Intrusion Detection System

An Intrusion Detection System (IDS) is a network security technology originally built

for detecting vulnerability exploits against a target application or computer. Intrusion
Prevention Systems (IPS) extended IDS solutions by adding the ability to block threats in
addition to detecting them and has become the dominant deployment option for IDS/IPS
technologies. This article will elaborate on the configuration and functions that define the
IDS deployment.
An IDS needs only to detect threats and as such is placed out-of-band on the network
infrastructure, meaning that it is not in the true real-time communication path between the
sender and receiver of information. Rather, IDS solutions will often take advantage of a
TAP or SPAN port to analyze a copy of the inline traffic stream (and thus ensuring that
IDS does not impact inline network performance).
IDS was originally developed this way because at the time the depth of analysis required
for intrusion detection could not be performed at a speed that could keep pace with
components on the direct communications path of the network infrastructure.
As explained, the IDS is also a listen-only device. The IDS monitors traffic and reports
its results to an administrator, but cannot automatically take action to prevent a detected
exploit from taking over the system. Attackers are capable of exploiting vulnerabilities
very quickly once they enter the network, rendering the IDS an inadequate deployment
for prevention device.
There is a wide array of IDS, ranging from antivirus software to tiered monitoring
systems that follow the traffic of an entire network. The most common classifications are:
 Network intrusion detection systems (NIDS): A system that analyzes incoming
network traffic.
 Host-based intrusion detection systems (HIDS): A system that monitors important
operating system files.
There is also subset of IDS types. The most common variants are based on signature
detection and anomaly detection.
 Signature-based: Signature-based IDS detects possible threats by looking for
specific patterns, such as byte sequences in network traffic, or known malicious
instruction sequences used by malware. This terminology originates from
 antivirus software, which refers to these detected patterns as signatures. Although
signature-based IDS can easily detect known attacks, it is impossible to detect
new attacks, for which no pattern is available.
 Anomaly-based: a newer technology designed to detect and adapt to unknown
attacks, primarily due to the explosion of malware. This detection method uses
machine learning to create a defined model of trustworthy activity, and then
compare new behavior against this trust model. While this approach enables the
detection of previously unknown attacks, it can suffer from false positives:
previously unknown legitimate activity can accidentally be classified as
malicious.
The following table summarizes the differences in technology intrinsic to IPS and the
IDS deployment:

Intrusion Prevention System IDS Deployment

Placement in
Part of the direct line ofOutside direct line of
Network
communication (inline) communication (out-of-band)
Infrastructure

Active (monitor & automatically

System Type Passive (monitor & notify)
defend) and/or passive
1. Statistical anomaly-based
detection
Detection 1. Signature detection:
2. Signature detection:
Mechanisms - Exploit-facing signatures
- Exploit-facing signatures
- Vulnerability-facing signatures
Firewall
Broadly speaking, a computer firewall is a software program that prevents unauthorized
access to or from a private network. Firewalls are tools that can be used to enhance the
security of computers connected to a network, such as LAN or the Internet. They are an
integral part of a comprehensive security framework for your network.
A firewall absolutely isolates your computer from the Internet using a "wall of code" that
inspects each individual "packet" of data as it arrives at either side of the firewall —
inbound to or outbound from your computer — to determine whether it should be
allowed to pass or be blocked.
Firewalls have the ability to further enhance security by enabling granular control over
what types of system functions and processes have access to networking resources. These
firewalls can use various types of signatures and host conditions to allow or deny traffic.
Although they sound complex, firewalls are relatively easy to install, setup and operate.
Most people think that a firewall is a of device that is installed on the network, and it
controls the traffic that passes through the network segment.
However, you can have a host-based firewalls. This can be executed on the systems
themselves, such as with ICF (Internet Connection Firewall). Basically, the work of both
the firewalls is the same: to stop intrusion and provide a strong method of access control
policy. In simple definition, firewalls are nothing but a system that safeguards your
computer; access control policy enforcement points.
What Firewalls Do?
Basically, firewalls need to be able to perform the following tasks:
 Defend resources
 Validate access
 Manage and control network traffic
 Record and report on events
 Act as an intermediary
The five types of firewall are:
1. Packet filtering firewall
2. Circuit-level gateway
3. Stateful inspection firewall
Packet filtering firewall
Packet filtering firewalls operate inline at junction points where devices such as routers
and switches do their work. However, these firewalls don't route packets, but rather they
compare each packet received to a set of established criteria -- such as the allowed IP
addresses, packet type, port number and other aspects of the packet protocol headers.
Packets that are flagged as troublesome are, generally speaking, unceremoniously
dropped -- that is, they are not forwarded and, thus, cease to exist.
Circuit-level gateway
Using another relatively quick way to identify malicious content, circuit-level gateways
monitor TCP handshakes and other network protocol session initiation messages across
the network as they are established between the local and remote hosts to determine
whether the session being initiated is legitimate -- whether the remote system is
considered trusted. They don't inspect the packets themselves, however.
Stateful inspection firewall
State-aware devices, on the other hand, not only examine each packet, but also keep track
of whether or not that packet is part of an established TCP or other network session. This
offers more security than either packet filtering or circuit monitoring alone but exacts a
greater toll on network performance.
A further variant of stateful inspection is the multilayer inspection firewall, which
considers the flow of transactions in process across multiple protocol layers of the seven-
layer Open Systems Interconnection (OSI) model.
Computer Crime
The law related to contracts and employment is difficult, but at least employees, objects,
contracts, and owners are fairly standard entities for which legal precedents have been
developed over centuries. The definitions in copyright and patent law are strained when
applied to computing because old forms must be made to fit new objects; for these
situations, however, cases being decided now are establishing legal precedents. But
crimes involving computers are an area of the law that is even less clear than the other
areas. In this section we study computer crime and consider why new laws are needed to
address some of its problems.
Why a Separate Category for Computer Crime Is Needed
Crimes can be organized into certain recognized categories, including murder, robbery,
and littering. We do not separate crime into categories for different weapons, such as gun
crime or knife crime, but we separate crime victims into categories, depending on
whether they are people or other objects. Nevertheless, driving into your neighbor's
picture window can be as bad as driving into his evergreen tree or pet sheep. Let us look
at an example to see why these categories are not sufficient and why we need special
laws relating to computers as subjects and objects of crime.

