Cyber seCurity(105713)

solved by deepak kr pyq solution 2022

q.1. Choose the CorreCt answer of the following(any seven)
(a) Which of the following is not a type of Cyber crime?
(i) Data Theft
(ii) Forgery
(iii) Damage to data and systems
(iv)Installing antivirus for protection
Correct option is (iv)
(b) Which of the following is considered as the unsolicited commercial email?
(i) Malware
(ii)Spam
(iii) Virus
(iv)All of the above
Correct option is (ii)
(c) _____is the act of determining whether a particular user (or computer system) has the
right to carry out a certain activity, such as reading a file or running a programme?
(i) Non-repudiation
(ii) Authorization
(iii) Authentication
(iv)All of the above
Correct option is (ii)
(d) Among the following, identify the one which does not need any host program and is
independent.
(i) Trap door
(ii)Virus
(iii)Trojan Horse
(iv)Worm

Correct option is (iv)

(e) Identify the element which is not considered in the triad, according to the CIA.
(i) Availability
(ii)Authenticity
(iii)Integrity
(iv)Confidentiality
Correct option is (ii)
(f)When information is modified in authorized ways, the result is known as
(i)Loss of confidentiality
(ii)Loss of integrity
(iii)Loss of availability
(iv)All of the above
Correct option is (ii)
(g) Under which section of IT Act, stealing any digital asset or information is written as
cyber crime
(i)65
(ii)65-D
(iii)67
(iv)70
Correct option is (i)
(h) What is the full form for ITA-2000?
(i) Information Tech Act-2000
(ii)Indian Technology Act-2000
(iii)International Technology Act-2000
[IV]. Information Technology Act-2000
Correct option is (iv)

(i) _____is a technique used by penetration testers to compromise any system

within a network for targeting other systems.
(i) Exploiting
(II)Cracking
(ii)Hacking
[IV]Pivoting
Correct option is (iv)

(j)Which of the following is not a vulnerability of the network layer:

(i)Route spoofing
(ii)ldentity & Resource ID vulnerability
(iii)P address spoofing
(IV) Weak or non-existent authentication.
Correct option is (iv)

2.(a)

Ans:- The email I received, it is a classic example of a phishing scam. Phishing is

a type of cybercrime where attackers attempt to deceive individuals into
divulging sensitive information such as usernames, passwords, credit card
numbers, or other personal information by posing as a trustworthy entity in
electronic communication.
Here's what I should do:

1. Do Not Respond: Do not respond to the email or provide any of the

requested information. Legitimate organizations, especially email
providers, would never ask for sensitive information like passwords via
email.
2. Verify the Sender: Check the sender's email address carefully. Often,
phishing emails use fake or spoofed email addresses that may look
similar to legitimate ones but are slightly altered.
3. Report the Email: Report the phishing attempt to your email provider or
to relevant authorities. This helps in tracking down the perpetrators and
preventing others from falling victim to similar scams.
4. Educate Others: Inform others about the phishing attempt, especially if
it seems to target a larger group of people. Education and awareness are
key in preventing people from falling for such scams.
5. Secure Your Accounts: If you suspect that your account might have been
compromised, change your password immediately and enable any
available additional security features such as two-factor authentication.
There are the following major risks associated with this scenario:
1. Identity Theft: Providing your name, email address, and password to the
attackers can lead to identity theft. They can use this information to
access your email account, which may contain sensitive personal and
financial information. This can result in financial loss, fraudulent
activities, and damage to your reputation.
2. Account Takeover: By obtaining your email credentials, attackers can
take over your email account. Once they gain access, they can use it to
send further phishing emails to your contacts, spreading the scam
further or perpetrating additional cybercrimes.
3. Data Breach: If the attackers gain access to your email account, they can
potentially access any personal or sensitive information stored within it,
such as correspondence, contacts, and attachments. This could lead to a
data breach with serious consequences for both you and anyone you
communicate with.
4. Malware Distribution: Phishing emails often contain links or
attachments that, when clicked or opened, can download malware onto
your device. This malware can then compromise your system, steal
sensitive information, or even take control of your device for malicious
purposes.
2.(b) What is digital signature? How it is different from digital
certificate? Explain in detail.
Ans:- A digital signature is a specific type of electronic signature (e-signature)
that relies on public-key cryptography to support identity authentication and
provide data and transaction integrity. It is used as a means to reach a goal of
providing irrefutable evidence that a specific digital object originated from a
specific individual and has not been altered. The authentication mechanism
supports the business need of capturing the signer’s intent to sign. Digital
signatures are used to support several security functions.
There are the following difference between digital signature and certificate:-

