CSL End Sem

A special token of gratitude to Rahila for helping us out with the content.

Module 1
Give the formal definition of cybercrime. Give some examples of
cybercrime that occur in daily life / What is cybercrime? How do
you define it?
Forester and Morrison (1994) defined a computer crime as: A criminal act in which a
computer is used as the principal tool.

This was the preliminary definition.

We can define a (genuine) cybercrime as: A crime in which the criminal act can be
carried out only through the use of cyber-technology and can take place only in the
cyber realm. (Tavani, 2000)

Cybercrime can also be defined as any illegal act where special knowledge of
computer technology is essential for its perpetration, investigation, prosecution.

It is a crime conducted in which a computer was directly and significantly

instrumental.

It is any traditional crime that has acquired a new dimension or order of magnitude
through the aid of computers.

Some of the cybercrimes that occur in daily life are:

Phishing Scams

A phishing campaign is when spam emails, or other forms of communication, are

sent with the intention of tricking recipients into doing something that undermines
their security.

Example: Fake email sent from ebay which asks you to update your credit card
information.

Dos Attack

CSL End Sem 1

 Distributed DoS attacks (DDoS) are a type of cybercrime attack that cybercriminals
use to bring down a system or network. Sometimes connected IoT (Internet of
Things) devices are used to launch DDoS attacks.

Example: February 2020 attack reported by AWS - at its peak this attack saw
incoming traffic of 2.3 terabits per seconds.

Ransomware

Ransomware is a specific type of malware that gains control of your system and
blocks access to your files.

It can infect your computer from an email attachment or through a bad website.

Upon infection, a ‘ransom note’ pops up, offering to restore your system back to
normal in exchange for compensation.

Example: This is an example of Ransomware and this was called the WannaCry
attack, and at the time it was the biggest ransomware attack ever. It hit earlier in
2017 in over 150 countries and over 2,00,000 organisations.

Man in the middle

The man in the middle attack is where a cyber criminal is intercepting your data or
information while it is being sent from one location to another (ie. communications
system to a server).

Example: In 2017, credit score company Equifax removed its apps from Google and
Apple after a breach resulted in the leak of personal data. It was found that the
attackers were intercepting data, in the form of a man in the middle attack, as users
accessed their accounts.

Who are cybercriminals? / What are different types of criminals

and what can be several motives behind the crime?
Cybercriminals are individuals or teams of people who use technology to commit
malicious activities on digital systems or networks with the intention of stealing
sensitive company information or personal data, and generating profit.

Cybercriminals are known to access the cybercriminal underground markets found

in the deep web to trade malicious goods and services, such as hacking tools and
stolen data.

CSL End Sem 2

 Laws related to cybercrime continue to evolve across various countries worldwide.

Motives cybercriminals may have behind cybercrimes are:

Greed of money

Desire to gain power

Desire to revenge

Sense of adventure

Psychological perverts

At least three categories for typical computer criminals are:

(Amateur) Teenage hackers:

Little thought and relatively no planning of

How the offence will be committed

How the offender will escape once the offence has been committed

What to do with weapons/tools used in the offence

In addition, amateur criminals will often live in close proximity to where the
offence takes place.

Many drug and alcohol related crimes are committed from within this group, as
well as ‘crimes of passion’.

Criminal is Mostly aware of the basic information required about the victim

Professional criminals

Professional criminals are people who commit crimes and treat it like they are
professionals

It is a job or a self owned business.

There are far fewer pros than there are amateurs.

Example: Black hat hackers.

Insiders

Loyal employees who are unable to resist a criminal opportunity presented by

cyber-technology.

CSL End Sem 3

 Types of Cyber Criminals:

Cyber Criminals: Hungry for recognition

Hobby Hackers

I.T. professionals

Politically motivated Hackers

Terrorists organisations

Cyber Criminals: not interested in recognition

Psychological perverts

Financially motivated hackers

State-sponsored hacking

Organised criminals

Cybercriminals: the insiders

Disgruntled or former employees seeking revenge

Competing companies using employees to gain economic advantage

Classification of Cybercrimes / Types of Cyber Crimes with their

classifications.

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/e1a58a97-6bdc-4
b18-ac23-20ab1b486c11/Chapter_1__copy.pptx.pdf

What is meant by "insider threat"? How does it affect an

organisation?
An insider threat can happen when someone close to an organisation with
authorised access misuses that access to negatively impact the organisation’s
critical information or systems.

CSL End Sem 4

 A current or former employee, contractor, or business partner who has or had
authorised access to the organisation’s network, systems, or data. Examples of an
insider may include:

A person given a badge or access device.

A person whom the organisation supplied a computer or network access.

A person who develops products and services.

A person who is knowledgeable about the organisation’s fundamentals.

A person with access to protected information.

An insider threat is any employee, vendor, executive, contractor, or other person

who works directly with an organisation.

A malicious insider is one that misuses data for the purpose of harming the
organisation intentionally.

Malicious insiders are harder to detect than external threats because they know that
they must hide their tracks and steal or harm data without being caught.

They are also harder to detect because they often have legitimate access to data
for their job functions.

A malicious insider can be any employee or contractor, but usually they have high-
privilege access to data.

For example, a software engineer might have database access to customer

information and will steal it to sell to a competitor.

This activity would be difficult to detect since the software engineer has legitimate
access to the database.

Every organisation is at risk of insider threats, but specific industries obtain and
store more sensitive data.

These organisations are more at risk of hefty fines and significant brand damage
after theft.

What makes insider threats unique is that it’s not always money driven for the
attacker.

CSL End Sem 5

 In some cases, the attacker is a disgruntled employee who wants to harm the
corporation and that’s their entire motivation.

There are four types of insider threats. They aren’t always malicious, but they can
still have a devastating impact on revenue and brand reputation.

The malicious types of insider threats are:

Sabotage: The insider threat goal is to damage a system or destroy data.

Fraud: When theft or changes to data are meant for deception, the attacker’s
goal is fraudulent and likely for the purpose of causing corporate disruption.

Theft of intellectual property: Any proprietary information is valuable to an

organisation, and an attacker aiming to steal it could create long-term monetary
damage.

Espionage: Any sensitive trade secrets, files, and data are vulnerable to
espionage if an attacker steals them to sell to competitors.

How to Prevent Cyber Crimes?

Backup all data, system, and considerations: This enables data stored earlier to
assist businesses in recovering from an unplanned event.

Enforce concrete security and keep it up to date: Choose a firewall with features
that protect against malicious hackers, malware, and viruses. This enables
businesses to identify and respond to threats more quickly.

Never give out personal information to a stranger: They can use the information to
commit fraud.

Check security settings to prevent cybercrime: A cyber firewall checks your network
settings to see if anyone has logged into your computer.

Using antivirus software: Using antivirus software helps to recognise any threat or
malware before it infects the computer system. Never use cracked software as it
may impose the serious risk of data loss or malware attack.

When visiting unauthorised websites, keep your information secure: Using phishing
websites, information can easily bypass the data.

Use virtual private networks (VPNs): VPNs enable us to hide our IP addresses.

CSL End Sem 6

 Restriction on access to your most valuable data: Make a folder, if possible, so that
no one can see confidential documents

Some common terms:

Cybersquatting: Cybersquatting is registering, selling or using a domain name with
the intent of profiting from the good will of someone else's trademark, it generally refers
to the practice of buying up domain names that use the names of existing businesses
with the intent to sell the names for a profit to those businesses.
Cyberterrorism: Cyberterrorism is committed and planned activity in cyberspace via
computer networks. It consists of the usage of e-mail for communications among co-
conspirators to communicate records for use in violent activities as well as recruiting
terrorist institution individuals through internet sites. This causes fear and terror in
society.

Cyberpunk: Punk dictionary meaning is teenager or young adult who is performing

aggressive or violent crime. A young aggressive adult using cyberspace for performing
cybercrime is cyberpunk.