What is hacking?

Hacking is illegal or legal access of data or information in a mobile, computer etc by a

program and networking experts. These experts are popularly termed as Hackers. Every
hacker won't do illegal activities. Some do for good and some for bad. Persons who do
hacking for good activities are known as White hat and the person who do hacking for
bad activities are known as Black hats. Hackers have much knowledge about
programming concepts. They usually hack through the mistakes done while developing a
software by any software organization. Every programmer does a minute mistake while
developing their software. These mistakes are analyzed by hackers and break their
security. According to the survey 80% of programmers do mistake. Remaining 20% are
not considered for hacking or they have full security system. You know Gmail is one of
the popular and secure mailing service known but hackers even hack them easily. To
prevent this Gmail coders regularly make update to their security system. Hacking is
done usually by a crew of members. Every member in the crew is experts. They are
popularly called as Black hats. Hacking is extremely different from ethical hacking and
cracking. But they have one similarity; everything is done for accessing data or
information. Everyone has bit confusion in these terms.

What is Ethical hacking?

Ethical hacking is also done by hackers but they are done legally. Ethical hackers are
used to check the software security. They try to find out the mistakes done by a software
developer mainly in security section of networking, websites and software. Ethical
hackers check and test is there any ways to break in the software developed. They are
used to develop the security system. Ethical hackers are popularly called as White hats.
They are the persons who protect us from black hats.

Example: 1. If we lost our door key we call locksmith to open the door. Locksmith is
ethical hacker.
2. Technically, if we lost our Gmail password we request to Gmail technicians who
access our passwords through ethical hacking. They help us to recover our password.

Ethical hacking is a certified course. Anyone can study ethical hacking. This is legal
activity accepted by every organization. Leaning ethical hacking is not so easy because
every time a security system is improved by white hats they are destroyed by black hats.

What is cracking?

From the name you can understand that it is cracking or breaking software. Cracking is
editing the existing source code. Crackers usually remove or adding irrelevant
information as per their wish. They don't have much knowledge like hackers. They are
not expert programmers. They edit the stuff done by programmers. It is done for
protection purpose. Some codes have been edited by the program developer in order to
keep protected.
Example: Consider a main source code is
Key=12345
They may edit as
Key=----- (Source Code removed)
Or
Key=83639 (Irrelevant source code)

One can access the software only if the code is known. So this remains protected.
Cracking is done only to software or hardware components. It is not applicable to
networking. Cracking is done both legally and illegally. If it is done by authorized person
it is legal if not it is illegal.

Example:1. In some games you may play only 3 levels out of 50 levels it is due to the
game source code is cracked. This technique is used in demo games.
2. You may find some software remains active for only few days after that you cannot
use that software because after that it automatically cracks. This technique is used in trial
software.

Difference Between Law and Ethics

Law
In simple terms, the law may be understood as the systematic set of universally accepted
rules and regulation created by an appropriate authority such as government, which may
be regional, national, international, etc. It is used to govern the action and behavior of the
members and can be enforced, by imposing penalties.
Ethics
Many times the term law is juxtaposed with the term ethics, but there is a difference,
as ethics are the principles that guide a person or society, created to decide what is good
or bad, right or wrong, in a given situation. It regulates a person’s behavior or conduct
and helps an individual in living a good life, by applying the moral rules and guidelines.
For a layman, these two terms are same, but the fact is that there is a difference between
law and ethics. Read the article carefully, to overcome your ambiguities.
Comparison Chart

BASIS FOR COMPARISON LAW ETHICS

Meaning The law refers to a Ethics is a branch of

systematic body of rules that moral philosophy that
governs the whole society guides people about the
and the actions of its basic human conduct.
individual members.