Feature Digital Signature Digital Certificate

Verifies the authenticity and

Binds a public key to a specific entity
Purpose integrity of a digital
(person or organization)
document

Mathematical hash of the Public key of the signer, along with their
Content document encrypted with identity information and a digital
the signer's private key signature from a trusted third party (CA)

Created by the signer using

Issued by a trusted third party
Creation their private key and the
(Certificate Authority)
document's content

Verified by the recipient Verified by the recipient using the public

Verification
using the signer's public key key of the trusted third party (CA)

Similar to a handwritten
Similar to an ID card that verifies your
Analogy signature on a paper
identity
document

Signing contracts, software Secure communication (HTTPS), online

Application
updates, emails transactions
3.(a) Define an insider attack? Explain it with an example.
Ans:- An insider attack is a security breach that originates from within an
organization. This means the attacker has authorized access to the system or
information they're targeting. Perpetrators can be current or former
employees, contractors, or even business partners.
• Insider Attack gets their name as these are the attacks that
people having inside access to information cause.
• The inside people may be current or former employees, business
partners, contractors, or security admins who had access to the
confidential information previously.
• Insider Attacks are carried out by people who are familiar with
the computer network system and hold authorised access to all
the information.
• This form of cyber attack is extremely dangerous as the attack is
led by the system employees, which makes the entire process
extremely vulnerable.
• Computer organisations , most likely focus on external cyber
attack protection and rarely have their attention focused on
internal cyber-attacks.

Example of an Insider Attack:

Consider a disgruntled employee working at a financial institution who decides

to engage in an insider attack. This employee has legitimate access to sensitive
customer data and the organization's systems as part of their job role.
However, due to dissatisfaction with their job or personal grievances, they
decide to misuse their access for malicious purposes.

In this scenario, the employee might:

1. Data Theft: The employee may copy sensitive customer information,

such as credit card numbers or account details, with the intention of
selling it on the dark web or using it for personal gain.
2. Sabotage: The employee might intentionally introduce malware or
malicious code into the organization's systems, causing disruption to
operations, financial loss, or reputational damage.
3. Unauthorized Access: The employee may abuse their access privileges
to gain unauthorized access to confidential documents, trade secrets, or
 proprietary information, which they could then leak to competitors or
use for their benefit.
4. Fraudulent Activities: The employee might manipulate financial records,
engage in fraudulent transactions, or embezzle funds from the
organization for personal enrichment.

3.(b) Explain the impact of cybercrime on cloud computing.

Ans:- Cloud computing offers a wealth of benefits, but cybercrime creates

significant challenges for this technology. Here's how cybercrime impacts cloud
computing:

Increased Data Vulnerability:

• Shared Responsibility: Cloud security is a shared responsibility between

the cloud service provider (CSP) and the customer. While CSPs secure
their infrastructure, customers are responsible for securing their data
and applications in the cloud. This division of responsibility can create
confusion and increase the attack surface for criminals.
• Data Breaches: Cybercriminals target cloud data for its potential wealth
of sensitive information. If successful, a data breach can expose financial
information, intellectual property, or personal data, leading to
significant financial losses and reputational damage.

Disrupted Operations:

• Denial-of-Service (DoS) Attacks: Criminals can use cloud resources to

launch DoS attacks, overwhelming a target system with traffic and
rendering it inaccessible to legitimate users. This can disrupt critical
business operations and cause financial losses.
• Malware and Ransomware: Malware and ransomware attacks can
infiltrate cloud systems, corrupting data or holding it hostage until a
ransom is paid. This can cripple a business's operations and force them
into difficult choices.

Compliance Issues:

• Regulatory Landscape: Regulations around data privacy and security are

becoming increasingly complex. A cloud data breach can put a company
in violation of these regulations, resulting in hefty fines and legal
repercussions.
Shifting Security Focus:

• Traditional vs Cloud Security: Traditional security measures designed for

on-premises data centres may not be adequate for the cloud
environment. Organizations need to adapt their security strategies to
address the unique challenges posed by cloud computing.

