Cyber Crime and Mitigation

Code - 3163213
Open Elective, Semester - 6, Branch - ICT,
Gujarat Technological University

Dr. Ashish Goswami

Department of Information and Communication Technology
Faculty of Engineering Sciences and Technology
Contents

▶ Unit - 1: Introduction to Cyber Crime and Law

▶ Unit - 2: Definition and Terminology: ITA 2000

▶ Unit - 3: Firewalls

▶ Unit - 4: Operating System Security and Privacy

Cyber Crime

Definitation
Cybercrime is any illegal behavior, directed by means of electronic operations, that targets
the security of computer systems and the data processed by them.

Other Definitions
• Any illegal act where a special knowledge of computer technology is essential for its
perpetration, investigation, and prosecution.
• Any traditional crime that has acquired a new dimension or order of magnitude
through the aid of a computer, and abuses that have come into being because of
computers.
• Any financial dishonesty that takes place in a computer environment.
• Any threats to the computer itself, such as theft of hardware or software, sabotage
and demands for ransom
Cyber Crime

Cyber Crime Activities

• Credit card fraud
• Cyberstalking
• Defaming another online
• Gaining unauthorized access to computer systems
• Ignoring copyrights
• Software licensing and trademark protection
• Overriding encryption to make illegal copies
• Software piracy
• Stealing another’s identity to perform criminal acts
Cyber Crime

Cyber Criminals Categories

Broadly dividen into 3 Categories:
1. Type-1: Cybercriminals - Hungry for Recognition
— Hobby hackers
— IT professional(social engineering): Ethical hacker
— Politically motivated hackers
— Terrorist organizations: Cyberterrorism.
2. Type-2: Cybercriminals - Not Interested in Recognition
— Psychological perverts: Deviates from normal behavior
— Financially motivated hackers: Make money from cyber attacks
— State-sponsored hacking
— Organized Criminals
3. Type-3: Cybercriminals - The Insiders
— Disgruntled or former employees seeking revenge
— Competing companies using employees to gain economic advantage through damage
and/ or theft.
Classification of Cybercrimes

1. Cybercrime against an individual

2. Cybercrime against property
3. Cybercrime against organization
4. Cybercrime against Society
5. Crimes emanating from Usenet newsgroup
Classification of Cybercrimes

Cybercrime against an individual

• Electronic mail spoofing and other online frauds
• Phishing, spear phishing
• Spamming
• Cyber defamation
• Cyberstalking and harassment
• Computer sabotage
• Password sniffing

Cybercrime against property

• Credit card frauds
• Intellectual property( IP) crimes
• Internet time theft
Classification of Cybercrimes

Cybercrime against organization

• Unauthorized accessing of computer
• Password sniffing
• Denial-of-service attacks
• Virus attack/dissemination of viruses
• E-Mail bombing/mail bombs
• Salami attack/ Salami technique
• Logic bomb
• Trojan Horse
• Data diddling
• Industrial spying/ industrial espionage
• Computer network intrusions
Classification of Cybercrimes

• Software Piracy

Cybercrime against Society

• Forgery
• Cyber terrorism
• Web jacking

Crimes emanating from Usenet newsgroup

• Usenet groups may carry very offensive, harmful, inaccurate material.
• Postings that have been mislabeled or are deceptive in another way.
• Hence service at your own risk.
Cyber Crimes

Electronic mail (E-Mail) Spoofing

E-mail spoofing is the forgery of an e-mail header so that the message appears to have
originated from someone or somewhere other than the actual source.

Phishing
It is an act of criminally fraudulent process of attempting to acquire sensitive information
such as usernames, passwords and credit card details by masquerading as a trustworthy
entity in an electronic communication.

Spear Phishing
Spear phishing is an email or electronic communications scam targeted towards a specific
individual, organization or business.
Cyber Crimes

Vishing
Vishing is the criminal practice of using social engineering over the telephone system, most
often using features facilitated by VoIP, to gain access to personal and financial
information from the public for the purpose of financial reward.

Smishing
The name is derived from “SMs PhISHING”. Smishing uses cell phone text messages to
deliver a lure message to get the victim to reveal his/her personal information.

Spamming
Spam is sending undesired junk emails and commercial messages over internet. People who
create electronic spam are called ‘spammers’.
Cyber Crimes

Cyber Defamation
The act of defaming, insulting, offending or otherwise causing harm through false
statements about a person, company or nation etc. through internet.

Cyber Stalking and Harassment

Cyber stalking refers to the use of internet and/or other electronic communication devices
to stalk another person. It involves repeatedly harassing or threatening an individual via
the internet or other electronic means of communication.

Computer Sabotage
Computer sabotage involves deliberate attacks intended to disable computers or networks.
Cyber Crimes

Pornographic Offenses
Cyber pornography is the act of using cyberspace to create, display, distribute, import, or
publish pornography or obscene materials. Child pornography means any visual depiction,
including but not limited to the following:
• Any photograph that can be considered obscene and/or unsuitable for the age of child
viewer.
• Film, video, picture.
• Obscene computer generated image or picture.

Password Sniffing
Password sniffers are the programs that can monitor and records passwords that are used
or broadcasted on a computer or network interface. It listens to all incoming and outgoing
network traffic and records any instance of a data packet that contains a password.
Cyber Crimes

Identity Theft
It is a fraud involving another person’s identity for an illicit purpose. It occurs when a
criminal uses someone else’s identity for his/her own illegal purpose. Phishing and identity
theft are related offenses.

Credit cards frauds

Credit card (or debit card) fraud is a form of identity theft that involves an unauthorized
person taking of another’s credit card information for the purpose of charging purchases to
the account or removing funds from it. The purpose may be to obtain goods without
paying, or to obtain unauthorized funds from an account.

Intellectual property (IP) crimes

Basically, IP crimes include software piracy, copyright infringement, trademarks violations,
theft of computer source code, etc.
Cyber Crimes

Internet time theft

Occurs when an unauthorized person uses the internet hours paid for by another person.
The person who gets access to someone else’s ISP user ID and password, either by hacking
or by gaining access to it by illegal means, uses it to access the internet without the other
person’s knowledge.

Unauthorized accessing of computer

Hacking is one method of doing this. Hackers make use of the weaknesses and loop holes
present in systems to destroy data and steal important information from victim’s
computer. Every act committed toward breaking into a computer and/or network is
hacking and it is an offense.
Cyber Crimes

Password sniffing
Password sniffers are the programs that can monitor and records passwords that are used
or broadcasted on a computer or network interface. It listens to all incoming and outgoing
network traffic and records any instance of a data packet that contains a password.

Denial-of-Service (DoS) attacks

A denial-of-service attack (DoS attack) is the intrusion into a system by disabling the
network with the intent to deny service to authorized users. Attackers achieve this by
flooding a network with more traffic than it can handle.

Virus attack
Computer virus is a program that can ‘infect’ legitimate programs by modifying them to
include a possibly ‘evolved’ copy of itself. Virus spread themselves, without the knowledge
or permission of the users, to potentially large number of programs on many machines.
Cyber Crimes

E-mail bombing/mail bombs

E-mail bombing refers to sending a large number of E-mails to the victims to crash
victim’s E-Mail account or to make victim’s mail servers crash.

Salami attack/Salami technique

Salami attack is when small attacks add up to one major attack that can go undetected
due to the nature of this type of cybercrime. Salami attacks are used for committing
financial crimes and are difficult to detect and trace. For example, a fraud activity in a
bank, where an employee steals a small amount of funds from several accounts, can be
considered a salami attack.
Cyber Crimes

Logic bomb
These are event dependent programs. This implies that these programs are created to do
something only when a certain event (known as a trigger event) occurs. For example, some
viruses may be termed logic bombs because they lie dormant all through the year and
become active only on a particular date (like the Chernobyl virus).

Trojan horse
Trojan horse is a program in which malicious or harmful code is contained inside
apparently harmless programming or data in such a way that it can get control and cause
harm.
Cyber Crimes

Data diddling
Data diddling (also called false data entry) is the unauthorized changing of data before or
during their input to a computer system. Examples are forging or counterfeiting
documents and exchanging valid computer tapes or cards with prepared replacements.

Industrial spying/industrial espionage

It is the illegal practice of investigating competitors to gain a business advantage. The
target of investigation might be a trade secret such as product specification or formula or
information about business plans.

Computer network intrusions

An intrusion detection system (IDS) inspects all inbound and outbound network activity
and identifies suspicious patterns that may indicate a network or system attack from
someone attempting to break into or compromise a system.
Cyber Crimes

Software piracy
Theft of software through the illegal copying of genuine programs is known as software
piracy. Examples:
• End user copying
• Hard disk loading with illicit means
• Counterfeiting
• Illegal downloads from the Internet.
Cyber Crimes

Forgery
The act of forging something, especially a document or object for the purpose of fraud or
deception. Examples:
• Counterfeit currency notes
• Postage and revenue stamps
• Mark sheets or even degree certificates can be forged using sophisticated computers,
printers and scanners.

Cyber terrorism
Cyber terrorism is the convergence of cyberspace and terrorism. It is the activity carried
out by terrorist on the internet to disrupt large number of system networks with the means
of computer virus.
Cyber Crimes

Web jacking
Web jacking occurs when someone forcefully takes control of a website. The first stage of
this crime involves “password sniffing”. The actual owner of the website does not have any
more control over what appears on that website.