What is it? Set of rules and regulations Set of guidelines

Governed By Government Individual, Legal and

Professional norms

Expression Expressed and published in They are abstract.

writing.

Violation Violation of law is not There is no punishment

permissible which may for violation of ethics.
 result in punishment like
imprisonment or fine or
both.

Objective Law is created with an intent Ethics are made to help

to maintain social order and people to decide what is
peace in the society and right or wrong and how
provide protection to all the to act.
citizens.

Binding Law has a legal binding. Ethics do not have a

binding nature.

Cyber Crime

Cybercrime spans not only state but also national boundaries, so perhaps we should look
to international organizations to provide a standard definition of the crime. At the Tenth
United Nations Congress on the Prevention of Crime and Treatment of Offenders, in a
workshop devoted to the issue of crimes related to computer networks, cybercrime was
broken into two categories and defined thus:
A Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by
means of electronic operations that targets the security of computer systems and the data
processed by them.
B Cybercrime in a broader sense (computer-related crime): Any illegal behavior
committed by means of, or in relation to, a computer system or network, including such
crimes as illegal possession [and] offering or distributing information by means of a
computer system or network.
Of course, these definitions are complicated by the fact that an act may be illegal in one
nation but not in another. The paper goes on to give more concrete examples, including:
▪ Unauthorized access
▪ Damage to computer data or programs
▪ Computer sabotage
▪ Unauthorized interception of communications
▪ Computer espionage
These definitions, although not completely definitive, do give us a good starting
point—one that has some international recognition and agreement—for determining just
what we mean by the term cybercrime.
IT professionals need good definitions of cybercrime to know when (and what) to report
to police, but law enforcement agencies must have statutory definitions of specific crimes
to charge a criminal with an offense. The first step in specifically defining individual
cybercrimes is to sort all the acts that can be considered cybercrimes into organized
categories.
What Is a Cybercriminal?
A cybercriminal is a person who conducts some form of illegal activity using computers
or other digital technology such as the Internet. The criminal may use computer expertise,
knowledge of human behavior, and a variety of tools and services to achieve his or her
goal. The kinds of crimes a cybercriminal may be involved in can include hacking,
identity theft, online scams and fraud, creating and disseminating malware, or attacks on
computer systems and sites. The core factor of what makes a crime a cybercrime is that
it’s directed at a computer or other devices and/or these technologies are used to commit
the crime.
How Criminals Choose Their Targets
The way that cybercriminals choose a target depends on their motivation. As we’ll see
later in this chapter, hackers will attack systems for a wide variety of reasons, ranging
from altruistic intentions, personal glory, revenge, espionage, and/or financial gain. As
we’ll see in this chapter, the major reasons online crimes are committed are for money,
sex, or power.
Cybercriminals often don’t choose a particular person. The victim may be selected
because they responded to an ad or email, or came in contact with the criminal through
some other means. Perhaps you chatted with the wrong person, visited a site and
inadvertently downloaded malware, or crossed the path of the criminal in some other
way. In this scenario they didn’t choose you personally, and didn’t care if it was you or
someone else who’d be the victim.
Criminals are drawn to where their targets are. If a pedophile wants to meet a child, it
makes sense that he or she would be drawn to a site that caters to children. Similarly, if
you wanted to get people’s credit card numbers, you might hack a site where people enter
that information. Just as you or your children are drawn to a site for a particular service or
functionality, a cybercriminal will follow because it has the data or people they’re
looking for.
In some cases, a target is selected for very specific reasons. If you had a past relationship
with someone, they might upload inappropriate picture to a site. They may stalk you
online, bully you, threaten or coerce you in some way. In the same way, a company may
be directly targeted because they are an inviting target, or the cybercriminal had a
particular ax to grind, such as being a disgruntled employee or seeking revenge for some
reason. As you can see from this, a cybercriminal isn’t always the creepy nerd living in a
creepy apartment that’s often depicted in TV and movies. They very well may be
someone you know and would never expect.

Types of Cyber Crime

In order to protect yourself you need to know about the different ways in which your
computer can be compromised and your privacy infringed. In this section, we discuss a
few common tools and techniques employed by the cyber criminals. This isn’t an
exhaustive list by any means, but will give you a comprehensive idea of the loopholes in
networks and security systems, which can be exploited by attackers, and also their
possible motives for doing so.