Cyberwarfare: it is a computer- or network-based conflict involving politically motivated

attacks by a nation-state on another nation-state. In these types of attacks, nation-state
actors attempt to disrupt the activities of organisations or nation-states, especially for
strategic or military purposes and cyber espionage.
Although cyberwarfare generally refers to cyber attacks perpetrated by one nation-state
on another, it can also describe attacks by terrorist groups or hacker groups aimed at
furthering the goals of particular nations. Cyberwarfare can take many forms.

Hackers
Computer criminals are often referred to as hackers.

"Hacker" originally applied to anyone who "programmed enthusiastically".

A hacker is a person intensely interested in the arcane and recondite workings of

any
computer operating system.

Hackers are most often programmers. As such, hackers obtain advanced

knowledge of

CSL End Sem 7

 operating systems and programming languages.

They might discover loopholes within systems and the reasons for such holes.

Hackers constantly seek further knowledge, freely share what they have
discovered,
and never intentionally damage data.

A white hat hacker is a computer security specialist who breaks into protected
systems and networks to test and asses their security.

Grey hat hackers refers to a computer hacker or computer security expert who may
sometimes violate laws or typical ethical standards, but does not have the malicious
intent like black hat hacker.

Black hat hackers break into secure networks to destroy, modify, or steal data, or to
make the networks unusable for authorised network users.

Phreaker is the one who gains illegal access to the telephone systems. Phreakers
are considered the original computer hackers and they are those who break into the
telephone network illegally, typically to make free long distance phone calls or to tap
phone lines.

Module 2

CSL End Sem 8

 Phases of attack / How do criminals plan the attack?
1. Reconnaissance:

It is the act of gathering information about the victim

It involves accumulating data about the target's environment.

Objective of the phase is to understand the system, its networking ports and
services, and other aspects of its security that are needful to launch the attack

2. Scanning and scrutinising the gathered information

Scanning is a key to examine intelligently while gathering information about the

target

Objectives of scanning:

Port Scanning: identify open/close ports and services

Network scanning: Understand IP addresses and related information about

the computer network system

Vulnerability scanning: Understand the existing weaknesses in the system.

Scrutinising phase: It is also called as enumeration in the hacking world.

Objective of Scrutinising:

Identify the valid user accounts or group

Identify network resources and/or shared resources

OS and different applications that are running on the OS.

3. Launching the attack

Usually most attackers consume 90% of their time in scanning, scrutinising and
gathering information on a target and 10% of their time in launching the attack.

Types of attacks that can be done:

Crack the password

Exploit the privileges

Execute the malicious commands/applications

Hide the files

CSL End Sem 9

 Cover the tracks- delete the access logs

Active and passive attacks

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/b7ae8a8b-6416-4
fd6-bae3-adb1e9b1ef3e/active_and_passive_attacks.pdf

Social Engineering
Social engineering is an art of exploiting trust of people, which is not doubted while
speaking in normal manner.

Social engineers study human behaviour and psychology: desire to be helpful,

attitude to trust, fear of getting into trouble etc.

The idea behind social engineering is that it is easy to trick a person than break the
security

People are weak link in security and this principle makes social engineering
possible

Social engineer uses telecommunication or internet to make the victim do

something which is against the security practice.

Goal is to fool someone and get valuable information or unauthorised access.

Classification or types of social engineering:

Human-based social engineering:

Human-based social engineering involves person-to-person interaction to gain

the required information. For example, calling the help desk and trying to find out
a password.

Impersonating a valid user: Impersonation is a common social engineering

attack. It takes the advantage of helping nature of people. Here the criminal
pretends to be a valid user. Eg. Asking help to enter in unauthorised area by
saying forgot card or no inglis

CSL End Sem 10

 Calling technical support: The help desk and technical support people are
trained, to help users, when a person call for the technical support for assistance
they may be good prey for social engineering attacks.

Posing as an Important user: The attacker pose himself as a higher authority

to gain the access to the system. The attacker uses pressure on low level
employees for gaining access to the system. The fact is that many low- level
employees will not ask any question to higher position authority.

Shoulder surfing: Shoulder surfing refers to the act of obtaining personal or

private information through direct observation. Shoulder surfing involves looking
over a person's shoulder to gather pertinent information while the victim is
unaware. This is especially effective in crowded places where a person uses a
computer, smartphone or ATM.

Using a third person: An attacker can pretend to have permission from the
authorised source to use a system when the authorised person is not present
and out of reach to contact for verification.

Computer-based social engineering

Computer-based social engineering involves the attempts made to get the

required information by using computer software or Internet.

Fake e-mails: The attacker send fake email to many users and the users find
this mail as legitimate mail. This is also known as phishing. This type of social
engineering attack commonly uses emails to trick users in getting credentials to
their bank accounts or maybe email accounts.

E-Mail attachments: The attacker sends the email attachment to the users
which contains the malicious code. When the user opens the email and clicks on
the given link the malicious code gets executed.

Pop-up windows: Same as email attachments popup windows are used by the
attackers. The popup Windows contains special offers or free stuff which attracts
the users to install the malicious software.

Cyberstalking
Cyberstalking is stalking that takes place using electronic devices or the Internet.

CSL End Sem 11

 It is the technological harassment directed towards a specific individual.

There are several forms of cyberstalking that can take place Including :

Placing orders for delivery in someone else's name

Gathering personal information on the victim

Spreading false rumours.

Threatening harm through email

Hacking into online accounts

Cyberstalking can cause extreme distress for the victim.

It can impact their career, personal relationships, and quality of life.

Often time's victims do not know who the perpetrator is and start wondering if they
are being watched or followed.

Types of stalkers

Online stalkers : The online stalkers interact with the victim directly with the
'help of internet. Most of the communication medium used by stalkers is email
and chat rooms. In online stalking the stalker make sure that the victim
recognises the attack done on him or her. To harass the victim stalker make the
use of third party.

Offline stalkers : In offline stalking the stalker make the use of traditional
methods like following the victim, observing the daily routine of the victim, etc.
The stalker searches the victim on message boards, personal websites, people
finding services, and on the websites to collect information about the victim.

How does stalking works? Steps for stalking (please use

responsibly)
Gathering personal info of victim: name, family background, date of birth, contact
details like phone number, email address, residential address etc.

Established contact with victim through phone or via E-mail or on social media.

Stalker starts sending loving messages or threatening or abusive messages. Stalker

may use multiple names while contacting victim

CSL End Sem 12

 Continues threaten mail or messages to victim to get some information or some
favour etc.

The stalker may post victim's personal photo and information on social site or porn
website saying victim providing dating service or sex-worker posing as victim has
posted it. The posts invites people to call victim for the services by using bad and
attractive language.

One who comes across the information, starts calling victim

Some stalker subscribe or register the email account of the victim to some
unwanted services

Botnet
The word botnet is derived from the phrase "network of robots". It is essentially a
widespread collection of a large number of infected computer systems. Each infected
system runs a piece of software program called as a "Bot". This is also known as
zombie network.

Working:

CSL End Sem 13

 As shown in Fig, there is a Bot-Master system which keeps a track of total number
of machines infected and the tasks they should perform.

For carefully arranged systems, which need orchestration between millions of such
systems, another layer of Bot-Managers is created too.

Bot-Managers perform the tasks to accept commands from the master, to spread
out those commands to the bots and also to report the number of systems infected
under its jurisdiction.

The manager botnets are also found to be sending updated software patches to fix
bugs or improve functionality, very similar to a security patch management system.

The Bot-Master is in control of the hacker who has evil intentions to create this
army.

However since the hacker is supposed to be hiding from getting caught, the master
systems and software running on it are always operating in a stealth mode.

In few modern botnet attacks, the botmasters were found to delegate and rotate the
master's role between its bot-managers, thus making it extremely tough to detect.