However, it's important to remember that cloud providers typically have

robust security measures in place. Additionally, cloud adoption can also
improve security in some ways by centralizing data and making it easier to
manage and protect. By implementing strong security practices and working
collaboratively with their cloud provider, organizations can mitigate the risks of
cybercrime and leverage the many benefits of cloud computing.

4.(a) What is credit card fraud? Mention the tips to prevent credit card frauds.

Ans:- Credit card fraud is the illegal use of someone else's credit card
information to make unauthorized purchases or transactions. It's a type of
identity theft because it involves stealing personal data to commit financial
crimes.

Criminals can obtain your credit card details in a number of ways, including:

• Physical Theft: Stealing your wallet or purse containing your credit card.
• Skimming: Using a device to steal the magnetic strip information from
your card.
• Data Breaches: Criminals can steal your card information through
hacking incidents targeting businesses that store your data.
• Phishing Scams: Deceptive emails or messages tricking you into
revealing your credit card details.

Here are some important tips to prevent credit card fraud:

Safeguard Your Card Information:

• Physical Security: Keep your card in a secure location and avoid carrying
it around unless necessary. Don't let your card out of your sight during
transactions.
 • Shrewd Sharing: Never share your PIN or credit card details over email,
phone (unless you initiated the call), or text message. Legitimate
institutions won't ask for this information through such channels.
• Scrutinize Statements: Regularly review your credit card statements for
any unfamiliar or suspicious charges.

Secure Online Transactions:

• Website Validation: Only shop on websites with a secure connection,

indicated by a padlock symbol in the address bar and a URL starting with
"https."
• Public Wi-Fi Caution: Avoid making online purchases or accessing your
credit card information while on public Wi-Fi networks, as they can be
less secure.
• Card Use for Online Transactions: Consider having a separate credit card
for online transactions, ideally one with a lower credit limit to minimize
potential damage.

Be Wary of Scams:

• Phishing Awareness: Phishing emails and messages often try to trick you
into revealing your credit card information. Be cautious of emails or
messages urging immediate action or appearing to be from a trusted
source but with suspicious links or attachments.
• Skimming Devices: Be mindful of skimming devices attached to ATMs or
card readers. If something appears unusual, opt for a different ATM or
inform the relevant authorities.

Monitor and Report:

• Enable Fraud Alerts: Sign up for fraud alerts from your credit card
issuer. These can notify you of suspicious activity on your account in
real-time.
• Regular Credit Report Checks: Regularly check your credit report
for any unauthorized accounts opened in your name. This can be an
early sign of identity theft that may involve your credit card
information.
• Prompt Reporting: If you suspect fraud, immediately report it to
your credit card issuer and file a police report if necessary.
4.(b) Give an overview of National Cyber security policy.
Ans:- The National Cybersecurity Policy is a strategic framework developed by
governments to address cybersecurity challenges within their respective
countries. National Cyber security such policies typically aim to protect critical
information infrastructure, enhance cybersecurity capabilities, foster
collaboration among stakeholders, and promote a safe and secure cyberspace
for citizens, businesses, and governments.

The National Cyber Security Policy (NCSP) was created by India's Department
of Electronics and Information Technology (DeitY) in 2013. Here's a summary
of its key points:

• Goal: Protect public and private infrastructure from cyber attacks,

including critical information infrastructure (CII) sectors like power,
finance, and telecommunications.
• Objectives:
o Build a secure cyberspace for India.
o Increase trust and confidence in electronic transactions.
o Enhance legal and technical frameworks for cybersecurity.
o Develop a skilled cybersecurity workforce.
o Foster a culture of cyber security awareness.
• Strategies:
o Public-private partnerships to improve cybersecurity
collaboration.
o Legal framework to address cybercrimes and promote
international cooperation.
o Focus on securing critical information infrastructure (CII).
o Standards and best practices for secure IT systems and services.
o Cybersecurity awareness programs for the public and private
sectors.
o Building a skilled workforce in cybersecurity.
• Benefits:
o Reduced cybercrime and economic losses.
o More secure online transactions and e-governance services.
o Enhanced national security posture.

