Cyber and Network Security BTIT 603

Unit – 4

Cybercrime and the Legal Landscape around the World

Cyber Law is the law governing cyber space.

Cyber space is the connected Internet Ecosystem, it includes computers,

networks, software's, data storage devices (such as hard disks, USB disks etc), the
Internet, websites, emails and even electronic devices such as cell phones, ATM
machines etc.

What is Cyber Law & Why Do We Need Cyber laws?

Cyber law is the “law governing cyber space”. Cyber laws help to reduce or prevent
people from cybercriminal activities on a large scale with the help of protecting
information access from unauthorized people, freedom of speech related to the
use of the Internet, privacy, communications, email etc.
Need for cyber Law:-

• To protect online organizations and people on the network from

unauthorized access and malicious people.
• These crimes may be very harmful for losing the reliability and confidentiality
of personal information or a nation.
• It is important because it touches almost all aspects of transactions and
activities involving the internet, World Wide Web and cyberspace.’’
• It provides legal protections to people using the internet. This includes both
businesses and everyday citizens.
• To provide stages of punishment for breaking that law or performing any
illegal activity. If someone does any illegal activity or breaks the cyber rule,
it offers people or organizations to have that persons sentenced to
punishment or take action against them.

The Indian IT Act – 2000

• The Information Technology Act, 2000 also Known as an IT Act is an act

proposed by the Indian Parliament reported on 17th October 2000.
• The main objective of this act is to carry lawful and trustworthy electronic,
digital and online transactions and reduce cybercrimes.
• Information Technology Act 2000 consisted of 94 sections segregated into
13 chapters.

Sec.43 : Tampering with Computer source documents (with out the

permission of in charge).

If any person uses a computer or system network without permission of the

owner or any other person who is incharge &

1. Access, download, Copy any data from such computer

2. Introduces Computer Virus into any computer.
3. Damages any computer network or computer.
 4. Changes Account Settings.

Punishment : He shall be liable for the payment to be made to owner as

compensation for damages.

Sec.66:- Hacking with Computer systems, Data alteration.

Hacking of a Computer System with malicious intentions like fraud will be

punished with 3 years imprisonment or the fine of Rs.5,00,000 or both.

Sec.66F:- Cyber Terrorism

This Section is on Cyber Terrorism affecting unity, integrity, security, sovereignty

of India through digital medium is liable for life imprisonment.

Sec.67:- Publishing obscene information.

This section states publishing obscene information or pornography or

transmission of obscene content in public is liable for imprisonment up to 5
years or fine or Rs. 10,00,000 or both.

Sec 502A: Publishing, Transmitting images of the private area of a person

without his or her consent.

Punishment : 2yrs./2 lakh.

Section 419A: Cheating by any communication device or computer

resource.

Punishment : 5yrs.

Section 417A: Identity Theft.

Punishment: 2yrs.

Challenges to Indian Law and Cybercrime

 1. Lack of awareness and the culture of cyber security, at individual as well
as organizational level. Domestic netizens can protect and be protected
from the cyber attacks only if there is a guided and supervised legal
framework.
2. The minimum necessary eligibility to join the police doesn’t include any
knowledge of computers sector so that they are almost illiterate to cyber-
crime.
3. The speed of cyber technology changes always beats the progress of govt.
sector so that they are not able to identify the origin of these cyber-
crimes.
4. Security forces and Law enforcement personnel are not equipped to
address high-tech crimes.
5. Budgets for security purpose by the government especially for the training
of law enforcement are less as compare to other crimes.
6. Lack of separation - Cyber attacks have come not only from terrorists but
also from neighboring countries contrary to our National interests.

Digital Signature and the IT Act

The IT Act, 2000 introduced the concept of digital signatures under Sec. 2(1)(p) as
authentication of any electronic record by a subscriber.

A signature is a symbolic and essential representation of one’s identity.

Signature of a person holds a very significant place in the field of law as well as
while carrying out transactions.

• According to section 2(1)(p) of the Information Technology Act, 2000

digital signature means the authentication of any electronic record by a
person who has subscribed for the digital signature in accordance to the
procedure mentioned under section 3 of the same act.

• Section 5 of the Information Technology Act, 2000 gives legal recognition

to digital signatures.

Usage of Digital Signature

1) Personal Use- It is at the liberty of the individual to use the signature
personally without creating the hassle to personally be at the given place.

2) Business– Professions such as Architecture, Construction and Engineering

Companies require to sign the tenders, market procurements or even biddings,
Digital signature can prove to be a great way to provide the assent.

3) Return filing for GST– GST filing and E-filing causes the individuals to
compulsory opt for Digital Signatures.

4) Filing for Income Tax– Some corporations require the business to file the tax
all over India, thus saving the light of the day.

5) For ROC E-filing– Filing with registrar of Companies and filing for various
documents has caused enough leverage for individuals to opt for Digital
Signature.

