SIA | 2x: suuuivone’ [nttshers& Ditto BU, CYBER SECURITY LATEST 2022 EDITION B.Com Ill-Year VI-Sem. {As Per the Latest (2019-20) Syllabus (CBCS) of B.Com (OU) (Discipline Specific Elective 603(b)) (Only for Computer Applications) B.Com. _ : Ill-Year Vi-Sem. Prepared by : SIA Team of Experts Total Pages: 160 Salient Features: & Exclusively Prepared as per the Latest (2019-20) Syllabus (CBCS) Prescribed by the University. = Highly Qualified and Well Experienced Team of Experts Prepared this Book. = Subject is Explained in Simple and Easy to Understand Language & Gives Complete Knowledge of the Syllabus Topics from Examination Point of View. © Every unit is structured into two main sections viz., Short Questions (Part-A) and Essay Questions (Part-B) and Answers. = Unit wise intemal Assessment (Internal Exam) Patterns attached with every unit. = Unit wise List of Important Definitions are given separately. ‘= Unit-wise Important Questions are provided. = Model Question Papers with Solutions as per University Exam Pattern, ‘= Maximum Questions were Asked from SIA Books in Final Exams, Many Students ‘Scored High Marks in All Subjects After Studying from SIA Books Syllabus Covered for : Osmania University Kakatiya University ‘Mahatma Gandhi University Plarnuru University + Telangana University Satavahana University2. | Securing Web Application, ervices and Servers This unit covers the topies: Introduction, Basic Security for HTTP Applications and Services, Basic Security for SOAP Services, Wentity Management and Web Services, Authorization Patterns, Security Considerations, Challenges. |. | Intrusion Detection and Prevention ‘This unit covers the topi : Intrusion, Physical Theft, Abuse of| Privileges, Unauthorized Access by Outsider, Malware Infection, Intrusion Detection and Prevention Techniques, Anti-Malware Software, Network-based Intrusion Detection Systems, Network- based Intrusion Prevention Systems, Host-based Intrusion | Prevention Systems, Security Information Management, Network | Session Analysis, System Integrity Validation. 4. | Cryptography and Network Security This unit covers the topics Introduction to Cryptography, Symmettic Key Cryptography, Asymmetric Key Cryptography, Message Authentication, Digital Signatures, Applications of| Cryptography. Overview of Firewalls ~ Types of Firewalls, User| Management, VPN Security, Security Protocols: Security atthe Apoiation Layer~ PGP and S/MIME, Security t Tnspoa| Layer ~ SSL and TLS, Security at Network Layer - IPSec. 5. | Cyberspace and the Law, Cyber Forensics LI ‘This unit covers the topies: Cyberspace and the Law: Introduction Cyber Security Regulations, Roles of Intemational Law, The State and Private Sector in Cyberspace, Cyber Security Standards. The INDIAN Cyberspace, National Cyber Security Policy 2013. Cyber Forensics: Introduction to Cyber Forensics, Handling Preliminary Investigations, Controlling an Investigation, Conducting Disk based Analysis Investigating Information-hiding, Serutnizing E nail, Validating E-mail Header Information, Tracing Internet Access, Tracing Memory in Real-time. Itis sincerely hoped that this book will satisfy the expectations of students and at the same time helps them to score maximum marks in exams, Suggestions for improvement of the book from our esteemed readers will be highly appreciated and incorporated in our forthcoming editions.CyBER SECURITY B.Com. Iil-Yoar VI-Somestor (OU) (DSE-603(b)) (Computer Applications) CONTENTS SYLLABUS (As per 2019-20 Curriculum) LIST OF IMPORTANT DEFINITIONS UNIT-I INTRODUCTION TO CYBER SECURITY, CYBER SECURITY VULNERABILITIES AND CYBER SECURITY SAFEGUARDS 1-20 Part-A SHORT QUESTIONS AND ANSWERS @l- qo 2-3 Part-B ESSAY QUESTIONS AND ANSWERS Ql - @39 4-17 1.1 Infroduction to Cyber Security 4 1.1.1 Overview of Cyber Security an - @i2 4 1.1.2 _ Internet Governance ~ Challenges and Constraints ais 5 1.1.3 Cyber Threats - Cyber Warfare, Cyber Crime, Cyber Terrorism, Cyber Espionage au 5 1.1.4 Need for a Comprehensive Cyber Security Polley ais 6 1.1.5 Need for a Nodal Authority, Need for an Interriational Convention on Cyberspace Q16 -_ Q17 ‘ 1.2 Cyber Security Vulnerabilities 7 1.2.1 Overview, Vulnerabilities In Software ais 7 1.2.2. System Administration aly - @20 7 1.2.3 Complex Network Architectures @2i- a2 8 1.2.4 Open Access fo Organizational Data 23 ’ 1.2.5 Weak Authentication 24 9 1.2.6 Unprotected Broadband Communications, Poor Cyber Security Awareness 25 - Q2% 101.3. Cyber Security Safeguards 10 1.3.1 Overview, Access Control 27 10 1.3.2. Audit, Authentication 28 - Q29 " 1.3.3 Biometrics, 30 2 1.3.4 Cryptography, Deception, Denial of Service Filters Q31 - Q32 “4 1.3.5 Ethical Hacking 33 4 1.3.6 Firewalls, Intrusion Detection Systems 34 - Q35 18 1.3.7 Response, Scanning 36 '- Q37 6 1.3.8 Security Policy, Threat Management 38 - Q39 7 INTERNAL ASSESSMENT/EXAM, 18-20 UNIT-II__ SECURING WEB APPLICATION, SERVICES AND SERVERS _21 - 38 Part-A SHORT QUESTIONS AND ANSWERS a Qs 22-23 Port-B ESSAY QUESTIONS AND ANSWERS QP - Q26 24-35 2.1. Infroduction ay 24 2.2 Basic Security for HTTP Applications and Services aio 24 23 Basic Security for SOAP Services ai - aia 25 2.4 Identity Management and Web Services ais - ais 27 2.5 Authorization Pattems 20 - Q22 30 2.5 Security Considerations, Challenges 23 - a2 32 INTERNAL ASSESSMENT/EXAM 36-38 UNIT- INTRUSION DETECTION AND PREVENTION 39 - 56 Part-A SHORT QUESTIONS AND ANSWERS a Qs 40-41 Part-B’ ESSAY QUESTIONS AND ANSWERS Qo - QIB 42-53 3.1 Intrusion a 42 3.2 Physical Theft, Abuse of Privileges aio 43 3.3. Unauthorized Access by Outsider au 44 3.4 Malware Infection a2 44 3.5 _ Intrusion Detection and Prevention Techniques ais 45 3.6 Anti-malware Software aia 47 3.7 Network Based Intrusion Detection Systems ais a73.8 Network Based Intrusion Prevention Systems, Host Based Intrusion Prevention Systems aus 51 3.9 Security Information Management au 7 3.10 Network Session Analysis, system Integrity Validation ais 53 INTERNAL ASSESSMENT/EXAM 54-56 UNIT-IV_ CRYPTOGRAPHY AND NETWORK SECURITY arts Part-A SHORT QUESTIONS AND ANSWERS Ql - QI0 58-60 Part-B ESSAY QUESTIONS AND ANSWERS Qll - @47 61-101 4.1 Introduction to Cryptography an 4“ 42 Symmetric Key Cryptography, Asymmetric Key Cryptography @i2 - Qi4 4 43 Message Authentication Qis Qi 64 44 Digital Signatures ais - @20 70 45 Applications of Cryptography Qazi 7 4.6 Overview of Firewalls - Types of Firewalls 22 - @23 72 47 User Management, VPN Security 24 - Q26 74 48 Security Protocols 78 48.1 Security at the Application Layer - PGP and S/MIME Q27 - @36 78 48.2 Secutity at the Transport Layer-SSLand TIS @37 - Q41 92 48.3. Secutity at Network Layer ~ IPSec 42 - Q47 % INTERNAL ASSESSMENT/EXAM 102 - 104 UNIT-V CYBERSPACE AND THE LAW, CYBER FORENSICS 105 - 134 Part-A SHORT QUESTIONS AND ANSWERS @1- @l0 106-107 Part-B ESSAY QUESTIONS AND ANSWERS QI - 38 108-131 5.1 Cyberspace and the Law 108 5.1.1 Introduction, Cyber Security Reguiations = Qi) - 12 108 5.1.2 Roles of Intemational Law ais 109 5.1.3. The State and Private Sector In Cyberspace a4 3 5.1.4 Cyber Secutity Standards as 118 5.1.5 The Indian Cyberspace au. ae 5 5.1.6 National Cyber Secutty Policy 2013 qi - @2 = 1165.2 Cyber Forensics u7 5.2.1 _ Introduction to Cyber Forensics @2z1- @2 a7 5.2.2. Handling Preliminary Investigations Q23- as iy 5.2.3 Controlling an Investigation Q26 ng 5.2.4 Conducting Disk-based Analysis @27- @30 120 5.2.5 Investigating Information Hiding @31- @32 123, 5.2.6 Sctutinizing E-Mail 3316 5.2.7 Validating E-Mail Header Information a4 127 5.2.8 Tracing Intemet Access 35 - Q36 128 5.2.9 Tracing Memory in Real-time @37- QB 129 INTERNAL ASSESSMENT/EXAM 132-134 _UNIT-WISE IMPORTANT QUESTIONS N PAPERS WITH SOLUTIONS (As per OU Gur(As per 2019-20 Curriculum) _ UNIT -I INTRODUCTION TO CYBER SECURITY, CYBER SECURITY VULNERABILITIES AND CYBER SECURITY SAFEGUARDS Introduction to Cyber Security: Overview of Cyber Security, Internet Governance — Challenges and Constraints, Cyber Threats: Cyber Warfare — Cyber Crime — Cyber Terrorism — Cyber Espionage, Need for a Comprehensive Cyber Security Policy, Need for a Nodal Authority, Need for an Intemational Convention on Cyberspace. ies in Software, System