CSL End Sem 14

 These role changes were further found to be rotating their ownership based on the
country of presence, in order to ensure vast infractions across the globe.

Usually botnets are designed for a specific operating system, and if a wider spread
has to be achieved, botnets prefer web code, or java language, to infect all the
possible operating system platforms.

How to prevent botnet?

Stop using all technologies and live like a hermit.

Internet security suite - Good security begins with an internet security suite that
detects malware that has been installed removes what's present on your machine
and prevents future attacks.

Update your computer's operating system : Always update your computer's

operating system as early as possible* Hackers often utilize known flaws in
operating system security to install botnets. You can even set your computer to
install updates automatically. The same is true of applications on your computer,
phone and tablet. Once weakness are found and announced by software
companies, hackers rush to create programs to exploit those weaknesses.

Don't download attachments or click on links : Do not download attachments or

click on links from e-mail addresses you don't recognise. This is one of the most
common vectors for all forms of malware.

Firewall: Use a firewall when browsing the Internet. This Is easy to do with Mac
computers, as they come with firewall software pre-installed. If you're using a
Windows-based machine, you might need to Install third-party software.

Avoid visiting malware websites : Don't visit websites that are known distributors
of malware. One of the things that a full-service Internet security suite can do is
warn you when you're visiting such sites. When in doubt, check with Norton Safe
Web.

Disconnect the system from the Internet when not In use : It is not possible for
the attacker to get into your system when the system is disconnected from the
internet. Firewall, antivirus, and anti-spyware software's are not fool proof
mechanisms to get access to the system.

CSL End Sem 15

 Take an urgent action if your system is Infected : if you found that your system
got infected then immediately disconnect it from the internet. Then scan the system
using antivirus software and also change the password of your system.

Attack Vector
An attack vector is a path or means by which an attacker can gain access to a
computer or to network server to deliver a payload or malicious code

Attack vector enable attacker to exploit system vulnerabilities including the human
element

Attack vector include virus, E-mail attachment, web page, pop up window, instant
message, chat room.

To some extent, attack vector can be block using firewalls and antivirus.

But no method is attack proof

List of attack vector

Attack by email.

Attachment.

Attack by deception(trick)

Hackers and crackers

Heedless guest (attack by webpage): attacker make fake website to extract

personal information, such website look genuine.

Attack of the worms.

a. Many worms are delivered as Email attachment.
b. worms are using holes of network protocol ( Provides list of flaws )

Malicious macros : MS word and MS excel.

Virus

Cloud computing?
Cloud Computing is a technology that uses the internet and central remote servers
to maintain data and applications

CSL End Sem 16

 It hosts services over internet

Businesses that cannot afford the same amount of hardware and storage space as
a bigger company. Small companies can store their information in the cloud,
removing the cost of purchasing and storing memory devices

Characteristics:

It is sold on demand

Elastic in terms of usage

Service is fully managed by the provider

Types of clouds:

Public Cloud - A public cloud can be accessed by any subscriber with an

internet connection and access to the cloud space.

Private Cloud - A private cloud is established for a specific group or

organization and limits access to just that group.

Community Cloud - A community cloud is shared among two or more

organizations that have similar cloud requirements.

Hybrid Cloud - A hybrid cloud is essentially a combination of at least two clouds,

where the clouds included are a mixture of public, private, or community

Types of services:

Infrastructure as a service (IaaS): Amazon Web Services provide virtual server

with unique IP addresses, Different API are provided.

Platform as a service (PaaS): Cloud provides platform to host your services.

Development tools are hosted on cloud platform. Google Apps is one of the
most famous PaaS provider.

Software as a service (SaaS): Provides software to use without purchasing.

Web-based email to applications such as Twitter.

Advantages:

Applications and data can be accessed from anywhere and any time. Data is
not present on user's computer

Bring hardware cost down but need internet connection.

CSL End Sem 17

 Organization need not buy set of software for every employee. Instead it can
pay the metered fee to cloud computing company

Organization do not have to rent a physical space to store server and

databases.

Save money on IT support. Only desktop and internet connection has to be

maintained.

Types of attacks:

Cloud malware injection attacks: Malware injection attacks are done to take
control of a user's information in the cloud. For this purpose, hackers add an
infected service implementation module to a SaaS or PaaS solution or a virtual
machine instance to an laaS solution.

Abuse of cloud services: Hackers can use cheap cloud services to arrange DoS
and brute force attacks on target users, companies, and even other cloud
providers.

Denial of service attacks: DoS attacks are designed to overload a system and
make services unavailable to its users. These attacks are especially dangerous
for cloud computing systems, as many users may suffer as the result of flooding
even a single cloud server.

Side channel attacks: A side channel attack is arranged by hackers when they
place a malicious virtual machine on the same host as the target virtual
machine. During a side channel attack, hackers target system implementations
of cryptographic algorithms.

Man-in-the-cloud attacks: During this type of attack, hackers intercept and

reconfigure cloud services by exploiting vulnerabilities in the synchronisation
token system so that during the next synchronisation with the cloud, the
synchronisation token will be replaced with a new one that provides access to
the attackers

Attacks against 3G (Or against older phones)

Skull Trojan

It targeted series 60 phone with Symbian OS

CSL End Sem 18

 Series 60 platform is a software platform for smartphones that runs on top of the
Symbian operating system.

Skulls is distributed in a malicious SIS file named "Extended theme.SIS"

Software Installation Script (SIS) files are an archive, containing installation trojan
will replace the system applications with non- functional versions, so that all but the
phone functionality will be disabled.

It will also cause all application icons to be replaced with picture of skull and cross
bones; the icons don't refer to the actual applications anymore so none of the
phone's normal applications will be able to start

It also affected other Symbian devices, for example Nokia 9500, which is a Series
80 device.

But risk was less because installation file was designed for S60

Cabir Worm

First dedicated mobile worm targeting symbian OS.

The message "Cabir" is displayed on the phone's display, and is displayed every
time the phone is turned on.

The worm then attempts to spread to other phones in the area using wireless
Bluetooth signals

Worm sends copy of itself to vulnerable phone.

Brador Trojan

The first backdoor Trojan for PDAs running under PocketPC

It affect the Windows CE OS by creating svchost.exe file in windows startup folder

which allow to take full control of mobile device.

It opens the infected machine for remote administration.

Brador then identifies the machine's IP address and sends it to the author, informing
the author that the handheld is connected to the Internet and the backdoor is active.

Finally, Brador opens port 2989 and awaits further commands full control over the
infected PDA via this port.

CSL End Sem 19

 Like all backdoors, Brador cannot spread by itself: It can only arrive as an e-mail
attachment,
be downloaded from the Internet or uploaded along with other data from a desktop

Mosquito Trojan

It affect the Series 60 Smartphone with symbian OS and it is cracked version of

mobile phone game “Mosquitos”.

The victims of the virus are mobile phone users who have knowingly downloaded
an illegal version of the game 'Mosquitos' to play on their handset.

Trojan that infects the phone and sends the costly SMS messages without the
owner realising -- until their next bill arrives

Mostly teenagers became victim of this

Lasco Worm

It targets PDA which runs on symbian OS , this worm released in 2005.

Lasco arrives on a system through a bluetooth transmission.

The user must then choose to install the software coming through.

Lasco searches for all files with a .sis extension and places a copy of itself in them.

Lasco will then search for other bluetooth devices and send a copy of itself to them,
regardless of their OS.

Objective of this attack is make system unavailable to intended user by flooding

targeted server.

