Skip to main content

cyber security and Vulnerability



Uttarakhand Open University, 2017. This work by Uttarakhand Open University is licensed under 
a Creative Commons Attribution-ShareAlike 4.0 International License.  It is attributed to the sources 
marked in the References, Article Sources and Contributors section. 
Published By: Uttarakhand Open University 
 
Index 
1.1 INTRODUCTION .......................................................................................................................................... 8 
1.1.1 HISTORY OF INTERNET ..................................................................................................................................... 8 
1.1.1.1 Internet Addresses ........................................................................................................................... 10 
1.1.1.2 DNS .................................................................................................................................................. 12 
1.1.1.3 Internet Infrastructure ..................................................................................................................... 13 
1.1.1.4 World Wide Web ............................................................................................................................. 14 
1.2 INTRODUCTION TO CYBER CRIME ............................................................................................................. 15 
1.2.1 CLASSIFICATION OF CYBER CRIMES ................................................................................................................... 16 
1.2.2 REASONS FOR COMMISSION OF CYBER CRIMES .................................................................................................. 18 
1.3 MALWARE AND ITS TYPE .......................................................................................................................... 19 
1.3.1 ADWARE ..................................................................................................................................................... 19 
1.3.2 SPYWARE .................................................................................................................................................... 19 
1.3.3 BROWSER HIJACKING SOFTWARE ...................................................................................................................... 19 
1.3.4 VIRUS ......................................................................................................................................................... 19 
1.3.5 WORMS ..................................................................................................................................................... 20 
1.3.6 TROJAN HORSE ............................................................................................................................................ 20 
1.3.7 SCAREWARE ................................................................................................................................................ 21 
1.4 KINDS OF CYBER CRIME ............................................................................................................................ 21 
1.4.1 CYBER STALKING .......................................................................................................................................... 21 
1.4.2 CHILD PORNOGRAPHY ................................................................................................................................... 22 
1.4.3 FORGERY AND COUNTERFEITING ...................................................................................................................... 22 
1.4.4 SOFTWARE PIRACY AND CRIME RELATED TO IPRS ............................................................................................... 22 
1.4.5 CYBER TERRORISM ........................................................................................................................................ 22 
1.4.6 PHISHING .................................................................................................................................................... 22 
1.4.7 COMPUTER VANDALISM ................................................................................................................................ 22 
1.4.8 COMPUTER HACKING .................................................................................................................................... 22 
1.4.9 CREATING AND DISTRIBUTING VIRUSES OVER INTERNET......................................................................................... 23 
1.4.10 SPAMMING ............................................................................................................................................... 23 
1.4.11 CROSS SITE SCRIPTING ................................................................................................................................. 23 
1.4.12 ONLINE AUCTION FRAUD ............................................................................................................................. 24 
1.4.13 CYBER SQUATTING ...................................................................................................................................... 24 
1.4.14 LOGIC BOMBS ............................................................................................................................................ 24 
1.4.15 WEB JACKING ............................................................................................................................................ 24 
1.4.16 INTERNET TIME THEFTS ............................................................................................................................... 24 
 
1.4.17 DENIAL OF SERVICE ATTACK .......................................................................................................................... 24 
1.4.18 SALAMI ATTACK ......................................................................................................................................... 24 
1.4.19 DATA DIDDLING ......................................................................................................................................... 25 
1.4.20 EMAIL SPOOFING........................................................................................................................................ 25 
2.1 AUTHENTICATION .................................................................................................................................... 26 
2.2 ENCRYPTION............................................................................................................................................. 27 
2.3 DIGITAL SIGNATURES ............................................................................................................................... 28 
2.4 ANTIVIRUS ................................................................................................................................................ 29 
2.5 FIREWALL ................................................................................................................................................. 30 
2.6 STEGANOGRAPHY .................................................................................................................................... 31 
3.1 COMPUTER FORENSICS ............................................................................................................................ 33 
3.2 WHY SHOULD WE REPORT CYBER CRIME? ................................................................................................ 36 
4.1 INTRODUCTION ........................................................................................................................................ 40 
4.2 SOME RECENT CYBER CRIME INCIDENTS .................................................................................................. 40 
5.1 INTRODUCTION ........................................................................................................................................ 47 
5.2 COUNTER CYBER SECURITY INTIATIVES IN INDIA ...................................................................................... 47 
6.1 GENERATING SECURE PASSWORD ............................................................................................................ 52 
6.1.1 GUIDELINE FOR SETTING SECURE PASSWORD ...................................................................................................... 52 
6.2 USING PASSWORD MANAGER .................................................................................................................. 55 
6.2.1 WHAT IS A PASSWORD MANAGER? .................................................................................................................. 56 
6.2.2 WHY YOU SHOULD USE IT? ............................................................................................................................. 56 
6.2.3 HOW DOES IT WORK? .................................................................................................................................... 56 
6.2.4 SOME POPULAR PASSWORD MANAGERS ............................................................................................................ 56 
6.3 ENABLING TWO-STEP VERIFICATION ........................................................................................................ 62 
6.4 SECURING COMPUTER USING FREE ANTIVIRUS ........................................................................................ 72 
7.1 CONFIGURING FIREWALL ON MAC COMPUTER ........................................................................................ 75 
7.1.1 TURNING ON AND CONFIGURING THE MAC OS X FIREWALL .................................................................................. 75 
7.2 WORKING WITH WINDOWS FIREWALL IN WINDOWS .............................................................................. 78 
7.2.1 FIREWALL IN WINDOWS 7 .............................................................................................................................. 78 
7.2.2 CONFIGURING WINDOWS FIREWALL ................................................................................................................ 79 
7.2.3 HOW TO START & USE THE WINDOWS FIREWALL WITH ADVANCED SECURITY .......................................................... 83 
 
