encrypted payload data.
• Control mechanisms—what types of control does the service achieve? For example, data at rest protection, user
authentication, application authentication.

• Users and operators—who operates or benefits from the service? For example, endpoint devices, end users, business
managers, security analysts.

Cloud Computing Security Architectural elements:

The cloud security architecture model differs depending on the type of cloud service: IaaS (Infrastructure as a Service),
PaaS (Platform as a Service), or SaaS (Software as a Service). Below we explain different security considerations for each
model.

IaaS Cloud Computing Security Architecture

IaaS provides storage and network resources in the cloud. It relies heavily on APIs to help manage and operate the cloud.
However, cloud APIs are often not secure, because they are open and easily accessible from the web.

The cloud service provider (CSP) is responsible for securing the infrastructure
and abstraction layer used to access the resources. Your organization's security obligations cover the rest of the layers,
mainly containing the business applications. To better visualize cloud network security issues, deploy a Network Packet
Broker (NPB) in an IaaS environment. The NPB sends traffic and data to a Network Performance Management (NPM)
system, and to the relevant security tools. In addition, establish logging of events occurring on network endpoints.

IaaS cloud deployments require the following additional security features:

• Network segmentation
• Intrusion Detection System and Intrusion Prevention System (IDS/IPS)
• Virtual firewalls placed in front of web applications to protect against malicious code, and at the edge of the cloud
network
• Virtual routers

SaaS Cloud Computing Security Architecture

SaaS services provide access to software applications and data through a browser. The specific terms of security
responsibility may vary between services, and are sometimes up for negotiation with the service provider. Cloud Access
Security Brokers (CASB) offers logging, auditing, access control and encryption capabilities that can be critical when
investigating security issues in a SaaS product. In addition, make sure your SaaS environment has:
• Logging and alerting
• IP whitelists and/or blacklists
• API gateways, in case the service is accessed via API

PaaS Cloud Computing Security Architecture

PaaS platforms enable organizations to build applications without the overhead and complexity associated with managing
hardware and back-end software. In a PaaS model, the CSP protects most of the environment. However, the company is
still responsible for the security of the applications it is developing. Therefore, a PaaS security architecture is similar to a
SaaS model. Ensure you have CASP, logging and alerting, IP restrictions and an API gateway to ensure secure internal
and external access to your application’s APIs.

CLOUD SECURITY ARCHITECTURE:

A cloud security architecture (also sometimes called a “cloud computing security architecture”) is defined by the security
layers, design, and structure of the platform, tools, software, infrastructure, and best practices that exist within a cloud
security solution. A cloud security architecture provides the written and visual model to define how to configure and secure
activities and operations within the cloud, including such things as identity and access management; methods and controls
to protect applications and data; approaches to gain and maintain visibility into compliance, threat posture, and overall
security; processes for instilling security principles into cloud services development and operations; policies and
governance to meet compliance standards; and physical infrastructure security components.

Cloud security, in general, refers to the protection of information, applications, data, platforms, and infrastructure that
operate or exist within the cloud. Cloud security is applicable to all types of cloud computing infrastructures, including
public clouds, private clouds, and hybrid clouds. Cloud security is a type of cybersecurity.
Key Elements of a Cloud Security Architecture

When developing a cloud security architecture several critical elements should be included:

• Security at Each Layer: Ensure that each layer of the cloud’s security stack is “self-defending.” There may be multiple
components in each layer, so having defense-indepth is critical. This goes into having things like automatic updates on
operating
systems, secure coding and monitoring logs.

• Centralized Management of Components: This is taking the concept of multiple components in each layer and
managing each — especially security — from one place, making sure to incorporate efficiency opportunities.

• Redundant & Resilient Design: Building out disaster recovery plans and having backups on hand to re-establish
operations. Another aspect of this is making sure you have resiliency built into all components, or at least the ones that
continuously need to be online.

• Elasticity & Scalability: When it comes to elasticity, we have to keep in mind specific design options. When scaling,
should it be a horizontal or vertical scale? In other words, can you make the server bigger or add more servers/services?

