(10 Marks)

Q.1] What are basic security precautions to be taken to safeguard laptops and wireless devices?
Explain.

1. Back up your data

You should back up your data regularly. If you’re using an external storage device, keep it
somewhere other than your main workplace – encrypt it, and lock it away if possible. That way,
if there’s a break-in, fire or flood, you’ll minimise the risk of losing all your data.

2. Use strong passwords and multi-factor authentication

Make sure you use strong passwords on smartphones, laptops, tablets, email accounts and any
other devices or accounts where personal information is stored. They must be difficult to guess.
The National Cyber Security Centre (NCSC) recommends using three random words.

3. Be aware of your surroundings

For example, if you’re on a train or in a shared workspace, other people may be able to see your
screen. A privacy screen might help you.

4. Be wary of suspicious emails

You and your staff need to know how to spot suspicious emails. Look out for signs such as bad
grammar, demands for you to act urgently and requests for payment. New technologies mean
that email attacks are becoming more sophisticated. A phishing email could appear to come from
a source you recognise. If you’re not sure, speak to the sender. NCSC provide useful training
materials to help you and your staff recognise suspicious emails.

5. Install anti-virus and malware protection

And keep it up-to-date.

6. Protect your device when it’s unattended

Lock your screen when you’re temporarily away from your desk to prevent someone else
accessing your computer. If you do need to leave your device for longer, put it in a secure place,
out of sight.

7. Make sure your Wi-Fi connection is secure

Using public Wi-Fi, or an insecure connection, could put personal data at risk. You should make
sure you always use a secure connection when connecting to the internet. If you’re using a public
network, consider using a secure Virtual Private Network (VPN).
8. Limit access to those who need it

Different workers may need to use different types of information. Put access controls in place to
make sure people can only see the information they need. For example, payroll or HR may need
to see workers’ personal information, but your sales staff won’t.

9. Take care when sharing your screen

Sharing your screen in a virtual meeting may show your device to others exactly as you see it,
including any open tabs or documents. Before sharing your screen, you should close anything
you don’t need and make sure your notifications and pop-up alerts are switched off.

10. Don’t keep data for longer than you need it

Getting rid of data you no longer need will free up storage space. This also means you have less
personal information at risk if you suffer a cyber-attack or personal data breach.

11. Dispose of old IT equipment and records securely

You must make sure no personal data is left on computers, laptops, smartphones or any other
devices, before you dispose of them. You could consider using deletion software, or hire a
specialist to wipe the data.

Q.2] What is Spyware? How Spyware affect the devices? How to protect from Spyware?
Spyware is one of the most common threats to internet users. Once installed, it monitors internet
activity, tracks login credentials and spies on sensitive information. The primary goal of spyware
is usually to obtain credit card numbers, banking information and passwords.

Spyware infections can affect any personal computer, Mac, iOS or Android device. Some of the
most common ways for computers to become infected include the following:

 pirating media such as games, videos and music by downloading and distributing
copyrighted digital content without permission;

 downloading materials from unknown sources;

 accepting pop-up advertisements; and

 opening email attachments from unknown senders.

Maintaining strict cybersecurity practices is the best way to prevent spyware. Some best
practices include the following:

 only downloading software from trusted sources;

 reading all disclosures when installing software;

 avoiding interactions with pop-up ads;

 staying current with updates and patches for browser, operating system (OS) and
application software;

 not opening email attachments or clicking on links from unknown senders;

 using only trusted antivirus software and reputable spyware tools; and

 enabling two-factor authentication (2FA) whenever possible.

Q.3] Write short note on a. Trojan Horse and back door b. Steganography.
1. Trojan Horse:

 A standalone malicious program that may give full control of an infected PC to another PC is
called a Trojan horse.
 This is actually a code segment that tries to misuse its own environment.
 They somehow look attractive but on the other hand, they are really harmful and they actually
serve as virus carriers.
 It may make copies of them, harm the host computer systems, or steal information.
 The Trojan horse will actually do damage once installed or run on your computer but at first, a
glance will appear to be useful software.
 Trojans are designed as they can cause serious damage by deleting files and destroying
information on your system.
 Trojans allow confidential or personal information to be compromised by the system creating a
backdoor on your computer that gives unauthorized users access to your system.
 Unlike Trojans do not self-replicate or reproduce by infecting other files nor do they self-replicate
which means Trojan horse viruses differ from other computer viruses and do not spread
themselves.
 The most popular Trojan horses are Beast, Zeus, The Blackhole Exploit Kit, Flashback Trojan,
Netbus, Subseven, Y3K Remote Administration Tool, and Back Orifice.