7.2.3.1 How to Access the Windows Firewall with Advanced Security ........................................................ 83 
7.2.3.2 What Are The Inbound & Outbound Rules? ..................................................................................... 84 
7.2.3.3 What Are The Connection Security Rules? ....................................................................................... 86 
7.2.3.4 What Does the Windows Firewall with Advanced Security Monitor? ............................................. 87 
8.1 FINDING THE BEST BROWSER ACCORDING TO THE USERS REQUIREMENT ............................................... 89 
9.1 SAFE BROWSING ...................................................................................................................................... 94 
9.1.1 HOW DO I KNOW IF A WEBSITE IS SECURE? ........................................................................................................ 94 
9.2 TIPS FOR BUYING ONLINE ......................................................................................................................... 95 
9.3 CLEARING CACHE FOR BROWSERS ............................................................................................................ 96 
9.3.1 CLEARING CACHE FOR CHROME BROWSERS ABOVE VERSION 10 ............................................................................. 96 
9.3.2 CLEARING CACHE FOR CHROME BROWSERS FROM VERSION 1 TO 9 ......................................................................... 99 
9.3.3 CLEARING CACHE FOR SAFARI FOR IOS, IPHONE AND IPAD .................................................................................. 102 
9.3.4 CLEARING CACHE FOR SAFARI FOR MAC OS X ................................................................................................... 103 
9.3.5 CLEARING CACHE FOR SAFARI FOR WINDOWS ................................................................................................... 104 
9.3.6 CLEARING CACHE FOR INTERNET EXPLORER 9, 10 AND 11 .................................................................................. 106 
9.3.7 CLEARING CACHE FOR INTERNET EXPLORER 8.................................................................................................... 108 
9.3.8 CLEARING CACHE FOR FIREFOX ...................................................................................................................... 111 
9.3.9 CLEARING CACHE FOR FIREFOX 33 ................................................................................................................. 112 
9.3.10 CLEARING CACHE FOR OPERA ...................................................................................................................... 114 
9.3.11 CLEARING CACHE FOR CCLEANER ................................................................................................................. 115 
10.1 WHAT IS WIRELESS LAN? ...................................................................................................................... 117 
10.2 MAJOR ISSUES WITH WLAN .................................................................................................................. 118 
10.2.1 SECURE WLAN ........................................................................................................................................ 118 
10.2.2 WI-FI AT HOME........................................................................................................................................ 118 
11.1 SAFE BROWSING GUIDELINES FOR SOCIAL NETWORKING SITES ........................................................... 123 
11.1.1GENERAL TIPS ON USING SOCIAL NETWORKING PLATFORMS SAFELY .................................................................... 124 
11.1.2 POSTING PERSONAL DETAILS ...................................................................................................................... 125 
11.1.3 FRIENDS, FOLLOWERS AND CONTACTS .......................................................................................................... 125 
11.1.4 STATUS UPDATES ..................................................................................................................................... 126 
11.1.5 SHARING ONLINE CONTENT ........................................................................................................................ 126 
11.1.6 REVEALING YOUR LOCATION ....................................................................................................................... 126 
11.1.7 SHARING VIDEOS AND PHOTOS ................................................................................................................... 127 
11.1.8 INSTANT CHATS ........................................................................................................................................ 127 
11.1.9 JOINING AND CREATING GROUPS, EVENTS AND COMMUNITIES ......................................................................... 127 
 
11.2 EMAIL SECURITY TIPS ........................................................................................................................... 128 
12.1 INTRODUCTION .................................................................................................................................... 130 
12.2 SMARTPHONE SECURITY GUIDELINES ................................................................................................... 131 
12.2.1 PURSES, WALLETS, SMARTPHONES .............................................................................................................. 131 
12.2.2 PLATFORMS, SETUP AND INSTALLATION ........................................................................................................ 132 
12.2.2.1 Platforms and Operating Systems ............................................................................................... 132 
12.2.2.2 Feature Phones ............................................................................................................................ 132 
12.2.2.3 Branded and locked smartphones ............................................................................................... 133 
12.2.2.4 General Setup .............................................................................................................................. 133 
12.2.2.5 Installing and updating applications ........................................................................................... 133 
12.2.3 COMMUNICATING SECURELY(THROUGH VOICE AND MESSAGES) WITH A SMARTPHONE ......................................... 134 
12.2.3.1 Secure Voice Communication ...................................................................................................... 134 
12.2.3.2 Sending Messages Securely ......................................................................................................... 137 
12.2.3.3 Storing Information on your Smartphone .................................................................................... 138 
12.2.3.4 Sending Email from your Smartphone ......................................................................................... 139 
12.2.3.5 Capturing Media with your Smartphone ..................................................................................... 139 
12.2.3.6 Accessing the Internet Securely from your Smartphone .............................................................. 140 
12.2.3.7Advanced Smart Phone Security ................................................................................................... 141 
REFERENCES ....................................................................................................................................................... 144 
 
 
  