• Appropriate Storage for Deployments: When choosing storage, it comes down to your organization’s use cases and
needs. Take time to look at the options available as they are not created equal. Each has its security controls and different
performance specifications.

• Alerts & Notifications: While designing how the components will talk to each other and how users interact with those
components, you need to ensure that you are being alerted and notified. This keeps you in the loop on what is happening
in your cloud infrastructure.

• Centralization, Standardization, & Automation: Centralization is using services and tools that can be integrated into
a single dashboard for viewing. Standardization is creating consistent architectural security models across the vast amount
of services offered in the cloud, reducing the burden of implementation of those new services.Finally, Automation, the
more you can automate your infrastructure, the quicker you can scale and respond to incidents and issues.

SECURITY MANAGEMENT IN THE CLOUD:

Cloud security management is the practice of securing your data and operations in the cloud from theft or damage. As
demand for cloud computing expands, cloud security services are expected to grow as organizations become more aware
of the importance of securing their presence in the cloud. This article tackles what cloud security management means and
why it is important, how to evaluate cloud security management service providers, and the pros and challenges of cloud
security management.

Implementation of security management in cloud computing

Among several strategies you can adopt to keep your cloud secure are:

• Perform security audits. Analyze your cloud-based products and services for potential security loopholes on a regular
basis.

• Set appropriate levels of protection. Task your IT security team with complete control of the security settings for your
cloud-based applications, setting them to the highest level possible.

• Use data encryption and network security monitoring tools. Add another level of protection to your data by encrypting
them, and only allow legitimate traffic into your network.

• Manage end-user devices. Make sure that only authorized devices are given access toyour network and data.

• Manager users. Set appropriate user-level controls to limit data access to authorized users only. Ensure that your users
only have access to the data they need in their line of work.

• Monitor user activity. Make use of reports to view user activity in your cloud, and gain better understanding of security
risks surrounding your operations.

Challenges of cloud security management

There are also challenges in managing cloud security, including:
• Difficulties in tracking data use.This is especially true since cloud services provided by a third-party vendor lie outside
your corporate network. Be prepared to ask your vendor for audit trail logs when necessary.
• Security risks inherent in multi-tenant environments. Multi-tenant environments may expose your network to
malicious attacks. Even if someone else’s network is targeted, your network may still end up as collateral damage. The
risk may be lower when you have a reputable vendor host your cloud environment.

Access restriction management. Ensuring access restrictions in your on-premises infrastructure are carried over to your
cloud environment. When applicable, your IT team must ensure that you have BYOD policies for your end -users, and that
only authorized devices and locations are allowed access to your cloud services.

• Meeting compliance requirements. Ensure that your cloud services pass compliance requirements. You may assume
that the vendor will take care of compliance. This is a mistake that can lead to heavy fines from regulators. Since
compliance is always your responsibility, you should have a team ready to handle this for your organization.

• Asset misconfiguration potential. A misconfiguration can leave your network open to attack. To prevent this from
happening, assign a team to review configuration settings and changes. Have a team ready to plug potential holes when
needed.

Availability Management in Cloud Computing

Cloud Services are not immune to outages (failure/interruption) and the severity and the scope of impact on the customer
can vary based on the situation. As it will depend on the criticality of the cloud application and its relationship to internal
business processes.

1. Impact on business: In the case of business-critical applications where businesses rely on the continuous availability
of service, even a few minutes of service failure can have a serious impact on the organization’s productivity, revenue,
customer satisfaction, and service-level compliance.
2. Impact on customers: During a cloud service disruption, affected customers will not be able to access the cloud service
and in some cases may suffer degraded performance or user experience. For Example:- when a storage service is disrupted,
it will affect the availability and performance of a computing service that depends on the storage service.

Factors Affecting Availability:

The cloud service’s ability to recover from an outage situation and availability depends on a few factors, including the
cloud service provider’s data center architecture, application architecture, hosting location redundancy, diversity of
Internet service providers (ISPs), and data storage architecture.