Attacks on Android

CSL End Sem 20

 Credit Card Fraud

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/7538634e-6b9b-4
d36-bd5f-7975f395d013/Chapter_2__Cyber_Offenses_and_Cybercrimes.pdf

Security challenges faced by mobile device

CSL End Sem 21

 https://s3-us-west-2.amazonaws.com/secure.notion-static.com/3d413b34-629d-4
83e-8c46-ceeedade81a9/Chapter_2__Cyber_Offenses_and_Cybercrimes_copy.
pdf

Attack on mobiles

Vishing
Usually used to steal credit card details or other related data used in ID theft

Vishing via voicemail: Victim is forced to call on the provided phone number once
he/she listens to voice call

Vishing via direct phone call:

Criminal gathers information

Make call to pretend panic situation

Ask credit/debit card details

How to protect from Vishing Attacks

Be suspicious about unknown callers

CSL End Sem 22

 Do not trust caller ID - caller ID spoofing is easy

Be aware and ask questions, in case someone is asking for your personal
information

Report vishing calls to nearest cyber cell with number and name that appeared
on caller ID

Mishing
Mishing is a blend of cell phones and Phishing.

Mishing attacks are endeavored to utilize cell phone technology.

M-Commerce is quick turning into a piece of regular day to day existence.

In the event that you utilize your cell phone for acquiring
merchandise/administrations and for banking, you could be progressively vulnerable
to a mishing scam.

A usual mishing attacker uses call named as vishing or message (SMS) known as
smishing.

SMiShing Is a security attack in which the user is tricked into downloading a trojan
horse, virus or other malware on his cellular phone or other mobile device.
SMiShing is short form of "SMS phishing.

The attacker will profess to be a representative from your bank or another

association and will guarantee a requirement for your own subtleties.

Assailants are inventive and they would attempt to persuade you with different
reasons why they need this data from you.

Hacking Bluetooth

CSL End Sem 23

 Mobile Devices: Security Implications for Organizations
Managing Diversity and Proliferation of Hand-Held Devices

Manager or CEO needs to make decisions about security policies like:

registered devices are only allowed in premises, accessibility of network to
outside devices etc.

Unconventional/Stealth devices:

The employees use Compact Disc (CD) and Universal Serial Bus (USB) drives.
With the advancement of the technology the size of the storage devices is
decreasing. It is very difficult to detection devices for organizational security. So,
it is advisable employee not to use these devices.

Threats through lost and stolen devices:

When the people are travelling, it happens that mobile hand-hend devices get
lost. Lost mobile devices are a larger securiyt risk to corporations. This lost or
stolen device put the company on serious risk of damage, exploitation or
damage to its professional integrity.

Educating the Laptop Users

Corporate laptop users could be put their company's networks at risk by

downloading the non work related software which spreads viruses and spyware.

CSL End Sem 24

 Difference between phishing and vishing

CSL End Sem 25

 Module 3 & 4
These are not the questions from the QBB pdf, but instead the ones that were there in
the IA2 QB provided by ma’am.

What are the basic stages of attack over the network?

Initial uncovering:

Gathering information by searching about the victim on google or social media

sites etc. also gathering information about the company they work at, etc.

At this phase, only preventive measures can be taken.

Detection of the attacker is not possible at this stage as they haven't done
anything illegal.

Network probe:

Using active and passive attack tools to get more intense information about the
network.

“port scanning” tools are used to discover exactly which services are running on
the target system.

At this point, the attacker has still not done anything that is considered as
abnormal activity.

Crossing the line towards electronic crime:

Attacker in this stage is proceeding towards committing crime

The Attacker uses different exploits, guessable system passwords,

programming errors etc.

The attacker usually goes through several stages of exploits to gain access of
the system

Capturing the network:

Attacker attempts to own the network

The attacker gains a foothold in the internal network quickly and easily, by
compromising low-priority target systems.

CSL End Sem 26

 It includes introduction of trojan

Attacker also removes all the evidences of attack

Number of hacking tools are available which can clean up log files and remove
traces of intrusion

For example

Evidenceeliminator.com

Cesoft.net

traceless.com/computer-forensics

Grab the data:

Once the network is captured, then important information is stolen

Covering tracks:

This is last step in any cyberattack where attacker extends misuse of system
without being detected

Attacker can also start next attack from this phase

What are Anonymizers?

An Anonymizer is also known as An Anonymous Proxy.

It is a tool that attempts to make activity on the internet untraceable.

It acts as an intermediary and privacy shield between a client computer and the rest
of the Internet.

It accesses the Internet on the user's behalf, protecting personal information by

hiding the client computer's identifying information.

It hides/removes all identifying information from a user’s computer while the user
surfs on the Internet

It ensures privacy of the user

In 1997, the first anonymous software tool was created by Lance Cottrell, developed
by Anonymizer.com

CSL End Sem 27

 What are key-loggers?
Key-logger is a computer program/device that records every keystroke made by a
computer user, especially in order to gain fraudulent access to passwords and other
confidential information.

There are two types of key-loggers:

Software Key-loggers:

Software keyloggers are software programs installed on computer systems

which can record every keystroke.

Keylogger stored the key entered by the user.

It is the easiest way to capture the password.

Normally installed by Trojans or viruses

Keylogger usually consists of two files that get installed in the same directory: a
dynamic link library (DLL) file and an executable (EXE) file that installs the DLL
file and triggers it to work.

DLL does all the recording of keystrokes

Eg: Stealth Keylogger, Power Keylogger, Spy Buddy, Elite Keylogger, etc

Hardware Keylogger:

Hardware keyloggers are small hardware devices, connected to PC and

keyboard and save every keystroke into file or in memory.

Keyloggers look like an integrated part of the systems hence go undetected

They are small hardware devices connected to the PC that can save every
keystroke into a file or in the memory of the hardware device

E.g. Cybercriminals install such devices on ATM machines to capture ATM card
PINs

Eg: Keyghost, Keylog, KeyDevil, KeyKatcher, etc

What can be the purposes behind password cracking?

Password is like a key to get an entry into computerized systems like a lock.

CSL End Sem 28

 Password cracking is a process of recovering passwords from data.
The purpose of password cracking could be:

To recover a forgotten password.

As a preventive measure by system administrators to check for easily crackable

passwords. (Testing )

To gain unauthorized access to a system.

Explain Dictionary Attack

Dictionary attack is used for password cracking.

It uses a predefined dictionary to look for a match between the encrypted password
and the encrypted dictionary word.

It is a type of brute force attack for defeating a cipher or authentication mechanism

by trying to determine its decryption key or passphrase by trying hundreds or
sometimes millions of likely possibilities, such as words in a dictionary.

As it is a brute force attack, it is less likely to be successful if the site that it is being
used on has proper security measures: eg. locking the user out after 5 wrong
attempts.

Justify why buffer overflow is a threat?

A buffer overflow attack typically involves violating programming languages and
overwriting the bounds of the buffers they exist on.

Attackers use a buffer overflow to corrupt a web application’s execution stack,

execute arbitrary code, and take over a machine.

Common consequences of a buffer overflow attack include the following:

System crashes: A buffer overflow attack will typically lead to the system
crashing. It may also result in a lack of availability and programs being put into
an infinite loop.

Access control loss: A buffer overflow attack will often involve the use of
arbitrary code, which is often outside the scope of programs’ security policies.

CSL End Sem 29

 Further security issues: When a buffer overflow attack results in arbitrary code
execution, the attacker may use it to exploit other vulnerabilities and subvert
other security services.

This is why buffer overflow is a threat to mankind.

Explain attacks on wireless networks and mention how to secure

them.
Sniffing

It is Eavesdropping on the network and simplest of all attacks

It is the process of intercepting wireless data that is being broadcasted on

unsecured network

Attacker usually installs sniffers remotely on victim’s system and conducts

activities like:

Password scanning

Detection of service set identifier (SSID)

Collecting MAC address

Spoofing

Primary objective of spoofing is to successfully masquerade the identity.