Administration, Cyber Security Vulnerabilities: Overview, Vulnerabi Complex Network Architectures, Open Access to Organizational Data, Weak Authentication, Unprotected Broadband Communications, Poor Cyber Security Awareness. Cyber Security Safeguards: Overview, Access Control, Audit, Authentication, Biometrics, Cryptography, Deception, Denial of Service Filters, Ethical Hacking, Firewalls, Intrusion Detection Systems, Response, Scanning, Security Policy, Threat Management. UNIT - II SECURING WEB APPLICATION, SERVICES AND SERVERS Introduction, Basic Security for HTTP Applications and Services, Basic Security for SOAP Services, Identity Management and Web Services, Authorization Patterns, Security Considerations, Challenges. UNIT - II INTRUSION DETECTION AND PREVENTION Intrusion, Physical Theft, Abuse of Privileges, Unauthorized Access by Outsider, Malware Infection, Intrusion Detection and Prevention Techniques, Anti-Malware Software, Network- based Intrusion Detection Systems, Network-based Intrusion Prevention Systems, Host-based Intrusion Prevention Systems, Security Information Management, Network Session Analysis, System Integrity Validation.UNIT - IV (CRYPTOGRAPHY AND NETWORK SECURITY Introduction to Cryptography, Symmetric Key Cryptography, Asymmetric Key Cryptography, Message Authentication, Digital Signatures, Applications of Cryptography. Overview of Firewalls ~ Types of Firewalls, User Management, VPN Security, Security Protocols: Security at the Application Layer ~ PGP and S/MIME, Security at Transport Layer ~ SSL and TLS, Security at Network Layer — IPSec. UNIT-V CYBERSPACE AND THE LAW, CYBER FORENSICS Cyberspace and the Law: Introduction, Cyber Security Regulations, Roles of International Law, The State and Private Sector in Cyberspace, Cyber Security Standards. The INDIAN Cyberspace, National Cyber Security Policy 2013. Cyber Forensics: Introduction to Cyber Forensics, Handling Preliminary Investigations, Controlling an investigation, Conducting Disk-based Analysis, Investigating Information-hiding, ‘Scrutinizing E-mail, Validating E-mail Header Information, Tracing Internet Access, Tracing Memory in Real-time.arn 70 Be 7 (aipospesd wos oe oF TaVTT GU puny ouokany ae TWNIARED © POR sap 30 Buykdoscroyaprouex | =) “syoene saq0 atp quanasd pu 19919P 01 OPAC MF STPtoIssayoxd ‘Ayumoas x99 Aq pasn st 1611 890014 8 se pauyap aq uo iuaurodeuR WAM, JUSWEBOUOW fOa1yy “équnosoxp paunusexe 8! Ep paroo|joo axp asoymn asoyd w Se PauyeP 94 WED SHUUES :Bujuupas -yuaprou so yuoao due so 20u9sIN090 atf} UO WOREZTURIO omy q pawauraydun st yoryas ued ssaaoad v sv pauyap aq vo asuodsas waproul :esuodsay {Uep{ouy -worsds v Jo sammyeay Ayanoas ayp 1oaye ued rrp SyEHE sO! SI yotyas foo aaisuayap & SI (SD wrarskg uonsdjaq uoIsnAUT Uy :sWayshs UOHOAIEG UO}snyuy -syoone goq aun auaAsud 01 past 9q uw rem ‘wstueqoour astayap 8 St POUYap aq wed siay]ty (Soc) aatATOg JO [PIUC :S1OIIId @2IMAS JO [DJUEq -gurays&s peoniso olp Woy suaxDENE [eUTod Jo won uae axp J9eNSIp O1 posn axe wey surayscs Keep xp se Pauyop aq Uo siod KOUOH :s}0d AQUOH ‘yayoune aup 105 uoHdaaiad asjey Bujvaro Jo ssao0ad v se pauyap 9q wes uondadaq :uoHde2eq “TSNPIAIPO! Ue Jo uonvayruap! Joy pasn ABojouyoor sunaworg jesmyeu v st Uvos amnyva} [BOR :UDDS B1N|DSJ |D|D4 -ueumy Aroxo Jo sdis28uy atp uo punoy suzoned ‘2tp uo pasoq uoyHusp! J9sn Suruuo}Lod Joy pasn anbruyoas v st ues JuUdiasuLy :UD DS juCLEBULY ‘wo1sAs ou JO noua atp SuTUTUTEXa puL SurmarAad Jo ssaa0ad v sv pauyap oq uO UPN ALMDS 4IPAY AYUNDaS suiaisAs 8 Jo suaurarnbos Ayimoas au aAatyoe 0} JapIoU! psonposjU! s[oxjuO puL samnseout aanoazaid snouea at se pauyap aq wea spreniayes yunsas 19943 :spapnBayps Ayn>—9$ 19q4D_ ‘yasn amp £q paromsue aq pinoys yey) uoRsonb ojduuis v yZnomp Jo promssed & yBnonp Jaye ‘voneonUaTNe otf SoAJOAU! JEN ss9o0Id v se PaUYap aq Wed UOTLOTUTPNE yea\\ :UOYDOYUSYINY YDOM, “SuogeISYOH 20 sraAsas ‘areaprey ‘arEAAyos se ypns suumsks a1ou! 10 duo Jo yuaUIaseUEUI a1p 0} SIajar UONENSTUTLIpY WaISkS :UONDYSTUTLUPYY W9}SAS ‘WoysAs & J9A0 JONUOD a1p UTES 04 JoxOEME JPOUIMA aTBAKYOS ZALIIGDISUINA S1DMYOS. “szesn pozuotpneun Woy} erep TenUapyuoD puP aAnIStaS sy amas 0} JOPIOUT powuouroydunt aze reip sojnu jo 198 v se pauyap aq wea Aoyjod Ayunoas 199K :ADHOg Andes 18qKD ‘wowp ron0 aonreape atp wreIgo 01 Jopr0Ut suoHEZTHRAI0 40 so1ueduI09 royaduH09 atp Jo 28 axp Syatp 1eYp YoENe Ue se PaUyap 2q UED aReuoIdsa 19943 :aBDUO|dsg 18q4D ‘ain sdjaq reip r99jap azeayos w se peuyap aq wes ov [CULL v St pauyap ag ued sUILI9 19qK9 y aUIS 48QKD swarsés uoneuuosu pure uoReULosUt two syoene snojayjeus sapnyaut if “ousenut HO pasa }9H]U09 0 oF Si8}a1 axe}IEm 19443 “OAD DAA LEGAD ‘soindusoo Suysn Suro Au 1 a4 “ol “a “OL “st vw el Zt “ut “OL10. nn. defined as a collection of distributed system over a network to produce a system, Basic Authentication: It is a simple authentication process in which client sends a request message to the server in order to access the resource. SOAP: SOAP (Simple Object Access Protocol) is defined as a simple XML web based protocol which permits application to exchange XML based messages over computer network using, HTTP (Hyper Text Transfer protocol). Identity Management: Identity management is an automated process that deals with identification of individuals in a system. WS-Security: WS-Security is a security standard that enables secured exchange of ‘messages thereby providing authentication and confidentiality. WS-Trust: WS-Trust is a security standard that handles different aspects of secure token services such as the way of requesting a token and the way of issuing the requested token in a secured way. Open Authentication (OAuth): Open authentication is an open protocol which allows authorization using a secure API. Access Control: Access control refers to an ability of either allowing or disallowing a user from accessing particular resource. Client: Client is also referred as access requester that initiates an access request. Policy Enforcement Point (PEP): PEPis an entity that acts as an interface to the application environment that sends the requests from client to the resources. Policy Decision Point (PDP): PDP is an entity that performs policy evaluation based on the existing information source and makes a final decision on which access to be granted for the request from the PEP. Policy Administration Point (PAP): PAP is an entity that enables the configuring and monitoring the applicable access control policies. 4 SIA PUBLISHERS AND DISTRIBUTORS PVT. LTD. 13. 14. 15. 2 3. CYBER SECURITY Policy Information Point (PIP): PIP is an entity that provides a contextual input into the policies based on a request from the PDP. Resource: Resource is an entity through which the clients can access the services. Vulnerability Assessment: Vulnerability assessment refers to determining whether a security policy has been correctly implemented or not. Intrusion: Intrusion refers to the activity of ‘a program or network user to enter a system without having authorization which violates the integrity, confidentiality and availability of resource. Intruder: An intruder is a person who tries to gain access to the system in an unauthorized way by violating its security. Masquerader: A masquerader is a person who does not have any rights to access the system or its resources. Even though masquerader is not authorized to use the system, he still succeeds in gaining all the access controls of a system, ‘Misfeasor: A misfeasor is an authentic person who can access those data, program or system resources. Clandestine User: Clandestine user is a person who can reside inside or outside the system. Physical Theft: Physical theft refers to an activity where an unauthorized person (or an attacker) gains physical access of an authorized user by stealing his/her computer system. Abuse of Privilege: Abuse of privilege can‘be defined as a situation when authorized person may misuse his/her privilege and perform unauthorized tasks like distributing confidential files to unauthorized persons. Outsider: An outsider can be defined as a person who does not have any authorized access to the system or its resources.List of Important Definitions % 10. i. 12. 