2.Trap Door:
  A trap door is kind of a secret entry point into a program that allows anyone to gain access to
any system without going through the usual security access procedures.
 Another definition of a trap door is it is a method of bypassing normal authentication methods.
Therefore it is also known as a back door.
 Trap Doors are quite difficult to detect and also in order to find them the programmers or the
developers have to go through the components of the system.
 Programmers use Trap door legally to debug and test programs. Trap doors turn to threats when
any dishonest programmers gain illegal access.
 Program development and software update activities should be the first focus of security
measures. The operating system that controls the trap doors is difficult to implement.

Q.4] What is Buffer overflow attack? How to mitigate Buffer overflow attack?
Buffers are memory storage regions that temporarily hold data while it is being transferred from
one location to another. A buffer overflow (or buffer overrun) occurs when the volume of data
exceeds the storage capacity of the memory buffer. As a result, the program attempting to write
the data to the buffer overwrites adjacent memory locations.
Buffer overflows can affect all types of software. They typically result from malformed inputs or
failure to allocate enough space for the buffer. If the transaction overwrites executable code, it
can cause the program to behave unpredictably and generate incorrect results, memory access
errors, or crashes.
Attackers exploit buffer overflow issues by overwriting the memory of an application. This
changes the execution path of the program, triggering a response that damages files or exposes
private information. For example, an attacker may introduce extra code, sending new instructions
to the application to gain access to IT systems.

Types of Buffer Overflow Attacks

Stack-based buffer overflows are more common, and leverage stack memory that only exists
during the execution time of a function.

Heap-based attacks are harder to carry out and involve flooding the memory space allocated for
a program beyond memory used for current runtime operations.

How to Prevent Buffer Overflows

In addition, modern operating systems have runtime protection. Three common protections are:

 Address space randomization (ASLR)—randomly moves around the address space

locations of data regions. Typically, buffer overflow attacks need to know the locality of
executable code, and randomizing address spaces makes this virtually impossible.
  Data execution prevention—flags certain areas of memory as non-executable or
executable, which stops an attack from running code in a non-executable region.
 Structured exception handler overwrite protection (SEHOP)—helps stop malicious
code from attacking Structured Exception Handling (SEH), a built-in system for
managing hardware and software exceptions. It thus prevents an attacker from being able
to make use of the SEH overwrite exploitation technique. At a functional level, an SEH
overwrite is achieved using a stack-based buffer overflow to overwrite an exception
registration record, stored on a thread’s stack.

(5 Marks)
Q1. What are different Security Risks for Organisation?
1. Malware
2. Password Theft
3. Traffic Interception
4. Phishing Attacks
5. DDOS
6. Cross Site Attack
7. Zero-Day Exploits
8. SQL Injection
9. Social Engineering
10. MitM Attack

Q2. Differentiate between virus and worm

Basis of
Sr.No. Comparison WORMS VIRUS

A Virus is a malicious executable

A Worm is a form of malware that replicates code attached to another executable
itself and can spread to different computers via file which can be harmless or can
1. Definition Network. modify or delete data.

The main objective of worms is to eat the system

resources. It consumes system resources such as
memory and bandwidth and made the system
slow in speed to such an extent that it stops The main objective of viruses is to
2. Objective responding. modify the information.

It doesn’t need a host to replicate from one It requires a host is needed for
3. Host computer to another. spreading.

4. Harmful It is less harmful as compared. It is more harmful.

 Detection and Worms can be detected and removed by the Antivirus software is used for
5. Protection Antivirus and firewall. protection against viruses.

Viruses can’t be controlled by

6. Controlled by Worms can be controlled by remote. remote.

Worms are executed via weaknesses in the Viruses are executed via executable
7. Execution system. files.