THE 12 TYPES OF CYBER CRIME

In order to protect yourself you need to know about the different ways in which your
computer can be compromised and your privacy infringed. In this section, we discuss a
few common tools and techniques employed by the cyber criminals. This isn’t an
exhaustive list by any means, but will give you a comprehensive idea of the loopholes in
networks and security systems, which can be exploited by attackers, and also their
possible motives for doing so.
1. Hacking
In simple words, hacking is an act committed by an intruder by accessing your computer
system without your permission. Hackers (the people doing the ‘hacking’) are basically
computer programmers, who have an advanced understanding of computers and
commonly misuse this knowledge for devious reasons. They’re usually technology buffs
who have expert-level skills in one particular software program or language. As for
motives, there could be several, but the most common are pretty simple and can be
explained by a human tendancy such as greed, fame, power, etc. Some people do it
purely to show-off their expertise – ranging from relatively harmless activities such as
modifying software (and even hardware) to carry out tasks that are outside the creator’s
intent, others just want to cause destruction.
Greed and sometimes voyeuristic tendancies may cause a hacker to break into systems to
steal personal banking information, a corporation’s financial data, etc. They also try and
modify systems so hat they can execute tasks at their whims. Hackers displaying such
destructive conduct are also called “Crackers” at times. they are also called “Black Hat”
hackers On the other hand, there are those who develop an interest in computer hacking
just out of intellectual curiosity. Some companies hire these computer enthusiasts to find
flaws in their security systems and help fix them. Referred to as “White Hat” hackers,
these guys are against the abuse of computer systems. They attempt to break into network
systems purely to alert the owners of flaws. It’s not always altruistic, though, because
many do this for fame as well, in order to land jobs with top companies, or just to be
termed as security experts. “Grey Hat” is another term used to refer to hacking activities
that are a cross between black and white hacking.

Some of the most famous computer geniuses were once hackers who went on to use their
skills for constructive technological development. Dennis Ritchie and Ken Thompson,
the creators of the UNIX operating system (Linux’s predecessor), were two of them.
Shawn Fanning, the developer of Napster, Mark Zuckerberg of Facebook fame, and
many more are also examples. The first step towards preventing hackers from gaining
access to your systems is to learn how hacking is done. Of course it is beyond the scope
of this Fast Track to go into great details, but we will cover the various techniques used
by hackers to get to you via the internet.
2. Virus dissemination
Viruses are computer programs that attach themselves to or infect a system or files, and
have a tendency to circulate to other computers on a network. They disrupt the computer
operation and affect the data stored – either by modifying it or by deleting it altogether.
“Worms” unlike viruses don’t need a host to cling on to. They merely replicate until they
eat up all available memory in the system. The term “worm” is sometimes used to mean
selfreplicating “malware” (MALicious softWARE). These terms are often used
interchangeably in the context of the hybrid viruses/worms that dominate
Although mankind’s best invention, the net is still a minefield of threats
the current virus scenario. “Trojan horses” are different from viruses in their manner of
propagation.
They masquerade as a legitimate file, such as an email attachment from a supposed friend
with a very believable name, and don’t disseminate themselves. The user can also
unknowingly install a Trojan-infected program via drive-by downloads when visiting a
website, playing online games or using internet-driven applications. A Trojan horse can
cause damage similar to other viruses, such as steal information or hamper/disrupt the
functioning of computer systems.

A simple diagram to show how malware can propogate

How does this happen? Well, the malicious code or virus is inserted into the chain of
command so that when the infected program is run, the viral code is also executed (or in
some cases, runs instead of the legitimate program). Viruses are usually seen as
extraneous code attached to a host program, but this isn’t always the case. Sometimes, the
environment is manipulated so that calling a legitimate uninfected program calls the viral
program. The viral program may also be executed before any other program is run. This
can virtually infect every executable file on the computer, even though none of those
files’ code was actually tampered with. Viruses that follow this modus operandi include
“cluster” or “FAT” (File Allocation Table) viruses, which redirect system pointers to
infected files, associate viruses and viruses that modify the Windows Registry directory
entries so that their own code is executed before any other legitimate program.

Computer viruses usually spread via removable media or the internet. A flash disk, CD-
ROM, magnetic tape or other storage device that has been in an infected computer infects
all future computers in which it’s used. Your computer can also contract viruses from
sinister email attachments, rogue web sites or infected software. And these disseminate to
every other computer on your network.