13. Warning Malware: Malware refers to malicious software program that is intentionally attached with a legitimate program in order to cause damage to system's confidential data or resources. Virus: A virus is a software program that creates duplicate copy of itself and infects another computer without the knowledge of user. Trojan Horse: A trojan horse can be defined as a computer program containing hidden code, h results in harmful functioning after execution, Antimalware Software: Anti-malware software can be defined as a computer program that examines the files and programs to detect the known signature or behavior patterns of the data. Security Information Management System: Security Information Management System (SIMS) is defined as a centralized repository that is used to store, organize and analyze the huge data generated by various security logs such as firewalls, antimalware systems, servers etc, Cryptography: Cryptography refers to the technique of transforming usable information into a form that is readable only by the autho- rized users, Encryption: Encryption is a mechanism that Provides message confidentiality. (ie., protect the information that is being transmitted between source and destination). Message Authentication: Message authentication refers to the process of protecting the data/message from active attacks like corruption of data and transactions. Digital Signature: A digital signature is one of the methods of encryption used to provide authentication, The main intent of the digital signature isto protect the message or data from ‘modifications. 10. n. 12. 13. 14, 15. 16, 7. Ls Firewall: A firewall isan information security program located at a network gateway server to protect the confidential information present in the network from being intercepted by intruders or by other insecure networks. User Management: User Management (UM) can be defined as a administrative process that manages the users and their accounts by providing access to individual computer resources, applications, data and services. Authentication: Authentication is a ‘mechanism that authenticates the user or system identity. Authorization: Authorization is a mechanism that allows the user or system to determine the privileges as soon as the identity is verified. Auditing: Auditing is a process of examining orchecking the authentication and authorization records and verifying the ability of system controls, Virtual Private Network (VPN): VPN is 2 technique used to establish a connection to a private network via public network. Secure Socket Layer: Secure socket layer is a protocol developed by Netscape communication to ensure the security of data transmission over the internet. SSL Session State: SSL session state simply refers to the time duration in which both client and server exchange information with each other, Session Identifier: A session identifier is a byte sequence which is randomly selected by a server to identify which session state is currently running with a chosen client. Peer Certificate: Peer Certificate refers to the X509.V3 certificate associated with a peer entity, Compression Method: Compression ‘Method is an algorithm to compress data before encryption. Master Secret: Master secret is a 48 byte data which is shared between both client and server in order to communicate. 1S Resumable: IS Resumable is a flag Which is used to indicate that whether the new Connections can be established or not. eroxPhotocopying ofthis book is CRIMINAL act.Anyone found guilty is LIABLE to face LEGAL proceedings. )La CYBER SECURITY Cyber Space: Cyber space can be defined as the virtual world of internet. The various laws associated with cyber space are called ns cyber laws, Cyber Security Regulations: Cyber security regulations can be defined as a set of rules to protect, the data, and information of an organization, Treaty Loy countries, ‘Treaty law can be defined as a formal cyber law agreement among various states or Customary International Law: Customary international law can be defined as a cyber law that should be followed out of the sense of obligation. Cyber Security Standards: Cyber security standards can be defined as techniques that are used to secure the cyber environment of an organization. Cyber Forensics: Cyber forensics technology is a scientific process of identifying, analyzing and reconstructing evidence from a cyber crime. ‘Computer Forensics: Computer forensics is a technique of examining various sectors of computer ‘media so as to obtain the evidences, which are useful in dealing with criminal cases, civil disputes and human resources. Incident: Incident can be defined as an event that is not allowed by the policies of an organization. Tracing Internet Access: Tracing internet access refers to knowing the path that an attacker uses to center into a system. Auditing Internet Surfing: Auditing internet surfing is the process of verifying the visited websites at the workplace. 2 SIA PUBLISHERS AND DISTRIBUTORS PVT. LTD. )Introduction to Cyber Security: Overview of Cyber Securit a aN ° ity, Internet Governance ~ Challenges and Constraints, Cyber Threats: Cyber Warfare — Cyber Crime ~ Cyber Terrorism — Cyber Espionage, Need for a Comprehensive Cyber Security Policy, Need for a Nodal Authority, Need for an International Convention on Cyberspace. Cyber Security Vulnerabilities: Overview, Vulnerabilities in Software, System Administration, Complex ‘Network Architectures, Open Access to Organizational Data, Weak Authentication, Unprotected Broadband Communications, Poor Cyber Security Awareness. Cyber Security Safeguards: Overview, Access Control, Audit, Authentication, Biometrics, Cryptography, Deception, Denial of Service Filters, Ethical Hacking, Firewalls, Intrusion Detection Systems, Response, Scanning, Security Policy, Threat Management. ef Introduction to Cyber Security and Internet Governance ‘The Various Cyber Threats ‘Need for Cyber Security Policy, Nodal Authority and Intemational Convention on Cyberspace v v v ¥ Introduction to Various Cyber Security Vulnerabilities ¥ The Concept of Cyber Security Awareness v v v v Introduction to Access Control, Audit and Authentication, “The Concepts of Cryptography, Deception, DoS Filters and Biometrics ‘The Various Intrusion Detection Systems Managing the Cyber Security Threats. Cyber security is also referred to as information technology security and computer security. This security is designed to provide protection to information, equipment devices, computer, computer resources communication devices, confidential information stored on computers and data transmission access networks against unauthorized access, vulnerabilities and atacks caused by eyber criminals. Software vulnerability can be defined as a software defect that helps the attacker to gain the control over system, The reason forthe existence of software defects may be either the software design or the code Used while implementing software. Cyber security safeguards can be defined as the various protective measures and controls introduced inorder to achieve the security requirements of a system. These safeguards consist of various security features, management constrains, security of physical structures and architectures, and personne! security.2 CYBER SECURITY Si! 1 y pe alee ie q ‘ Ql. Define cyber security. Answer: Model Poper-, QT Cyber security is also referred to as information technology security and computer security. This security is designed to provide protection to information, equipment devices, computer, computer resources communication devices, confidential information stored on computers and data transmission access networks against unauthorized access, vulnerabilities and attacks caused by cyber criminals. Hence, the cyber security is needed in order to protect the users business and personal information against complex cyber attacks, According to the study conducted by deloitter and manufacturers alliance for productivity and innovation, (MAPI) about 40% manufacturing companies were getting affected by cyber threats since last 12 months. ‘These cyber threats with almost all cyber breaches have resulted in over $1 million damages. In order to protect the technologies from the threats, supply chain executives are focusing on data protection technologies and strategies. 