Worms generally comes from the downloaded Viruses generally comes from the
8. Comes from files or through a network connection. shared or downloaded files.

Hampering computer performance by slowing Pop-up windows linking to

down it malicious websites

Automatic opening and running of programs Hampering computer performance

by slowing down it
Sending of emails without your knowledge
After booting, starting of unknown
Affected the performance of web browser programs.

Error messages concerning to system and Passwords get changed without your
9. Symptoms operating system knowledge

Installation of Antivirus software

Keep your operating system and system in Never open email attachments
updated state
Avoid usage of pirated software
Avoid clicking on links from untrusted or
unknown websites Keep your operating system updated

Avoid opening emails from unknown sources Keep your browser updated as old
versions are vulnerable to linking to
10. Prevention Use antivirus software and a firewall malicious websites

Boot sector virus, Direct Action

Internet worms, Instant messaging worms, Email virus, Polymorphic virus, Macro
worms, File sharing worms, Internet relay chat virus, Overwrite virus, File Infector
11. Types (IRC) worms are different types of worms. virus are different types of viruses

Examples of worms include Morris worm, storm Examples of viruses include Creeper,
12. Examples worm, etc. Blaster, Slammer, etc.

13. Interface It does not need human action to replicate. It needs human action to replicate.

Its spreading speed is slower as

14. Speed Its spreading speed is faster. compared to worms.
Q3. What is vishing attack? How to protect from vishing attack

Vishing, also known as voice phishing, is a cybercrime whereby attackers use the phone to steal
personal information from their targets. In a vishing attack, cybercriminals use social engineering
tactics to persuade victims to provide personal information, typically with the goal of accessing
financial accounts.
Vishing Prevention

 Never reveal personal data—vishing attacks are designed to trick the target into
revealing personal information, which attackers can use for other attacks or fraud. Never
give a multi-factor authentication (MFA) number, password, financial data, or similar
details over the phone.
 Always check phone numbers—vishers may call you posing as representatives of a
legitimate organization. Before you provide any personal information or follow a caller’s
instructions, get their name and make sure you can contact them through an official
company number. If the caller attempts to dissuade you from doing this, it’s likely a
scam.
 Organizations do not accept payment via prepaid or gift cards—vishers often ask for
payment for amounts the victim supposedly owes in the form of prepaid cards or gift
cards. No legitimate organization will request a prepaid credit or gift card as payment.
 Never give remote computer access—vishers could request remote access to your
computer under the guise of removing malware or fixing some issue. You should never
grant anyone access to your computer, unless they are a verified member of an IT
department.
 Report suspicious incidents—vishers typically repeat the same scam on several targets.
Report suspected vishing attacks to authorities or security staff at your organization,
ensuring they can protect other targets.

Q4. List general guidelines for password policies

Create strong passwords

Password security starts with creating a strong password. A strong password is:

 At least 12 characters long but 14 or more is better.

 A combination of uppercase letters, lowercase letters, numbers, and symbols.

 Not a word that can be found in a dictionary or the name of a person, character,
product, or organization.

 Significantly different from your previous passwords.

  Easy for you to remember but difficult for others to guess. Consider using a
memorable phrase like "6MonkeysRLooking^".

Secure your passwords

Once you’ve created a strong password, follow these guidelines to keep it secure:

 Don’t share a password with anyone. Not even a friend or family member.

 Never send a password by email, instant message, or any other means of

communication that is not reliably secure.

 Use a unique password for each website. If crooks steal your account information
from one site, they'll try to use those credentials on hundreds of other well-known
websites, such as banking, social media, or online shopping, hoping you've reused
the password elsewhere. That's called a "Credential stuffing attack" and it's
extremely common.

 If you don’t want to memorize multiple passwords, consider using a password

manager. The best password managers will automatically update stored passwords,
keep them encrypted, and require multi-factor authentication for access. Microsoft
Edge can remember your passwords for you and automatically fill them in for you
when needed. See Save or forget passwords in Microsoft Edge.

 It's ok to write your passwords down, as long as you keep them secure. Don't write
them on sticky notes or cards that you keep near the thing the password protects,
even if you think they're well-hidden.