Crimes emanating from Usenet newsgroup

Usenet groups may carry very offensive, harmful, inaccurate or otherwise inappropriate
material. In some cases, postings might be mislabeled or are deceptive in another way. It
is expected that people will use caution and common sense and exercise proper judgment
when using Usenet.
Social Engineering

Social Engineering
Social engineering is a method of using psychology to gain access to the computer systems
and tricking the victims into giving out sensitive and personal information such as
passwords and other credentials.
Classification:
1. Human Based
2. Computer based.
Social Engineering

Human Based Social Engineering

• Impersonating an employee or valid user.
• Posing as an important used.
• Using a third person.
• Calling technical support.
• Shoulder surfing.
• Dumpster surfing.

Computer Based Social Engineering

• Sending fake emails etc.
• asking to re-enter passwords in a web page.
Social Engineering

Cryptojacking
• Cryptojacking is a type of cybercrime that involves the unauthorized use of people’s
devices (computers, smartphones, tablets, or even servers) by cybercriminals to mine
for cryptocurrency.
• Like many forms of cybercrime, the motive is profit, but unlike other threats, it is
designed to stay completely hidden from the victim.
Darknet and Dark Markets

• The darknet refers to encrypted networks on the Internet that are not indexed by
search engines such as Google, Yahoo or Bing.
• It is a layer of the Internet accessible only by using special software like Tor (The
Onion Router), or I2P (Invisible Internet Project).
• These are networks that are only available to a select group of people and not to the
general Internet public, and only accessible via authorization, specific software and
configurations.
• This includes harmless places such as academic databases and corporate sites, as well
as those with shadier subjects such as black markets, fetish communities, and hacking
and piracy.
• The terms ”dark net” and ”dark web” are occasionally used interchangeably, but with
subtle differences in meaning. Dark net is a network built over the Internet whereas
dark web refers to websites on a darknet.
Darknet and Dark Markets

• ”Dark net” is commonly confused with ”deep web.” The deep web refers to unindexed
sites which are unsearchable; in most cases, this is because those sites are protected by
passwords.
• Part of the WWW (World Wide Web) which is not indexed by a search engine like
Google is Deep Web and it about 500-600 times larger than the surface web.
• Surface Web - Also called the Visible Web, Indexed Web, Indexable Web or
Lightnet. It is that portion of the World Wide Web that is readily available to the
general public and searchable with standard web search engines. It is the opposite of
the deep web. It only constitutes 4-6% of the whole web.
Darknet and Dark Markets

Usefulness of DarkNet
• To avoid Censorship: Individuals within closed societies and facing extreme censorship
can utilize the dark net to communicate with others outside of their society.
• Anonymity and Secrecy: Even individuals within open societies may have some
interest in using the darknet, particularly as concerns about government snooping and
data collection continue to grow worldwide.
• Useful for whistleblowers and journalists to maintain secrecy in communication and
leaking and transferring information.
Concerns Regarding Darknet

Facilitates Illegal Activities: A large portion of the activity which takes place on the
dark net is illegal. The dark net offers a level of identity security that the surface net does
not.

• Dark net is the virtual equivalent of a black market.

• Criminals looking to protect their identities in order to evade detection and capture
are drawn to this aspect of the dark net. For that reason, it’s unsurprising that a
number of notable hacks and data breaches have been associated with the dark net in
some way or another.
• The relative impermeability of dark net has made it a major haven for drug dealers,
arms traffickers, child pornography collectors and other criminals involved in financial
and physical crimes so much so that one can buy anything from tigers to hand
grenades to any kind of narcotic substances, provided the potential buyer finds the
right website on the dark net.
Concerns Regarding Darknet

• One of the most famous examples of a dark network was the Silk Road marketplace.
Silk Road was a website used for the buying and selling of a variety of illegal items,
including recreational drugs and weapons. Although it was shut down by government
authorities in 2013, it has spawned a number of copycat markets.
• Used by Activists and revolutionaries to organize themselves without fear of giving
away their position to governments they oppose.
• Terrorists use dark net to provide information to fellow terrorists, to recruit and
radicalize, to spread propaganda, raise funds, and to coordinate actions and attacks.
• Terrorists also use the dark net for illegal purchase of explosives and weapons, using
virtual currencies like Bitcoin and other crypto-currencies.
• Security experts are claiming that hackers and fraudsters have started to offer access
to SCADA and ICS systems via discussion forums on the dark web, potentially
compromising vital infrastructure networks across the world.
— SCADA systems are used to run facilities like nuclear power stations, oil refineries and
chemical plants, so if cyber-criminals gained access to major networks, then the
consequences could be lethal.
Contents

▶ Unit - 1: Introduction to Cyber Crime and Law

▶ Unit - 2: Definition and Terminology: ITA 2000

▶ Unit - 3: Firewalls

▶ Unit - 4: Operating System Security and Privacy

Cybercrime: The Legal Perspective

• Cybercrime possess a mammoth challenge

• Computer crime (Criminal Justice Resource Manual(1979)): Any illegal act for which
knowledge of computer technology is essential for a successful prosecution.
• International legal aspects of computer crimes were studied in 1983: Encompasses any
illegal act for which the knowledge of computer technology is essential for its
prepetration .
• The network context of cyber crime make it one of the most globalized offenses of the
present and most modernized threats of the future.
• Solution:
— Divide information system into segments bordered by state boundaries. (Not possible
and unrealistic because of globalization)
— Incorporate the legal system into an integrated entity obliterating these state
boundaries.
Cybercrimes: An Indian Perspective

• India has the fourth highest number of internet users in the world. (2017)
• 45 million internet users in India
• 37% - in cybercafes
• 57% are between 18 and 35 years
• The Information Technology (IT) Act, 2000, specifies the acts which are punishable.
Since the primary objective of this Act is to create an enabling environment for
commercial use of I.T.
• 217 cases were registered under IT Act during the year 2007 as compared to 142 cases
during the previous year (2006).
• Thereby reporting an increase of 52.8% in 2007 over 2006.
• 22.3% cases (49out of 217 cases) were reported from Maharashtra followed by
Karnataka (40), Kerala (38) and Andhra Pradesh and Rajasthan (16 each).
Incidence of Cyber Crimes in Cities

• 17 out of 35 mega cities did not report any case of Cyber Crime i.e, neither under the
IT Act nor under IPC Sections) during the year 2007.
• 17 mega cities have reported 118 cases under IT Act and 7 megacities reported 180
cases undervarious section of IPC.
• There was an increase of 32.6% (from 89 cases in 2006 to 118 cases in 2007) in cases
under IT Act as compared to previous year (2006), and an increase of 26.8% (from 142
cases in 2006 to 180 cases in 2007) of cases registered under various section of IPC.
• Bengaluru (40), Pune (14) and Delhi (10) cities have reported high incidence of cases
(64 out of 118 cases) registered under IT Act, accounting for more than half of the
cases (54.2%) reported under the Act.
Cybercrime and ITA 2000

Hacking and the Indian laws

The cyber crime are punishable under two categories: the ITA 2000 and the IPC.
Following are some of the noteworthy provisions under the ITA 2000.
• Sec 43: Penalty for damage to computer system - Compansation for Rs. 1 Crore.
• Sec 66: Hacking - Fine Rs. 2 Lakhs and imprisonment for 3 years.
• Sec 67: Publication of obscene material in electronic form - Fine of Rs 1 Lakh,
imprisonment of 5 years and double conviction on second offence.
• Sec 70: Protected System - Imprisonment up to 10 years.
• Sec 72: Penalty for breach of confidentiality and privacy - Fine up to Rs 1 Lack and
imprisonment up to 2 years.
• Sec 73: For publishing false digital signature certificate false in certain particulars -
Fine of Rs 1 Lakh or imprisonments of 2 years or both.
A Global Perspective on Cybercrimes

• A broad meaning is given to the cybercrime at an international level.

• In Council of Europe’s Cyber security Treaty, cybercrime is used as an umbrella term
to refer to an array of criminal activity including offensing against computer data and
systems, computer related offenses, content offenses and copyright offenses.
• The status on email legislation by country is available on internet.
• ITU activities on countering spam (and other cyber security activities) can be read by
visiting the link www.itu.int/spam.
• The spam legislation scenario mention ’none’ about India as far as email legislation is
concerned.
• The legislation refer to India as a ’loose’ legislation, although there is a mention in Sec
67 of ITA 2000.
• About 30 countries have enacted some form of anti-spam legislation. (no significant
impact)
A Global Perspective on Cybercrimes

• The growing phenomenon is the used of spam to support fraudulent and criminal
activities.
• As there are no national boundries to such crime under cybercrime realm, it requires
international cooperation between those who seek to enforce anti-spam laws.
• Thus one can see there is a lot to do toward building confidence and security in the
use of ICT and moving towards international cooperation agenda.
• The linkage of cyber security and critical infrastructure protection has become a big
issue as a number of countries have began assessment of threats, vulnerabilities and
started exploring mechanisms to reduce them.
• Recently there have been a number significant developments such as:
— US senate ratifies COE convention on cyber crime (August 4, 2006).
— EU offocials want to debar suspicious websites as a part of 6-point plan to boost joint
antiterrorism activities.
— CoE cyber crime convention (1997-2001) was the first internation treaty seeking to
adress inrernet crimes by harmonizing national laws, improving investigative techniques
and increasing cooperation among nations. (More than 40 countries)
Cybercrime and Extended Enterprise

• It is a continuing problem that the average user is not adequately educated to

understand the threats and how to protect oneself.
• It is responsibility of each user to became aware of the threats as well as the
opportunities that ”connectivity” and presents them with.
Cybercrime and Extended Enterprise

Figure: Extended Enterprise

Survival Mantra

Survival Mantra for Netizens in Cybercrime Era

• ”Netizens” is someone who spends considerable time online and also has considerable
presnce online.
• The 5P Netizen mantra for online security is:
1. Precaution
2. Prevention
3. Protection
4. Preservation
5. Perseverance
Contents