  1. INTRODUCTION TO CYBER SPACE 
  2. 1.1 INTRODUCTION 
  3. Internet is among the most important inventions of the 21st century which have affected our 
  4. life. Today internet have crosses every barrier and have changed the way we use to talk, play 
  5. games, work, shop, make friends, listen music,  see movies, order food, pay bill, greet your 
  6. friend on his birthday/ anniversary, etc.  You name it, and we have an app in place for that. It 
  7. has facilitated our life by making it comfortable. Gone are the days when we have to stand in 
  8. a long queue for paying our telephone and electricity bills. Now we can pay it at a click of a 
  9. button from our home or office. The technology have reached to an extent that we don‟t even 
  10. require a computer for using internet. Now we have internet enabled smartphone, palmtops, 
  11. etc. through which we can remain connected to our friends, family and office 24x7.  Not only 
  12. internet has simplified our life but also it has brought many things within the reach of the 
  13. middle class by making them cost effective. It was not long back, while making an ISD or 
  14. even a STD call, the eyes were stricken on the pulse meter. The calls were very costly. ISD 
  15. and STD were used to pass on urgent messages only and the rest of the routine 
  16. communication was done using letters since it was a relatively very cheap. Now internet have 
  17. made it possible to not only talk but use video conference using popular applications like 
  18. skype, gtalk etc. at a very low price to a level where a one hour video chat using internet is 
  19. cheaper that the cost of sending a one   page document from Delhi to Bangalore using speed
  20. post or courier service. Not only this, internet has changed the use of the typical devices that 
  21. were used by us. Television can be used not only for watching popular tv shows and movies 
  22. but can be used for calling/ video chatting with friend using internet. Mobile phone is not only 
  23. used for making a call but viewing a latest movie. We can remain connected to everyone, no 
  24. matter what our location is. Working parents from office can keep eye on their children at 
  25. home and help them in their homework. A businessman can keep eye on his staff, office, 
  26. shop, etc with a click of a button. It has facilitated our life in more than one way. Have you 
  27. ever wondered from where this internet came? Let us discuss the brief history of internet and 
  28. learn how this internet was invented and how it evolved to an extent that now we cannot think 
  29. of our lives without it. 
  30. 1.1.1 History of Internet 
  31. I don‟t know what the cold war between USA and Russia gave to the world, but defiantly the 
  32. internet is one of those very useful inventions whose foundation was laid during cold war 
  34. days. Russia Launched the world‟s first satellite, SPUTNIK into the space on 4th October, 
  35. 1957. This was clearly the victory of Russia over the cyber space and as a counter step, 
  36. Advanced Research Projects Agency, the research arm of Department of Defence, United 
  37. States, declared the launch of ARPANET(Advanced Research Projects Agency NETwork) in 
  38. early 1960‟s. This was an experimental network and was designed to keep the computers 
  39. connected to the this network to communicate with each other even if any of the node, due to 
  40. the bomb attack, fails to respond. The first message was sent over the ARPANET, a packing 
  41. switching network,  by Leonard Kleinrock's laboratory at University of California, Los 
  42. Angeles (UCLA). You will be surprised to know that the fist message that was sent over 
  43. internet was “LO”. Actually they intended to send work “LOGIN” and only the first two 
  44. letters reached its destination at second network node at Stanford Research Institute (SRI) and 
  45. before the last three letters could reach the destination the network was down due to glitch. 
  46. Soon the error was fixed and the message was resent and it  
  47. The major task that ARPANET have to play is to develop rules for communication i.e. 
  48. protocols for communicating over ARPANET.  The ARPANET in particular led to the 
  49. development of protocols for internetworking, in which multiple separate networks could be 
  50. joined into a network of networks. It resulted in the development if TCP/IP protocol suite, 
  51. which specifies the rules for joining and communicating over APRANET. 
  52. Soon after, in 1986 NSF(national Science Foundation) backbone was created to and five US 
  53. universities‟ computing centres were connected to form NSFnet. The participating 
  54. Universities were: 
  55.  Princeton University -- John von Neumann National Supercomputer Center, JvNC 
  56.  Cornell University -- Cornell Theory Center, CTC 
  57.  University of Illinois at Urbana-Champaign -- National Center for Supercomputing 
  58. Applications, NCSA 
  59.  Carnegie Mellon University -- Pittsburgh Supercomputer Center, PSC 
  60.  General Atomics -- San Diego Supercomputer Center, SDSC 
  61. NFSnet, the successor of ARPAnet, become popular by 1990 and ARPANET was 
  62. decommissioned. There were many parallel networks developed by other  Universities and 
  63. other countries like United Kingdom. In 1965, National Physical Laboratory(NPL) proposed a 
  64. packing switching network. Michigan Educational Research Information Triad formed 
  65. MERIT network in 1966 which was funded and supported by State of Michigan and the 
  67. National Science Foundation (NSF). France also developed a packet swiching network, know 
  68. as CYCLADES in 1973.  
  69. Now there were many parallel systems working on different protocols and the scientist were 
  70. looking for some common standard so that the networks could be interconnected.  In 1978, 
  71. TCP/IP protocol suits were ready and by 1983, the TCP/IP protocol were apopted by 
  72. ARPANET. 
  73. In 1981, the integration of two large network took place. NFS developed Computer Science 
  74. Network(CSNET) and was connected to ARPANET  using TCP/IP protocol suite. Now the 
  75. network was not only popular among the research community but the private played also took 
  76. interest in the network. Initially NFS supported speed of 56 kbit/s. It was upgraded to 1.5 
  77. Mbit/s in 1988 to facilitate the growth of network by involving merit network, IBM, MCA 
  78. and the state of Michigan. 
  79. After the copertates took realized the strength and merit of this network, they particepitaqted 
  80. in the develoement of the network to ripe its benefits. By late 1980s many Internet Service 
  81. Providers(ISPs) emerged to provide the backbone for carrying the network traffic. By 1991,  
  82. NFSNET was expended and was upgraded to 45Mbit/s. Many commercial ISPs provided 
  83. backbone serive and was popular among the corporate. To facilitate the commercial use of the 
  84. network, NFSNET was decommissioned in 1995 and now the Internet could carry 
  85. commercial traffic. 
  86. Now more and more Universities and research centres throughout the world connected to it. 
  87. Now this network was very popular amongs the research community and in 1991 National 
  88. Research and Education Network (NREN) was founded and the World Wide Web was 
  89. released.  Initially the role of internet was only limited to file transfer. The credit of internet 
  90. what we see it today goes to Tim Berners-Lee who introduced www.With the advent of www, 
  91. there was a transformation on how the network was used. Now this web of information can be 
  92. used to retrieve any information available over the internet. Software called, browser was 
  93. developed to browse the internet. It was developed by researchers at University of Illinois in 
  94. 1992 and named as Mosaic. This browser enables to browse the internet the way we browse it 
  95. today. 
  96. 1.1.1.1 Internet Addresses 
  97. With so many devices connected to the internet, we require some mechanism to uniquely 
  98. identify every device that is connected to the internet. Also we require some centralized 
  99. 10 
  100. system which takes care of this mechanism so that the signs which are used to identify each 
  101. device are not duplicate; else the whole purpose is defeated. To take care of this, we have a 
  102. centralized authority known as Internet Assigned Numbers Authority (IANA), which is 
  103. responsible for assigning a unique number known as IP(Internet Protocol) address. An IP 
  104. address is a 32-bit binary number which is divided into four octets and each octet consists of 8 
  105. binary digits and these octet are separated by a dot(.). An example of an IP address is  
  106. 11110110.01011010.10011100.1111100 
  107. Each 8-bits in an octet can have two binary values i.e. 0 and 1. Therefore, each octet can have 
  108. minimum value 0. i.e. 00000000 to maximum value 256 i.e. 11111111 and in total have 28= 
  109. 256 different combinations.  
  110. Again to remember this 32-bit address in binary is bit difficult, so for the better understanding 
  111. of the human being, it is expressed in a decimal format. But this decimal format is for human 
  112. understanding only and the computer understands it in binary format only. In decimal, the 
  113. above IP address is expressed as 123.45.78.125 
  114. These octets are used to create and separate different classes. An IP address consists of two 
  115. parts viz. Network and Host. Network part identifies the network different network and the 
  116. host part identifies a device of a particular network.   
  117. This address uniquely identifies a devices connected to the internet similar to the postal 
  118. system where we identify any house by fist identifying the county, then state, district, post 
  119. office, cluster/block and finally the house number. These IP addresses are classified into five 