Following is a list of the major factors:

• The redundant design of System as a Service and Platform as a Service application.
• The architecture of the Cloud service data center should be fault-tolerant.
• Having better Network connectivity and geography can resist disaster in most cases.
• Customers of the cloud service should quickly respond to outages with the support team of the Cloud Service Provider.
• Sometimes the outage affects only a specific region or area of cloud services, so it is
difficult in those cases to troubleshoot the situation.
• There should be reliability in the software and hardware used in delivering cloud
services.
• The infrastructure of the network should be efficient and should be able to cope-up with
DDoS(distributed denial of service ) attacks on the cloud service.
• Not having proper security against internal and external threats, e.g., privileged users
abusing privileges.

SaaS Availability Management

System as a Service Customer’s Responsibility:

• Customers should understand the Service Level Agreement(SLA) and communication

methods so that they will be informed on service outages or maintenance.
• Customers should be aware of options to support availability management that is they should understand the factors
affecting availability management.
• The customer of System as a service should be aware that the cloud service is multitenant which means Cloud Service
Providers typically offer a Standard Service Level Agreement(SLA) for all customers. Thus, Cloud Service Providers may
not be able to provide their services to the customers if the standard Service level-Agreement(SLA) does not meet the
service requirements. However, if you are a medium or large enterprise with a big budget, a custom SLA can be made
available.
• The customers should be aware of how resource democratization occurs within the Cloud Service Providers to best
predict the likelihood of system availability and performance during business fluctuations.

PaaS Availability Management:

Platform as a Services Customer’s Responsibilities:

The following considerations are for Platform as a Services Customers:

• PaaS platform service levels: Customers should read and understand the terms and conditions of the Cloud Service
Provider’s Service Level Agreements.

• Third-party web services provider service levels: When your Platform as a Services application depends on a third-
party service it is critical to understand the Service Level Agreements of that service. Network connectivity parameters
with thirdparty service providers. Example: Bandwidth and latency factors.

• Platform as a Service Health Monitoring: The following options are available to

customers to monitor the health of their service:
• Service health dashboard published by the Cloud Service Provider.
• Cloud Service Providers customer mailing list that notifies customers of occurring and recently occurred outages
• Use third-party tools to check the health of the application

IaaS Availability Management:

IaaS Providers Availability Considerations include computing and building Storage

Infrastructure. Other services such as account management, a message queue service, an identity and authentication
service, a database service, a billing service, and monitoring services. Customer Responsibility for the IaaS are to provision
and manage the life cycle of virtual servers.

To manage the IaaS virtual infrastructure includes

Availability of CSP network available, host, storage, and support application infrastructure. Cloud service provider’s data
center architecture, including a geographically diverse and fault-tolerance architecture should be efficient. With these being
present infrastructure also must be reliable.
– Internal or third-party-based service monitoring tools (e.g., Nagios) – Web console or API that publishes the current
health status of your virtual servers and network.

• Infrastructure as a Service Health Monitoring: The following options are available to Infrastructure as a Service
customer for managing the health of their service:
• Service health dashboard published by the Cloud Service Providers.
• Cloud Service Providers customer mailing list that notifies customers of occurring and recently occurred outages.
• Third-party-based service monitoring tools that periodically check the health of your Infrastructure as a Service virtual
server.

ACCESS CONTROL :

Access requirements must be aware to the client users and system administrators (privileged users) who access network,
system, and application resources. The functionalities of access control management include defining who should have
access to what resources (Assignment of entitlements to users, and also to audit and report to verify entitlement
assignments), why should the users have access to the resource they hold (Assignment of entitlements based on the user’s
job functions and responsibilities), how can the user access the resources which will state the authentication methods and
strength check before granting access to the resources. In a cloud computing model, network based access control plays a
diminishing role. User access control should be strongly emphasized in the cloud, since it can strongly bind a user’s identity
to the resources in the cloud and will help with fine granular access control, user accounting, support for compliance, and
data protection. User access management controls, including strong authentication, single sign-on (SSO), privilege
management, and logging and monitoring of cloud resources, play a significant role in protecting the confidentiality and
integrity of your information in the cloud.