▶ Unit - 1: Introduction to Cyber Crime and Law

▶ Unit - 2: Definition and Terminology: ITA 2000

▶ Unit - 3: Firewalls

▶ Unit - 4: Operating System Security and Privacy

Windows Firewall

• Windows Firewall is a security feature that helps to protect your device by filtering
network traffic that enters and exits your device.
• This traffic can be filtered based on several criteria, including source and destination
IP address, IP protocol, or source and destination port number.
• Windows Firewall can be configured to block or allow network traffic based on the
services and applications that are installed on your device.
• This allows you to restrict network traffic to only those applications and services that
are explicitly allowed to communicate on the network.
• Windows Firewall is a host-based firewall that is included with the operating system
and enabled by default on all Windows editions.
• Windows Firewall supports Internet Protocol security (IPsec), which you can use to
require authentication from any device that is attempting to communicate with your
device.
Windows Firewall

• When authentication is required, devices that can’t be authenticated as a trusted

device can’t communicate with your device.
• You can use IPsec to require that certain network traffic is encrypted to prevent it
from being read by network packet analyzers that could be attached to the network by
a malicious user.
• Windows Firewall also works with Network Location Awareness so that it can apply
security settings appropriate to the types of networks to which the device is connected.
• For example, Windows Firewall can apply the public network profile when the device
is connected a coffee shop wi-fi, and the private network profile when the device is
connected to the home network.
• This allows you to apply more restrictive settings to public networks to help keep your
device secure.
Windows Firewall

• Windows Firewall offers several benefits to address your organization’s network

security challenges:
— Reduced risk of network security threats: By reducing the attack surface of a device,
Windows Firewall provides an additional layer of defense to the defense-in-depth model.
This increases manageability and decreases the likelihood of a successful attack.
— Protection of sensitive data and intellectual property: Windows Firewall integrates with
IPsec to provide a simple way to enforce authenticated, end-to-end network
communications. This allows for scalable, tiered access to trusted network resources,
helping to enforce data integrity and, if necessary, protect data confidentiality.
— Extended value of existing investments: Windows Firewall is a host-based firewall
included with the operating system, so no additional hardware or software is required.
It’s also designed to complement existing non-Microsoft network security solutions
through a documented API.
Windows Firewall

Concepts
The default behavior of Windows Firewall is to:
1. block all incoming traffic, unless solicited or matching a rule
2. allow all outgoing traffic, unless matching a rule
Windows Firewall

Firewall rules
Firewall rules identify allowed or blocked network traffic, and the conditions for this to
happen. The rules offer an extensive selection of conditions to identify traffic, including:
• Application, service or program name
• Source and destination IP addresses
• Can make use dynamic values, like default gateway, DHCP servers, DNS servers and
local subnets
• Protocol name or type. For transport layer protocols, TCP and UDP, you can specify
ports or port ranges. For custom protocols, you can use a number between 0 and 255
representing the IP protocol
• Interface type
• ICMP/ICMPv6 traffic type and code
Windows Firewall Control

Program Overview

• Windows Firewall Control is a powerful tool which extends the functionality of

Windows Firewall and provides new extra features which makes Windows Firewall
better.
• It runs in the system tray and allows the user to control the native firewall easily
without having to waste time by navigating to the specific part of the firewall.
• This is the best tool to manage the native firewall from Windows 11, 10, 8.1, 8, 7,
Server 2022, 2019, 2016, 2012.
• Windows Firewall Control offers four filtering modes which can be switched with just
a mouse click:
— High Filtering - All outbound and inbound connections are blocked. This profile blocks
all attempts to connect to and from your computer.
— Medium Filtering - Outbound connections that do not match a rule are blocked. Only
the programs that you allow can initiate outbound connections.
Windows Firewall Control

— Low Filtering - Outbound connections that do not match a rule are allowed. The user
can block the programs he doesn’t want to allow initiating outbound connections.
— No Filtering - Windows Firewall is turned off. Avoid using this setting unless you have
another firewall running on your computer.
• Windows Firewall Control doesn’t do any packet filtering and does not block or allow
any connection. This is done by Windows Firewall itself based on the existing firewall
rules.
Windows Firewall Control

Program Features

• Notifications of outbound blocked connections.

• Learning mode that automatically allows digitally signed programs.
• Create temporary rules which are automatically deleted when they expire or on
program restart.
• Intuitive user interface which is easy accessible through a system tray icon.
• Full support with standard user accounts. Elevated privileges are required only at
installation.
• Disable the ability of other programs to tamper Windows Firewall rules and state.
• Integrated support of creating, modifying and deleting Window Firewall rules.
• Multiple and easier ways of creating new rules in Windows Firewall.
• Lock feature which can disable the access to the settings of the program and Windows
Firewall.
Windows Firewall Control

• Shell integration into the right click context menu of the executable files.
• Automatically display invalid rules for programs that do not exist any more.
• Possibility to find and display duplicate firewall rules.
• Merge multiple similar rules or duplicate existing ones.
• View recently allowed and blocked connections and create new rules from the Security
log.
• Import and export of partial sets of rules.
• Protection to unauthorized uninstallation.
• Possibility to restore previous settings at uninstallation.
• Global hot keys are supported and various shortcut keys are available.
• Integrated multi language support in 29 languages.
• And many, many more. Just try it out.
Windows Firewall Control

System Requirements

• Microsoft .NET Framework version 4.8. Compatible with all x86 and x64 versions of
Windows 11, 10, 8.1, 8, 7, Server 2022, 2019, 2016, 2012.
• Windows Firewall service is required to be enabled for Windows Firewall Control to
run.
• DNS Client service is required to be enabled for the notifications to work properly.
Windows Firewall Control

Known Limitations

• Windows Firewall is incompatible with software proxies, web filtering modules, NDIS
drivers and any other security software that may redirect the traffic from Windows
Firewall to their own filtering module.
• Due to multiple system configurations and software installed there may be
incompatibility problems. Please report them and help to improve Windows Firewall
Control.
Linux Host Based Firewalls

• The Linux kernel includes the Netfilter subsystem, which is used to manipulate or
decide the fate of network traffic headed into or through your server.
• All modern Linux firewall solutions use this system for packet filtering.
• The kernel’s packet filtering system would be of little use to administrators without a
userspace interface to manage it.
• This is the purpose of iptables: When a packet reaches your server, it will be handed
off to the Netfilter subsystem for acceptance, manipulation, or rejection based on the
rules supplied to it from userspace via iptables.
• Thus, iptables is all you need to manage your firewall.
iptables

• Network traffic is made up of packets. Data is broken up into smaller pieces (called
packets), sent over a network, then put back together.
• Iptables identifies the packets received and then uses a set of rules to decide what to
do with them.
• Iptables filters packets based on:
— Tables: Tables are files that join similar actions. A table consists of several chains.
— Chains: A chain is a string of rules. When a packet is received, iptables finds the
appropriate table, then runs it through the chain of rules until it finds a match.
— Rules: A rule is a statement that tells the system what to do with a packet. Rules can
block one type of packet, or forward another type of packet. The outcome, where a
packet is sent, is called a target.
— Targets: A target is a decision of what to do with a packet. Typically, this is to accept
it, drop it, or reject it (which sends an error back to the sender).
iptables: Tables and Chains

Linux firewall iptables has four default tables.

1. Filter
— The Filter table is the most frequently used one.
— It acts as a bouncer, deciding who gets in and out of your network.
— It has the following default chains:

Input
The rules in this chain control the packets received by the server.

Output
This chain controls the packets for outbound traffic.

Forward
This set of rules controls the packets that are routed through the server.
iptables: Tables and Chains

2. Network Address Translation (NAT)

— This table contains NAT (Network Address Translation) rules for routing packets to
networks that cannot be accessed directly.
— When the destination or source of the packet has to be altered, the NAT table is used.
— It includes the following chains:

Prerouting
This chain assigns packets as soon as the server receives them.

Output
Works the same as the output chain we described in the filter table.

Postrouting
The rules in this chain allow making changes to packets after they leave the output chain.
iptables: Tables and Chains

3. Mangle
— The Mangle table adjusts the IP header properties of packets.
— The table has all the following chains we described above:
◦ Prerouting
◦ Postrouting
◦ Output
◦ Input
◦ Forward
4. Raw
— The Raw table is used to exempt packets from connection tracking.
— The raw table has two of the chains we previously mentioned:
◦ Prerouting
◦ Output
5. Security (Optional): Some versions of Linux also use a Security table to manage
special access rules. This table includes input, output, and forward chains, much like
the filter table.
iptables: Targets

• A target is what happens after a packet matches a rule criteria.

• Non-terminating targets keep matching the packets against rules in a chain even when
the packet matches a rule.
• With terminating targets, a packet is evaluated immediately and is not matched
against another chain.
• The terminating targets in Linux iptables are:
— Accept - this rule accepts the packets to come through the iptables firewall.
— Drop - the dropped package is not matched against any further chain. When Linux
iptables drop an incoming connection to your server, the person trying to connect does
not receive an error. It appears as if they are trying to connect to a non-existing
machine.
— Return - this rule sends the packet back to the originating chain so you can match it
against other rules.
— Reject - the iptables firewall rejects a packet and sends an error to the connecting device.
iptables: Syntax, Commands and Options

In general, an iptables command looks as follows:

sudo iptables [option] CHAIN_rule [-j target]

Here is a list of some common iptables options: [Note: iptables is case-sensitive]

-A --append - Add a rule to a chain (at the end).