It's important to note that the NCSP is a framework, not a rigid rulebook. It's an
ongoing effort that needs to adapt to evolving cyber threats.
5.(a) Explain about Trojan Horses and Backdoors in details with examples.

Ans:- Both Trojan horses and backdoors are malicious software (malware) used
by attackers to gain unauthorized access to a computer system. However, they
differ in their initial methods and ultimate goals.

Trojan Horses:

• Concept: A Trojan horse, inspired by the legendary Greek story, hides

malicious code within a seemingly legitimate program or file. Users are
tricked into downloading and executing the Trojan, unknowingly
unleashing its harmful effects.
• Deception Tactics: Trojans can appear as:
o Popular software: They might mimic games, productivity tools, or
even security software, luring users into trusting them.
o Attachments: They can be disguised as attachments in emails,
appearing to be documents, photos, or invoices.
• Examples:
o Fake game installer: A user downloads a file claiming to be the
latest version of a popular game. Upon installation, it secretly
installs a keylogger that steals login credentials.
o Phishing email attachment: An email arrives with a seemingly
urgent document attached. The attachment, disguised as a PDF, is
actually a Trojan that downloads ransomware when opened.
• Payload: Once a Trojan is executed, it can perform various malicious
actions, including:
o Stealing data: Login credentials, financial information, or personal
files.
o Installing other malware: Trojans can download and install
additional malware like ransomware or spyware.
o Disrupting system operations: They can corrupt files, delete data,
or interfere with system processes.

Backdoors:

• Concept: A backdoor is a hidden mechanism created by an attacker to

establish persistent remote access to a compromised system. Unlike
Trojans, which often rely on deception for initial access, backdoors are
usually installed after a system has already been compromised through
other means (e.g., phishing, vulnerabilities).
• Functionality: Backdoors provide attackers with a stealthy way to:
 o Gain remote control: Attackers can take full control of the
infected system, installing additional malware, modifying files, or
launching further attacks.
o Maintain access: Even if the initial infection method is discovered
and addressed, the backdoor allows attackers to regain access
easily.
o Data exfiltration: Backdoors can be used to steal confidential data
from the compromised system.
• Examples:
o Exploiting software vulnerabilities: An attacker discovers a flaw in
a widely used software program. They develop a backdoor that
exploits this vulnerability and installs itself on any system running
the vulnerable software.
o Watering hole attack: Attackers compromise a legitimate website
frequented by a specific target group (e.g., a bank's website).
When users visit the site, a backdoor is installed on their systems.
• Stealthy Nature: Backdoors are designed to be difficult to detect. They
often operate silently in the background, communicating with the
attacker's server through hidden channels.

5.(b) Differentiate between Worms and Virus with examples.

Ans:- There are the following difference between Worms and Virus

Basis of Comparison WORMS VIRUS

A Virus is a malicious
A Worm is a form of malware executable code attached to
that replicates itself and can another executable file which
spread to different computers via can be harmless or can modify
Definition Network. or delete data.

The main objective of worms is to The main objective of viruses is

Objective eat the system resources. to modify the information.

It doesn’t need a host to

replicate from one computer to It requires a host is needed for
Host another. spreading.

Harmful It is less harmful as compared. It is more harmful.

 Worms can be detected and
Detection and removed by the Antivirus and Antivirus software is used for
Protection firewall. protection against viruses.

Worms can be controlled by Viruses can’t be controlled by

Controlled by remote. remote.

Worms are executed via Viruses are executed via

Execution weaknesses in the system. executable files.

Worms generally comes from the

downloaded files or through a Viruses generally comes from
Comes from network connection. the shared or downloaded files.

Examples of worms include Examples of viruses include

Examples Morris worm, storm worm, etc. Creeper, Blaster, Slammer, etc.

It does not need human action to It needs human action to

Interface replicate. replicate.

Its spreading speed is slower as

Speed Its spreading speed is faster. compared to worms.

6(a) How should risk management in Information security systems

be improved on social media portals.
Ans:- Improving risk management in information security systems on social
media portals involves a combination of technical measures, policies,
procedures, and user education.

