CYBER SECURITY TECHNIQUES

There are many cyber security techniques to combat the cyber security attacks. The next
section discusses some of the popular techniques to counter the cyber attacks.

2.1 AUTHENTICATION
• It is a process of identifying an individual and ensuring that the individual is the same
who he/she claims to be.
• A typical method for authentication over the internet is via username and password.
• With the increase in the reported cases of cybercrime by identity theft over the internet,
organizations have made some additional arrangements for authentication like a one-time
password (OTP), as the name suggests it is a password that can be used one-time only and
is sent to the user as an SMS or an email at the mobile number/email address that he has
specified during the registration process.
• It is known as the two-factor authentication method and requires two types of evidence to
authenticate an individual to provide an extra layer of security for authentication.
• Some other popular techniques for two-way authentication are biometric data, physical
tokens, etc. which are used in conjunction with username and password.

• The process of giving access to an individual to certain resources based on the

credentials of an individual is known as authorization and often this process goes
hand-in-hand with authorization.

• Now, one can easily understand the role of a strong password for authorization to ensure
cyber security as an easy password can be a cause of security flaws and can bring the
whole organization at high risk.

• Therefore, the password policy of an organization should be such that employees are
forced to use strong passwords (more than 12 characters and a combination of
lowercase and uppercase alphabets along with numbers and special characters) and
prompt user to change their password frequently.

• In some of the bigger organizations or an organization that deals in sensitive information

like defense agencies, financial institutions, planning commissions, etc. a hybrid
authentication system is used which combines both the username and password
along with hardware security measures like biometric system, etc.

• Some of the larger organizations also use VPN(Virtual Private Network), which is
one of the methods to provide secure access via hybrid security authentication to the
company network over the Internet.

26
2.2 ENCRYPTION
• It is a technique to
convert the data to an
unreadable form before
transmitting it over the
internet.
• Only the person who
has access to the key
and convert it into
readable form and read
it.
• Formally encryption
can be defined as a
technique to lock the
data by converting it to
complex codes using
mathematical
algorithms.
• The code is so complex
that even the most
powerful computer will
take several years to
break the code.
• This secure code can
safely be transmitted
over the internet to the
destination.
• The receiver, after
receiving the data can
decode it using the key.
Figure 4: Encryption
• The decoding of the
• complex
In symmetric codekey encryption,
to the after coding of
data, the
original textkey is sent
using a keyto the destination user via some
isother
knownmedium like postal service, telephone, etc.
as decryption.
because if the key i s obtained by the hacker, the
• If the same key is used
security of the data is compromised.
to lock and unlock the
• data,
Key itdistribution
is known is asa complex task because the
symmetric key transmission is itself an issue.
security of the key while
encryption.
• To avoid the transfer of key a method called
asymmetric key encryption, also known as public
key encryption, is used.
• In asymmetric key encryption, the keys used to
encrypt and decrypt data are different.
• Every user possesses two keys (Public key and
Private key).
• As the name suggests, the public key of every user
2 is known
Image courtesy:to everyone but the private key is known
https://upload.wikimedia.org/wikipedia/commons/b/bc/Public_key_encryption_keys.png
to the particular user, who owns the key, only.
27
• Suppose sender A wants to send a secret message
• A will encrypt the message using B's public key, as the public key is known to everyone.

• Once the message is encrypted, the message can safely be sent to B over the Internet.

• As soon as the message is received by B, he will use his private key to decrypt the message
and regenerate the original message.

2.3 DIGITAL SIGNATURES

• It is a technique for the validation of
data.
• Validation is a process of certifying
the content of a document.
• The digital signatures not only
validate the data but are also used for
authentication.
• The digital signature is created by
encrypting the data with the private
key of the sender.
• The encrypted data is attached along
with the original message and sent
over the internet to the destination.
• The receiver can decrypt the signature
with the public key of the sender.
• Now the decrypted message is
compared with the original message.
•• IfAsboth
moreareand
themore
same,documents
it signifies
arethat
transmitted over the internet, digital signatures are an
the data ispart
essential notoftempered
the legaland alsoasthe
as well the financial transition.
authenticity of the sender is verified as
• It not only provides the authentication of a person and the validation of the document,
someone with the private key(which is
but it also
known to the prevents the denial
owner only) or agreement at a later stage.
can encrypt
• the data which
Suppose is then decrypted
a shareholder instructsby
thehis
broker via email to sell the share at the current price .
public key.
• After the completion of the transaction, by any chance, the shareholder reclaims the
• theby data
Ifshares is the
claiming tempered
email to bewhile
forged or bogus.
transmission, it is easily detected by
• To prevent these unpleasant situations, digital signatures are used.
the receiver as the data will not be
verified.
• Moreover, the message cannot be re-
encrypted after tempering as the
private key, which is possessed only
by the original sender, is required for
this purpose.