2. What are the challenges of internet governance? Answer: Model Paper, a1 Some of the various challenges of internet governance are as follows, ‘The pace and changing nature of the internet. ‘The internet as part of digitalization. The concentration of digital power. The shifts in digital geopolitics i.e., environment. The co-ordination and shaping of digital future. ‘The future of regulations. ‘The participation in taking the managerial decisions. Q3. Write short note on cyber threats. Answer : Cyber threat Cyber threat can be viewed as damage caused to a computer, technology dependent enterprises and networks by an unauthorized third party. The attackers make use of malicious code to make changes in organization's computer code, logic or data resulting in comprising the information security of an organization. Various Cyber Threats Some of the various cyber threats are as follows, 1. Cyber Warfare °2. Cyber Crime 3. Cyber Terrorism 4, Cyber Espionage. Q4. Uist the common software vulnerabilities. Answer: rawaenye Some of the common software vulnerabilities are as follows, 1. Broken Access Control: This type of software vulneral not applied properly. Cryptographic Failures: The sensitive data like username, passwords, and account numbers must be secured carefully. Otherwise, the attackers use the vulnerabilities to gain the access. 3.__ Injection: This occurs when the unauthorized content sent as query to the system, C SIA PUBLISHERS AND DISTRIBUTORS PVT. LTD. 7) ity occurs when the user restrictions areLNIT-1: Introduction to Cyber Security, Cybor Security Vulnerabilitios and Cyber Security woh. write short notes on password-based 5. Guthentication. Answer = Password-based authentication is the most common and widely used method for e-commerce ansaction. In this method, the user is provided a user name and log in password. Only the genuine end veer knew the correct combination of log in name and sword. Before accessing the payment gateway, mie stem asks for user name and password. If it is ‘comectly entered, it is authenticated that the user is the ‘eine party and not a cyber criminal. The intelligent ple may guess the password easily and can use them futher to theft the confidential information of user. @é. What are the various consequences or risks associated with poor cyber security awareness? Answer: Model Paper-l, Q1 ‘The various consequences or risks associated with poor cyber security awareness are as follows, Identity Theft: Identity theft refers to a crime where an unauthorized person tries to use some. other person’s identity for his illegal purpose. Malware Attacks: Malwares are also type of viruses that enter the device through e-mails, web browsing, infected storage media and social networking sites. When users install malwares on their systems, the device undergoes with denial of service attack or masquerade attac! + Loss of Sensitive Data: Due to the poor cyber security awareness, cyber criminal theft the sensitive data of an organi ion. Q7. Write about mandatory access control. ‘Answer : ‘Mandatory access control is an access control which is designed to overcome the problems faced by discretionary access control. In this access control only system administrator alone is responsible for managing Security oriented attributes ‘that are assigned to the users andthe resources of the system. These security attributes ‘ate fixed ie., these attributes cannot be modified or changed by users other than system administrator. He is the one who has the authority of defining the usage ‘nd security policy, which are not dependent on the 'wets's compliance. This access control is responsible ‘or performing following activities. Assigning a security clearance level to all the System’s users. Gi) Assigning a classification level to all the object resources. (Ensuring that the users cam access only that data for which they have been assigned security clearance. Q8. Define security audit. List its advan Answer : Model Popeilitys a Security Audit ‘€ Security Audit can be defined as a process\ of reviewing and examining the various records ‘and activities of the system. It ensures that various policies, procedures and security controls of the Eystem are working effectively. The main purpose of security audit is to provide a checklist for validating the security controls of system. Advantages Some of the advantages by implementing the security audit are as follows, 1. Ithelps to identify the gaps in the security. 2, It provides assurance to vendors, employees and clients. 3. _Itimproves the security standards and policies. 4. Itprovides an analysis of the current security practices. @9._ Write short notes on the types of DoS filters. Answer : The following are the two types of DoS filters, Ingress Filters: Ingress filters are used to examine the incoming packets in the network in order to prevent any suspicious attack to enter the network. These filters behave as checkpost at the network borders and search for any spoofing attacks in the incoming traffic. Egress Filters: Egress filters are used to examine the outgoing packets of the network in order to prevent any suspicious attack to enter another network. These filters are placed at the exit point of the network and helps in finding the origin of the attack by keeping track of the ‘outbound traffic, @10. Write about threat management. Answer ‘Model Paper, @2 Threat management can be defined as a process that is used by cyber security professionals in order to detect and prevent the cyber attacks. It makes use of a framework established by National Institute of Standards and Technology (NIST) Threat management is mainly used to protect the organization's data from data breaches. It also informs that the organization need to face the cyber risks but at a low level. It minimizes the damage and the cost associated with the data breach. According to asurvey conducted by Ponemon Institute report, threat management in organization saves more than I million dollars (when the breach available in an organization). ‘The concept of threat management frameworks enhances the interaction between the people, processes and technology and helps the organization to detect and react to the cyber security incidents. (a) (b) (Wate nareprecapin om al GRINAL i Ane nd uly ABLE es LEGAL proceed)UNIT-1: Introduction to Cyber Security, Cyber Security Vulnera write short notes on password-b; 5. uihentication, ae ‘Answer = Password-based authentication is the most common and widely used method for e-commerce ansaction, In this method, the user is provided tser name and log in password, Only the genuine end {ser knew the correct combination of log in name and password. Before accessing the payment gateway, the system asks for user name and password. If itis conectly entered, itis authenticated thatthe user is the genuine party and not a cyber criminal. The intelligent people may guess the password easily and can use them further to theft the confidential information of user. _ @é. What are the various consequences or fisks associated with poor cyber security ‘awareness? Answer: Mode Papert, @1 The various consequences or risks associated swith poor cyber security awareness are as follows, 4 Identity Theft: Identity theft refers toa crime ‘where an unauthorized person tris to use some other person’s identity for his illegal purpose Malware Attacks: Malwares are also type of viruses that enter the device through e-mails, web browsing, infected storage media and social networking sites. When users install malwares on their systems, the device undergoes with denial of service attack or masquerade attack. Loss of Sensitive Data: Due to the poor cyber security awareness, cyber criminal theft the sensitive data of an organization. 