  120. categories based on the availability of IP range. These categories/classes are: 
  121. Table 1: IP Address Classes 
  122. Class 
  123. Address range 
  124. Supports 
  125. Class A 1.0.0.1 to 126.255.255.254 
  126. Supports 16 million hosts on each of 127 networks. 
  127. Class B 128.1.0.1 to 191.255.255.254 Supports 65,000 hosts on each of 16,000 networks. 
  128. Class C 192.0.1.1 to 223.255.254.254 Supports 254 hosts on each of 2 million networks 
  129. Class D 224.0.0.0 to 239.255.255.255 Reserved for multicast groups 
  130. Class E 240.0.0.0 to 254.255.255.254 Reserved for future use, or Research and 
  131. Development Purposes. 
  132. IANA decentralises that task of assigning the IP addresses by allocating the large chunk of IP 
  133. addresses to   
  134. five Regional Internet Registries (RIRs), which are further responsible to 
  135. 11 
  136. allocate the IP addresses in their zone. These RIRs along with their area of operations are 
  137. listed below: 
  138.  APNIC- This RIR is responsible for  serving the Asia Pacific region 
  139.  AfriNIC- This RIR  is responsible for serving the African region 
  140.  ARIN- This RIR  is responsible for serving North America and several Caribbean and 
  141. North Atlantic islands 
  142.  LACNIC- This RIR  is responsible for serving Latin America and the Caribbean, and 
  143.  RIPE NCC- This RIR  is responsible for serving Europe, the Middle East, and parts of 
  144. Central Asia 
  145. For liaison and coordinating between these five RIRs, there is an organization called Number 
  146. Resource Organization(NRO). These organizations are  
  147. 1.1.1.2 DNS 
  148. Whenever we browse any website in the internet, we type name something like 
  149. www.uou.ac.in and we rarely deal with IP address like 104.28.2.92 but the fact is even if we 
  150. type http:\\ 104.28.2.92 in the URL, it will land us to the same webpage. The fact is we are 
  151. very comfortable using and remembering the names instead of a number. Moreover, these IP 
  152. address changes over time and some of the sites have multiple IP address. Also, the transfer of 
  153. the data over internet is only possible using IP addresses because the routing of the packet of 
  154. data sent over internet is done using IP address. There is a server called Domain Name 
  155. System(DNS) which take cares of this translation job to simplify and to save us from 
  156. remembering these changing IP address numbers, the DNS. Whenever you type an address 
  157. like http:\\www.uou.ac.in, there is a process called DNS name resolution, takes place in the 
  158. background. The computer keeps the track of recently visited sites and locally maintains a 
  159. database in DNS cache. In case, the IP address of the site you have requested for is not found 
  160. in the DNS cache of your local computer, then the next probable place to find it is DNS server 
  161. of your Internet Service Provider(ISP). These DNS servers of ISP also maintain the cache of 
  162. the recently visited pages.   Just in case, the information is not found here also, the DNS 
  163. server of the ISP forward the query to the root nameservers.  The root name servers publish 
  164. the root zone file to other DNS servers and clients on the Internet. The root zone file describes 
  165. where the authoritative servers for the DNS top-level domains (TLD) are located. There are 
  166. currently 13 rootname servers. They are: 
  167.  A - VeriSign Global Registry Services 
  168. 12 
  169.  B - University of Southern California - Information Sciences Institute 
  170.  C - Cogent Communications 
  171.  D - University of Maryland 
  172.  E - NASA Ames Research Center 
  173.  F - Internet Systems Consortium, Inc. 
  174.  G - U.S. DOD Network Information Center 
  175.  H - U.S. Army Research Lab 
  176.  I - Autonomica/NORDUnet 
  177.  J - VeriSign Global Registry Services 
  178.  K - RIPE NCC 
  179.  L - ICANN 
  180.  M - WIDE Project  
  181. These root nameservers directs the query to the appropriate Top-Level Domain(TLD) 
  182. nameservers by reading the last part of the URL first. In our example the url was 
  183. http:\\www.uou.ac.in. The last part is .in. Some of the examples of TLD name servers are 
  184. .com, .biz, .org, .us, .in, etc. These TLD nameservers acts as a switchboard and direct the 
  185. query to the appropriate authoritative nameserver maintained by each domain. These 
  186. authoritative nameserver maintains DNS records along with other useful information. This 
  187. address record is returned back to the requesting host computer via TLD nameservers, 
  188. nameservers, ISP‟s DNS server. These intermediaty server keeps the recond of this IP address 
  189. in their DNS cache, so that if the same request is encountered again , they don‟t have to go 
  190. through this process again.  If the same URL is requested again, the DNS cache of the local 
  191. host computer will return the IP address of the URL. 
  192. 1.1.1.3 Internet Infrastructure 
  193. Internet, as the name suggests, in a network of network i.e. it is a collection of several small, 
  194. medium and large networks. This clearly indicates to one fact, nobody is a single owner of the 
  195. internet and it is one of the proven example of collaborative success. Now you must be 
  196. surprised how such a large network which is spread across the continents can run without the 
  197. any problem. Yes it is correct that to monitor such a large network, we require an 
  198. international body which can frame the rules, regulation and protocols to join and use this 
  199. network.  Therefore, an international organization, known as “The Internet Society” was 
  200. formed in 1992 to take care of such issues. 
  201. 13 
  202. Let us now discuss, how this internet works? How the email you sent to your friend is 
  203. received by your friend‟s computer located at another country/continent. When you are 
  204. working in your laptop/desktop in your home without connecting to the internet, your 
  205. computer is a standalone system. But, whenever you connect to the internet by dialling to 
  206. your Internet Service Provider(ISP) using your modem, you become the part of the network. 
  207. The ISP is the link between the internet backbone, through which the entire data route, and 
  208. the user. The ISP connects to the internet backbone at Network Access Points(NAP). These 
  209. NAPs are the provided by the large telecommunication companies at various regions. These 
  210. large telecommunication companies connect the countries and the continents by building and 
  211. maintaining the large backbone infrastructure to route data from NAP to NAP.  ISPs are 
  212. connected to this backbone at NAP and are responsible build and manage network locally. So 
  213. when you dial internet through modem, you first become part of the local ISP, which in turn 
  214. connects to the internet backbone through NAP. The data is routed through this backbone and 
  215. sent to the destination NAP, where the ISP of your friend‟s network is located. As soon as 
  216. your friend dials his modem to connect to the internet, the data is delivered to your friend‟s 
  217. computer. 
  218. 1.1.1.4 World Wide Web 
  219. Sometimes we interchangeably use the term internet and world wide web or simply the web, 
  220. as it is popularly known as. But web is only one of the several the utilities that internet 
  221. provides. Some of the popular service that internet provides other then web is e-mail, usenet,  
  222. messaging service, FTP, etc.  The web use HTTP protocol to communicate over internet and 
  223. to exchange information. The web was developed at CERN (Europeen de Reserches 
  224. Nucleaires), Switzerland) by a UK scientist Tim Berners-Lee in 1989. It consists of all the 
  225. public web sites and all the devices that access the web content. WWW is an information 
  226. sharing model which is developed to exchange information over the internet. There are plenty 
  227. of public websites, which is a collection of web pages, available over the internet. These web
  228. pages contain plenty of information in a form of text, videos, audio and picture format.   
  229. These web pages are access using a application software called a web browser. Some of the 
  230. examples of the popular web browser are: Internet explorer, Chrome, Safari, Firefox, etc.  
  231. So this was a little indroduction about internet and how it functions. Now let us discuss about 
  232. cyber crime. 
  233. 14 
  234. 1.2 INTRODUCTION TO CYBER CRIME 
  235. The internet was born around 1960‟s where its access was limited to few scientist, researchers 
  236. and the defence only. Internet user base have evolved expontinanlty. Initially the computer 
  237. crime was only confined to making a physical damage to the computer and related 
  238. infrastructure. Around 1980‟s the trend changed from causing the physical damaging to 
  239. computers to making a computer malfunction using a malicious code called virus. Till then 
  240. the effect was not so widespread beacouse internet was only comfined to defence setups, large 
  241. international companies and research communities. In 1996, when internet was launched for 
  242. the public, it immeditly became populer among the masses and they slowly became dependent 
  243. on it to an extent that it have changed their lifestyle. The GUIs were written so well that the 
  244. user don‟t have to bother how the internet was functioning. They have to simply make few 
  245. click over the hyber links or type the desired information at the desired place without 
  246. bothering where this data is stored and how it is sent over the internet or wether the data can 
  247. accessed by another person who is conneted to the internet or wether the data packet sent over 
  248. the internet can be snoofed and tempered. The focus of the computer crime shifted from 