Here are some strategies to enhance risk management in information security

systems on social media platforms:

1. Encrypt Sensitive Data: Ensure that sensitive data, including user

credentials and personal information, is encrypted both in transit and at
rest to protect it from unauthorized access or interception.
2. Regular Security Audits and Assessments: Conduct regular security
audits and assessments of the social media platform's infrastructure,
 applications, and systems to identify vulnerabilities, misconfigurations,
and potential security risks.
3. Monitor for Suspicious Activities: Implement monitoring tools and
intrusion detection systems to detect and respond to suspicious
activities, such as unauthorized access attempts, account takeovers, or
anomalous behaviour.
4. Incident Response Planning: Develop and regularly update incident
response plans to effectively respond to security incidents and data
breaches on social media platforms. This includes defining roles and
responsibilities, communication protocols, and procedures for
containment, investigation, and recovery.
5. User Awareness and Training: Educate users about the risks associated
with social media usage, such as phishing attacks, malware distribution,
and privacy breaches. Provide training on best practices for creating
strong passwords, recognizing suspicious links or messages, and
configuring privacy settings.
6. Data Privacy and Compliance: Ensure compliance with relevant data
protection regulations, such as the General Data Protection Regulation
(GDPR) or the California Consumer Privacy Act (CCPA), by implementing
privacy controls, obtaining user consent for data processing, and
providing transparency regarding data collection and usage practices.
7. Secure Development Practices: Incorporate secure coding practices and
perform regular security testing, including penetration testing and code
reviews, to identify and remediate vulnerabilities in social media
platform software and applications.

6(b) What steps will you take to secure a server?

Ans:- There are the following steps I can take to secure a server:

1. Update Software Regularly: Keep the server's operating system,

applications, and software up to date with the latest security patches
and updates to address known vulnerabilities and weaknesses.
2. Use Strong Authentication: Implement strong authentication
mechanisms, such as multi-factor authentication (MFA) or biometric
authentication, to prevent unauthorized access to the server and its
resources.
3. Secure Network Configuration: Configure firewalls, intrusion
detection/prevention systems (IDS/IPS), and access control lists (ACLs) to
 control network traffic and restrict access to the server from
unauthorized sources.
4. Encrypt Data in Transit and at Rest: Use encryption protocols such as
SSL/TLS for encrypting data transmitted over networks and implement
encryption for data stored on the server's disk drives to protect it from
unauthorized access in case of physical theft or compromise.
5. Implement Access Controls: Enforce strong access controls and
permissions to limit access to sensitive data and resources on the server.
Use role-based access control (RBAC) to assign permissions based on
users' roles and responsibilities.
6. Regularly Back Up Data: Implement regular data backups and store
backup copies in secure, off-site locations to ensure data integrity and
availability in case of data loss, corruption, or ransomware attacks.
7. Monitor and Log Activities: Enable logging and monitoring features on
the server to track and analyse system activities, including login
attempts, file access, and configuration changes. Use security
information and event management (SIEM) systems to aggregate and
analyse logs for suspicious activities.

7.(a) What are DDoS attacks? Explain how to protect from DDoS attacks.
Ans:- A Distributed Denial-of-Service (DDoS) attack overwhelms a website or
online service with a flood of junk traffic, making it inaccessible to legitimate
users. Imagine a website being a highway and the DDoS attack as a massive
traffic jam caused by thousands of unexpected vehicles.

• Attack Mechanism: Attackers use a network of compromised

computers, often called a botnet, to bombard the target with traffic.
Each compromised device generates seemingly legitimate requests, but
the sheer volume overwhelms the target's resources and crashes the
system.

Types of DDoS Attacks:

1. Volumetric attacks: Flood the target with massive amounts of data,

overloading bandwidth.
2. Protocol attacks: Exploit weaknesses in network protocols to disrupt
communication.
3. Application-layer attacks: Target specific vulnerabilities in web
applications to exhaust resources.
There are the following ways to protect yourself from DDoS attacks:

1. Security Services: Consider using DDoS mitigation services offered by

security providers. These services can filter malicious traffic and ensure
legitimate users can access your website.
2. Content Delivery Networks (CDNs): CDNs distribute your website's
content across a global network of servers. This can help absorb some of
the attack traffic and keep your website online.
3. Rate Limiting: Implement mechanisms to limit the number of requests a
user or IP address can send within a specific timeframe. This can help
identify and block suspicious activity.
4. Regular Backups: Maintain regular backups of your data to minimize
downtime and data loss in case of an attack.
5. Incident Response Plan: Develop a plan for responding to DDoS attacks,
outlining steps for identifying, mitigating, and recovering from an attack.
6. Stay Informed: Keep yourself updated on the latest DDoS attack trends
and mitigation strategies.