MAC address spoofing: changing assigned MAC by other device

IP Spoofing: creating IP packets with forged IP address

Frame Spoofing: Attacker injects frames whose content is carefully spoofed and
which are valid as per 802.11 specification

DoS

Man-in-the-Middle (MITM)

Attacker stands in between host A and B without their knowledge

Attacker can observe the communication (threat to confidentiality)

Attacker can also modify the data before delivering to actual recipient (Threat to
integrity)

CSL End Sem 30

 Encryption cracking

Attacker always find new tools and techniques to deconstruct the older
encryption technology

How to secure the Wireless Networks

Change the default setting of all equipments of wireless network

Enable wireless protected access (WPA) encryption

Change default SSID (Service set identifier)

Enable MAC address filtering

Disable remote login

Disable SSID broadcast

Disable features not used in AP

Avoid providing the network a name which is easily identifiable

Connect only to secure wireless networks.

Explain Virus and Worms in Detail

Worms :

Worms are similar to a virus but it does not modify the program.

It replicates itself more and more to slow down the computer system. Worms can be
controlled by remote.

The main objective of worms is to eat the system resources.

Eg. The WannaCry ransomware worm in 2000 exploits the Windows Server
Message Block (SMBv1) which is a resource-sharing protocol.

Virus :

A virus is a malicious executable code attached to another executable file that can
be harmless or can modify or delete data.

When the computer program runs attached with a virus it performs some action
such as deleting a file from the computer system.

CSL End Sem 31

 Viruses can’t be controlled remotely.

Eg. The ILOVEYOU virus spreads through email attachments.

CSL End Sem 32

 What is a backdoor?
Backdoor is a feature or defect of a computer system that allows an attacker
unauthorized access to data.

Two main types of backdoors:

Conventional (hidden parameters, redundant interfaces, etc.)

Unconventional (breaking authentication between two application’s

components)

It refers to any method by which authorized and unauthorized users are able to get
around normal security measures and gain high level user access on a computer
system, network or software application

Programmers may sometimes install a backdoor so that the program can be

accessed for troubleshooting or other purposes.

Attackers use the detected backdoors or installed by themselves as a part of the

exploit.

Worm is many times designed to take advantage of backdoor

Eg: Bifrost: Infect Windows 95 through Vista

Eg: Onapsis: open source ERP penetration testing framework.

CSL End Sem 33

 Define Intellectual Property Rights with all provisions.
Intellectual Property rights aim to provide the innovators and creators legal
protection for their ideas and creations, trademarks, names, brands etc.

Intellectual Property encompasses 2 types of rights :

Industrial property rights: trademarks, patents, geographical indicators,

designations of origin, industrial designs and models etc.

Copyrights: literary, dramatic, artistic and musical work, films etc.

Patents: In India patents are governed by the provisions of the Patents Act 1970
and amended by Patents Act 2005 and Patents Act Rules 2006

Trade Secrets: There is no specific law in India for the protection of trade secrets.
They are protected under various statuses including contract law, copyright law,
breach of confidence etc.

Trademarks: Trademarks in India are registered and protected under the Trade
Marks Act 1999.

Copyrights: They are protected and registered under the Copyright Act 1957.

Geographical Indications: 1999 (GI Act) is an act of the parliament of India for
protection of geographical indications in India.

Indian IT Act 2000 has no provision for the protection of copyright.

Indian Copyright Act 1957 deals with protection of computer software and is
inadequate to address all the aspects of IT

The Act defines the term computer and computer program in section 2(ffb) and
section 2(ffc) respectively.

Section 63 B of copyright Act 1957, is related to the copyright-related infringement

of software or computer program and punishment for the offense.

Act protect Databases as Literary work under section 13(1)

Explain the ping of death and smurf attack.

Ping of death is a process of sending oversized ICMP packets to a system.

Mainly used by network computers.

CSL End Sem 34

 Eg. On a windows machine if one types,

ping –L 65510 <victim IP address>

We know that the max IP packet size allowed = 65535

The above command creates a packet when reassembled that is larger than the
max size of 65,535 that is allowed.

This causes the system to crash.

Why crash?

ICMP echo has a “pseudo header” consisting of 8 bytes of ICMP header info

Next in the ICMP packet is the ping data that is sent

Maximum amount of data can send is 65535 – 20 IP – 8 ICMP = 65507

Hence, data sent (65510) is too large.

A Smurf attack is a form of a distributed denial of service (DDoS) attack that

renders computer networks inoperable.

The Smurf program accomplishes this by exploiting vulnerabilities of the Internet

Protocol (IP) and Internet Control Message Protocols (ICMP).

The steps in a Smurf attack are as follows:

First, the malware creates a network packet attached to a false IP address — a

technique known as "spoofing."

Inside the packet is an ICMP ping message, asking network nodes that receive
the packet to send back a reply

These replies, or "echoes," are then sent back to network IP addresses again,
setting up an infinite loop.

Here are a couple of steps to for Smurf attack mitigation:

make sure to block directed broadcast traffic coming into the network

configure hosts and routers not to respond to ICMP echo requests.

CSL End Sem 35

 What is identity theft? List different types of identity theft.
Identity theft is the crime of obtaining the personal or financial information of another
person to use their identity to commit fraud, such as making unauthorized
transactions or purchases.

Identity theft is committed in many different ways and its victims are typically left
with damage to their credit, finances, and reputation.

Financial identity theft :

Financial fraud is when victims identity is used to perform criminal activity that is
harmful to victim’s finance

Opening new credit card in victim’s name

Open bank account

Purchase vehicle

Home mortgage

Process of recovering is expensive, time-consuming and psychologically

painful.

This type of fraud also damages the credit history of the victim.

CSL End Sem 36

 Criminal identity theft :

Perform criminal activity by using someone else identity

Enter in some country illegally

Commit terrorism

Cybercrimes

Drug trafficking

Money laundering

This type of crimes include using victim’s identity to commit criminal act

During investigation, the victim’s name will be coming in front which will destroy
the victim's reputation, add criminal history etc.

Identity cloning:

Living somebody else's identity

Instead of financial fraud or committing crimes on victim’s name, criminal

compromise the victim’s life by living and working as the victim’s identity

Clone accounts on social media and in cyber world is very easy and popular
these days

Business identity theft :

Applying for corporate credit card with victim’s name

Purchase/sell property with fake id

Steal product information and use it to sell it as victim’s

It caused damage to business reputation

Medical identity theft: Health insurance fraud

What is E-commerce? Explain different types of e-commerce with

suitable examples.
Can be defined as buying and selling of goods, products or services over internet

Online transaction of money, funds transfer are also part of electronic commerce

CSL End Sem 37

 Types of E-commerce:

B2C:

Very well known category

Transaction between business and consumer through online shopping

Electronic retailing

Example: Amazon.com, Flipkart.com

B2B:

Transaction done between two business organizations

Usually in large terms of volume and value of the goods and services

Example: IndiaMART.com, shopifygold.com

Manufacturer producing raw material

C2C:

Electronic transaction done between two end consumers

Third party usually provide online platform for consumer to identify and buy or
sell products

Example: eBay.com, olx.com. Renting or selling purchasing houses is also done

using online websites Magicbrick.com, housing.com etc.

C2B:

Individual consumer provides goods or services to business and get paid

Third party platform is used by businesses to list down their requirements and
connect with individual consumer

Example: SurveyMonkey.com, TranslationDirectory.com

Consumer taking online survey SurveyMonkey.com

Freelancing jobs from websites like Freelancing.com

Online Translation like TranslationDirectory.com

G2C:

CSL End Sem 38

 This term refers to relation between government organization and citizens

E-governance where citizens can communicate with government websites

directly

Increases transparency in governments processes

Example:

Paying tax online, registration of birth, marriage or death certificates

Participation in government auction

Getting license online

G2B:

Paying tax online

Businesses getting online licenses and contracts

A classic G2B example is a government website where businesses go to pay

taxes.

Write a short note on Digital Certificates

Digital Signature is a type of electronic signature that is used to guarantee the
integrity of the data.

An X.509 certificate (digital certificate) contains the information about the certificate
subject and the certificate issuer.

The role of a certificate is to associate an identity with a public key value.