  249. marely damaging the computer or destroying or manipulating data for personal benefit to 
  250. financial crime. These computer attacks are incresing at a rapid pase. Every second around 25 
  251. computer became victim to cyber attack and around 800 million individuals are effected by it 
  252. till 2013. CERT-India have reported around 308371 Indian websites to be hacked between 
  253. 2011-2013. It is also estimated that around $160 million are lost per year due to cyber crime. 
  254. This figure is very conservative as most of the cases are never reported.   
  255. Accoring to the 2013-14 report of the standing committee on Information Technology to the 
  256. 15th Lok Sabha by ministry of communication and information technology, India is a third 
  257. largest number do Intrernet users throughout the world with an estimated 100 million internet 
  258. users as on June, 2011 and the numbers are growing rapidly. There are around 22 million 
  259. broadband connections in India till date operated by around 134 major Internet Service 
  260. Providers(ISPs).  
  261. Before discussing the matter further, let us know what the cyber crime is? 
  262. The term cyber crime is used to describe a unlawful activity in which computer or computing 
  263. devices such as smartphones, tablets, Personal Digital Assistants(PDAs),  etc. which are stand 
  264. alone or a part of a network are used as a tool or/and target of criminal acitivity. It is often 
  265. 15 
  266. commited by the people of destructive and criminal mindset either for revenge, greed or 
  267. adventure. 
  268. 1.2.1 Classification of Cyber Crimes 
  269. The cyber criminal could be internal or external to the organization facing the cyber attack. 
  270. Based on this fact, the cyber crime could be categorized into two types: 
  271.  Insider Attack: An attack to the network or the computer system by some person with 
  272. authorized system access is known as insider attack. It is generally performed by 
  273. dissatisfied or unhappy inside employees or contractors. The motive of the insider 
  274. attack could be revenge or greed. It is comparitively easy for an insider to perform a 
  275. cyber attack as he is well aware of the policies, processes, IT architecture and 
  276. wealness of the security system. Moreover, the attacker have an access to the network.  
  277. Therefore it is comparatively easy for a  insider attacker to steel sensitive information, 
  278. crash the network, etc. In most of the cases the reason for insider attack is when a 
  279. employee is fired or assigned new roles in an organization, and the role is not reflected 
  280. in the IT policies. This opens a vernability window for the attacker. The insider attack 
  281. could be prevented by planning and installing an Internal intrusion detection systems 
  282. (IDS) in the organization.  
  283.  External Attack: When the attacker is either hired by an insider or an external entity to 
  284. the organization, it is known as external attack. The organization which is a victim of  
  285. cyber attack not only faces financial loss but also the loss of reputation.  Since the 
  286. attacker is external to the organization, so these attackers usually scan and gathering 
  287. information.An expreicend network/security administrator keeps regual eye on the log 
  288. generated by the firewalls as extertnal attacks can be traced out by carefully analysinig 
  289. these firewall logs. Also, Intrusion Detection Systems are installed to keep an eye on 
  290. external attacks. 
  291. The cyber attacks can also be classified as structure attacks and unstructured attacks based on 
  292. the level of maturity of the attacker. Some of the authors have classified these attacks as a 
  293. form of external attacks but there is precedence of the cases when a structured attack was 
  294. performed by an internal employee. This happens in the case when the competitor company 
  295. wants the future strategy of an organization on certain points. The attacker may strategically 
  296. gain access to the company as an employee and access the required information. 
  297. 16 
  298.  Unstructured attacks: These attacks are generally performed by amatures who don‟t 
  299. have any predefined motives to perform the cyber attack. Usually these amatures try to 
  300. test a tool readily available over the internet on the network of a random company. 
  301.  Structure Attack: These types of attacks are performed by highly skilled and 
  302. experienced people and the motives of these attacks are clear in their mind. They have 
  303. access to sophisticated tools and technologies to gain access to other networks without 
  304. being noticed by their Intrusion Detection Systems(IDSs). Moreover, these attacker 
  305. have the necessary expertise to develop or modify the existing tools to satisfy their 
  306. purpose. These types of attacks are usually performed by professional criminals, by a 
  307. country on other rival countries, politicians to damage the image of the rival person or 
  308. the country, terrorists, rival companies, etc. 
  309. Cyber crimes have turned out to be a low-investment, low-risk business with  huge returns. 
  310. Now-a-days these structured crimes are performed are highly organized. There is a perfect 
  311. hierarchical organizational setup like formal organizations and some of them have reached a 
  312. level in technical capabilities at par with those of developed nation.   They are targeting large 
  313. financial organizations, defence and nuclear establishments and they are also into online 
  314. drugs trading. 
  315. Criminal 
  316. Boss
  317.  They are Trojan Provider and 
  318. Manager. They are responsible for 
  319. trojen command and control.
  320.  Under Boss
  321.  They are the attackers crimeware 
  322. toolkit owner. They distribute Trojen 
  323. in legtimate websites through their 
  324. affiliation network.
  325.  Campaign 
  326. Manager
  327.  Campaign 
  328. Manager
  329.  Stolen Data 
  330. Reseller
  331.  Stolen Data 
  332. Reseller
  333.  Campaign 
  334. Manager
  335.  Stolen Data 
  336. Reseller
  337.  Figure 1 : Hierarchical Organisational Structure 
  338. 17 
  339. The role of all the people in the hierarchy reamin changing and it is based on the oppourtinity. 
  340. If a hacker who have hacked sesetive data from an organization may use it for financially 
  341. exploiting the organisation himself. In case, the hacker himself have the technical expertise 
  342. for it, he will do it himself, otherwise he may find a buyer who is intrested in that data and 
  343. have the technical expertize.  
  344. There are some cyber criminals offers on-demand and service.  The person, organization or a 
  345. country may contact these cyber criminals for hacking an organization to gain access to some 
  346. sensetive data , or create massive denial-of –service attack on their compititors. Based on the 
  347. demand of the customer the hackers write malware, virus, etc to suit their requirements. An 
  348. organizaiton effected by a cyber attack, not only faces finincial loss, but its repuration is also 
  349. adversly affected, and the compitititor organization will definatly benefited by it. 
  350. 1.2.2 Reasons for Commission of Cyber Crimes 
  351. There are many reasons which act as a catalyst in the growth of cyber crime. Some of the 
  352. prominent reasons are: 
  353. a. Money: People are motivated towards committing cyber crime is to make quick and 
  354. easy money.  
  355. b. Revenge: Some people try to take revenge with other person/organization/society/ 
  356. caste or religion by defaming its reputation or bringing economical or physical loss. 
  357. This comes under the category of cyber terrorism.  
  358. c. Fun: The amateur do cyber crime for fun. They just want to test the latest tool they 
  359. have encountered. 
  360. d. Recognition: It is considered to be pride if someone hack the highly secured networks 
  361. like defense sites or networks.  
  362. e. Anonymity- Many time the anonymity that a cyber space provide motivates the person 
  363. to commit cyber crime as it is much easy to commit a cyber crime over the cyber 
  364. space and remain anonymous as compared to real world.  
  365. It is much easier to get away with criminal activity in a cyber world than in the real 
  366. world. There is a strong sense of anonymity than can draw otherwise respectable 
  367. citizens to abandon their ethics in pursuit personal gain. 
  368. f. 
  369. Cyber Espionage: At times the government itself is involved in cyber trespassing to 
  370. keep eye on other person/network/country. The reason could be politically, 
  371. economically socially motivated.   
  372. 18 
  373. 1.3 MALWARE AND ITS TYPE 
  374. Malware stands for “Malicious Software” and it is designed to gain access or installed into the 
  375. computer without the consent of the user. They perform unwanted tasks in the host computer 
  376. for the benefit of a third party. There is a full range of malwares which can seriously degrade 
  377. the performance of the host machine. There is a full range of malwares which are simply 
  378. written to distract/annoy the user, to the complex ones which captures the sensitive data from 
  379. the host machine and send it to remote servers. There are various types of malwares present in 
  380. the Internet. Some of the popular ones are: 
  381. 1.3.1 Adware 
  382. It is a special type of malware which is used for forced advertising. They either redirect the 
  383. page to some advertising page or pop-up an additional page which promotes some product or 
  384. event. These adware are financially supported by the organizations whose products are 
  385. advertised. 
  386. 1.3.2 Spyware 
  387. It is a special type of which is installed in the target computer with or without the user 
  388. permission and is designed to steal sensitive information from the target machine. Mostly it 