7.(b) Discuss about the Intrusion Detection and Prevention Techniques in

detail.
Ans:- An intrusion detection and prevention system (IDPS) is defined as a
system that monitors a network and scans it for possible threats to alert the
administrator and prevent potential attacks. This article explains an intrusion
detection and prevention system and its techniques in detail and lists the
best practices for 2022.

An intrusion detection and prevention system (IDPS) monitors a network for

possible threats to alert the administrator, thereby preventing potential
attacks.
 There are the following types of IDPS(Intrusion Detection and
Prevention Techniques)
1. Network-based intrusion prevention system (NIPS):- Network-
based intrusion prevention systems monitor entire networks or
network segments for malicious traffic. This is usually done by
analysing protocol activity.
 2. Wireless intrusion prevention system (WIPS):- Wireless
intrusion prevention systems monitor wireless networks
by analysing wireless networking specific protocols.
3. Network behaviour analysis (NBA) system:- While NIPS analyse
deviations in protocol activity, network behaviour analysis systems
identify threats by checking for unusual traffic patterns.
4. Host-based intrusion prevention system (HIPS):- Host-based
intrusion prevention systems differ from the rest in that they’re
deployed in a single host. These hosts are critical servers with
important data or publicly accessible servers that can become
gateways to internal systems.

8.(a) Describe Access Control. Differentiate between Discretionary Access

Control ( DAC) and Mandatory Access Control ( MAC).
Ans:- Access control is an essential element of security that determines who is
allowed to access certain data, apps, and resources—and in what
circumstances. In the same way that keys and preapproved guest lists protect
physical spaces, access control policies protect digital spaces.
There are the following difference between DAC and MAC.

DAC MAC

DAC stands for Discretionary MAC stands for Mandatory Access

Access Control. Control.

DAC is easier to implement. MAC is difficult to implement.

DAC is less secure to use. MAC is more secure to use.

 DAC MAC

In DAC, the owner can determine In MAC, the system only determines
the access and privileges and can the access and the resources will be
restrict the resources based on the restricted based on the clearance of
identity of the users. the subjects.

DAC has extra labor-intensive

MAC has no labor-intensive property.
properties.

Users will be provided access based

Users will be restricted based on
on their identity and not using
their power and level of hierarchy.
levels.

DAC has high flexibility with no MAC is not flexible as it contains lots
rules and regulations. of strict rules and regulations.

MAC has trust only in

DAC has complete trust in users.
administrators.

Decisions will be based on objects

Decisions will be based only on
and tasks, and they can have their
user ID and ownership.
own ids.

Information flow is impossible to Information flow can be easily

control. controlled.

DAC is supported by commercial MAC is not supported by commercial

DBMSs. DBMSs.
8.(b) Discuss about SQL Injection in detail.

Ans:- SQL injection (SQLi) is a critical web security vulnerability that allows
attackers to inject malicious SQL code into a website's database queries.
Imagine a user input form on a website that asks for your login credentials. If
the website is vulnerable to SQL injection, an attacker can craft a special input
that exploits a weakness and tricks the database into executing unintended
actions.

How SQL Injection Works:

1. Vulnerable Input: A web application takes user input, such as a

username or search query.
2. Malicious Code Injection: The attacker injects malicious SQL code into
the user input field. This code can be disguised within normal-looking
text.
3. Unsensitized Input: The web application fails to properly validate and
sanitize the user input before incorporating it into a database query.
4. Exploiting the Database: The malicious code gets passed to the
database server as part of the SQL query.
5. Unintended Actions: The database server interprets and executes the
attacker's malicious code, potentially leading to unauthorized access,
data theft, or even modification of the database.

Types of SQL Injection Attacks:

• In-band SQL Injection: The attacker's code manipulates data retrieved

from the database and sends it back to the attacker through the web
application's response.
• Out-of-band SQL Injection: The attacker's code instructs the database
server to communicate with an attacker-controlled server, revealing
information without directly appearing in the web application's
response.
• Blind SQL Injection: The attacker can't directly see the results of their
code execution but can infer them based on the web application's
behaviour (e.g., error messages, page loading times).