7. Write about mandatory access control. Answer: Mandatory access control is an access control \hich is designed to overcome the problems faced by discretionary access contro. In this access control only System administrator alone is responsible for managing Security oriented atibutes that are assigned to the users andthe resources ofthe system. These security attributes are fixed i, these attributes cannot be modified or changed by users other than system administrator. He isthe one who has the authority of defining the usage and security policy, which are not dependent on the ‘werss compliance. This access control is responsible ‘or performing following activities. (Assigning a security clearance level to all the system’s users. (i) Assigning a classification level tall the object, esourees. Ensuring that the users can access only that data for which they have been assigned security clearance, em ” (iy “XeroxPhotocopying of this book is @ CRIMINAL act Anyone found guilty i LIABLE to face LEGAL ss and Cyber Security Safeguards 3. Q8. Define security audit. List its advantages. Answer: Model Paper: 2 Security Audit Security Audit can be defined as a process of reviewing and examining the various records and activities of the system. Tt ensures that various Policies, procedures and security controls of the system are working effectively. The main purpose of security audit is to provide a checklist for validating the security controls of system. Advantages Some of the advantages by implementing the security audit are as follows, 1, Ithelps to identify the gaps in the security. 2. It provides assurance to vendors, employees. and clients. 3. Itimproves the security standards and policies. It provides an analysis of the current security practices, @9.__ Write short notes on the types of DoS fillers. Answer: The following are the two types of DoS filters, Ingress Filters: Ingress filters are used to ‘examine the incoming packets in the network in order to prevent any suspicious attack to enter the network. These filters behave as ccheckpost at the network borders and search forany spoofing attacks in the incoming traffic. Egress Filters: Egress filters are used to ‘examine the outgoing packets of the network in ‘order to prevent any suspicious attack to enter another network. These filters are placed at the exit point of the network and helps in finding the origin ofthe attack by keeping track of the outbound traffic 10. Write about threat management. Answer : Mode! Paper ‘Threat management can be defined as.a process that is used by cyber security professionals in order to detect and prevent the cyber attacks. It makes use of a framework established by National Institute of Standards and Technology (NIST). ‘Threat management is mainly used to protect the organization’s data from data breaches. It also informs that the organization need to face the cyber risks but at a low level. It minimizes the damage and the cost associated with the data breach, According to a survey conducted by Ponemon Institute report, threat ‘management in organization saves more than | million dollars (when the breach available in an organization). ‘The concept of threat management frameworks enhances the interaction between the people, processes and technology and helps the organization to detect and react to the cyber security incidents. proceedings. ) (a) (b)| CYBER SECURMTY STIONS AND ANSWERS si) ESSAY QUE CYBER Si 4.1.1 Overview of Cyber Secu an) Discuss briefly about cyber security. (Answer: | ol Cyber security is also referred to as information technology security and computer security, This Security is designed to provide protection to information, equipment devices, computer, computer resource communication devices, confidential information stored on computers and data transmission access networks against unauthorized access, vulnerabilities and attacks caused by cyber criminals. Hence, the eyber security is needed in order to protect the users business and personal information against complex cyber attacks. cording tothe study conducted by deloitter and manufacturers alliance for productivity and innovation CAP) about 407 manufacturing companies were getting affected by eyber threats since last 12 month Thos ‘uber threats with almos all cyber breaches have resulted in over $1 million damages. In order) protect the ‘echnologies from the threats, supply chain executives are focusing on data protection technologies and strategies. acre (0 the branch of computer science that describes the application of ‘secure’ behavior on the Seer or computers. Hence, withthe advancements in computer science, the requirement for protecting and Ay of automated tools. This type of security is more the technique of employing a wide variety of tools cating hackers from accessing the data is called ‘computer security’ What are the objectives of cyber security? fswer : fot protecting data and prev The objectives of cyber security are as follows, * For building an efficient system with which trust and confidence in using cyberspace for various transactions can be improved, % Toensure security ofthe system by improving its regulatory framework, * To provide a platform with which protection can be Provided at all times (24 x 7) with appropriate Security mechanisms that can be operated all the time. * Todevelop an effective system for providing feedback in reply to queries related to prevention, protection and response/recovery, To make the services and Products associated with Information and Communication ‘Technologies (ICT) ‘ore visible with use of security validation and testing. With appropriate {raining for improving skills of professionals, a workforce of around 5 lakh members to be built. % To facilitate the Organizations which are employing standard security Practices with fiscal benefits. ° Toprovide adequate amount of protection to the private information of the individuals thereby minimizing the theft of data and cyber crime. Imposing various laws for illegal activities involved in eyberspace systems, ‘To improve cooperation among public and private partnership to make the system globally adopted. Sb SIA PUBLISHERS AND DISTRIBUTORS PVT Lp. Ss) \eeUNIT-1: Introduction to Cyber Security, Cyber Security Vulnerabilities and Cyber Security Safeguards __& @ __ Tomake the organizations adopt or elect a Chie Information Security Officer (CISO) who handles all the security related activities associated with cyberspace. & To assist the organizations in implementing certain security related policies that are to be followed in all the aspects of system for providing better security. 4 To make the organizations to invest sufficient amount on cyber security system and emergency response system. ‘To adopt an upgraded infrastructure and regularly check for updates for strengthening the cyber security. fone CNG Pallonges and Const ais. Define internet governance. What are its challenges and constraints? Answer : Model Paper, a9(a) Internet Governance Internet governance can be defined as a set of rules, policies, standards and practices that coordinate and shape global cyberspace. ‘The unique structure of the internet has raised several judicial concerns. While grounded in physical ‘computers and other electronic devices, the internet is independent of any geographic location. While real individuals connect to the internet and interact with others, it is possible for them to withhold personal information and make their real identities anonymous. If there are laws that could govern the internet, then it appears that such laws would be fundamentally 4ifferent from laws that geographic nations use today. Challenges of internet Governance Some of the various challenges of internet governance are as follows, |. The pace and changing nature of the internet. . The internet as part of digitalization. }. The concentration of digital power. |. Theshifts in digital geopoliticsi.e., environment. ‘The co-ordination and shaping of digital future. The future of regulations. The participation in taking the managerial decisions. Constraints of internet Governance 1. Privacy End user privacy must also be ensured. Whenever an end user participates ibe transaction with a government agency. heise discloses personal details which may inetit® Sensitive data. Thus, security for such da 1 2 3 4, 5. 6. 