  389. gathers the browsing habits of the user and the send it to the remote server without the 
  390. knowledge of the owner of the computer.  Most of the time they are downloaded in to the host 
  391. computer while downloading freeware i.e. free application programmes from the internet. 
  392. Spywares may be of various types; It can keeps track of the cookies of the host computer, it 
  393. can act as a keyloggers to sniff the banking passwords and sensitive information, etc.  
  394. 1.3.3 Browser hijacking software  
  395. There is some malicious software which are downloaded along with the free software offered 
  396. over the internet and installed in the host computer without the knowledge of the user. This 
  397. software modifies the browsers setting and redirect links to other unintentional sites. 
  398. 1.3.4 Virus 
  399. A virus is a malicious code written to damage/harm the host computer by deleting or 
  400. appending a file, occupy memory space of the computer by replicating the copy of the code, 
  401. slow down the performance of the computer, format the host machine, etc.  It can be spread 
  402. via email attachment, pen drives, digital images, e-greeting, audio or video clips, etc. A virus 
  403. may be present in a computer but it cannot activate itself without the human intervention. 
  404. 19 
  405. Until and unless the executable file(.exe) is execute, a virus cannot be activated in the host 
  406. machine.    
  407. 1.3.5 Worms 
  408. They are a class of virus which can replicate themselves. They are different from the virus by 
  409. the fact that they does not require human intervention to travel over the network and spread 
  410. from the infected machine to the whole network. Worms can spread either through network, 
  411. using the loopholes of the Operating System or via email. The replication and spreading of the 
  412. worm over the network consumes the network resources like space and bandwidth and force 
  413. the network to choke.  
  414. 1.3.6 Trojan Horse  
  415. Trojan horse is a malicious code that is installed in the host machine by pretending to be 
  416. useful software. The user clicks on the link or download the file which pretends to be a useful 
  417. file or software from legitimate source. It not only damages the host computer by 
  418. manipulating the data but also it creates a backdoor in the host computer so that it could be 
  419. controlled by a remote computer. It can become a part of botnet(robot-network), a network of 
  420. computers which are infected by malicious code and controlled by central controller. The 
  421. computers of this network which are infected by malicious code are known as zombies. 
  422. Trojens neither infect the other computers in the network nor do they replicate. 
  423. 20 
  424. Figure 2: A typical botnet 
  425. 1.3.7 Scareware 
  426. Internet has changed how we talk, shop, play etc. It has even changed the way how the 
  427. criminal target the people for ransom. While surfing the Internet, suddenly a pop-up alert 
  428. appears in the screen which warns the presence of dangerous virus, spywares, etc. in the  
  429. user‟s computer. As a remedial measure, the message suggests the used download the full 
  430. paid version of the software. As the user proceeds to download, a malicious code, known as 
  431. scareware is downloaded into the host computer. It holds the host computer hostage until the 
  432. ransom is paid. The malicious code can neither be uninstalled nor can the computer be used 
  433. till the ransom is paid. A sample message alert of a scareware is shown below in Fig 31 
  434. Figure 3: Sample Warning Message of a 
  435. Scareware1 
  436. 1.4 KINDS OF CYBER CRIME 
  437. Various types of cyber crimes are: 
  438. 1.4.1 Cyber Stalking 
  439. It is an act of stalking, harassing or threatening someone using Internet/computer as a 
  440. medium. This is often done to defame a person and use email, social network, instant 
  441. messenger, web-posting, etc. as a using Internet as a medium as it offers anonymity.  The 
  442. behaviour includes false accusations, threats, sexual exploitation to minors, monitoring, etc.  
  443. 1Image courtesy: https://www.flickr.com/photos/alamagordo/2372928527 
  444. 21 
  445. 1.4.2 Child Pornography 
  446. It is an act of possessing image or video of a minor (under 18), engaged in sexual conduct. 
  447. 1.4.3 Forgery and Counterfeiting 
  448. It is a use of computer to forgery and counterfeiting is a document. With the advancement in 
  449. the hardware and the software, it is possible to produce counterfeit which matches the original 
  450. document to such an extent that it is not possible to judge the authenticity of the document 
  451. without expert judgement. 
  452. 1.4.4 Software Piracy and Crime related to IPRs 
  453. Software piracy is an illegal reproduction and distribution for personal use or business. It 
  454. comes under crime related to IPR infringement. Some of the other crimes under IPR 
  455. infringement are: download of songs, downloading movies, etc.  
  456. 1.4.5 Cyber Terrorism 
  457. It is defined as the use of computer resources to intimidate or coerce government, the civilian 
  458. population or any segment thereof in furtherance of political or social objectives.  
  459. 1.4.6 Phishing  
  460. It is a process of acquiring personal and sensitive information of an individual via email by 
  461. disguising as a trustworthy entity in an electronic communication. The purpose of phishing is 
  462. identity theft and the personal information like username, password, and credit card number 
  463. etc. may be used to steal money from user account. If a telephone is used as a medium for 
  464. identity theft, it is known as Vishing (voice phishing). Another form of phishing is Smishing, 
  465. in which sms is used to lure customers.  
  466. 1.4.7 Computer Vandalism 
  467. It is an act of physical destroying computing resources using physical force or malicious 
  468. code.  
  469. 1.4.8 Computer Hacking 
  470. It is a practice of modifying computer hardware and software to accomplish a goal outside the 
  471. creator‟s original purpose. The purpose of hacking a computer system may vary from simply 
  472. demonstrations of the technical ability, to sealing, modifying or destroying information for 
  473. social, economic or political reasons. Now the corporate are hiring hackers, a person who is 
  474. engaged in hacking computers, to intentionally hack the computer of an organization to find 
  475. and fix security vulnerabilities. 
  476. The hackers may be classified as: 
  477. 22 
  478.  White Hat: white hat hackers are the persons who hack the system to find the security 
  479. vulnerabilities of a system and notify to the organizations so that a preventive action 
  480. can be taken to protect the system from outside hackers. White hat hackers may be 
  481. paid employee of an organization who is employed to find the security loop-holes, or 
  482. may be a freelancer who just wants to prove his mantle in this field. They are popular 
  483. known as ethical hackers. 
  484.  Black Hat: in contrast to the white hat, the black hat hack the system with ill 
  485. intentions. They may hack the system for social, political or economically motivated 
  486. intentions. They find the security loopholes the system, and keep the information 
  487. themselves and exploit the system for personal or organizational benefits till 
  488. organization whose system is compromised is aware of this, and apply security 
  489. patches. They are popularly known as crackers. 
  490.  Grey Hat: Grey hat hackers find out the security vulnerabilities and report to the site 
  491. administrators and offer the fix of the security bug for a consultancy fee.  
  492.  Blue hat: A blue hat hacker is someone outside computer security consulting firms 
  493. who is used to bug-test a system prior to its launch, looking for exploits so they can be 
  494. closed.  
  495. 1.4.9 Creating and distributing viruses over internet 
  496. The spreading of an virus can cause business and financial loss to an organization. The loss 
  497. includes the cost of repairing the system, cost associated with the loss of business during 
  498. downtime and cost of loss of opportunity. The organization can sue the hacker, if found, for 
  499. the sum of more than or equivalent to the loss borne by the organization.  
  500. 1.4.10 Spamming 
  501. Sending of unsolicited and commercial bulk message over the internet is known as spamming. 
  502. An email can be classified as spam, if it meets following criteria: 
  503. a. Mass mailing:- the email is not targeted to one particular person but to a large number 
  504. of peoples. 
  505. b. Anonymity:- The real identify of the person not known 
  506. c. Unsolicited:- the email is neither expected nor requested for the recipient. 
  507. These spams not only irritate the recipients and overload the network but also waste the time 
  508. and occupy the valuable memory space of the mailbox.  
  509. 1.4.11 Cross Site Scripting 
  510. 23 
  511. It is an activity which involves injecting a malicious client side script into a trusted website. 
  512. As soon as the browser executes the malicious script, the malicious script gets access to the 
  513. cookies and other sensitive information and sent to remote servers. Now this information can 
  514. be use to gain financial benefit or physical access to a system for personal interest. 
  515. 1.4.12 Online Auction Fraud 
  516. There are many genuine websites who offers online auction over internet. Taking the 
  517. advantage of the reputation of these websites, some of the cyber criminals lure the customers 
  518. to online auction fraud schemes which often lead to either overpayment of the product or the 
  519. item is never delivered once the payment is made. 
  520. 1.4.13 Cyber Squatting 