All computer viruses cause direct or indirect economic damages. Based on this, there are
two categories of viruses:
1) Those that only disseminate and don’t cause intentional damage
2) Those which are programmed to cause damage.
However, even by disseminating, they take up plenty of memory space, and time and
resources that are spent on the clean-up job. Direct economic damages are caused when
viruses alter the information during digital transmission. Considerable expenses are
incurred by individuals, firms and authorities for developing and implementing the anti-
virus tools to protect computer systems.
3. Logic bombs
A logic bomb, also known as “slag code”, is a malicious piece of code which is
intentionally inserted into software to execute a malicious task when triggered by a
specific event. It’s not a virus, although it usually behaves in a similar manner. It is
stealthily inserted into the program where it lies dormant until specified conditions are
met. Malicious software such as viruses and worms often contain logic bombs which are
triggered at a specific payload or at a predefined time. The payload of a logic bomb is
unknown to the user of the software, and the task that it executes unwanted. Program
codes that are scheduled to execute at a particular time are known as “time-bombs”. For
example, the infamous “Friday the 13th” virus which attacked the host systems only on
specific dates; it “exploded” (duplicated itself) every Friday that happened to be the
thirteenth of a month, thus causing system slowdowns.
Logic bombs are usually employed by disgruntled employees working in the IT sector.
You may have heard of “disgruntled employee syndrome” wherein angry employees
who’ve been fired use logic bombs to delete the databases of their employers, stultify the
network for a while or even do insider trading. Triggers associated with the execution of
logic bombs can be a specific date and time, a missing entry from a database or not
putting in a command at the usual time, meaning the person doesn’t work there anymore.
Most logic bombs stay only in the network they were employed in. So in most cases,
they’re an insider job. This makes them easier to design and execute than a virus. It
doesn’t need to replicate; which is a more complex job. To keep your network protected
from the logic bombs, you need constant monitoring of the data and efficient anti-virus
software on each of the computers in the network.

There’s another use for the type of action carried out in a logic bomb “explosion” – to
make restricted software trials. The embedded piece of code destroys the software after a
defined period of time or renders it unusable until the user pays for its further use.
Although this piece of code uses the same technique as a logic bomb, it has a non-
destructive, non-malicious and user-transparent use, and is not typically referred to as
one.
4. Denial-of-Service attack
A Denial-of-Service (DoS) attack is an explicit attempt by attackers to deny service to
intended users of that service. It involves flooding a computer resource with more
requests than it can handle consuming its available bandwidth which results in server
overload. This causes the resource (e.g. a web server) to crash or slow down significantly
so that no one can access it. Using this technique, the attacker can render a web site
inoperable by sending massive amounts of traffic to the targeted site. A site may
temporarily malfunction or crash completely, in any case resulting in inability of the
system to communicate adequately. DoS attacks violate the acceptable use policies of
virtually all internet service providers.
Another variation to a denial-of-service attack is known as a “Distributed Denial of
Service” (DDoS) attack wherein a number of geographically widespread perpetrators
flood the network traffic. Denial-of-Service attacks typically target high profile web site
servers belonging to banks and credit card payment gateways. Websites of companies
such as Amazon, CNN, Yahoo, Twitter and eBay! are not spared either.
5. Phishing
This a technique of extracting confidential information such as credit card numbers and
username password combos by masquerading as a legitimate enterprise. Phishing is
typically carried out by email spoofing. You’ve probably received email containing links
to legitimate appearing websites. You probably found it suspicious and didn’t click the
link. Smart move.
How phishing can net some really interesting catches
The malware would have installed itself on your computer and stolen private information.
Cyber-criminals use social engineering to trick you into downloading malware off the
internet or make you fill in your personal information under false pretenses. A phishing
scam in an email message can be evaded by keeping certain things in mind.

 Look for spelling mistakes in the text. Cyber-criminals are not known for their
grammar and spelling.
 Hover your cursor over the hyperlinked URL but don’t click. Check if the address
matches with the one written in the message.
 Watch out for fake threats. Did you receive a message saying “Your email
account will be closed if you don’t reply to this email”? They might trick you by
threatening that your security has been compromised.
 Attackers use the names and logos of well-known web sites to deceive you. The
graphics and the web addresses used in the email are strikingly similar to the
legitimate ones, but they lead you to phony sites.

Not all phishing is done via email or web sites. Vishing (voice phishing) involves calls to
victims using fake identity fooling you into considering the call to be from a trusted
organisation. They may claim to be from a bank asking you to dial a number (provided
by VoIP service and owned by attacker) and enter your account details. Once you do that,
your account security is compromised. Treat all unsolicited phone calls with skepticism
and never provide any personal information. Many banks have issued preemptive
warnings informing their users of phishing scams and the do’s and don’ts regarding your
account information. Those of you reading Digit for long enough will remember that we
successfully phished hundreds of our readers by reporting a way to hack other people’s
gmail accounts by sending an email to a made up account with your own username and
password… and we did that years ago in a story about , yes, you guessed it, phishing!
6. Email bombing and spamming
Email bombing is characterised by an abuser sending huge volumes of email to a target
address resulting in victim’s email account or mail servers crashing. The message is
meaningless and excessively long in order to consume network resources. If multiple
accounts of a mail server are targeted, it may have a denial-of-service impact. Such mail
arriving frequently in your inbox can be easily detected by spam filters. Email bombing is
commonly carried out using botnets (private internet connected computers whose security
has been compromised by malware and under the attacker’s control) as a DDoS attack.
This type of attack is more difficult to control due to multiple source addresses and the
bots which are programmed to send different messages to defeat spam filters.
“Spamming” is a variant of email bombing. Here unsolicited bulk messages are sent to a
large number of users, indiscriminately. Opening links given in spam mails may lead you
to phishing web sites hosting malware. Spam mail may also have infected files as
attachments. Email spamming worsens when the recipient replies to the email causing all
the original addressees to receive the reply. Spammers collect email addresses from
customer lists, newsgroups, chat-rooms, web sites and viruses which harvest users’
address books, and sell them to other spammers as well. A large amount of spam is sent
to invalid email addresses.