The following are the six control statements:

• Control access to information.
• Manage user access rights.
• Encourage good access practices.
• Control access to network services.
• Control access to operating systems.
• Control access to applications and systems.
Access Control: SaaS

In the SaaS delivery model, the CSP is responsible for managing all aspects of the network, server, and application
infrastructure. In that model, since the application is delivered as a service to end users, usually via a web browser, network-
based controls are becoming less relevant and are augmented or superseded by user access controls, e.g., authentication
using a one-time password. Hence, customers should focus on user access controls (authentication, federation, privilege
management, deprovisioning, etc.) to protect the information hosted by SaaS. Some SaaS services, such as Salesforce.com,
augment network access control (e.g., source IP address/network-based control) to user access control in which case
customers have the option to enforce access based on network and user policy parameters.

Access Control: PaaS

In the PaaS delivery model, the CSP is responsible for managing access control to the network, servers, and application
platform infrastructure. However, the customer is responsible for access control to the applications deployed on a PaaS
platform. Access control to applications manifests as end user access management, which includes provisioning and
authentication of users.

Access Control: IaaS

IaaS customers are entirely responsible for managing all aspects of access control to their resources in the cloud. Access
to the virtual servers, virtual network, virtual storage, and applications hosted on an IaaS platform will have to be designed
and managed by the customer.

In an IaaS delivery model, access control management falls into one of the following two categories:

(i) CSP infrastructure access control

Access control management to the host, network, and management applications that are owned and managed by the CSP

(ii)Customer virtual infrastructure access control

Access control management to your virtual server (virtual machines or VMs), virtual storage, virtual networks, and
applications hosted on virtual servers.

In summary, from an enterprise customer perspective, access management is an essential security process to protect the
confidentiality, integrity, and availability (CIA) of information hosted in the cloud. A robust access management program
should include procedures for provisioning, timely deprovisioning, flexible authentication, privilege management,
accounting, auditing, and support for compliance management. Cloud customers should understand the CSP-specific
access control features for networks, systems, and applications, and appropriately manage access.

SECURITY VULNERABILITY, PATCH, AND CONFIGURATION MANAGEMENT

The ability for malware (or a cracker) to remotely exploit vulnerabilities of infrastructure components, network services,
and applications remains a major threat to cloud services. It is an even greater risk for a public PaaS and IaaS delivery
model where vulnerability, patch, and configuration management responsibilities remain with the customer. Customers
should remember that in cloud computing environments, the lowest or highest common denominator of security is shared
by all tenants in a multitenant virtual environment. Hence, the onus is with the customers to understand the scope of their
security management responsibilities. Customers should demand that CSPs become more transparent about their cloud
security operations to help customers understand and plan complementary security management functions.

By and large, CSPs are responsible for the vulnerability, patch, and configuration (VPC)
management of the infrastructure (networks, hosts, applications, and storage) that is CSP managed and operated, as well
as third-party services that they may rely on. However, customers are not spared from their VPC duties and should
understand the VPC aspects for which they are responsible. A VPC management scope should address end-to-end security
and should include customer-managed systems and applications that interface with cloud services. As a standard practice,
CSPs may have instituted these programs within their security management domain, but typically the process is internal
to the CSP and is not apparent to customers. CSPs should assure their customers of their technical vulnerability
management program using ISO/IEC 27002 type control and assurance frameworks.

Security Vulnerability Management

Vulnerability management is an essential threat management element to help protect hosts, network devices, and
applications from attacks against known vulnerabilities. Mature organizations have instituted a vulnerability management
process that involves routine scanning of systems connected to their network, assessing the risks of vulnerabilities to the
organization, and a remediation process (usually feeding into a patch management program) to address the risks.
Organizations using ISO/IEC 27002 are known to address this program using a technical vulnerability management control
objective, which states:

Objective: To reduce risks resulting from exploitation of published technical vulnerabilities.

Technical vulnerability management should be implemented in an effective, systematic, and repeatable way with
measurements taken to confirm its effectiveness. These considerations should include operating systems, and any other
applications in use. Both the customer and the CSP are responsible for vulnerability management of the cloud
infrastructure, depending on the SPI service in context.