X.509 certificate contain following information:

X.509 version information

Serial number – unique identification

Common name – identifies the subject

Public key associated with common name

Name of user who created the certificate

Information about certificate issuer

CSL End Sem 39

 Signature of the issuer

Information about the algorithm used to sign the certificate

Some optional X.509 version 3 extensions

Application of X.509 :

web browser that support SSL protocol

Secured email, PEM (privacy enhanced mail) and S/MIME.

E-commerce protocol such as SET(secure Electronics Transaction).

Explain Evidence Aspect in Cyber Law

In legal terms evidence refers to a proof legally presented in the court of law to
ascertain the truth of matter.

Pieces of evidence tend to prove or disprove the fact in question and are required
by courts to reach a conclusion in legal cases.

Explain the purpose of the proxy server. What is SQL Injection

Attack? Explain the types.
Purpose of Proxy Server

Keep system behind curtain (for security reasons)

Speedup access to resource (through caching) by caching web pages from a web
server

CSL End Sem 40

 Cache memory of the proxy server can serve all the users.

Frequently requested websites from different users can remain in proxy server
which improves user response time

Filter unwanted content (like advertisements)

The proxy server evaluates the request and provides the resource.

SQL Injection Attack

SQL is database computer language for managing data in relational DBMS

SQL injection is a code injection technique that exploits security vulnerability at

database layer of an application

Attackers target common database servers used by many organizations to store

confidential data

Common objective behind SQL injection is to obtain sensitive information from

database table while accessing it

During SQL injection attack, malicious code is inserted into a website’s code to
make a system execute a command shell or other arbitrary commands

Example: an arbitrary command might open command prompt or a table from

database

Types of SQL Injection Attack

Piggy Backed Query:

Insert additional queries to be executed by the database into the original query
to extract data, add or modify data, perform denial of service, or execute remote
commands.

The attacker does not intend to modify the original intended query but to include
new queries that piggyback on the original query.

As a result, the DBMS receives multiple SQL queries. The first is the normal
query, the subsequent ones are executed to satisfy the attack.

CSL End Sem 41

 Output : Database Deleted

Input : pin=0; DROP database webApp

Tautologies:

An attacker injects queries that always evaluates to true to the Grade Central
site to bypass authentication and retrieve grades.

Encode attacks in such a way as to avoid naïve input filtering.

Result: Login Successful

Input : “user’ or 1=1 --”

What are the security challenges posed by Mobile devices?

Mobile phone security threats generally include application based, web-based,
network-based and physical threats.

Application based threat: If it comes to apps the risks run from bugs and basic
security risks on the low end of the scale all the way through malicious apps with no
other purpose to commit cyber crime.

Malware

Spyware

Privacy

CSL End Sem 42

 Zero Day Vulnerabilities

Web based threat: According to the nature of mobile use, the fact that we have our
devices with us everywhere we go and are connecting to the Internet while doing
so, they face a number of unique web-based threats as well as the run-of-the-mill
threats of general Internet use.

Phishing Scams

Social Engineering

Drive By Downloads

Operating System Flaws

Network-based threat: Any mobile devices which typically support a minimum of

three network capabilities making them three-times vulnerable to network-based
attack.

Network exploits

WiFi sniffing

Cross-Platform Attacks

BOYD

Physical Threats:: It happens any time, unlikely a desktop sitting at your

workstation, or even a laptop in your bag, a mobile device is subject to a number of
everyday physical threats.

Loss/Theft: Loss or theft is the most unwanted physical threat to the security of
your mobile device. Any device itself has value and can be sold on the
secondary market after all your information is stolen and sold.

What is an E-contract? Discuss contract Act 1872 and provision of

e-contract in ITA 2000
Traditional physical contracts used to involve a bond paper, lawyer etc.

Trade has increased tremendously between parties beyond geographical

boundaries.

Also, physical contracts are not applicable to online transactions and activities.

CSL End Sem 43

 An electronic contract is an agreement that is drafted, negotiated, and executed
completely online.

Electronic contracts can eliminate many costs associated with traditional pen-and-
paper contracts and see countless other advantages.

Many countries have enacted laws to recognize electronic contracts

India IT Act 2000 and Indian Contract act 1872 together are used to solve the
issues that arise in the formation and authentication of e-contracts

An e-contract is legally binding only if it complies with both the laws.

Types of Electronic Contracts

Shrink Wrap Contracts:

Typically packed with the products and license agreements can be read and
accepted only after unpacking the product. Eg: Any electronic product
purchased online

Click Wrap Contracts:

Also called as click through. Mostly found as a part of the software. User has
only 2 options: accept or decline. Eg. Software or application installation

Browse Wrap Contract:

Can be found on a website or on the homepage of a downloadable product.

User has to accept terms and condition to further browse

Indian Contract Act 1872

The Indian Contract Act, 1872 defines the term “Contract” under its section 2 (h) as
“An agreement enforceable by law”.

This definition has two major elements in it viz – “agreement” and “enforceable by
law”.

Agreement: In section 2 (e), the Act defines the term agreement as “every promise
and every set of promises, forming the consideration for each other”.

The Act in its section 2(b) defines the term “promise” here as: “when the person to
whom the proposal is made signifies his assent thereto, the proposal becomes an
accepted proposal. A proposal when accepted, becomes a promise”.

CSL End Sem 44

 The Act governs the manner in which contracts are made and executed in India.

It provides a framework of rules and regulations which governs formation and

performance of contracts.

Provision of E Contract in ITA 2000

The information technology act 2008 has introduced a new section 10A - “ Validity
of contracts formed through electronic means ’’

Section 10A of ITAA 2008 states:

Where in a contract formation, the communication of proposals, the acceptance

of proposals, the revocation of proposals and acceptances, as the case may be,
are expressed in electronic form or by means of an electronic record, such
contract shall not be deemed to be unenforceable solely on the round that such
electronic form or means was used for that purpose.

Attribution: ascribe a work or remark to someone or something

Considering responsible for

Belongs to

Originator: a person who sends or generate electronic record

Addressee: receiver of electronic record

Module 5 & 6
Explain how the appeals can be made under the IT ACT 2000.
An appeal is a request made by the aggrieved party to modify or reverse an order.
Appeals function both as a process for error correction and a process of clarifying
and interpreting law

Any person aggrieved by an order made by controller or adjudicating officer under

this Act may prefer an appeal to AT [Sec. 57(1)]

It needs to be noted that, if any person is aggrieved by an order passed by CCA,

while using the powers vested with him under the Act, and/or the order passed by
the Adjudicating Officer in the complaint made to him under Secs. 43 and 43A of the
Act, can file an appeal to AT.

CSL End Sem 45

 A person will have no right to appeal where the order has been made with the
consent of the Parties.

Every appeal shall be filed within a period of 45 days from the date of receipt of
order made by the controller or adjudicating officer along with the prescribed fees.
However, the Appellate Tribunal may entertain an appeal after the expiry of the
stated period of 45 days if it is satisfied that there was sufficient cause for delay in
filing an appeal.

On receipt of an appeal under Section 57(1), the Appellate Tribunal may, after
giving an opportunity of being heard to the parties to the appeal, pass such orders
thereon as it thinks fit. It may confirm, modify or set aside the order against which
an appeal has been made

The appeal shall be dealt with by it as expeditiously as possible and endeavor shall
be made by it to dispose of the appeal finally within 6 months from the date of
receipt of the appeal

Any person aggrieved by any decision or order of Appellate Tribunal may file an
appeal to the High Court within 60 days from the date of communication of such
decision or order. An appeal may be on any question of fact or law arising out of
such order.

The High Court may allow it to be filed within a further period of 60 days, if it is
satisfied that sufficient cause prevented him from filing the appeal within the
prescribed period.