1, should be provided in order to maintain the end-user privacy. This security can be provided by making use of secure transmission channels, firewalls, preventing unauthorized access ete. Authentication Authentication is another issue that must be considered while providing the government services. In other words, the government agency must ensure that the services are provided only to the legitimate users. This can be done by using digital signatures. However, it incurs an additional cost and overhead. High Setup Costs and Technical Difficulties Government agencies must also consider the financial status of the end user because, internet access and PC awareness is rare in certain locations. Therefore, a framework for delivery of e-services to the poor and uneducated people must also be designed. cyber threats. Answer: Cyber Threat Cyber threat can be viewed as damage ca to a computer, technology dependent enterprises and networks by an unauthorized third party. The attackers make use of malicious code to make changes in organization’s computer code, logic or data resulting in comprising the information security of an organization, Various Cyber Threats ‘Model Paper-i, @9(a) Some of the various cyber threats are as follows, 1. Cyber Warfare 2. Cyber Crime 3. Cyber Terrorism 4. Cyber Espionage. 1. Cyber Warfare: Cyber warfare refers to a conflict based on internet. It includes malicious attacks on information and information systems. The cyber warfare attacks are capable of disabling official websites and networks and disrupting essential services. ee es oe ae*Cyber Crime: A cybercrime can be defined as & criminal activity doing using computer They make use of computer technology inorder to stect the personal information of the user, business trade secrets or other malicious purpose. They obtain this information by hacking, spamming and phishing to. Apart from this, the illegal person also uses computers for communication, document or data storage purpose. 3. Cyber Terrorism: internet based attack Cyber terrorism is an that involves terrorist activities. It is a controversial term and is referred to as a deliberate usage of computer ‘networks and public internet inorder to affect, the personal objectives by using tools such aS computer virus. These objectives include Political or ideological in the form of terrorism, Cyber Espionage: Cyber espionage can be defined as an attack that thefts the sensitive information of the competitor companies or organizations inorder to obtain the advantage ‘over them. Generally, this type of attacks aims for government and large organizations, Q15. Define cyber security policy. What is the Need for comprehensive security policy? Answer: Cyber Security Policy Cyber security policy can be defined as a set of rules that are implemented inorder to secure its sensitive and confidential data from unauthorized users Need for Comprehensive Security Policy According to the software professional's point of view, the intent of the comprehensive security Policies should be to safeguard the company’s integrity, confidentiality and availability of information. As the sensitive information is an asset and property of organization, the management must implement necessary controls for protecting the resources, Furthermore, every organization must assure comprehensive security policies as a component of its overall asset security. Technically, the policies are neither designed to fulfill the security requirements nor to provide requirements to concerning audit. A typical security program includes security policies, standards and procedures. Thus, the security policies of organizations are similar to business and mission requirements of organization. Some other needs of 1 16. What is the need for a nodal authority Answer : | Nodal authority of an organization is used to Fespond to a computer security incident when they: occur in real-time, For example, consider the ICERE (Indian Computer Emergency Response Team) op CERT-in is the nodal authority that is responsible for & computer security incident. It is used to perform various operations. Some of them are as follows, 1. Itis used to gather, examine and distribute the information on cyber security incidents, 2. It isused to predict and alert the: cyber security incidents to the team. It is used to enable emergency measures to ‘manage the eyber security incidents, Ttis used to coordinate the various activities of cyber security response team, It is used to provide a set of rules, guidelines and standards related to information security Policies, procedures, methods, prevention techniques, response and reporting of cyber security incidents, ar Explain the need for an international Convention on cyberspace, Answer: Intemational convention on cyberspace is introduced by Microsoft. The Microsoft gathered all the governments globally to work together inorder to protect the cyberspace from various attacks. This can be achieved and managed by the various private companies, Budapest convention or Council of Europe's (CoE) cybercrime conventions was introduced in 2004. It combines all the international multilateral treaty laws on cybercrime legally. It helps in coordinating the cybercrime investigations among Various countries and criminalizes the cybercrime conducts, The Budapest convention is considered 88 @ criminal justice treaty that is used to provide the following, 1. Various procedural tools to investigate the crime and store the electronic evidence securely, comprehensive security policies are as follows, 2. International police and judicial cooperatio® 1, They are used to enhance the efficiency. on cyber crime and digital evidences. i 2, They are used to create and enda business deal | 3. The criminalization of various attacks agains! with the customers. the computers, They provide awareness of security among the For remaining answer refer Unit-V, Page No: users. 109, Q.No. 13. € SIA PUBLISHERS AND DISTRIBUTORS PVT.LID. =)UNIT-1: Introduction to Cyber Security, Cybor Sacurity Valnerabiliti ais, Explain In detall about software vulnerability. Answer: ‘Model Poper-t, a9(«)!) Software Vulnerability Software vulnerability can be defined as a software defect that helps the attacker to gain the control over a system. The reason for the existence of software defects may be either the software design or the code used while implementing software. The software vulnerabilities are used by the attackers” inorder to theft or modify the sensitive information, to install backdoor, to send any type of malwares into the systems. ‘Common Software Vulnerabilities Some of the common software vulnerabilities are as follows, 1. Broken Access Control: This type of software vulnerability occurs when the user restrictions are not applied properly. 2 Cryptographic Failures: The sensitive data like username, passwords, and account numbers must be secured carefully. Otherwise, the attackers use the vulnerabilities to gain the access. 3. Injection: This occurs when the unauthorized content sent as query to the system, The best and efficient way to prevent software vulnerabilities is to use high standard coding to provide the security standards, | 4.2.2. system administration Q19. Discussin brief about System Administration, Answer : ‘System Administration refers to the management of one or more systems such as sofiware, hardware, Servers or workstations. The main aim of System Administration is to ensure that the systems are Working properly and effectively. The duties in syste Administration varies based on the type of computer System being used. The duties in system administration are mainly bout the technical side of a system like the architecture, Construction and optimization of the collaborating parts ‘and assisting the user, deploying a system etc. System = tration deals with the system as a whole and individual components are treated as black boxes that are opened whenever required practically. It does a take the user tools design into consideration nor it 80 enhance the existing software, Thi ‘mainly due to the reason that, the user-software Pot open to local changes. ind Cyher Security Safeguards 7 ‘Allthese tasks are carried out by a person called “System Administrator” of “Sysadmin”. The basic tasks included in System Administration are