28
 Figure 5: Digital signature'

2.4 ANTIVIRUS
• There are varieties
of malicious
programs like
viruses, worms,
trojan horses, etc.
that are spread over
the internet to
compromise the
security of a
computer either to
destroy data stored
in the computer or
gain financial
benefits by sniffing
passwords, etc.
• To prevent these
malicious codes
3
fromcourtesy:
Image entering your
https://upload.wikimedia.org/wikipedia/commons/2/2b/Digital_Signature_diagram.svg
system, a special
program called an
anti-virus is used
which is designed to 29
protect the system
2.5 FIREWALL
• It is
hardware/software
that acts as a shield
between an
organization's
network and the
internet and protects
it from threats like
viruses, malware,
hackers, etc.
• It can be used to
limit the persons
who can have
access to your
network and send
information to you.
• There are two types
of traffic in an
organization
(inbound traffic and
outbound traffic).
• Using a firewall, it
is possible to
configure and
monitor the traffic
of the ports.
• Only the packets Figure 7: Firewall
from trusted source
addresses can enter
the organization's
network and the
sources which are
5
Image courtesy: https://upload.wikimedia.org/wikipedia/commons/5/5b/Firewall.png
blacklisted and
unauthorized
addresses are denied
access to the 30
• Hardware Firewalls: Examples of hardware firewalls are routers through which the
network is connected to the network outside the organization i.e. Internet.
• Software Firewalls: These firewalls are installed on the server and client machines and
they act as a gateway to the organizations' network.

• In the OS like Windows 2003, Windows 2008, etc. it comes embedded with the OS.

• The only thing a user need to do is to optimally configure the firewall according to their own
requirement.
• The firewalls can be configured to follow "rules" and "policies" and based on these defined
rules the firewalls can follow the following filtering mechanisms.

• Proxy- all the outbound traffic is routed through proxies for monitoring and
controlling the packets that are routed out of the organization.
• Packet Filtering- based on the rules defined in the policies each packet is filtered by
its type, port information, and source & and destination information. Examples of
such characteristics an IP addresses, Domain names, port numbers, protocols, etc.
Basic packet filtering can be performed by routers.
• Stateful Inspection: rather than going through all the fields of a packet, key features
are defined. The outgoing/incoming packets are judged based on those defined
characteristics only.

• The firewalls are an essential component of the organization’s network.

• They not only protect the organization against viruses and other malicious code but also
prevent hackers from using your network infrastructure to launch DOS attacks.

2.6 STEGANOGRAPHY
• It is a technique of hiding secret
messages in a document file,
image file, program, etc. such
that the embedded message is
invisible and can be retrieved
using special software.
• Only the sender and the receiver
know about the existence of the
secret message in the image.
• The advantage of this technique
is that these files are not easily
suspected.

31
 Figure 8: Steganography"

• Let us discuss how the data is secretly embedded inside the cover file( the medium like
image, video, audio, etc. which is used for embedding secret data) without being noticed.
• Let us take an example of an image file that is used as a cover medium.

• Each pixel of a high-resolution image is represented by 3 bytes(24 bits).

• If the 3 least significant bits of these 24 bits are altered and used for hiding the data, the
resultant image, after embedding the data into it, will have an unnoticeable change in the
image quality and only a very experienced and trained eye can detect this change.
• In this way, every pixel can be used to hide 3 bits of information.
• Similerly, introducing white noise in an audio file at regular or random intervals can be used
to hide data in audio or video files.
• There are various free software available for Steganography. Some of the popular ones are
QuickStego, Xiao, Tucows, OpenStego, etc.

6
Image courtesy: https://upload.wikimedia.org/wikipedia/commons/b/b8/Seformatbmp-embedding_full.png

32