Indian Information Technology Act 2000. What are the key

provisions?
An act to facilitate electronic filing of documents with government agencies, to
provide legal recognition for transactions made through electronic data interchange
and other forms of electronic communication, also known as "electronic commerce,"
which involve using alternatives to paper-based methods of communication and
information storage, and to further amend the Indian Penal Code, the Indian
Evidence Act of 1872, the Banker's Books Evid.

Key provisions:

All electronic contracts made through secure electronic channels are legally valid.

CSL End Sem 46

 Legal recognition for digital signatures.

Security measures for electronic records and also digital signatures are in place

A procedure for the appointment of adjudicating officers for holding inquiries under
the Act is finalized

Provision for establishing a Cyber Regulatory Appellant Tribunal under the Act.
Further, this tribunal will handle all appeals made against the order of the Controller
or Adjudicating Officer.

An appeal against the order of the Cyber Appellant Tribunal is possible only in the
High Court

Digital Signatures will use an asymmetric cryptosystem and also a hash function

Provision for the appointment of the Controller of Certifying Authorities (CCA) to

license and regulate the working of Certifying Authorities. The Controller to act as a
repository of all digital signatures.

The Act applies to offenses or contraventions committed outside India

Senior police officers and other officers can enter any public place and search and
arrest without warrant

Provisions for the formation of a committee to advise the Controller and the Central
Government on cyber regulations.

Amendments to Indian IT Act.

Technology neutrality adopted.

Privacy safeguards enhanced: Section 43A inserted prohibiting unauthorized

disclosure of “sensitive personal information”.

A new section 72A inserted criminalizing disclosure of information in breach of a

lawful contract.

New sections added to cover offences such as identity theft, cyber terrorism,
violation of privacy, cheating by personation, transmitting sexually explicit act, child
pornography etc.

Intermediary liability recast: As a result of the much publicized case of Avnish Bajaj
Vs NCT Delhi (2005) 3 CompLJ 364 Del) where the CEO of eBay India was made a

CSL End Sem 47

 co-defendant on allegations that eBay facilitated sale of pornography through its
website.

Amendments are made in following sections of ITA 2000:

Section 43 (Data Protection)

Section 66 (Hacking)

Section 67 (protection against unauthorized access)

Section 69 (cyber terrorism)

Section 72 (privacy and confidentiality)

Global cooperation in fighting against Cyber crimes.

Cybercrime is very much a transnational crime. Urgent measures that are needed to
preserve data at the national level are also necessary within the framework of
international co-operation.

The effective combating, investigation and prosecution of such crimes require

international cooperation between countries, law enforcement agencies and
institutions backed by laws, international relations, conventions, directives and
recommendations culminating in a set of international guidelines to fight cybercrime.

The complex nature of cybercrime, as one that takes place in the borderless realm
of cyberspace, is compounded by the increasing involvement of organized crime
groups. Perpetrators of cybercrime, and their victims, are often located in different
regions, and its effects ripple through societies around the world. This highlights the
need to mount an urgent, dynamic and international response.

The Global Programme is designed to respond flexibly to identified needs in

developing countries by supporting Member States to prevent and combat
cybercrime in a holistic manner. The main geographic nexus for the Cybercrime
Programme in 2017 are Central America, Eastern Africa, MENA and South East
Asia & the Pacific with key aims of:

Increased efficiency and effectiveness in the investigation, prosecution and

adjudication of cybercrime, especially online child sexual exploitation and abuse,
within a strong human-rights framework;

CSL End Sem 48

 Efficient and effective long-term whole-of-government response to cybercrime,
including national coordination, data collection and effective legal frameworks,
leading to a sustainable response and greater deterrence;

Strengthened national and international communication between government, law

enforcement and the private sector with increased public knowledge of cybercrime
risks.

What is the Indian perspective of Cyber laws ? Are they adequate

to protect from Internet Cyber crimes?

SOX – Key IT Requirements

There must be written security policy in the company

The company should baseline its current compliance state and be prepared to show
progress towards full compliance

SOX is commonly applied with progressive requirements year over years

Additional sections of SOX require timely monitoring and response to issues that
may materially affect data used or relied upon to generate public financial reports

Company must log and audit access to financial data and critical files used in the
preparation of public financial reports

HIPAA - Key IT Requirements

HIPAA has an extended set of security requirements and controls with both required
and addressable (optional) components.

A summary of key requirements is listed below:

1. Conduct an initial risk assessment, periodic reviews and reassessments.

2. Written security policy.

3. Designated security person.
4. Written incident handling policy.
5. Backup, Emergency Operations, and Disaster Recovery plan.

CSL End Sem 49

 6. Reuse and disposal plan for reusable media.

7. Audit controls are required, including unique user identifiers.

8. Termination Policy and Procedures
9. Implement user level processes of least privilege.
10. Log/audit login and logoffs
11. Secure and authenticate before physical access to the facility and sensitive
areas is granted.

12. Written usage policies by system type (laptop, Desktop, server ... )
13. Physical removal tracking and policy of all systems and data (including
removable media).
14. Create an “exact copy” backup prior to being moving data or systems.
15. Logout/disconnect inactive sessions

16. Audit access to secure data

17. Encrypt sensitive data (addressable)
18. Monitor and audit access and alterations to sensitive data
19. Protect data in transmission

GLBA – key IT Requirements

Organizations must have a written security policy

Organizations must establish a baseline, risk assessment and vulnerability scan

Organizations must monitor and report any access to the files, folders or databases
that contain consumer financial information

Organizations must notify the consumer if it believes that the consumer’s

information has been compromised

Organizations must designate a security program coordinator

Organizations must establish and conduct security awareness and training

programs

CSL End Sem 50

 Organizations must establish policies for information processing, transformation,
storage and disposal; they must also review and revise the activities mentioned in
the subsequent points

Organizations must have appropriate measures to detect, prevent and respond to

attacks and intrusions

ISO - Key IT Requirements Summary

1. Establish Importance
2. Define the Scope
3. Write High Level Policies
4. Establish a Security Organization
5. Identify and Classify Assets and Data
6. Identify and Classify Risks
7. Plan for Risk Management
8. Implement Risk Mitigation Strategies
9. Statement of Applicability (gap analysis, exclusions/exceptions)
10. Implement a Training and Security Awareness Program
11. Monitor and Review
12. Maintain and Improve

FISMA - Key IT Requirements Summary

1. Assess Existing State (create a baseline)
2. Create a Risk Assessment Summary, and categorize systems as low, moderate, or
high impact relative to security.
3. Classify assets per FIPS 199 (Low, Moderate, High)
1. FIPS (Federal Information Processing Standards) 199 is the result of a law passed in
2002 designed to recognize “the importance of information security to the economic and
national security interests of the United States.” FIPS 199 is an essential part of 2002
(FISMA)

CSL End Sem 51

 4. Secure systems per the appropriate NIST standard by system type (email, DNS,
wireless etc)
5. Review Internally, and Independently (annually) for compliance.
6. Implement policies and procedures to reduce risk to an acceptable level.
7. Periodically review and test procedures to ensure effectiveness.
8. Designate a security information officer with primary duties as security.
9. Implement a security awareness training program for staff and contractors.

NERC - Key IT Requirements Summary

Maintain an inventory of all electronics that either are part of the critical assets list or
are necessary to the operation of critical assets.

Protect access to these critical cyber-assets on a need-to-know basis.

Create an electronic security perimeter that prevents unauthorized users from

accessing any critical cyber-asset, whether they are outside or inside the corporate
network.

Ensure that all electronic cyber-assets are secure via user account management,
equipment, password management, and secure networking policies.

Implement and test a critical cyber-asset recovery plan.

Utilities must ensure the physical security of all critical cyber-assets by:

Ensuring that there is a physical security perimeter around all critical cyber-
Assets.

All physical access points to critical cyber assets must be identified and
Controlled.

An access log must be maintained for all critical cyber-assets, via keycards,
video or manual log.