  521. It is an act of reserving the domain names of someone else‟s trademark with intent to sell it 
  522. afterwards to the organization who is the owner of the trademark at a higher price. 
  523. 1.4.14 Logic Bombs  
  524. These are malicious code inserted into legitimate software. The malicious action is triggered 
  525. by some specific condition. If the conditions holds true in future, the malicious action begins 
  526. and based on the action defined in the malicious code, they either destroy the information 
  527. stored in the system or make system unusable. 
  528. 1.4.15 Web Jacking 
  529. The hacker gain access to a website of an organization and either blocks it or modify it to 
  530. serve political, economical or social interest. The recent examples of web jacking are some of 
  531. the websites of the educational institutes were hacked by Pakistani hackers and an animation 
  532. which contains Pakistani flags were flashed in the homepage of these websites. Another 
  533. example is Indian hackers hacked website of Pakistani railways and flashed Indian flag in the 
  534. homepage for several hours on the occasion of Independence Day of India in 2014. 
  535. 1.4.16 Internet Time Thefts  
  536. Hacking the username and password of ISP of an individual and surfing the internet at his 
  537. cost is Internet Time Theft. 
  538. 1.4.17 Denial of Service Attack 
  539. It is a cyber attack in which the network is chocked and often collapsed by flooding it with 
  540. useless traffic and thus preventing the legitimate network traffic. 
  541. 1.4.18 Salami Attack  
  542. 24 
  543. It is an attack which proceeds with small increments and final add up to lead to a major 
  544. attack.  The increments are so small that they remain unnoticed. An example of salami attack 
  545. is gaining access to online banking of an individual and withdrawing amount in such a small 
  546. amounts that it remains unnoticed by the owner. Often there is default trigger set in the 
  547. banking website and transactions below say, Rs. 1000 withdrawal are not reported to the 
  548. owner of the account. Withdrawing amount of Rs. 1000 over a period of time will lead to total 
  549. withdrawal of a large sum. 
  550. 1.4.19 Data Diddling  
  551. It is a practice of changing the data before its entry into the computer system. Often, the 
  552. original data is retained after the execution on the data is done. For example, DA or the basic 
  553. salary of the person is changed in the payroll data of an individual for pay calculation. Once 
  554. the salary is calculated and transferred to his account, the total salary is replaced by his actual 
  555. salary in the report.  
  556. 1.4.20 Email Spoofing 
  557. It is a process of changing the header information of an e-mail so that its original source is not 
  558. identified and it appears to an individual at the receiving end that the email has been 
  559. originated from source other than the original source. 
  560. 25 
  561. CYBER SECURITY TECHNIQUES 
  562. There are many cyber security techniques to combat the cyber security attacks. The next 
  563. section discusses some of the popular techniques to counter the cyber attacks. 
  564. 2.1 AUTHENTICATION  
  565. It is a process of identifying an individual and ensuring that the individual is the same who 
  566. he/she claims to be. A typical method for authentication over internet is via username and 
  567. password. With the increase in the reported cases of cyber crime by identity theft over 
  568. internet, the organizations have made some additional arrangements for authentication like 
  569. One Time Password(OTP), as the name suggest it is a password which can be used one time 
  570. only and is sent to the user as an SMS or an email at the mobile number/email address that he 
  571. have specified during the registration process.  It is known as two-factor authentication 
  572. method and requires two type of evidence to authentication an individual to provide an extra 
  573. layer of security for authentication. Some other popular techniques for two-way 
  574. authentication are: biometric data, physical token, etc. which are used in conjunction with 
  575. username and password. 
  576. The authentication becomes more important in light of the fact that today the multinational 
  577. organizations have changed the way the business was to be say, 15 years back. They have 
  578. offices present around the Globe, and an employee may want an access which is present in a 
  579. centralized sever. Or an employee is working from home and not using the office intranet and 
  580. wants an access to some particular file present in the office network. The system needs to 
  581. authenticate the user and based on the credentials of that user, may or may not provide access 
  582. to the used to the information he requested. The process of giving access to an individual to 
  583. certain resources based on the credentials of an individual is known as authorization and often 
  584. this process is go hand-in-hand with authorization. Now, one can easily understand the role of 
  585. strong password for authorization to ensure cyber security as an easy password can be a cause 
  586. of security flaw and can bring the whole organization at high risk. Therefore, the password 
  587. policy of an organization should be such that employees are forced to use strong passwords 
  588. (more than 12 characters and combination of lowercase and uppercase alphabets along with 
  589. numbers and special characters) and prompt user to change their password frequently. In 
  590. some of the bigger organizations or an organization which deals in sensitive information like 
  591. defence agencies, financial institutions, planning commissions, etc. a hybrid authentication 
  592. 26 
  593. system is used which combines both the username and password along with hardware security 
  594. measures like biometric system, etc. Some of the larger organizations also use VPN(Virtual 
  595. Private Network), which is one of the method to provide secure access via hybrid security 
  596. authentication to the company network over internet. 
  597. 2.2 ENCRYPTION 
  598. It is a technique to convert the data in unreadable form before transmitting it over the internet. 
  599. Only the person who have the access to the key and convert it in the readable form and read it. 
  600. Formally encryption can be defined as a technique to lock the data by converting it to 
  601. complex codes using mathematical algorithms. The code is so complex that it even the most 
  602. powerful computer will take several years to break the code. This secure code can safely be 
  603. transmitted over internet to the destination. The receiver, after receiving the data can decode it 
  604. using the key. The decoding of the complex code to original text using key is known as 
  605. decryption.  If the same key is used to lock and unlock the data, it is known as symmetric key 
  606. encryption. 
  607. Figure 4: Encryption2 
  608. In symmetric key encryption, the after coding of data, the key is sent to the destination user 
  609. via some other medium like postal service, telephone, etc. because if the key obtained by the 
  610. hacker, the security of the data is compromised. Key distribution is a complex task because 
  611. the security of key while transmission is itself an issue. To avoid the transfer of key a method 
  612. called asymmetric key encryption, also known as public key encryption, is used. In 
  613. 2Image courtesy: https://upload.wikimedia.org/wikipedia/commons/b/bc/Public_key_encryption_keys.png 
  614. 27 
  615. asymmetric key encryption, the key used to encrypt and decrypt data are different. Every user 
  616. posse‟s two keys viz. public key and private key. As the name suggest, the public key of 
  617. every user is known to everyone but the private key is known to the particular user, who own 
  618. the key, only. Suppose sender A wants to send a secret message to receiver B through 
  619. internet. A will encrypt the message using B‟s public key, as the public key is known to 
  620. everyone. Once the message is encrypted, the message can safely be send to B over internet. 
  621. As soon as the message is received by B, he will use his private key to decrypt the message 
  622. and regenerate the original message. 
  623. 2.3 DIGITAL SIGNATURES 
  624. It is a technique for validation of data. Validation is a process of certifying the content of a 
  625. document. The digital signatures not only validate the data but also used for authentication. 
  626. The digital signature is created by encrypting the data with the private key of the sender. The 
  627. encrypted data is attached along with the original message and sent over the internet to the 
  628. destination. The receiver can decrypt the signature with the public key of the sender. Now the 
  629. decrypted message is compared with the original message. If both are same, it signifies that 
  630. the data is not tempered and also the authenticity of the sender is verified as someone with the 
  631. private key(which is known to the owner only) can encrypt the data  which was then 
  632. decrypted by his public key. If the data is tempered while transmission, it is easily detected by 
  633. the receiver as the data will not be verified. Moreover, the massage cannot be re-encrypted 
  634. after tempering as the private key, which is posses only by the original sender, is required for 
  635. this purpose.  
  636. As more and more documents are transmitted over internet, digital signatures are essential 
  637. part of the legal as well as the financial transition. It not only provides the authentication of a 
  638. person and the validation of the document, it also prevents the denial or agreement at a later 
  639. stage. Suppose a shareholder instructs the broker via email to sell the share at the c