-C --check - Look for a rule that matches the chain’s requirements.
-D --delete - Remove specified rules from a chain.
-F --flush - Remove all rules.
-I --insert - Add a rule to a chain at a given position.
-L --list - Show all rules in a chain.
-N -new-chain - Create a new chain.
-v --verbose - Show more information when using a list option.
-X --delete-chain - Delete the provided chain.
Uncomplicated Firewall (UFW)

• The Linux kernel in Ubuntu provides a packet filtering system called netfilter, and the
traditional interface for manipulating netfilter are the iptables suite of commands.
• iptables provide a complete firewall solution that is both highly configurable and
highly flexible.
• Becoming proficient in iptables takes time, and getting started with netfilter
firewalling using only iptables can be a daunting task.
• As a result, many frontends for iptables have been created over the years, each trying
to achieve a different result and targeting a different audience.
• The Uncomplicated Firewall (ufw) is a frontend for iptables and is particularly
well-suited for host-based firewalls.
• ufw provides a framework for managing netfilter, as well as a command-line interface
for manipulating the firewall.
Uncomplicated Firewall (UFW)

• ufw aims to provide an easy to use interface for people unfamiliar with firewall
concepts, while at the same time simplifies complicated iptables commands to help an
administrator who knows what he or she is doing.
• ufw is an upstream for other distributions and graphical frontends.
• Ubuntu 8.04 LTS introduced ufw, and it is available by default in all Ubuntu
installations after 8.04 LTS.
ufw: Basic Usage

Getting started with ufw is easy. For example, to enable firewall, allow ssh access, enable
logging, and check the status of the firewall, perform:

$ sudo ufw allow ssh/tcp

$ sudo ufw logging on
$ sudo ufw enable
$ sudo ufw status
Firewall loaded

To Action From
-- ------ ----
22:tcp ALLOW Anywhere

This sets up a default deny (DROP) firewall for incoming connections, with all outbound
connections allowed with state tracking.
ufw: Advanced Functionality

• As mentioned, the ufw application is capable of doing anything that iptables can do.
• This is achieved by using several sets of rules files, which are nothing more than
iptables-restore compatible text files.
• Fine-tuning ufw and/or adding additional iptables commands not offered via the ufw
command is a matter of editing various text files1:
— /etc/default/ufw: high level configuration, such as default policies, IPv6 support and
kernel modules to use
— /etc/ufw/before[6].rules: rules in these files are evaluated before any rules added via the
ufw command
— /etc/ufw/after[6].rules: rules in these files are evaluated after any rules added via the
ufw co
— mmand
— /etc/ufw/sysctl.conf: kernel network tunables
— /var/lib/ufw/user[6].rules or /lib/ufw/user[6].rules (0.28 and later): rules added via the
ufw command (should not normally be edited by hand)
ufw: Advanced Functionality

— /etc/ufw/ufw.conf: sets whether or not ufw is enabled on boot, and in 9.04 (ufw 0.27)
and later, sets the LOGLEVEL
— /etc/ufw/after.init: initialization customization script run after ufw is initialized (ufw
0.34 and later)
— /etc/ufw/before.init: initialization customization script run before ufw is initialized (ufw
0.34 and later)
• After modifying any of the above files, activate the new settings with:
$ sudo ufw disable
$ sudo ufw enable
• Gufw: Graphic User Interface for UFW
nftables

• nftables is the modern Linux kernel packet classification framework.

• New code should use it instead of the legacy ip,ip6,arp,eb tables (xtables)
infrastructure.
• For existing codebases that have not yet converted, the legacy xtables infrastructure is
still maintained as of 2021.
• Automated tools assist the xtables to nftables conversion process.
• nftables in a nutshell:
— It is available in Linux kernels ¿= 3.13.
— It comes with a new command line utility nft whose syntax is different to iptables.
— It also comes with a compatibility layer that allows you to run iptables commands over
the new nftables kernel framework.
— It provides a generic set infrastructure that allows you to construct maps and
concatenations.
— You can use these new structures to arrange your ruleset in a multidimensional tree
which drastically reduces the number of rules that need to be inspected until reaching
the final action on a packet.
Why nftables?

• We like iptables after all, this tool has been serving us (and will likely keep serving
still for a while in many deployments) to filter out traffic on both per-packet and
per-flow basis, log suspicious traffic activity, perform NAT and many other things.
• It comes with more than a hundred of extensions that have been contributed along
the last 15 years!.
• Nevertheless, the iptables framework suffers from limitations that cannot be easily
worked around:
— Avoid code duplication and inconsistencies: Many of the iptables extensions are protocol
specific, so there is no a consolidated way to match packet fields, instead we have one
extension for each protocol that it supports. This bloats the codebase with very similar
code to perform a similar task: payload matching.
— Faster packet classification through enhanced generic set and map infrastructure.
— Simplified dual stack IPv4/IPv6 administration, through the new inet family that allows
you to register base chains that see both IPv4 and IPv6 traffic.
— Better dynamic ruleset updates support.
Why nftables?

— Provide a Netlink API for third party applications, just as other Linux Networking and
Netfilter subsystem do.
— Address syntax inconsistencies and provide nicer and more compact syntax.
• These, among other things not listed here, triggered the nftables development which
was originally presented to the Netfilter community in the 6th Netfilter Workshop in
Paris (France).
Main differences with iptables

Some key differences between nftables and iptables from the user point of view are:

nftables uses a new syntax

• The iptables command line tool uses a getopt long()-based parser where keys are
always preceded by double minus, eg. –key or one single minus, eg. -p tcp.
• In contrast, nftables uses a compact syntax inspired by tcpdump.
Main differences with iptables

Tables and chains are fully configurable

• iptables has multiple pre-defined tables and base chains, all of which are registered
even if you only need one of them.
• There have been reports of even unused base chains harming performance.
• With nftables there are no pre-defined tables or chains.
• Each table is explicitly defined, and contains only the objects (chains, sets, maps,
flowtables and stateful objects) that you explicitly add to it. Now you register only
the base chains that you need.
• You choose table and chain names and netfilter hook priorities that efficiently
implement your specific packet processing pipeline.
Main differences with iptables

A single nftables rule can take multiple actions

• Instead of the matches and single target action used in iptables, an nftables rule
consists of zero or more expressions followed by one or more statements.
• Each expression tests whether a packet matches a specific payload field or packet/flow
metadata.
• Multiple expressions are linearly evaluated from left to right: if the first expression
matches, then the next expression is evaluated and so on.
• If we reach the final expression, then the packet matches all of the expressions in the
rule, and the rule’s statements are executed.
• Each statement takes an action, such as setting the netfilter mark, counting the
packet, logging the packet, or rendering a verdict such as accepting or dropping the
packet or jumping to another chain.
Main differences with iptables

• As with expressions, multiple statements are linearly evaluated from left to right: a
single rule can take multiple actions by using multiple statements.
• Do note that a verdict statement by its nature ends the rule.

No built-in counter per chain and rule

• In nftables counters are optional, you can enable them as needed.

Better support for dynamic ruleset updates

• In contrast to the monolithic blob used by iptables, nftables rulesets are represented
internally in a linked list.
• Now adding or deleting a rule leaves the rest of the ruleset untouched, simplifying
maintenance of internal state information.
Main differences with iptables

Simplified dual stack IPv4/IPv6 administration

• The nftables inet family allows you to register base chains that see both IPv4 and
IPv6 traffic.
• It is no longer necessary to rely on scripts to duplicate your ruleset.

New generic set infrastructure

• This infrastructure integrates tightly into the nftables core and allows advanced
configurations such as maps, verdict maps and intervals to achieve
performance-oriented packet classification.
• The most important thing is that you can use any supported selector to classify traffic.
Main differences with iptables

Support for concatenations

• Since Linux kernel 4.1, you can concatenate several keys and combine them with maps
and verdict maps.
• The idea is to build a tuple whose values are hashed to obtain the action to be
performed nearly O(1).

Support new protocols without a kernel upgrade

• Kernel upgrades can be a time-consuming and daunting task, especially if you have to
maintain more than a single firewall in your network.
• Distribution kernels usually lag the newest release. With the new nftables virtual
machine approach, supporting a new protocol will often not require a new kernel, just
a relatively simple nft userspace software update.
Adoptation

• The Netfilter project and community is focused on replacing the iptables framework
with nftables, adding new features and refreshing some workflows along the way.
• Many upstream projects use iptables to handle filtering, NAT, mangling and other
networking tasks.
Mac OS Host Based Firewalls

• Mac OS Host Based Firewalls are software firewalls that are installed and run on
individual computers rather than on a network or server.
• There are two main types of Mac-Host Based Firewalls : Applicaton firewalls and
PF(Packet Filter firewalls)

1. Application firewalls: These firewalls work by examining the data that is sent and
received by specific applications running on the computer.
2. PF frewalls: is a firewall solution that is built into the Mac OS operating system. It is
a stateful packet filter that is capable of blocking traffic based on a wide variety of
criteria, including IP address, port number, and protocol type. Pflist, IceFloor and
Murus are all examples of PF-based Mac-Host Based Firewalls.
pflist

• pflists is a basic PF firewall frontend for OS X 10.7 and newer.