Impact of SQL Injection:

A successful SQL injection attack can have serious consequences:

 • Data Theft: Attackers can steal sensitive data like usernames,
passwords, credit card information, or other confidential records stored
in the database.
• Data Manipulation: Attackers can modify or delete data in the database,
potentially causing disruption or corrupting critical information.
• Website Defacement: Attackers might inject malicious code into the
database that alters the website's content or appearance when
displayed to users.
• Privilege Escalation: In some cases, attackers can exploit SQL injection to
gain administrative privileges on the database server, granting them
even greater control.

Preventing SQL Injection:

There are several ways to mitigate the risk of SQL injection:

• Input Validation and Sanitization: Always validate and sanitize user

input to remove any potentially malicious code before incorporating it
into database queries.
• Parameterized Queries: Use parameterized queries where placeholders
are used for user input instead of directly embedding the input into the
SQL statement. This prevents the code from being interpreted as part of
the SQL query.
• Stored Procedures: Consider using stored procedures, which are pre-
compiled SQL statements that can help reduce the risk of injection by
limiting the user input that can be used.
• Regular Security Updates: Keep your web application software and
database server up to date with the latest security patches.

9.Write short notes on any two of the following

(a) Firewall:- A firewall is a network security device or software application
that monitors and controls incoming and outgoing network traffic based on
predetermined security rules. Its primary function is to establish a barrier
between a trusted internal network (such as a corporate network) and
untrusted external networks (such as the internet), thereby protecting the
internal network from unauthorized access, malicious attacks, and other
security threats.
Here are some key points about firewalls:

1. Traffic Filtering: Firewalls inspect network packets as they pass through

the network interface and apply predefined rules to determine whether
to allow or block the traffic. These rules can be based on IP addresses,
port numbers, protocols, or application types.
2. Packet Inspection: Firewalls perform packet inspection to analyse the
contents of network packets and identify potentially malicious or
unauthorized activities. This includes inspecting packet headers and
payloads for signs of suspicious behaviour, such as known attack
signatures or protocol violations.
3. Stateful Inspection: Many modern firewalls use stateful inspection
techniques to track the state of network connections and enforce
security policies based on the context of the traffic. This allows firewalls
to make more informed decisions about whether to allow or block traffic
based on the state of the connection (e.g., established, related, or new).
4. Application Layer Filtering: Some firewalls offer application layer
filtering capabilities, allowing them to inspect and control traffic at the
application layer of the OSI model. This enables more granular control
over specific applications or services, such as web browsing, email, or
file transfer protocols.
5. Logging and Reporting: Firewalls generate logs and reports detailing
network traffic activity, security events, and policy violations.
Administrators can use these logs to analyse network activity,
investigate security incidents, and audit compliance with security
policies and regulations.

9(b) Steganography:- The word Steganography is derived from two Greek

words- ‘stegos’ meaning ‘to cover’ and ‘grayfia’, meaning ‘writing’, thus
translating to ‘covered writing’, or ‘hidden writing’. Steganography is a
method of hiding secret data, by embedding it into an audio, video, image, or
text file. It is one of the methods employed to protect secret or sensitive data
from malicious attacks.
Cryptography and steganography are both methods used to hide or
protect secret data. However, they differ in the respect that
cryptography makes the data unreadable, or hides the meaning of
the data, while steganography hides the existence of the data.
Here are some key aspects of steganography:

• Hiding in Plain Sight: Steganography conceals information within

seemingly ordinary media files like images, audio, video, or even text
documents. The hidden message alters the carrier file in subtle ways
that are imperceptible to the human eye or ear.
• Applications: Steganography has various legitimate uses, such as:
o Copyright protection: Embedding watermarks within digital media
to identify ownership.
o Covert communication: Securely transmitting sensitive
information hidden within innocuous messages.
o Error correction: Adding redundant data to a file for error
detection and correction.
• Challenges: While steganographic techniques can be sophisticated,
advancements in steganalysis (the process of detecting hidden
messages) are ongoing. Additionally, some steganographic methods can
degrade the quality of the carrier file, potentially raising suspicion.
• Comparison to Cryptography: Steganography differs from cryptography
in its primary goal. Cryptography scrambles the message itself, making it
unreadable without a decryption key. Steganography focuses on hiding
the message's existence entirely. Ideally, in steganography, no one even
suspects there's a hidden message to decrypt.
• Examples:
o Hiding a secret message within the least significant bits of an
image file's colour data.
o Embedding a text message within the audio silence gaps of a
music file.
o Slightly altering the spacing between characters in a text
document to represent hidden data.