Everyone who has access to critical cyber assets, including utility personnel,
contract workers and vendors, must be trained in cyber-security.

Each person who accesses critical cyber assets, including the utility's personnel,
contract workers and vendors, must be investigated to assess the risk that he or

CSL End Sem 52

 she poses to security.

PCI - Key IT Requirements Summary

1. You must have a written security policy. It must be communicated to new employees,
and have management sponsorship, as well as designating contact information for
hosts and emergencies.

2. Annual assessments are required.

3. Quarterly vulnerability scans (annual for level 4 merchants), are required (internal and
external).
4. Do not store unnecessary cardholder information.
5. Do not store authentication information (CVV2, PIN) .
6. Encrypt and obscure card information.

7. Systems must be hardened to industry standards (SANS, NIST etc.)

a) Patch operating systems and software
b) Disable unnecessary services.
c) Change default and vendor passwords and accounts.
8. Firewalls are required, and there are specific policies required for DMZ to Internal,
and Internal to External traffic, with both ingress and egress filters.
9. Wireless networks must use their highest possible encryption standard (WPA/WPA2,
WEP has been phased out).
10. Protocols should be restricted to HTTP, SSL, SSH, and VPN, except as otherwise
noted and justified in a separate written policy.
11. Limit and Encrypt Administrative/Console access.
12. Implement only one function per server (i.e Do not run file service and DNS on the
same host).
13. Anti-virus software is required for windows systems (not required on Unix hosts).
14. Applications must follow a Secure Development Life Cycle (SDLC), model with
code review.
15. Change control is required.

CSL End Sem 53

 16. Individual unique accounts, with complex passwords are required.
17. Physical access control is required (Camera, Visitors logs etc.)
18. System auditing must be maintained (login, logout, system changes...,..) and
backed up to a centralized log server, with 3 months online and one year offline
retention.
19. Penetration testing must be done annually or after significant changes
(both network and application layer pen testing).

Short note on SOX

SOX Applies to all publicly traded companies in the United States

Protect interest of investors

It is a U.S. law meant to protect investors from fraudulent accounting activities by

corporations

Sarbanes-Oxley was enacted after several major accounting scandals in the early
2000

The law mandates, strict reforms to improve financial disclosures from corporations
and prevent accounting fraud

It also covers issues such as auditor independence, corporate governance, internal

control assessment, and enhanced financial disclosure

Though Sarbanes-Oxley does not call out any specific IT requirements, the law
does have a great impact on information systems – and in particular the security of
those systems

Also known as public company accounting reform and investor protection Act

A majority of the regulations apply to auditing, the board of directors, disclosures,

and improper trading

Number of provisions also applicable to privately held companies

It contains 11 sections and came in response to financial scandals in companies

Short note on GLBA

CSL End Sem 54

 GLBA is also known as the financial services modernization act of 1999

It applies to the financial services industry (insurance, securities, banking)

It is a United States federal law that requires financial institutions to explain how
they share and protect their customers’ private information

To be GLBA compliant, financial institutions must

Communicate to their customers how they share the customers’ sensitive data

Inform customers of their right to opt-out if they prefer that their personal data
not be shared with third parties

Apply specific protections to customers’ private data in accordance with a

written information security plan created by the institution.

The primary data protection implications of the GLBA are outlined its safeguards
rules, with additional privacy and security requirements

It requires for the financial institutions to establish standards for protecting the
security, integrity and confidentiality of their Non-public personal information (NPI)

Complying with the GLBA puts financial institutions at lower risk of penalties or
reputational damage caused by unauthorized sharing or loss of private customer
data.

Privacy and security benefits required by the GLBA Safeguards Rule for customers:

Private information must be secured against unauthorized access.

Customers must be notified of private information sharing between financial

institutions and third parties and have the ability to opt out of private information
sharing.

User activity must be tracked, including any attempts to access protected records.

Compliance with the GLBA protects consumer and customer records and will
therefore help to build and strengthen consumer reliability and trust.

Customers gain assurance that their information will be kept secure by the
institution;

Safety and security cultivate customer loyalty, resulting in a boost in reputation,

repeat business, and other benefits for financial institutions.

CSL End Sem 55

 Short note on HIPAA
Health Insurance Portability and Accountability Act (HIPAA) is an act created by the
U.S. Congress in 1996

Amends both the Employee Retirement Income Security Act (ERISA) and the Public
Health Service Act (PHSA)

(HIPAA) is a federal law that required the creation of national standards to protect
sensitive patient health information from being disclosed without the patient’s
consent or knowledge.

HIPAA was enacted in an effort to protect individuals covered by health insurance

and to set standards for the storage and privacy of personal medical data.

HIPAA applies to healthcare, medical records, insurance, and other medical related
business

Organizations explicitly covered by HIPAA include:

Health Care Providers

Health Plans

Health Clearinghouses

Medicare Prescription Drug Card Sponsors

It ensures that individual health-care plans are accessible, portable and renewable

It sets the standards and the methods for how medical data is shared across the
U.S. health system in order to prevent fraud

HIPAA also has an administrative simplification provision, which is aimed at

increasing efficiency and reducing administrative costs by establishing national
standards.

Short note on ISO

ISO standards are applied to multinational companies.

It is a family of information security management system (ISMS) standards called

ISO/IEC 27000 series

CSL End Sem 56

 It comprises information security standards published jointly by the international
organization for standardization and International electrotechnical commission

Latest version of ISO/IEC is 27000:2018. It provides an overview of information

security management system (ISMS) along with the terms and definitions commonly
used in the ISMS family standards.

It was originally published in 1995 written by the British Standards Institute (BSI).

It could be about making a product, managing a process, delivering a service or

supplying materials – standards cover a huge range of activities.

ISO 27000 has 3 parts:

Code of Practice - guidelines for security management

Specification with guidance for use - Audit Controls

Risk analysis and management

27001 focuses on building the foundation and designing the framework of

information security in organization

27002 is used to implement security controls defined in annex of ISO 27001

Registering certifies a company for 3 years (requires annual external review).

Short note on FISMA

FISMA came into existence in 2002

National institute of standards and technology (NIST) is present under commerce

department which is responsible for writing and making standard rules

FISMA applies to governmental agencies, governmental contractors and

telecommunications providers who provide services related to national security.

Also applies to Federal agencies, contractors, and any other company or

organization that uses or operates an information system on behalf of a federal
agency.

FISMA discusses a pyramid of goals based on Availability, Integrity and

Confidentiality in order to provide security.

CSL End Sem 57

 Short note on NERC
NERC is a not-for-profit international regulatory authority whose mission is to assure
the reliability and security of the bulk power system in North America.

NERC applies to companies that generate, provide, or transmit energy.

NERC is subject to Federal Energy Regulatory Commission (FERC) mandates and

control.

NRC (Nuclear Regulatory Commission), is a related commission for nuclear power.

The primary focus of NERC is to provide standards for supervisory control and data
acquisition devices and networks.

NERC develops and enforces

Reliability Standards;

annually assesses seasonal and long‐term reliability;

monitors the bulk power system through system awareness;

educates, trains, and certifies industry personnel.

The majority of IT related policies will be issue addressed in NERC is the

requirement to monitor log devices with no gap exceeding 7 days.

Short note on PCI

PCI is an independent organization that sets standards for credit card processors
and merchants.

Applies to merchants and processors of Visa, Mastercard, American Express,

Diners Club International, or JCB (an Asian based credit card), transactions.

PCI specifies different merchant levels from 1-4 (1 being the highest), based on the
number of transactions per year, and has increased security requirements at each
higher level.

PCI specifies security standards for “Any system that stores, processes, or
transmits cardholder data”

Unlike SOX and GLBA, The PCI standard is quite straightforward and IT specific.

CSL End Sem 58

 Baaki module 6 ke questions syllabus mai nhi hai, aur naa hi ma’am ke notes mai

CSL End Sem 59