• pflists is inspired by the old Server Admin’s firewall tool shipped with Mac OS X
Server 10.7 but uses PF firewall instead of the old and deprecated IPFW
• Very easy and quick setup
• Define groups of addresses, assign them a list of addresses and allowed services
• Filter inbound IPv4 and IPv6 connections
• Limit overall bandwidth for Internet connections (10.8 and 10.9 only)
• Save startup scripts to load PF firewall rules at boot
• PFLists offers a limited set of options.
• If you need a more powerful PF frontend: IceFloor or the new Murus Firewall.
IceFlooor

• IceFloor is group based. Create groups and assign addresses, services and parameters
to pass or block connections
• IceFloor uses its own set of PF configuration files; default OS X PF configuration files
are not modified
• start with IceFloor Wizard to create a basic PF configuration in a few mouse clicks
• use IceFloor interface to set up very complex and customized PF rulesets
• manage inbound and outbound connections with filtering and bandwidth rules for
your Mac and NAT clients
• hide services using port knocking, list and block connections on the fly using Inspector
• create custom PF presets including custom rules, options, filtering and bandwidth
rules
• mix IceFloor PF rules with your custom PF rules, interact with external applications
like sshguard
IceFlooor

• share Internet connection using PF NAT, assign per-client filtering and bandwidth
rules and redirections
• browse PF ruleset with the new PF Rules Browser, display filtering, bandwidth and
NAT PF rules and pipes
• analyze PF logs with numerical and graphical statistics
• debug and test PF rulesets easily and quickly using IceFloor Menulet
• IceFloor is free and open source. It requires OS X 10.7.
• Some feature is available only on OS X 10.8 and 10.9.
• Bandwidth management and other features are not available on OS X 10.10 Yosemite.
Murus

• Murus is a suite of firewall tools for Mac OS X that includes a graphical user interface
for configuring and managing the PF firewall.
• Easy Configuration: Use Murus Assistant to configure and enable pf in a few clicks, or
chose one of the predefined configuration profiles. Create your own configurations
library and switch between configurations with a mouse click.
• Firewall Filtering: Creating firewall rules is easier than ever, simply add Services to
Inbound or Outbound managed services then select their policies from a popup
button. Everything can be customized: you create your own services and groups, and
all services can be configured using a dedicated ruleset using custom rules.
• Firewall Logging: Select a global logging policy, then define a per-service policy. This
allows the user to set a fine-tuned pf log policy in order to produce a very data
consistent and informative log file. Log is stored in a sqlite database.
Murus

• Configuration Overview: Murus 2 ruleset structure is now much more clear and easy
to understand. The overview represents current pf ruleset tree structure and is always
easy to understand why a rule is there and what’s its purpose.
• Ports Management: Murus checks your local listening ports and lists all unmanaged
ones. This helps you configuring Murus giving you a view over your Mac currently
running network services. Thus, you can easily decide which network services you
want to allow or block. Additionally, you can tell Murus to pop up a notification in
case a new, unknown network service is started.
• Dummynet Bandwidth Management: Create Dummynet Pipes and Queues to
selectively limit download and/or upload bandwidth for inbound and/or outbound
connections. Supports Worst-case Fair Weighted Fair Queueing policy (WF2Q+).
Bandwidth limits can be applied to managed services or using custom Dummynet
rules giving you all the freedom you need.
Murus

• Port Knocking Hidden Services: Hide your public services from port scanners and
unauthorized access using port knocking. Use the free multiplatform Murus Knocker
client to access hidden services from remote computers. Available for Mac, Linux and
Windows.
• NAT and Port Forwarding: Share your internet connection with other computers or
smartphones and tablets using NAT. Define a per-client or per-group access policy, in
order to block unwanted services. Export LAN services to the Internet with port
forwarding.
• Proactive protection: Enable adaptive firewall for supported tcp services in order to
block brute-force attacks. Subscribe online blacklists services and have them
automatically updated. Interact with external tools such as SSHGuard to manage
dynamic black lists.
Murus

• Notifications and monitors: Murus offers several way to monitor your system. You can
keep track of current connections using the pf states monitor. You can monitor
runtime pf rules, tables and counters. You can see real time pf log or browse/search
log database. Additionally, you can tell Murus to notify when a new listening port is
found or when a specific connection is passed or blocked.
Little Snitch

• Little Snitch is a host-based application firewall for macOS.

• It can be used to monitor applications, preventing or permitting them to connect to
attached networks through advanced rules.
• It is produced and maintained by the Austrian firm Objective Development Software
GmbH.
• Unlike a stateful firewall, which is designed primarily to protect a system from
external attacks by restricting inbound traffic, Little Snitch is designed to protect
privacy by limiting outbound traffic.
• Until Little Snitch 4, it controlled network traffic by registering kernel extensions
through the standard application programming interface (API) provided by Apple,
but for its 5th release it switched to using Apple’s Network Extensions due to the
deprecation of Kernel Extensions on macOS Catalina.
• If an application or process attempts to establish a network connection, Little Snitch
prevents the connection, if a rule for that connection has been set by the user.
Little Snitch

• For that, a dialog is presented to the user, which allows one to deny or permit the
connection on a one-time, time limited, or permanent basis.
• The dialog also allows the user to restrict the parameters of the connection, restricting
it to a specific port, protocol, or domain.
• Little Snitch’s integral network monitor shows ongoing traffic in real time with
domain names and traffic direction displayed.
Next-Generation Firewalls

• A traditional firewall provides stateful inspection of network traffic.

• It allows or blocks traffic based on state, port, and protocol, and filters traffic based
on administrator-defined rules.
• A next-generation firewall (NGFW) does this, and so much more.
• In addition to access control, NGFWs can block modern threats such as advanced
malware and application-layer attacks.
• According to Gartner’s definition, a next-generation firewall must include:
— Standard firewall capabilities like stateful inspection
— Integrated intrusion prevention
— Application awareness and control to see and block risky apps
— Threat intelligence sources
— Upgrade paths to include future information feeds
— Techniques to address evolving security threats
Next-Generation Firewalls

The best next-generation firewalls deliver five core benefits to organizations:

1. Breach prevention and advanced security

• The No. 1 job of a firewall should be to prevent breaches and keep your organization
safe.
• But since preventive measures will never be 100 percent effective, your firewall should
also have advanced capabilities to quickly detect advanced malware if it evades your
front-line defenses.
• A firewall should have the following capabilities:
— Prevention to stop attacks before they get inside
— A best-of-breed next-generation IPS built-in to spot stealthy threats and stop them fast
— URL filtering to enforce policies on hundreds of millions of URLs
— Built-in sandboxing and advanced malware protection that continuously analyzes file
behavior to quickly detect and eliminate threats
— A world-class threat intelligence organization that provides the firewall with the latest
intelligence to stop emerging threats
Next-Generation Firewalls

2. Comprehensive network visibility

• You can’t protect against what you can’t see.
• You need to monitor what is happening on your network at all times so you can spot
bad behavior and stop it fast.
• Your firewall should provide a holistic view of activity and full contextual awareness
to see:
— Threat activity across users, hosts, networks, and devices
— Where and when a threat originated, where else it has been across your extended
network, and what it is doing now
— Active applications and websites
— Communications between virtual machines, file transfers, and more
Next-Generation Firewalls

3. Flexible management and deployment options

• Whether you are a small to medium-sized business or a large enterprise, your firewall
should meet your unique requirements:
— Management for every use case–choose from an on-box manager or centralized
management across all appliances
— Deploy on-premises or in the cloud via a virtual firewall
— Customize with features that meet your needs–simply turn on subscriptions to get
advanced capabilities
— Choose from a wide range of throughput speeds
Next-Generation Firewalls

4. Fastest time to detection

• The current industry standard time to detect a threat is between 100 to 200 days;
that is far too long.
• A next-generation firewall should be able to:
— Detect threats in seconds
— Detect the presence of a successful breach within hours or minutes
— Prioritize alerts so you can take swift and precise action to eliminate threats
— Make your life easier by deploying consistent policy that’s easy to maintain, with
automatic enforcement across all the different facets of your organization
Next-Generation Firewalls

5. Automation and product integrations

• Your next-generation firewall should not be a siloed tool.
• It should communicate and work together with the rest of your security architecture.
Choose a firewall that:
— Seamlessly integrates with other tools from the same vendor
— Automatically shares threat information, event data, policy, and contextual information
with email, web, endpoint, and network security tools
— Automates security tasks like impact assessment, policy management and tuning, and
user identification
Network Based Firewalls

• Network firewalls are security devices used to stop or mitigate unauthorized access to
private networks connected to the Internet, especially intranets.
• The only traffic allowed on the network is defined via firewall policies — any other
traffic attempting to access the network is blocked.
• Network firewalls sit at the front line of a network, acting as a communications liaison
between internal and external devices.
• A network firewall can be configured so that any data entering or exiting the network
has to pass through it.
• It accomplishes this by examining each incoming message and rejecting those that fail
to meet the defined security criteria.
• When properly configured, a firewall allows users to access any of the resources they
need while simultaneously keeping out unwanted users, hackers, viruses, worms or
other malicious programs trying to access the protected network.
• Firewalls can be either hardware or software.
Network Based Firewalls

• In addition to limiting access to a protected computer and network, a firewall can log
all traffic coming into or leaving a network, and manage remote access to a private
network through secure authentication certificates and logins.
• A firewall is considered an endpoint protection technology.
• In protecting private information, a firewall can be considered a first line of defense,
but it cannot be the only defense.