Vulnerability is the state of being exposed to the possibility of being harmed or attacked, either emotionally or physicallyIt can also refer to the inability to respond to a disaster or resist a hazard. For example, people who live on plains are more vulnerable to floods than people who live higher up. 
unisdr.org
What does Vulnerability mean?
What does Vulnerability mean? Vulnerability is the inability to resist a hazard or to respond when a disaster has occurred. For instance, people who live on plains are more vulnerable to floods than people who live higher up.
Vulnerability can also refer to being open to attack or damage, or being capable of being wounded. For example, poorly-protected wireless access and misconfigured firewalls are common examples of vulnerability. Cybercriminals can exploit these vulnerabilities to harm devices running a particular operating system. 
Vulnerability can also refer to emotional exposure that comes with a degree of uncertainty. Learning how to be vulnerable involves being willing to accept the emotional risk that comes from being open and willing to love and be loved. A fear of vulnerability is very common. 
Brené Brown has a TED Talk about the power of vulnerability, where she shares the idea that vulnerability is essential. She says that vulnerable people have the courage to be imperfect, compassion to be kind to themselves first and then to others, and connection. 
What are the 4 main types of vulnerability?
Is vulnerability a strength or weakness?
Synonym of vulnerability






















Comments

Post a Comment

Popular posts from this blog

security computer operating sysytem - Qubes OS

    What is Qubes OS? \ Qubes OS is a highly secure and privacy-focused operating system that utilizes multiple virtual machines (VMs), each designed for different tasks or applications. Its main objective is to enhance the user's online privacy and security. This OS allows users to isolate different levels of sensitivity data into separate VMs. For example, you can use one VM for banking transactions and another for browsing, and if one VM experiences a security breach, the other VMs won't be affected. Qubes OS is based on the Xen hypervisor, which manages VMs and maintains a trusted computing base (TCB). It is built on the Linux kernel and utilizes Xen virtualization technology. Additionally, Qubes OS provides users with an interface to visually organize all VMs. Each VM can be identified by a different color or icon. Moreover, Qubes OS comes with some pre-configured VMs such as Work, Personal, Vault, and Disposable, designed for various tasks and levels of security. Overall...
Post a Comment
Read more

Cloud Infrastructure and Service Management full tutorials

  Cloud Infrastructure and Service Management Cloud Architect Salary Range in India Entry-Level Cloud Architect (0–3 Years) Salary Range : ₹6,00,000 – ₹12,00,000 per year Monthly Range : ₹50,000 – ₹1,00,000 Mid-Level Cloud Architect (3–7 Years) Salary Range : ₹12,00,000 – ₹24,00,000 per year Monthly Range : ₹1,00,000 – ₹2,00,000 Senior Cloud Architect (7+ Years) Salary Range : ₹25,00,000 – ₹50,00,000+ per year Monthly Range : ₹2,00,000 – ₹4,00,000+   CLOUD INFRASTRUCTURE Cloud Infrastructure, Deep Architecture, and Cloud Service Management : Cloud Infrastructure and Deep Architecture Fundamentals of Cloud Computing Cloud Deployment Models (Public, Private, Hybrid, and Community) Cloud Service Models (IaaS, PaaS, SaaS) Virtualization Technologies Data Center Design and Architecture Scalability and Elasticity in Cloud Load Balancing in Cloud Cloud Storage Architectures Containerization and Orchestration (Docker, Kubernetes) Networking in Cloud (SDN, VPNs) Security in Cloud Infr...
Post a Comment
Read more

Cloud Infrastructure & Service Management Part-2

  Cloud Infrastructure and Deep Architecture LINK PART 1 : >  Cloud Infrastructure and Deep Architecture PART - 2  Cloud Service Management Cloud Service Lifecycle Service Level Agreements (SLAs) in Cloud Cloud Governance and Compliance Billing and Cost Management in Cloud Cloud Monitoring and Analytics Resource Provisioning and Management Automation in Cloud Service Management Incident Management in Cloud Identity and Access Management (IAM) Cloud Vendor Management Cloud Migration Strategies Backup and Restore in Cloud Performance Optimization of Cloud Services Multi-Cloud and Hybrid Cloud Management Microservices Architecture/ CICD, GDPR   1.  Cloud Service Lifecycle LINK :     Cloud Service , Service Life Cycle Management Cloud Service Lifecycle The Cloud Service Lifecycle consists of structured phases that ensure effective management of cloud services from inception to retirement. The phases are: 1. Planning Identifying business require...
Post a Comment
Read more