Cyber Crime & Punishment – Above in IT Act.

Introduction to Cyber Forensics:

1. Cyber forensics is a process of extracting data as proof for a crime (that
involves electronic devices) while following proper investigation rules to
nab the culprit by presenting the evidence to the court.
2. Cyber forensics is also known as computer forensics. The main aim of
cyber forensics is to maintain the thread of evidence and documentation
to find out who did the crime digitally.

• It can get deleted SMS, Phone calls, texts.

• It can get recorded audio of phone conversations.
• It can determine which user used which system and for how much time.

3. It paves the way for quicker investigations and accurate results. Below are
the points depicting the importance of cyber forensics:
• Cyber forensics helps in collecting important digital evidence to trace the
criminal.
 • It is also helpful for innocent people to prove their innocence via the
evidence collected online.
• It is not only used to solve digital crimes but also used to solve real-world
crimes like theft cases, murder, etc.
• Businesses are equally benefitted from cyber forensics in tracking system
breaches and finding the attackers.

Process of Digital forensics / Digital Forensic Life Cycle

Identification
The first step of cyber forensics experts are to identify what evidence is present,
where it is stored, and in which format it is stored.
Preservation
In this phase, data is isolated, secured, and preserved. After identifying the data
the next step is to safely preserve the data and not allow other people to use that
device so that no one can tamper data.

Analysis
In this step, investigation agents reconstruct fragments of data and draw
conclusions based on evidence found. However, it might take numerous iterations
of examination to support a specific crime theory.

Documentation
In this process, a record of all the visible data must be created. It helps in
recreating the crime scene and reviewing it. It Involves proper documentation of
the crime scene along with photographing, sketching, and crime-scene mapping.

Presentation
This is the final step in which the analyzed data is presented in front of the court
to solve cases.

Historical Background of Cyber Forensics – Meko ni padna

Digital Evidence
1. Digital evidence is information stored or transmitted in binary form that
may be relied on in court. It can be found on a computer hard drive, a
mobile phone, among other places.
2. Digital evidence is defined as information and data of value to an
investigation that is stored on, received or transmitted by an electronic
device.
3. Today, digital evidence has multiple sources, starting from email, text
messages, hard drives, social media accounts, audio and video files, smart
TVs etc. Therefore, digital data sourced from electronic media and
Internet devices is an important link in solving crimes.
4. Digital evidence:
• Is latent (hidden), like fingerprints or DNA evidence
• Can be altered, damaged or destroyed with little effort
• Can be time sensitive
5. There are many sources of digital evidence, but for the purposes of this
publication, the topic is divided into three major forensic categories of
devices where evidence can be found: Internet-based, stand-alone
computers or devices, and mobile devices.

Forensic Analysis of E-Mail

Email forensics is the study of source and content of email as evidence to
identify the actual sender and recipient of a message along with some other
information such as date/time of transmission and intention of sender. It
involves investigating metadata, port scanning as well as keyword searching.
Some of the common techniques which can be used for email forensic
investigation are
• Header Analysis
• Server investigation
• Network Device Investigation
• Sender Mailer Fingerprints
 • Software Embedded Identifiers

There are tools available that help create fake mails. Forensics analysis of E-
Mails is an important aspect of cyber forensics analysis it helps establish the
authenticity of an E-Mail when suspected.
Mail server software is a network server software that controls the flow of E-
Mail and the mail client software helps each user read, compose, send and
delete messages.
E-Mail tracing is done by examining the header information contained in E-Mail
messages to determine their source.
https://www.vskills.in/certification/tutorial/forensics-analysis-of-e-mail/

Approaching Computer Forensic Investigation

Basic steps to a forensics investigation are as follows:

let us understand how a forensics investigation is typically approached and the
broad phases involved in the investigation. The phases involved are as follows:
1. Secure the subject system (from tampering or unauthorized changes during
the investigation);
2. take a copy of hard drive/disk (if applicable and appropriate);
3. identify and recover all files (including deleted files);
4. access/view/copy hidden, protected and temp files;
5. study “special” areas on the drive (e.g., the residue from previously deleted
files);
6. investigate the settings and any data from applications and programs used on
the system;
7. consider the system as a whole from various perspectives, including its
structure and overall contents;
8. consider general factors relating to the user’s computer and other activity and
habits in the context of the investigation;
9. create detailed and considered report, containing an assessment of the data
and information collected.
Relevance of OSI Model to Computer Forensic
The OSI 7 Layer Model is useful from computer forensics perspective because it
addresses the network protocols and network communication processes.