9(c) Cyber security safeguards:- Cybersecurity safeguards refer to measures

and practices implemented to protect computer systems, networks, data, and
users from cyber threats and attacks. These safeguards aim to prevent
unauthorized access, data breaches, malware infections, and other security
incidents that can compromise the confidentiality, integrity, and availability of
digital assets.

Here are some key cybersecurity safeguards:

1. Firewalls: Firewalls act as a barrier between trusted internal networks

and untrusted external networks (such as the internet), controlling
 incoming and outgoing network traffic based on predefined security
rules. Firewalls help prevent unauthorized access and protect against
network-based attacks.
2. Encryption: Encryption involves converting data into a coded format
that can only be deciphered with the appropriate decryption key.
Encrypting sensitive data both in transit (e.g., over networks) and at rest
(e.g., stored on disk) helps protect it from unauthorized access or
interception.
3. Access Controls: Access controls enforce authentication and
authorization mechanisms to restrict access to computer systems,
networks, and data resources.
4. Antivirus and Antimalware Software: Antivirus and antimalware
software scan files, applications, and system memory for known
malware signatures or suspicious behaviour. They help detect and
remove viruses, worms, Trojans, ransomware, and other malicious
software from infected systems.
5. Security Awareness Training: Security awareness training educates
employees, users, and stakeholders about cybersecurity risks, best
practices, and procedures for recognizing and responding to security
threats. Effective training programs help raise awareness, promote a
culture of security, and empower individuals to protect themselves and
their organizations from cyber threats.
6. Data Backup and Recovery: Data backup and recovery strategies involve
regularly backing up critical data and system configurations and storing
backup copies in secure, off-site locations. In the event of data loss,
corruption, or ransomware attacks, backup and recovery mechanisms
help restore systems and recover lost data to minimize disruption and
downtime.

9(d) Cyber forensics:- Cyber forensics, also known as digital forensics

or computer forensics, is the application of forensic science
techniques to investigate and analyse digital evidence in support of
legal proceedings, criminal investigations, or incident response
activities. It involves collecting, preserving, analysing, and presenting
digital evidence to determine the cause of cyber incidents, identify
perpetrators, and support legal or disciplinary actions.
Here are key aspects of cyber forensics:

1. Digital Evidence Collection: Cyber forensic investigators collect digital

evidence from various sources, including computers, servers, mobile
devices, network logs, cloud storage, and other digital media. This may
involve seizing hardware, capturing volatile memory, creating forensic
images of storage devices, or acquiring data from remote systems.
2. Evidence Preservation: It is crucial to preserve the integrity and chain of
custody of digital evidence to ensure its admissibility in legal
proceedings. Forensic tools and techniques are used to create forensic
copies or images of storage media, hash the data for integrity
verification, and document the handling and storage of evidence
throughout the investigation process.
3. Data Recovery and Analysis: Cyber forensic analysts analyse digital
evidence to reconstruct events, identify relevant artifacts, and extract
actionable intelligence. This may involve recovering deleted files,
examining file metadata, analysing network traffic logs, examining
system registries, and reconstructing timelines of events.
4. Malware Analysis: Cyber forensics includes analysing malicious software
(malware) to understand its behaviour, functionality, and impact on
systems. This may involve reverse engineering malware samples,
identifying indicators of compromise (IOCs), and determining the scope
and severity of infections.
5. Network Forensics: Network forensics involves monitoring and analysing
network traffic to investigate security incidents, detect unauthorized
activities, and identify the source of cyberattacks. Network forensic tools
capture and analyse packet data, log files, and network sessions to
reconstruct events and identify anomalous behaviour.
6. Incident Response Support: Cyber forensic experts play a critical role in
incident response activities by providing technical expertise, conducting
forensic analysis, and assisting in containment, eradication, and recovery
efforts. They help organizations understand the nature and scope of
security incidents and develop effective response strategies.

solved by deepak kumar