Email filters cleaning out spam mail

Sending spam violates the acceptable use policy (AUP) of almost all internet service
providers. If your system suddenly becomes sluggish (email loads slowly or doesn’t
appear to be sent or received), the reason may be that your mailer is processing a large
number of messages. Unfortunately, at this time, there’s no way to completely prevent
email bombing and spam mails as it’s impossible to predict the origin of the next attack.
However, what you can do is identify the source of the spam mails and have your router
configured to block any incoming packets from that address.
7. Web jacking
Web jacking derives its name from “hijacking”. Here, the hacker takes control of a web
site fraudulently. He may change the content of the original site or even redirect the user
to another fake similar looking page controlled by him. The owner of the web site has no
more control and the attacker may use the web site for his own selfish interests. Cases
have been reported where the attacker has asked for ransom, and even posted obscene
material on the site.
The web jacking method attack may be used to create a clone of the web site, and present
the victim with the new link saying that the site has moved. Unlike usual phishing
methods, when you hover your cursor over the link provided, the URL presented will be
the original one, and not the attacker’s site. But when you click on the new link, it opens
and is quickly replaced with the malicious web server. The name on the address bar will
be slightly different from the original website that can trick the user into thinking it’s a
legitimate site. For example, “gmail” may direct you to “gmai1”. Notice the one in place
of ‘L’. It can be easily overlooked.

Web jacking can also be done by sending a counterfeit message to the registrar
controlling the domain name registration, under a false identity asking him to connect a
domain name to the webjacker’s IP address, thus sending unsuspecting consumers who
enter that particular domain name to a website controlled by the webjacker. The purpose
of this attack is to try to harvest the credentials, usernames, passwords and account
numbers of users by using a fake web page with a valid link which opens when the user is
redirected to it after opening the legitimate site.
8. Cyber stalking
Cyber stalking is a new form of internet crime in our society when a person is pursued or
followed online. A cyber stalker doesn’t physically follow his victim; he does it virtually
by following his online activity to harvest information about the stalkee and harass him or
her and make threats using verbal intimidation. It’s an invasion of one’s online privacy.
Cyber stalking uses the internet or any other electronic means and is different from
offline stalking, but is usually accompanied by it. Most victims of this crime are women
who are stalked by men and children who are stalked by adult predators and pedophiles.
Cyber stalkers thrive on inexperienced web users who are not well aware of netiquette
and the rules of internet safety. A cyber stalker may be a stranger, but could just as easily
be someone you know.

Cyber stalkers harass their victims via email, chat rooms, web sites, discussion forums
and open publishing web sites (e.g. blogs). The availability of free email / web site space
and the anonymity provided by chat rooms and forums has contributed to the increase of
cyber stalking incidents. Everyone has an online presence nowadays, and it’s really easy
to do a Google search and get one’s name, alias, contact number and address,
contributing to the menace that is cyber stalking. As the internet is increasingly becoming
an integral part of our personal and professional lives, stalkers can take advantage of the
ease of communications and the availability of personal information only a few mouse
clicks away. In addition, the anonymous and non-confrontational nature of internet
communications further tosses away any disincentives in the way of cyber stalking.
Cyber stalking is done in two primary ways:

 Internet Stalking: Here the stalker harasses the victim via the internet.
Unsolicited email is the most common way of threatening someone, and the
stalker may even send obscene content and viruses by email. However, viruses
and unsolicited telemarketing email alone do not constitute cyber stalking. But if
email is sent repeatedly in an attempt to intimidate the recipient, they may be
considered as stalking. Internet stalking is not limited to email; stalkers can more
comprehensively use the internet to harass the victims. Any other cyber-crime that
we’ve already read about, if done with an intention to threaten, harass, or slander
the victim may amount to cyber stalking.

 Computer Stalking: The more technologically advanced stalkers apply their

computer skills to assist them with the crime. They gain unauthorised control of
the victim’s computer by exploiting the working of the internet and the Windows
operating system. Though this is usually done by proficient and computer savvy
stalkers, instructions on how to accomplish this are easily available on the
internet.