Security Patch Management

Similar to vulnerability management, security patch management is a vital threat management element in protecting hosts,
network devices, and applications from unauthorized users exploiting a known vulnerability.

Patch management processes follow a change management framework and feeds directly from the actions directed by your
vulnerability management program. Security patch management mitigates risk to your organization by way of insider and
outsider threats. Hence, SaaS providers should be routinely assessing new vulnerabilities and patching the firmware and
software on all systems that are involved in delivering the *aaS service to customers.

The scope of patch management responsibility for customers will have a low-to high relevance in the order of SaaS, PaaS,
and IaaS services—that is, customers are relieved from patch management duties in a SaaS environment, whereas they are
responsible for managing patches for the whole stack of software (operating system, applications, and database) installed
and operated on the IaaS platform. Customers are also responsible for patching their applications deployed on the PaaS
platform.

Security Configuration Management

Security configuration management is another significant threat management practice to protect hosts and network devices
from unauthorized users exploiting any configuration weakness. Security configuration management is closely related to
the vulnerability management program and is a subset of overall IT configuration management. Protecting the
configuration of the network, host, and application entails monitoring and access control to critical system and database
configuration files, including OS configuration, firewall policies, network zone configuration, locally and remotely
attached storage, and an access control management database.

In the SPI service delivery model, configuration management from a customer responsibility perspective has a low-to-high
relevance in the order of SaaS, PaaS, and IaaS services—that is, SaaS and PaaS service providers are responsible for
configuration management of their platform, whereas IaaS customers are responsible for configuration management of the
operating system, application, and database hosted on the IaaS platform. Customers are also responsible for configuration
management of their applications deployed on the PaaS platform.

(i) SaaS VPC Management

SaaS VPC management focuses on managing vulnerabilities, security patching, and system configuration in the CSP-
managed infrastructure, as well as the customer infrastructure interfacing with the SaaS service. Since the SaaS delivery
model is anchored on the premise that the application service is delivered over the Internet to a web browser running on
any computing device (personal computer, virtual desktop, or mobile device), it is important to secure the endpoints from
which the cloud is accessed. Hence, a VPC management program should include endpoint VPC management requirements
and should be tailored to the corporate environment. It is standard practice for most companies to institute a standard OS
image for personal computers that include security tools such as antivirus, anti-malware, firewall, and automatic patch
management from a central management station.

SaaS provider responsibilities

The following list represents SaaS VPC scope:

• Systems, networks, hosts, applications, and storage that are owned and operated by the CSP • Systems, networks, hosts,
applications, and storage that are managed by third parties
• Personal computers and smartphones owned by the SaaS employees and contractors

SaaS customer responsibilities

SaaS customers are responsible for VPC management of their systems that interface with the SaaS service. The
responsibilities include:
• Personal computers of a SaaS user.
• Applications or services that interface with the SaaS service.
• Security testing of the SaaS service. Although SaaS providers are responsible for vulnerability management of the
software delivered as a service, some enterprise customers can choose to independently assess the state of application
security. Note: The scope of the VPC management program should include browser security, systems, and applications
(on both trusted and untrusted zones) located at a customer’s premises interfacing with SaaS services.

(ii)PaaS VPC Management

PaaS VPC management focuses on VPC management in the CSP-managed infrastructure, as well as the customer
infrastructure interfacing with the PaaS service. Since applications deployed on a PaaS platform are accessed from a web
browser running on an endpoint device (personal computer, virtual desktop, or mobile device), the program should include
endpoint VPC management scope.

PaaS provider responsibilities

Similar to a SaaS model, the PaaS CSP is responsible for VPC management of the infrastructure that is operated by the
CSP, as well as third-party services that they may rely on.