Hardware Firewalls
• These firewalls are released either as standalone products for corporate use, or more
often, as a built-in component of a router or other networking device.
• They are considered an essential part of any traditional security system and network
configuration. Hardware firewalls will almost always come with a minimum of four
network ports that allow connections to multiple systems.
• For larger networks, a more expansive networking firewall solution is available.
Network Based Firewalls

Software Firewalls
• These are installed on a computer, or provided by an OS or network device
manufacturer.
• They can be customized, and provide a smaller level of control over functions and
protection features. A software firewall can protect a system from standard control
and access attempts, but have trouble with more sophisticated network breaches.
DD-WRT

• Every router comes with default firmware, a set of commands embedded into
hardware.
• However, sometimes you might want to upgrade your firmware in order to get better
performance and security.
• DD-WRT allows users to significantly improve their router and add new features.
• ”DD” stands for Dresden, a city in Germany, where DD-WRT firmware was
developed. “WRT” refers to a wireless router.
• DD-WRT is firmware compatible with most router brands and was designed to
significantly improve their performance.
DD-WRT

• It expands your router’s capabilities, enables new features, and even provides better
speeds.
• The process of upgrading your old firmware to DD-WRT is called ”flashing” and could
take up to ten minutes.
• ”Flashing” your router requires some technical know-how, so you need to know what
you’re doing before starting the process. Otherwise, you can ’brick’ your router,
turning it into a useless piece of junk.
Benefits of DD-WRT

There are many benefits to installing DD-WRT, some of them are:

IPv6 support
• While IPv6 eventually will replace IPv4, there are a lot of routers that don’t support
this protocol.
• DD-WRT can easily run IPv6, which is more secure and more advanced than IPv4,
not to mention that it supports more IP addresses.

Firewall
• DD-WRT has a configurable and solid firewall, which blocks unauthorized access.

Increasing Wi-Fi range

• With DD-WRT installed on your router, you can change the broadcasting power of
your transmitting antenna and adjust other settings to increase your Wi-Fi coverage.
Benefits of DD-WRT

Performance tracking
• DD-WRT provides you with extensive information about your network, making it
easy to troubleshoot connectivity issues and track your router’s performance.

Bandwidth prioritization
• If you’re an avid gamer, you might want to get as much speed as possible to avoid
lags. DD-WRT allows you to prioritize your bandwidth and give your selected devices
more speed.

VPN support
• Not all routers support VPNs and this can be a major drawback for many users. You
can install the NordVPN app on your router and protect all devices connected to your
network. This allows you to shield internet activities not only for yourself but also for
other members of your household.
DD-WRT risks to consider

Compatibility
• Not all routers support DD-WRT and in this case you’re left with only one option —
buying a new router.
• You can check the list of supported devices and see if your router is compatible with
DD-WRT.

”Bricking” your router

• If you want to upgrade your router, you need to know what you’re doing.
• The internet is full of stories about unsuccessful firmware configurations and people
failing to recover their routers to factory settings afterwards.
• Follow the tutorials closely and consult an expert if you have any doubts about the
process.
DD-WRT risks to consider

Warranty void
• When you get ”inside” your router and install a custom firmware, your router’s
manufacturer might void your warranty or charge you extra for technical support and
repairs.
pfsense

• pfSense is an open-source network firewall based on Free BSD Linux.

• The pfSense project was started in 2004 as a fork of the m0n0wall project. However,
later m0n0wall project was discontinued.
• You can install a pfSense firewall on computer hardware to make it a dedicated
firewall.
• Alternatively, you can install a virtual machine.
• It can be installed in small offices or large corporate networks.
• The pfSense provides a user-friendly web interface.
• You can easily configure and manage it through the GUI itself.
• However, you can also enable Telnet and SSH.
• Basic networking knowledge is enough to manage it.
• Once you finish the installation, access it using a web browser.
pfsense

• pfSense is mostly used as a router and firewall software, and typically configured as
DHCP server, DNS server, WiFi access point, VPN server, all running on the same
hardware device.
• pfSense also allows for installation of third party open source packages such as Snort
or Squid through a built in Package Manager, making it the default choice of many
network administrators.
• pfSense is flexible by design. It can be used on a small home router as well as run the
entire network of a large corporation.
• Nowadays, pfSense is often replacing CISCO and other expensive name brands in
large corporate environments, not because it’s free, but because it is feature rich and
mature platform.
pfsense

• pfSense firewall has almost all the features available in commercial firewalls such as:.
— Routing
— Security – Access Lists
— NAT (Network Address Translation)
— IPSec VPN
— SSL VPN
— DNS/DHCP
— Captive Portal
— Proxy – (Open-Source Squid Proxy)
— Load Balancing
— Integration with AAA
— SSL Decryption
— Antivirus
pfsense

• If you want a firewall with a different feature set, pfSense is a great option.
• pfSense is free, open-source, and based on Free-BSD Linux.
• It can easily protect your network from threats. It also fulfills your requirements, i.e.,
SSL and IPSec VPN.
• Along with all features, you will get pfSense updates.
• Thus, it will maintain the stability of the network.
• Another benefit is you can resize your hardware as per the bandwidth requirements.
• However, in the case of a commercial firewall, you need to purchase a new firewall to
meet the bandwidth requirements.
• It is also available for private and public clouds. You can also install the pfSense
Firewall in AWS and Azure public cloud.
pfsense

• pfSense can be installed on any hardware - your old computer may become your new
router.
• This is a great way to get started if you have a computer with at least 2 network cards.
• Once you are convinced you like the platform, you may choose one of the dedicated
hardware platforms such as PC Engines APU, TekLager TLSense, Soekris, Netgate or
others.
• However, you can buy pfSense official Hardware from netgate.
• You can buy an appliance as per your requirements.
• Requirements: Minimum RAM 512 MB, CPU 500 MHz. Recommended: RAM 1 GB,
CPU 1 GHz.
Smoothwall

• The Smoothwall Firewall protects your network from unauthorized access like any
other firewall.
• However, you can also control the flow of traffic through the Smoothwall Firewall and
among network zones with Smoothwall Firewall rules.
• You can specify where traffic comes from and goes to, block network traffic from
specific IPs or network addresses, bridge together isolated network zones and bridge
user groups to network zones.
Smoothwall Firewall Rules

• The Smoothwall Firewall rules are organized into sections.

• You can create rules in the current section or create a new section.
• You can add a rule to the top or bottom of the section if it already contains other
rules.
• The Smoothwall Firewall applies rules from top to bottom so that the logic of the top
rule supersedes the one below it.
• On initial setup, the Smoothwall Firewall contains two default rules.
• The first default rule allows access to everything from the internal network to the
Internet.
• The second default rule, in the catch-all section, blocks all traffic in and out so that
anything not specified in the rules placed before it, is blocked.
• For example, you would use the first rule in an office environment, where all the users
are responsible for the material that they upload and the apps they use.
Smoothwall Firewall Rules

• This rule wouldn’t block tools such as UltraSurf or VPNs, which could be used to
bypass the Smoothwall Firewall and connect directly to the Internet.
• Within a school or environment where it’s necessary to protect children or vulnerable
people, it’s common to set up rules to allow specific services or applications access to
the Internet and then change the default rule to block all other outbound traffic.
• If you have Smoothwall Filter, blocking all traffic in this way will only allow traffic
through the Filter or any specific rules you’ve added.
• Smoothwall versions prior to the Inverness Castle release will also have several
migrated Smoothwall Firewall rules in the Migrated outgoing policy rules section.
These are specific to your organization.
Smoothwall Firewall Rules

Routing Access Control Lists (ACLs)

— ACLs allow traffic to be routed between networks.
— All internal networks are isolated by the Smoothwall Firewall by default.
— You can create access control policies to control communication between networks, for the
purpose of resource sharing, for example, within a corporate environment, you might want to
isolate departmental networks from each other, but allow access to printers in one.
— Reply packets within the same connection are handled by the same rule.
— If communication between networks is meant to be allowed both ways, add both source and
destination interface/IP addresses to Source and destination interfaces or IP addresses
sections.
— For example:
◦ Source interface LAN1 - destination interface LAN2 - Traffic can go from LAN1 to LAN2 and
replies will be allowed back. But LAN2 cannot send traffic into LAN1.
◦ Source interface LAN1 and LAN2 - destination interface LAN2 and LAN1 - The Smoothwall
Firewall acts as a router between LAN1 and LAN2 - traffic is allowed both ways.
Smoothwall Firewall Rules

User group membership

— In addition to creating access control rules based on interface or IP addresses, you can also
create rules based on user group membership.
— Rules that are created based on group membership are dynamic and the user needs to sign in
to the Smoothwall Firewall, either by authenticating to the Smoothwall Filter or by other
means before they take effect.
VyOS: The Open Source Router/Firewall

• VyOS is an open-source network operating system that provides software-based

network routing, firewall, and VPN functionality.
• Based on Debian GNU/Linux, VyOS integrates multiple applications into a single,
unified, and stable network platform, capable of handling various networking tasks,
including routing, firewall, NAT, VPN, and more.
• For many organizations, one of the main attractions to VyOS is its cost-effectiveness.
• As an open-source platform, it is freely available, which can represent substantial
savings for businesses, especially when compared to proprietary solutions.
• Moreover, its flexibility and versatility make it an ideal solution for organizations that
require custom network configurations.
• VyOS supports advanced networking features, such as OSPF, BGP, and MPLS, which
typically only exist in high-end, expensive networking hardware.
• It also comes with VPN technology, allowing secure connections to other networks
over the internet.
VyOS: The Open Source Router/Firewall

• Comparing VyOS with leading vendors, such as Cisco and Juniper, the stark
differences emerge from the cost, customization, and open-source nature of VyOS.
• While the leading vendors offer robust solutions, they come with significant price tags
and may require specialized, proprietary hardware.
• In contrast, VyOS runs on standard x86 hardware, virtual machines, and even in
cloud environments.
• Moreover, VyOS, being open source, provides more flexibility for customization.
• Its architecture allows users to modify and build upon the existing platform according
to their unique requirements.
VyOS: The Open Source Router/Firewall

Ease of Use
• While VyOS comes with a bit of a learning curve, its usability isn’t necessarily
complex.
• It operates via command-line interface (CLI), which may seem daunting for beginners.
However, for those familiar with Linux and CLI, the process is fairly straightforward.
• Its configuration is consolidated into a single file, making it easier to manage.
• Also, VyOS provides excellent community support, tutorials, and documentation,
making it easier for beginners to get started and troubleshoot issues.
VyOS: The Open Source Router/Firewall

Advantages of Using VyOS

• Cost-effectiveness: VyOS eliminates the need for expensive proprietary hardware and
licensing fees, making it ideal for budget-conscious organizations.
• Flexibility: The open-source nature of VyOS allows users to customize their network
solutions according to their unique needs.
• Versatility: VyOS supports a wide range of network protocols and can run on a variety
of platforms, including physical hardware, virtual machines, and cloud environments.
• Stability: Despite being open-source, VyOS is highly stable and reliable, making it
suitable for critical network infrastructure.
VyOS: The Open Source Router/Firewall

Disadvantages of Using VyOS

• Learning Curve: VyOS operates on a command-line interface, which may be
challenging for those unfamiliar with this type of interaction.
• Limited GUI: Unlike some other networking solutions, VyOS primarily operates via
CLI, and while it does have a web GUI, it is not as fully featured as those of some
commercial vendors.
• Support: While the VyOS community is active and helpful, it doesn’t offer the same
level of formal, professional support that commercial vendors provide.
VyOS: The Open Source Router/Firewall

• In conclusion, VyOS is a strong contender in the network operating system space.