Cyber stalking has now spread its wings to social networking. With the increased use of
social media such as Facebook, Twitter, Flickr and YouTube, your profile, photos, and
status updates are up for the world to see. Your online presence provides enough
information for you to become a potential victim of stalking without even being aware of
the risk. With the “check-ins”, the “life-events”, apps which access your personal
information and the need to put up just about everything that you’re doing and where
you’re doing it, one doesn’t really leave anything for the stalkers to figure out for
themselves. Social networking technology provides a social and collaborative platform
for internet users to interact, express their thoughts and share almost everything about
their lives. Though it promotes socialisation amongst people, along the way it contributes
to the rise of internet violations.
9. Data diddling
Data Diddling is unauthorised altering of data before or during entry into a computer
system, and then changing it back after processing is done. Using this technique, the
attacker may modify the expected output and is difficult to track. In other words, the
original information to be entered is changed, either by a person typing in the data, a
virus that’s programmed to change the data, the programmer of the database or
application, or anyone else involved in the process of creating, recording, encoding,
examining, checking, converting or transmitting data.
This is one of the simplest methods of committing a computer-related crime, because
even a computer amateur can do it. Despite this being an effortless task, it can have
detrimental effects. For example, a person responsible for accounting may change data
about themselves or a friend or relative showing that they’re paid in full. By altering or
failing to enter the information, they’re able to steal from the enterprise. Other examples
include forging or counterfeiting documents and exchanging valid computer tapes or
cards with prepared replacements. Electricity boards in India have been victims of data
diddling by computer criminals when private parties were computerizing their systems.
10. Identity Theft and Credit Card Fraud
Identity theft occurs when someone steals your identity and pretends to be you to access
resources such as credit cards, bank accounts and other benefits in your name. The
imposter may also use your identity to commit other crimes. “Credit card fraud” is a wide
ranging term for crimes involving identity theft where the criminal uses your credit card
to fund his transactions. Credit card fraud is identity theft in its simplest form. The most
common case of credit card fraud is your pre-approved card falling into someone else’s
hands.
Credit card fraud is the most common way for hackers to steal yoiur money
He can use it to buy anything until you report to the authorities and get your card
blocked. The only security measure on credit card purchases is the signature on the
receipt but that can very easily be forged. However, in some countries the merchant may
even ask you for an ID or a PIN. Some credit card companies have software to estimate
the probability of fraud. If an unusually large transaction is made, the issuer may even
call you to verify.

Often people forget to collect their copy of the credit card receipt after eating at
restaurants or elsewhere when they pay by credit card. These receipts have your credit
card number and your signature for anyone to see and use. With only this information,
someone can make purchases online or by phone. You won’t notice it until you get your
monthly statement, which is why you should carefully study your statements. Make sure
the website is trustworthy and secure when shopping online. Some hackers may get a
hold of your credit card number by employing phishing techniques. Sometimes a tiny
padlock icon appears on the left screen corner of the address bar on your browser which
provides a higher level of security for data transmission. If you click on it, it will also tell
you the encryption software it uses.

A more serious concern is the use of your personal information with the help of stolen or
fake documents to open accounts (or even worse, using your existing account) to take a
loan in your name. These unscrupulous people can collect your personal details from
your mailbox or trash can (remember to shred all sensitive documents). Think of all the
important details printed on those receipts, pay stubs and other documents. You won’t
know a thing until the credit card people track you down and tail you until you clear all
your dues. Then for months and months you’ll be fighting to get your credit restored and
your name cleared.

With rising cases of credit card fraud, many financial institutions have stepped in with
software solutions to monitor your credit and guard your identity. ID theft insurance can
be taken to recover lost wages and restore your credit. But before you spend a fortune on
these services, apply the no-cost, common sense measures to avert such a crime.
11. Salami slicing attack
A “salami slicing attack” or “salami fraud” is a technique by which cyber-criminals steal
money or resources a bit at a time so that there’s no noticeable difference in overall size.
The perpetrator gets away with these little pieces from a large number of resources and
thus accumulates a considerable amount over a period of time. The essence of this
method is the failure to detect the misappropriation. The most classic approach is
“collect-the-roundoff” technique. Most calculations are carried out in a particular
currency are rounded off up to the nearest number about half the time and down the rest
of the time. If a programmer decides to collect these excess fractions of rupees to a
separate account, no net loss to the system seems apparent. This is done by carefully
transferring the funds into the perpetrator’s account.
Attackers insert a program into the system to automatically carry out the task. Logic
bombs may also be employed by unsatisfied greedy employees who exploit their know-
how of the network and/or privileged access to the system. In this technique, the criminal
programs the arithmetic calculators to automatically modify data, such as in interest
calculations.