PaaS customer responsibilities

PaaS customers are responsible for VPC management of the applications implemented and deployed on the PaaS platform.
Vulnerabilities or the configuration weakness of applications deployed on a PaaS platform should be treated similarly to a
standard application operating in your data center (e.g., private cloud). Software vulnerabilities are introduced by design
flaws or coding errors. Configuration weakness can be introduced by improper configuration of an application in the area
of authentication and privilege management. In addition, PaaS applications that rely on third-party web services may
simply become weak and vulnerable by way of vulnerabilities in the third-party service, and that is out of your control.
PaaS customers should follow standard practices embedded in the Software Development Life Cycle (SDLC), which helps
to reduce software application vulnerabilities. Following are some of the standard practices:
• Application white-box testing
• Application black-box testing
• Application penetration testing
• Vulnerability alerts
PaaS customers are also responsible for VPC management of their systems that interface with the PaaS service. These
systems include:
• Personal computers of a PaaS user
• Browsers used for accessing the PaaS service
• Applications located at the customer’s premises that interface with the PaaS service

(iii)IaaS VPC Management

IaaS VPC management focuses on the CSP-managed infrastructure, as well as the customer infrastructure interfacing with
the IaaS service. IaaS VPC management diverges from SaaS and PaaS in that the infrastructure delineation, network
boundary between customers, and CSP infrastructure are blurred. For each layer of infrastructure (network, host, storage),
the customer and CSP have responsibilities in managing VPC in the respective layers from their perspective (i.e., the CSP
is responsible for the common CSP infrastructure available to all customers, and the customer is responsible for the virtual
infrastructure available to the customer for the duration of use). Hence, a VPC management program should address both
the common and shared infrastructures.

IaaS provider responsibilities

In general, an IaaS CSP is responsible for VPC management of the infrastructure that is
owned and operated by the CSP, as well as the third-party infrastructure and services they may rely on. The VPC
management scope should include:
• Systems, networks, hosts (hypervisors), storage, and applications that are CSP-owned
and operated • Systems, networks, hosts, storage, and applications that are managed by third parties
• The web console or management station used by customers to manage their virtual infrastructure
• Personal computers owned by the IaaS employees and contractors

IaaS customer responsibilities

IaaS customers are responsible for VPC management of the virtual infrastructure allocated by an IaaS CSP for customer
use.
IaaS administrators are also responsible for VPC management of their systems that
interface with an IaaS service. These systems include:
• Cloud management station, which is the host that the customer manages for managing the virtual infrastructure in an IaaS
cloud
• Personal computers of IaaS administrators
• Browsers used for accessing the IaaS service
Wireless Security

Wireless Network provides various comfort to end users but actually they are very complex in their working. There are
many protocols and technologies working behind to provide a stable connection to users. Data packets traveling through
wire provide a sense of security to users as data traveling through wire probably not heard by eavesdroppers.

To secure the wireless connection, we should focus on the following areas –

Identify endpoint of wireless network and end-users i.e., Authentication.

Protecting wireless data packets from middleman i.e., Privacy.
Keeping the wireless data packets intact i.e., Integrity.
We know that wireless clients form an association with Access Points (AP) and transmit data back and forth over the air.
As long as all wireless devices follow 802.11 standards, they all coexist. But all wireless devices are not friendly and
trustworthy, some rogue devices may be a threat to wireless security. Rogue devices can steal our important data or can
cause the unavailability of the network.

Wireless security is ensured by following methods-

Authentication
Privacy and Integrity
In this article, we talk about Authentication. There are broadly two types of Authentication process: Wired Equivalent
Privacy (WEP), and Extensible Authentication Protocol (802.1x/EAP).
These are explained as following below.

1. Wired Equivalent Privacy (WEP) :

For wireless data transmitting over the air, open authentication provides no security.
WEP uses the RC4 cipher algorithm for making every frame encrypted. The RC4 cipher also encrypts data at the sender
side and decrypt data at the receiving site, using a string of bits as key called WEP key.

WEP key can be used as an authentication method or encryption tool. A client can associate with AP only if it has the
correct WEP key. AP tests the knowledge of the WEP key by using a challenge phrase. The client encrypts the phrase with
his own key and send back to AP. AP compares the received encrypted frame with his own encrypted phrase. If both
matches, access to the association is granted.