Step 1: Foot Printing

Foot printing includes a combination of tools and techniques used to create a
full profile ofthe organization’s security posture. These include its domain
names, IP addresses and network blocks.
Step 2: Scanning and Probing
The hacker will typically send a ping echo request packet to a series of target IP
addresses. As a result of this exploratory move by the hacker, the machines
assigned to one of these IP address will send out echo response thereby
confirming that there is a live machine associated with that address. Similarly, a
TCP scan sends a TCP synchronization request to a series of ports and to the
machines that provide the associated service to respond.
Step 3: Gaining Access
The hacker’s ultimate goal is to gain access to your system so that he/she can
perform some
malicious action, such as stealing credit card information, downloading
confidential files or
manipulating critical data.
Step 4: Privilege
When a hacker gains access to the system, he will only have the privileges
granted to the user or
account that is running the process that has been exploited.
Step 5: Exploit
Gaining root access gives the hacker full control on the network. Every hacker
seems to have
his/her own reasons for hacking. Some hackers do it for fun or a challenge, some
do it for financial
gain and others do it to “get even”.
Step 6: Retracting
There are many reasons that drive cybercriminals to hacking.
Step 7: Installing Backdoors
Finally, most hackers will try creating provisions for entry into the
network/hacked system
for later use. this, they will do by installing a backdoor to allow them access in
the future.

Challenges in Computer Forensic

Issues related to acquiring, storing, and processing large amounts of data for
forensic purposes.

https://legaldesire.com/challenges-faced-by-digital-forensics/

o Technical challenges
o Legal challenges
o Resource Challenges

Unit – 5

• Network access control is the act of keeping unauthorized users and

devices out of a private network. It protects the functionality of the
network, ensuring that only authorized users and devices have access to
it, that those devices are clean, and that the users are who they say they
are.
• One advantage of network access controls is that users can be required to
authenticate via multi-factor authentication, which is much more secure
than identifying users based on IP addresses or username and password
combinations.
• It limits network access to both specific users and specific areas of the
network. So, a visitor may be able to connect to the corporate network,
but not access any internal resources. & also blocks access from endpoint
devices that do not comply with corporate security policies.
 • Transport Layer Securities (TLS) are designed to provide security at
the transport layer. TLS was derived from a security protocol called Secure
Socket Layer (SSL). TLS ensures that no third party may eavesdrop or
tampers with any message.
• Transport Layer Security (TLS) is a protocol that can be used with other
protocols like UDP to provide security between applications
communicating over an IP network.
• Using TLS is a viable solution for ensuring that information and data files
exchanged over the Internet are secure.
There are several benefits of TLS:

• Encryption:
TLS/SSL can help to secure transmitted data using encryption.
• Algorithm flexibility:
TLS/SSL provides operations for authentication mechanism, encryption
algorithms and hashing algorithm that are used during the secure session.
• Ease of Deployment:
Many applications TLS/SSL temporarily on a windows server 2003
operating systems.
• Ease of Use:
Because we implement TLS/SSL beneath the application layer, most of its
operations are completely invisible to client.

• Wireless network security is the process of designing, implementing

and ensuring security on a wireless computer network. It is a subset of
network security that adds protection for a wireless computer network.
• Wireless network security primarily protects a wireless network from
unauthorized and malicious access attempts. Typically, wireless network
security is delivered through wireless devices (usually a wireless
router/switch) that encrypts and secures all wireless communication by
default.
 • Some of the common algorithms and standards to ensure wireless
network security are Wired Equivalent Policy (WEP) and Wireless
Protected Access (WPA).
• To secure the wireless connection, we should focus on the following areas
–
✓ Identify endpoint of wireless network and end-users i.e.,
Authentication.
✓ Protecting wireless data packets from middleman i.e., Privacy.
✓ Keeping the wireless data packets intact i.e., Integrity.

• Email security is the process of ensuring the availability, integrity and

authenticity of email communications by protecting against the risk of
email threats.
• Email security can be defined as the use of various techniques to secure
sensitive information in email communication and accounts against
unauthorized access, loss, or compromise.
• Email security safeguards the content of an email account or service that
generally serves as a popular medium for the spread of malware, spam,
and phishing attacks.
• Some of the proactive email security measures, from an end user’s
standpoint, include:
✓ Strong passwords
✓ Password rotations
✓ Spam filters
✓ Desktop-based anti-virus or anti-spam application

IP Security.
• IPsec (Internet Protocol Security) is a collection of protocols and
algorithms for securing data transmitted over the internet or any public
network.
• Standard suite of protocols between 2 communication points across the IP
network that provide data authentication, integrity, and confidentiality. It
also defines the encrypted, decrypted and authenticated packets.
• Uses of IP Security –
IPsec can be used to do the following things:
✓ To encrypt application layer data.
✓ To provide security for routers sending routing data across the public
internet.
✓ To provide authentication without encryption, like to authenticate that
the data originates from a known sender.
✓ To protect network data by setting up circuits using IPsec tunneling in
which all data is being sent between the two endpoints is encrypted, as
with a Virtual Private Network(VPN) connection.