• With its open-source nature, robust capabilities, and cost-effectiveness, it is an
attractive option for many organizations.
• It may not be as straightforward to use as some proprietary solutions, but its
flexibility and stability offer compelling advantages.
Contents

▶ Unit - 1: Introduction to Cyber Crime and Law

▶ Unit - 2: Definition and Terminology: ITA 2000

▶ Unit - 3: Firewalls

▶ Unit - 4: Operating System Security and Privacy

Security Features and Functionalities

• The process of ensuring OS availability, confidentiality, integrity is known as operating

system security.
• OS security refers to the processes or measures taken to protect the operating system
from dangers, including viruses, worms, malware, and remote hacker intrusions.
• Operating system security comprises all preventive-control procedures that protect
any system assets that could be stolen, modified, or deleted if OS security is breached.
• Security refers to providing safety for computer system resources like software, CPU,
memory, disks, etc.
• It can protect against all threats, including viruses and unauthorized access.
• It can be enforced by assuring the operating system’s integrity, confidentiality, and
availability.
• If an illegal user runs a computer application, the computer or data stored may be
seriously damaged.
Security Features and Functionalities

• System security may be threatened through two violations:

— Threat: A program that has the potential to harm the system seriously.
— Attack: A breach of security that allows unauthorized access to a resource.
• There are two types of security breaches that can harm the system: malicious and
accidental.
• Malicious threats are a type of destructive computer code or web script that is
designed to cause system vulnerabilities that lead to back doors and security breaches.
• On the other hand, Accidental Threats are comparatively easier to protect against.
• Security may be compromised through the breaches. Some of the breaches are as
follows:
1. Breach of integrity: This violation has unauthorized data modification.
2. Theft of service: It involves the unauthorized use of resources.
3. Breach of confidentiality: It involves the unauthorized reading of data.
4. Breach of availability: It involves the unauthorized destruction of data.
5. Denial of service: It includes preventing legitimate use of the system. Some attacks may
be accidental.
Security Features and Functionalities

The goal of Security System

There are several goals of system security. Some of them are as follows:
1. Integrity: Unauthorized users must not be allowed to access the system’s objects, and
users with insufficient rights should not modify the system’s critical files and resources.
2. Secrecy: The system’s objects must only be available to a small number of authorized
users. The system files should not be accessible to everyone.
3. Availability: All system resources must be accessible to all authorized users, i.e., no
single user/process should be able to consume all system resources. If such a situation
arises, service denial may occur. In this case, malware may restrict system resources
and preventing legitimate processes from accessing them.
Types of Threats

Types of Threats
There are mainly two types of threats that occur:
• Program threats
• System threats

Program threats
• The operating system’s processes and kernel carry out the specified task as directed.
• Program Threats occur when a user program causes these processes to do malicious
operations.
• The common example of a program threat is that when a program is installed on a
computer, it could store and transfer user credentials to a hacker.
Types of Threats

• There are various program threats. Some of them are as follows:

1. Virus
— A virus may replicate itself on the system.
— Viruses are extremely dangerous and can modify/delete user files as well as crash
computers.
— A virus is a little piece of code that is implemented on the system program.
— As the user interacts with the program, the virus becomes embedded in other files and
programs, potentially rendering the system inoperable.
2. Trojan Horse
— This type of application captures user login credentials.
— It stores them to transfer them to a malicious user who can then log in to the computer
and access system resources.
3. Logic Bomb
— A logic bomb is a situation in which software only misbehaves when particular criteria
are met; otherwise, it functions normally.
Types of Threats

4. Trap Door
— A trap door is when a program that is supposed to work as expected has a security
weakness in its code that allows it to do illegal actions without the user’s knowledge.

System threats
• System threats are described as the misuse of system services and network
connections to cause user problems.
• These threats may be used to trigger the program threats over an entire network,
known as program attacks.
• System threats make an environment in which OS resources and user files may be
misused.
Types of Threats

• There are various system threats. Some of them are as follows:

1. Port Scanning
— It is a method by which the cracker determines the system’s vulnerabilities for an attack.
— It is a fully automated process that includes connecting to a specific port via TCP/IP.
— To protect the attacker’s identity, port scanning attacks are launched through Zombie
Systems, which previously independent systems now serve their owners while being
utilized for such terrible purposes.
2. Worm
— The worm is a process that can choke a system’s performance by exhausting all system
resources.
— A Worm process makes several clones, each consuming system resources and preventing
all other processes from getting essential resources.
— Worm processes can even bring a network to a halt.
Types of Threats

3. Denial of Service
— Denial of service attacks usually prevents users from legitimately using the system.
— For example, if a denial-of-service attack is executed against the browser’s content
settings, a user may be unable to access the internet.
Threats to Operating System

There are various threats to the operating system. Some of them are as follows:

Malware
• It contains viruses, worms, trojan horses, and other dangerous software.
• These are generally short code snippets that may corrupt files, delete the data,
replicate to propagate further, and even crash a system.
• The malware frequently goes unnoticed by the victim user while criminals silently
extract important data.
Threats to Operating System

Network Intrusion
• Network intruders are classified as masqueraders, misfeasors, and unauthorized users.
• A masquerader is an unauthorized person who gains access to a system and uses an
authorized person’s account.
• A misfeasor is a legitimate user who gains unauthorized access to and misuses
programs, data, or resources.
• A rogue user takes supervisory authority and tries to evade access constraints and
audit collection.
Threats to Operating System

Buffer Overflow
• It is also known as buffer overrun.
• It is the most common and dangerous security issue of the operating system.
• It is defined as a condition at an interface under which more input may be placed into
a buffer and a data holding area than the allotted capacity, and it may overwrite other
information.
• Attackers use such a situation to crash a system or insert specially created malware
that allows them to take control of the system.
Ensuring Operating System Security

There are various ways to ensure operating system security. These are as follows:

Authentication
• The process of identifying every system user and associating the programs executing
with those users is known as authentication.
• The operating system is responsible for implementing a security system that ensures
the authenticity of a user who is executing a specific program.

In general, operating systems identify and authenticate users in three ways.

1. Username/Password: Every user contains a unique username and password that

should be input correctly before accessing a system.
Ensuring Operating System Security

2. User Attribution: These techniques usually include biometric verification, such as

fingerprints, retina scans, etc. This authentication is based on user uniqueness and is
compared to database samples already in the system. Users can only allow access if
there is a match.
3. User card and Key: To login into the system, the user must punch a card into a card
slot or enter a key produced by a key generator into an option provided by the
operating system.

One Time passwords

• Along with standard authentication, one-time passwords give an extra layer of
security.
• Every time a user attempts to log into the One-Time Password system, a unique
password is needed. Once a one-time password has been used, it cannot be reused.
Ensuring Operating System Security

One-time passwords may be implemented in several ways.

1. Secret Key: The user is given a hardware device that can generate a secret id that is
linked to the user’s id. The system prompts for such a secret id, which must be
generated each time you log in.
2. Random numbers: Users are given cards that have alphabets and numbers printed on
them. The system requests numbers that correspond to a few alphabets chosen at
random.
3. Network password: Some commercial applications issue one-time passwords to
registered mobile/email addresses, which must be input before logging in.
Ensuring Operating System Security

Firewalls
• Firewalls are essential for monitoring all incoming and outgoing traffic.
• It imposes local security, defining the traffic that may travel through it.
• Firewalls are an efficient way of protecting network systems or local systems from any
network-based security threat.