2. Extensible Authentication Protocol (802.1x/EAP) :

In WEP authentication, authentication of the wireless clients takes place locally at AP. But Scenario gets changed with
802.1x. A dedicated authentication server is added to the infrastructure. There is the participation of three devices –

Supplicant –
Device requesting access.
Authenticator –
Device that provides access to network usually a Wlan controller (WLC).
Authentication Server –
Device that takes client credentials and deny or grant access.
EAP is further of four types with some amendments over each other –
 LEAP
 EAP-FAST
 PEAP
 EAP-TLS

Web security

Web security is also known as “Cybersecurity”. It basically means protecting a website or web
application by detecting, preventing and responding to cyber threats.

Websites and web applications are just as prone to security breaches as physical homes, stores, and
government locations. Unfortunately, cybercrime happens every day, and great web security
measures are needed to protect websites and web applications from becoming compromised.

That’s exactly what web security does – it is a system of protection measures and protocols that
can protect your website or web application from being hacked or entered by unauthorized
personnel. This integral division of Information Security is vital to the protection of websites, web
applications, and web services. Anything that is applied over the Internet should have some form
of web security to protect it.

Details of Web Security

There are a lot of factors that go into web security and web protection. Any website or application
that is secure is surely backed by different types of checkpoints and techniques for keeping it safe.

There are a variety of security standards that must be followed at all times, and these standards are
implemented and highlighted by the OWASP. Most experienced web developers from top
cybersecurity companies will follow the standards of the OWASP as well as keep a close eye on
the Web Hacking Incident Database to see when, how, and why different people are hacking
different websites and services.

Essential steps in protecting web apps from attacks include applying up-to-date encryption, setting
proper authentication, continuously patching discovered vulnerabilities, avoiding data theft by
having secure software development practices. The reality is that clever attackers may be competent
enough to find flaws even in a fairly robust secured environment, and so a holistic security strategy
is advised.

Available Technology

There are different types of technologies available for maintaining the best security standards. Some
popular technical solutions for testing, building, and preventing threats include:

Black box testing tools

Fuzzing tools
White box testing tools
Web application firewalls (WAF)
Security or vulnerability scanners
Password cracking tools

Likelihood of Threat
Your website or web application’s security depends on the level of protection tools that have been
equipped and tested on it. There are a few major threats to security which are the most common
ways in which a website or web application becomes hacked. Some of the top vulnerabilities for
all web-based services include:

SQL injection
Password breach
Cross-site scripting
Data breach
Remote file inclusion
Code injection
Preventing these common threats is the key to making sure that your web-based service is practicing
the best methods of security.

The Best Strategies

There are two big defense strategies that a developer can use to protect their website or web
application. The two main methods are as follows:

Resource assignment – By assigning all necessary resources to causes that are dedicated to alerting
the developer about new web security issues and threats, the developer can receive a constant and
updated alert system that will help them detect and eradicate any threats before security is officially
breached.
Web scanning – There are several web scanning solutions already in existence that are available
for purchase or download. These solutions, however, are only good for known vulnerability threats
– seeking unknown threats can be much more complicated. This method can protect against many
breaches, however, and is proven to keep websites safe in the long run.
Web Security also protects the visitors from the below-mentioned points -

Stolen Data: Cyber-criminals frequently hacks visitor’s data that is stored on a website like email
addresses, payment information, and a few other details.
Phishing schemes: This is not just related to email, but through phishing, hackers design a layout
that looks exactly like the website to trick the user by compelling them to give their sensitive details.
Session hijacking: Certain cyber attackers can take over a user’s session and compel them to take
undesired actions on a site.
Malicious redirects. Sometimes the attacks can redirect visitors from the site they visited to a
malicious website.
SEO Spam. Unusual links, pages, and comments can be displayed on a site by the hackers to distract
your visitors and drive traffic to malicious websites.
Thus, web security is easy to install and it also helps the business people to make their website safe
and secure. A web application firewall prevents automated attacks that usually target small or
lesser-known websites. These attacks are born out by malicious bots or malware that automatically
scan for vulnerabilities they can misuse, or cause DDoS attacks that slow down or crash your
website.

Thus, Web security is extremely important, especially for websites or web applications that deal
with confidential, private, or protected information. Security methods are evolving to match the
different types of vulnerabilities that come into existence.