Stealing money electronically is the most common use of the salami slicing technique,
but it’s not restricted to money laundering. The salami technique can also be applied to
gather little bits of information over a period of time to deduce an overall picture of an
organisation. This act of distributed information gathering may be against an individual
or an organisation. Data can be collected from web sites, advertisements, documents
collected from trash cans, and the like, gradually building up a whole database of factual
intelligence about the target.

Since the amount of misappropriation is just below the threshold of perception, we need
to be more vigilant. Careful examination of our assets, transactions and every other
dealing including sharing of confidential information with others might help reduce the
chances of an attack by this method.
12. Software Piracy
Thanks to the internet and torrents, you can find almost any movie, software or song from
any origin for free. Internet piracy is an integral part of our lives which knowingly or
unknowingly we all contribute to. This way, the profits of the resource developers are
being cut down. It’s not just about using someone else’s intellectual property illegally but
also passing it on to your friends further reducing the revenue they deserve.

Piracy is rampant in India, but you knew that

Software piracy is the unauthorised use and distribution of computer software. Software
developers work hard to develop these programs, and piracy curbs their ability to
generate enoughrevenue to sustain application development. This affects the whole
global economy as funds are relayed from other sectors which results in less investment
in marketing and research.
The following constitute software piracy:
  Loading unlicensed software on your PC
 Using single-licensed software on multiple computers
 Using a key generator to circumvent copy protection
 Distributing a licensed or unlicensed (“cracked”) version of software over the
internet and offline

“Cloning” is another threat. It happens when someone copies the idea behind your
software and writes his own code. Since ideas are not copy protected across borders all
the time, this isn’t strictly illegal. A software “crack” is an illegally obtained version of
the software which works its way around the encoded copy prevention. Users of pirated
software may use a key generator to generate a “serial” number which unlocks an
evaluation version of the software, thus defeating the copy protection. Software cracking
and using unauthorised keys are illegal acts of copyright infringement.

Using pirated material comes with its own risks. The pirated software may contain
Trojans, viruses, worms and other malware, since pirates will often infect software with
malicious code. Users of pirated software may be punished by the law for illegal use of
copyrighted material. Plus you won’t get the software support that is provided by the
developers.
To protect your software from piracy if you’re a developer, you should apply strong
safeguards. Some websites sell software with a “digital fingerprint” that helps in tracing
back the pirated copies to the source. Another common method is hardware locking.
Using this, the software license is locked to a specific computer hardware, such that it
runs only on that computer. Unfortunately, hackers continue to find their way around
these measures.
13. Others
So far we’ve discussed the dedicated methods of committing cyber crimes. In a nutshell,
any offence committed using electronic means such as net extortion, cyber bullying, child
pornography and internet fraud is termed as cyber crime. The internet is a huge breeding
ground for pornography, which has often been subject to censorship on grounds of
obscenity. But what may be considered obscene in India, might not be considered so in
other countries.
Since every country has a different legal stand on this subject matter, pornography is
rampant online. However, according to the Indian Constitution, largely, pornography falls
under the category of obscenity and is punishable by law. Child pornography is a serious
offence, and can attract the harshest punishments provided for by law. Pedophiles lurk in
chat rooms to lure children. The internet allows long-term victimisation of such children,
because the pictures once put up, spread like wild-fire, and may never get taken down
completely. Internet crimes against children are a matter of grave concern, and are being
addressed by the authorities, but this problem has no easy solution.

Difference between Active Attack and Passive Attack

Active Attacks:
Active attacks are the type of attacks in which, The attacker efforts to change or modify
the content of messages. Active Attack is danger for Integrity as well as availability. Due
to active attack system is always damaged and System resources can be changed. The
most important thing is that, In active attack, Victim gets informed about the attack.

Passive Attacks:
Passive Attacks are the type of attacks in which, The attacker observes the content of
messages or copy the content of messages. Passive Attack is danger for Confidentiality.
Due to passive attack, there is no any harm to the system. The most important thing is
that In passive attack, Victim does not get informed about the attack.
Sr. Key Active Attack Passive Attack
No.

Modification In Active Attack, information is In Passive Attack, information remain

1
modified. unchanged.

Dangerous Active Attack is dangerous for Passive Attack is dangerous for

2
For Integrity as well as Availability. Confidentiality.

Attention Attention is to be paid on Attention is to be paid on prevention.

3
detection.
 Impact on In Active Attack, system is In Passive Attack, system has no impact.
4
System damaged.

Victim Victim gets informed in active Victim does not get informed in passive
5
attack. attack.

System System Resources can be System Resources are not changed in

6
Resources changed in active attack. passive attack.

External and Internal

The fundamental difference between an external and internal threat is the identity of the
attacker. A simplified way to view this is looking at invaders versus saboteurs. External
threats, or invaders, act from outside the company and must overcome your exterior
defenses in order to reach your database. Internal threats, or saboteurs, work within the
company and can thus bypass exterior defenses. As trusted members of the company,
they already have far more access than any external threat.