Physical Security
• The most important method of maintaining operating system security is physical
security.
• An attacker with physical access to a system may edit, remove, or steal important files
since operating system code and configuration files are stored on the hard drive.
OS Security Policies and Procedures

• Various operating system security policies may be implemented based on the

organization that you are working in.
• In general, an OS security policy is a document that specifies the procedures for
ensuring that the operating system maintains a specific level of integrity,
confidentiality, and availability.
• OS Security protects systems and data from worms, malware, threats, ransomware,
backdoor intrusions, viruses, etc.
• Security policies handle all preventative activities and procedures to ensure an
operating system’s protection, including steal, edited, and deleted data.
OS Security Policies and Procedures

• As OS security policies and procedures cover a large area, there are various techniques
to addressing them. Some of them are as follows:
— Installing and updating anti-virus software
— Ensure the systems are patched or updated regularly
— Implementing user management policies to protect user accounts and privileges.
— Installing a firewall and ensuring that it is properly set to monitor all incoming and
outgoing traffic.
• OS security policies and procedures are developed and implemented to ensure that
you must first determine which assets, systems, hardware, and date are the most vital
to your organization.
• Once that is completed, a policy can be developed to secure and safeguard them
properly.
OS Bugs and Vulnerabilities

• Operating system vulnerabilities represent critical weak points in the security

infrastructure of any digital system.
• These vulnerabilities are potential exploits that can be used by attackers to gain
unauthorized access or cause damage.
• A deeper understanding of these vulnerabilities is essential for effective cybersecurity.
• Understanding operating system vulnerabilities is a complex but vital part of
maintaining cybersecurity.
• It involves not only awareness of the types of vulnerabilities but also a proactive
approach to detecting, analyzing, and mitigating them.
• As the digital landscape evolves, staying informed and vigilant becomes increasingly
important to protect against the sophisticated threats these vulnerabilities present.
OS Bugs and Vulnerabilities

Origins of Vulnerabilities
Operating system vulnerabilities often originate from various sources.
1. Programming Errors: Mistakes in code can create security loopholes.
2. Complex Software Interactions: Unexpected interactions between different
software components can lead to vulnerabilities.
3. Legacy Code: Older sections of code that haven’t been updated or reviewed can be
a source of vulnerabilities.
4. Third-Party Integrations: External software or plugins integrated with the OS can
introduce vulnerabilities.
OS Bugs and Vulnerabilities

Types of Common Vulnerabilities

There are several types of vulnerabilities commonly found in operating systems:
• Buffer Overflow: Occurs when a program writes more data to a buffer than it can
hold, potentially allowing attackers to overwrite memory locations.
• Privilege Escalation: An exploit that allows a user to gain higher access levels than
intended, leading to unauthorized control over system functions.
• Injection Flaws: These occur when an attacker can insert malicious code into a
program, often seen in SQL, NoSQL, OS, and LDAP injections.
• Unpatched Software: Vulnerabilities that exist in outdated software or systems
where security patches have not been applied.
• Zero-Day Exploits: These are vulnerabilities that are exploited by attackers before
the software vendor has released a fix or even knows about the vulnerability.
OS Bugs and Vulnerabilities

Vulnerability Detection and Analysis

To mitigate these risks, it’s crucial to regularly perform software vulnerability analysis:
• Security Audits: Conduct thorough security checks and audits to find potential
vulnerabilities.
• Automated Scanning Tools: Use automated tools to regularly scan for known
vulnerabilities.
• Penetration Testing: Employ ethical hacking techniques to test the system’s
defenses.
OS Bugs and Vulnerabilities

The Impact of Vulnerabilities

The exploitation of these vulnerabilities can lead to various security breaches and attacks:
• Data Breach: Unauthorized access to confidential data.
• System Compromise: Complete takeover of the operating system, leading to loss of
control over system functionalities.
• Malware Spread: Use of vulnerabilities to spread malware, ransomware, or other
malicious software.
OS Bugs and Vulnerabilities

Mitigation Strategies
Mitigation of these vulnerabilities involves several strategies:
• Regular Updates and Patches: Ensuring all software and the OS itself are
up-to-date with the latest security patches.
• Reducing Attack Surface: Minimizing the number of system components exposed
to potential attack.
• Access Control: Implementing strict user access controls to minimize the impact of
a potential exploit.
• Security Awareness: Educating users about safe practices to prevent social
engineering and phishing attacks.
OS Bugs and Vulnerabilities

Major Operating System Attacks: Case Studies

Several high-profile cyber attacks have exploited operating system vulnerabilities,
including malware and ransomware:
1. WannaCry Ransomware (2017): Exploited a Windows OS vulnerability,
encrypting data and demanding ransom.
2. Petya Attack: Similar to WannaCry, Petya caused global disruption using an OS
exploit.
These case studies demonstrate the severe impact and the evolving nature of cyber attack
trends, emphasizing the need for proactive security measures.
Patch Management in Cybersecurity

• Patch management is a critical element in the cybersecurity framework, playing a key

role in protecting operating systems from vulnerabilities.
• It involves the process of acquiring, testing, and installing multiple patches (code
changes) on existing applications and software tools on a computer, ensuring systems
are up-to-date and resistant to hacking and malware attacks
Patch Management in Cybersecurity

Importance of Patch Management

Patch management is crucial for several reasons:
• Closing Security Gaps: Patches often address security vulnerabilities. Delay in
applying these patches can leave systems exposed to exploits.
• Maintaining System Integrity and Functionality: Patches not only fix security
issues but also correct other software bugs and improve performance, ensuring the
system runs smoothly and efficiently.
• Compliance: For many organizations, staying current with patches is a compliance
requirement, as outdated systems can pose risks to data protection and privacy.
Patch Management in Cybersecurity

Challenges in Patch Management

Despite its importance, patch management comes with its own set of challenges:
• Resource Allocation: It requires time and resources to properly test and deploy
patches, which can be challenging for organizations with limited IT staff or resources.
• Compatibility Issues: Patches can sometimes cause issues with existing software or
systems, requiring thorough testing before deployment.
• Keeping Up with Updates: With the frequent release of patches, especially in
environments with multiple systems and applications, keeping up-to-date can be
overwhelming.

Best Practices in Patch Management

Implementing effective patch management strategies involves several best practices:
Patch Management in Cybersecurity

• Establish a Patch Management Policy: Define a clear policy for how patches
should be managed. This policy should include how to handle different types of
patches (security, feature updates) and outline the process for testing and deployment.
• Prioritize Patches: Not all patches are of equal importance. Prioritize patches
based on the severity of the issue they address, focusing first on critical security
patches.
• Automated Patch Management Tools: Utilize tools that automate the process of
patch discovery and installation. Automation can help in managing the volume of
patches and reduce the likelihood of human error.
• Regularly Schedule Patch Updates: Set a regular schedule for reviewing and
applying patches. This helps in staying on top of security updates and reduces the
chances of missing critical patches.
• Testing Before Deployment: Test patches in a controlled environment before full
deployment to ensure they do not interfere with existing systems or cause new
security vulnerabilities.
Patch Management in Cybersecurity

• Audit and Documentation: Keep detailed records of all patches, including what
was applied, when, and any issues encountered. This documentation is vital for
troubleshooting, compliance, and security audits.
• User Education: Educate users about the importance of applying updates on their
personal devices. This is especially important in a Bring Your Own Device (BYOD)
environment.
• Continual Review and Improvement: Regularly review the patch management
process and make improvements. As new threats emerge and technologies evolve, so
should your approach to patch management.

In conclusion, effective patch management is a vital defense against the exploitation of

operating system vulnerabilities. It requires a strategic approach, combining policy,
prioritization, automation, and regular review to ensure that computer systems remain
secure, functional, and compliant with regulatory standards.
OS Privacy and Tracking

• Operating system (OS) privacy and tracking are critical considerations in today’s
digital landscape.
• As technology becomes more intertwined with our daily lives, the amount of data
collected about us through our operating systems has increased significantly.
• Here are some key points to consider regarding OS privacy and tracking:

Data Collection
• Operating systems, whether it’s Windows, macOS, Linux, iOS, or Android, often
collect various types of data to improve user experience, provide personalized services,
and for marketing purposes.
• This data can include device information, usage patterns, location data, and more.
OS Privacy and Tracking

Privacy Settings
• Most operating systems offer privacy settings that allow users to control the collection
and sharing of their data.
• These settings typically include options to manage app permissions, location services,
advertising preferences, and data sharing with third parties.
• Users should review and customize these settings according to their preferences.

Transparency
• Operating system providers should be transparent about the data they collect and
how it is used.
• This includes providing clear privacy policies and disclosure about data sharing
practices with third parties.
OS Privacy and Tracking

Security
• Privacy and security go hand in hand. Operating systems should implement robust
security measures to protect user data from unauthorized access, data breaches, and
cyber attacks.
• This includes encryption, secure authentication methods, and regular software
updates to patch vulnerabilities.

Tracking and Surveillance

• Concerns about tracking and surveillance have grown with the proliferation of online
tracking technologies and government surveillance programs.
• Operating systems should respect user privacy rights and minimize unnecessary
tracking and surveillance activities.
OS Privacy and Tracking

User Control
• Users should have control over their data and be able to opt-out of tracking and data
collection practices that they are uncomfortable with.
• This includes the ability to delete collected data and disable tracking features.

Regulatory Compliance
• Operating system providers must comply with relevant privacy regulations and
standards, such as the General Data Protection Regulation (GDPR) in the European
Union or the California Consumer Privacy Act (CCPA) in the United States.
• Compliance with these regulations helps ensure that user privacy rights are protected.
OS Privacy and Tracking

Third-party Apps and Services

• Users should also be aware that third-party apps and services installed on their
devices may have their own privacy policies and data collection practices.
• It’s essential to review the privacy settings and permissions for each app and service
to understand how they handle user data.

• Overall, ensuring privacy and minimizing tracking on operating systems requires a

combination of user awareness, transparent practices from operating system providers,
and regulatory oversight to protect user rights in an increasingly digital world.
General Use OS with Security and Privacy

• Trails OS
• WHONIX
• Qubes OS
• Debian OS
• GrapheneOS (For Mobile)

Read basic details of all the above OSs.

Penetration Testing and Ethical Hacking OS

• Kali LInux
• Parrot Security OS
• BackBox
• Samurai Web Testing Framework
• Pentoo Linux
• DEFT Linux
• Caine
• Network Security Toolkit (NST)
• BlackArch Linux
• bugtraq
• ArchStrike Linux
• Fedora Security Spin