system access by sysadmin, choosing run level to start, system configuration files and performance monitoring. The administrative processes are loosely classified like the processes which perform various functions for general welfare of the user community. These functions include disk formatting, creation of new file systems, repair of damaged file systems, kernel debugging etc, These ate handled by the system administrator's or more generally by the IT experts of an organization, They ensure mainly whether the computer systems as well as related services are working well 20. Ust out the roles and responsibilities of System Administrator. Answer: Roles and Responsibilities of System Administrator System administrator is a person who performs the management tasks and is responsible for maintaining multi-user computing environment like LAN. The main responsibilities of System Administrator are as follows, + Installing and configuring the new system software and hardware. Maintaining (adding, deleting or updating) the user account information and resetting passwords, Checking whether the peripherals (like mouse, keyboard, printer etc) are working properly or not. ° ng the repairs for hardware in case of yy failures, Maintaining and monitoring the performance of the system. mining the system logs and recognizing the ues with in computer systems. *% Incorporating new technologies into already existing data center environments. ‘Providing technical support to the users by answering technical queries. Providing security to the systems. Inserting, deleting and configuring file systems. ‘Maintaining and monitoring the communication between the systems of a network, Providing security policies for users. Creating backup and recovery policies. Documenting the system’s configuration. Installing and updating the operating system with new OS, * * * ° (Went ceosarenispa ar esa NU GROIAL ncianjoee ligny anata peg)@21. Describe the model for network security with neat sketch. Answer: Network Security Model Generally, the data which is in the form of a stream or a block can be transmitted over network perween the two communicating parties, The entity which is responsible for transmitting the data is called Weeder and the entity which receives the data (from the sender) is called a receiver. Both the parties must have certain level of coordination between them in fonder to exchange the data. Ifthe sencler and receiver gre linked through connection-oriented means then they must use a connection-oriented protocol Tike STCPAP for transmitting the data. During the process Ofdata transmission, some unauthorized interruption from intruders occur which can be avoided by providing security to the transmitting data, The model for the network security is shown below, eFonNATION MESSAGE secwurvasianiy | secur 08 ieaaaaTio Figure: Model for the Network Security Following are the tw he two coi for aaeolenins mponents f CYBER SECURITY In order to achieve secure transmission, ¢ {rusted third party is needed for distributing the secre information and to resolve the conflicts that arises between the sender and the receiver. ‘The network security model describes the four tasks in designing as service, 1. Designing an must be designes related transformations i ‘opponent is unable to fail shown above pecific security Algorithm: An algorithn 'd for doing all the security. in such a way that ax its intent. 2. Generating Secret Information: Some seeret information to be used along with the algorithm must be generated. Developing Various Distribution Methods: Various methods for distributing and sharing of secret information must be developed or evolved. 4, Specifying a Protocol: A protocol which employs the security algorithm for achieving security service must be used by both the sender and the receiver. 22, Draw and explain the network access security model. Answer: ‘There are many threats to the information system. (One ofthe important ones is hacking which tries to penetrate the information system. Another threat is the placement ‘of some logic that affects various application and utility programs in the computer system, The inserted code can affect the application programs in two ways. They are, () Information Access Threats: These threats are responsible for modifying data on behalf of the unauthorized users. (i) Service Threats: These threats produce various faults pertaining to services and prevent the legitimate users to utilize the system services Se vurity-1 fe Ye Some security seated information must effectively wi ¢ actual information i.e, a message, Example ts The security mechani : the inal meiosis sharia are as follows, (0 two categories. They. mi > es unreadable forthe opponent. 1, Placing a gatekeeper function which i (ii) Some secret information is shared a puarwont-bered legis een te only sender and receiver where the opponent tooo only eutbore eet prov is unaware of it. An example of tech ay tnd ejecting vom, vee ote ees information isthe encryption key al holed ejecting worms, viruses, ete, . ‘key along with } 2. thet ranean for seramblingthe message ea ioral Sonia which monitors the internal prior to its transmission and unscrambling it System aetvitis, analyzes the stored informatio® upon reception. a ett presence of unauthorized users ler, ifany. G 4 SIA PUBLISHERS AND DISTRIBUTORS PVT. LTD. a)Q21. Describe the model for network security with neat sketch. Answer: Network Security Model Generally, the data which is in the form of a stream or a block can be transmitted over network. between the two communicating parties. The entity which is responsible for transmitting the data is called sender and the entity which receives the data (from. the sender) is called a receiver, Both the parties must, have certain level of coordination between them in order to exchange the data. If the sender and receiver are linked through connection-oriented means then they must use a connection-oriented protocol like ‘TCPAP for transmitting the data. During the process of data transmission, some unauthorized interruption from intruders occur which can be avoided by providing security to the transmitting data, The model for the network security is shown below, SENDER INFORMATION SECURKTY- RELATED. TRANSFORMATION fy PARTY lorroven| SECURITY-RELATED TRANSFORMATION, ‘igure: Model for the Network Security Following are the 1 providing security, @ Some security-related information must be sent along with the actual information 1€., @ message. Example of the additional information ‘1s an encrypted text which encodes the original message in such a way that it becomes unreadable for the opponent Gi) Some secret information is only sender and resiver whee te yee is unaware of it. An example of such an information is the encryption key along with the transformation for serambling the message prior to its transmission and unscrambling it upon reception. wo components for CYBER SECURITY In order to achieve secure transmission, trusted third party is needed for distributing the secret information and to resolve the conflicts that arises between the sender and the receiver. The network security model shown above describes the four tasks in designing a specific security service, 1. Designing an Algorithm: An algorithm must be designed for doing all the security. related transformations in such a way that an opponent is unable to fail its intent. Generating Secret Information: Some secret information to be used along with the algorithm must be generated. Developing Various Distribution Methods: Various methods for distributing and sharing of secret information must be developed or evolved. Specifying a Protocol: A protocol which employs the security algorithm for achieving security service must be used by both the sender and the receiver. 22. Draw and explain the network access, security model. Answer: ‘There are many threats to the information system. (One ofthe important onesiis hacking which tres to penetrate the information system, Another threat is the placement ‘of some logic that affects various application and utility programs in the computer system, The inserted code can affect the application programs in two ways. They are, w) OO) unauthorized access are as follows, L Information Access Threats: These threats are responsible for modifying data on behalf of the unauthorized users. Service Threats: These threats produce various faults pertaining to services and prevent the legitimate users to utilize the system services effectively. The security mechanisms for preventing is divided into two categories. They Placing a gatekeeper function which includes @ password-based login method that provides access to only authorized users thereby detecting and rejecting worms, viruses, ete. An internal control which monitors the intems! system activities, analyzes the stored informatioo and detects the presence. ‘of un: users intruders, if any. ee @® SIA PUBLISHERS AND DISTRIBUTORS PVT. LTD. ~)UNIT-1: Introduction to Cyber Security, Cyber Security Vulne ities and Cyber Security Safeguards 9 ‘Human (ex: hacker) Softwar fe: vn, worm] ‘Access Channet Gaicesper Totormation Sem + Computing Resources (Croce Meer, 10) t of enabling open access to an organizational data? Answer: In digital world, connecting a digital device to internet enables the possibility of an attacker to attack or theft the sensitive information of an organization. ‘The cyber crimes have been rapidly increasing in this, generation. Mostly, some organizations enable their data to be accessed by the users. Dueto the open access of data in an organization feature, the cyber terrorism gains popularity. It is conducted against organizations and governments. In doing so, the attacker makes use of various computer tools and Internet facilities to get secret access to private information of the citizen. Apart from this, it also destroys the programs, files, plant programs to acquire the access of complete network. According to a survey i.e., Cyber security breaches survey 2018 concluded that 43% of businesses and 19% of charities have encountered a cyber attack, It also concluded that, 38% of small scale businesses do nothing to secure themselves from cyber attacks. The common types of cyber criminal activities include sending corrupted messages, malicious e-mails and fraudulent links. Procedure ‘At first the attacker determines the weak points or vulnerabilities in the target. They do this by using Various methods or tools and the target is usually an individual or an organization. In principle, the attacker makes use of two attacks namely active attack and Passive attack. The former one make changes to the Cen XarouPhotocopying of tis book isa CRIMINAL act. Anyone found guilty fs LIABLE to ‘system making the bad impact on the availability, integrity and authenticity of the data, On the other hhand, his passive attack is used to obtain information regarding the target. Thus, affecting the confidentiality of the network. Moreover, here also exist other attacks h can be categorized as inside or outside. Inside Attack: If the attack is initiated by ‘a person working within the organization is called inside attack. Outside Attack: Ifthe attack is initiated by any outside source and lies outside out of the security perimeter of the organization is called outside attack. 4 2.5 Weak Authentication Q24, Discuss in detail about weak authentication. Answer : Weak Authentication ‘Weak authentication can be defined as a process that involves the authentication either through a password or through a simple question that should be answered by the user. It may provide inefficient and incomplete results. The two different classes of weak authentication schemes are as follows, ‘Model Faper-1, 9(b) 1, Password-based Authentication 2. PIN-based Authentication. 1. Password-based Authentication: Password-based authentication is the most common and widely used method for e-commerce transaction, In this method, the user is provided a user name and log in password. Only the genuine end user knew the correct combination of log in name and password. Before accessing the payment gateway, the system asks for user name and password. If it is correctly entered, it is authenticated that the user is the genuine party and not a cyber criminal, The intelligent people may guess the password easily and can use them further to theft the confidential information of user. 2, PIN-based Authentication: Pin-bases authentication can be used in banking transactions such as a 4-digit password for ATM card, This Pin can be identified or eracked by the attackers easily. ‘ace LEGAL proceedings)broadband communications. Answer Unprotected Broadband Communications Broadband communication is a huge enhancement over voice band communication, involving broadband channels with data rates of several Mbps. These channels possess better reliability and efficiency. The communication using these connections is considered as unprotected because it leads to cyber attacks. Some of the different ‘unprotected broadband communication technologies are as follows, 1. Cable Modem Connection: Cable modems are used to interface analog components of a cable TV provider (CATV) with televisions. It is prone to hackers as it is connected 24 X 7 to the internet, 2, Public Wi-Fi Network Connections: Connecting to the public Wi-Fi connections leads to information theft by the hackers/ attackers. 26. Write about poor cyber security awareness. Answer: Cyber security awareness involves the people knowing about the information security and different ‘ways to protect the information from attacks. If the staff in an organization do not much involve in the Security awareness program then they said to have Poor cyber security awareness, Risks of Poor Cyber Security Awareness The various consequences or risks associated with poor eyber security awareness are as follows, % Identity theft: Idemtity theft refers to a crime ‘where an unauthorized person tries to use some other person’s identity for his illegal purpose. Malware Attacks: Malwares are also {ype of viruses that enter the device through e-mails, web browsing, infected storage media and social ‘networking sites. When users install malwares on their Systems, the device undergoes with denial of service attack or masquerade attack. Loss of Sensitive Data: Due to the poor cyber security awareness, cyber criminal theft the sensitive data of an organization, 2 SIA PUBLISHERS AND DISTRIBUTORS PVT. Lt. CYBER SECURIT In detail about understanding acces; control. Answer: Cyber Security Safeguards Cyber security safeguards can be defined as the various protective measures and controls introduced, inorder to achieve the security requirements of a system, These safeguards consist of various security features, management constraints, security of physical structures and architectures, and personnel security, Access Control Access control refers to an ability of either allowing or disallowing a user from accessing particular resource. There are many mechanisms that exist and which are employed for performing access control. Such mechanism not only manages physical, logical resources but are also capable of managing digital resources. Access control systems incorporates the following, (@__ File Permissions: It is an access control that can be used by the users for creating, reading, editing or deleting a file server. (ii) Program Permissions: It is an access control that can be used by the users for executing a program on an application server. (ii) Data Rights Permissions: It is an access control that can be used for retrieving and updating the information in a database by the users. Identification Verses Authentication \dentification is a process of identifying users by using some sort of identification information like name or account number, On the other hand, authentication is a process of verifying the user's identity ice., it is a process of verifying whether the User is authentic or unauthentic. Authentication (Single Rule Based Factor) and Authorization Single Rule Based Factor Authorization is the fundamental form of authentication which evaluates single value ofa set ata time by using the combinatio® of username and password.UNIT-1: Introduction to Cyber Socurity, Cyhor Security Vulnorabilitios and Cyber Security Safoguards 11 Mandatory Access Control Mandatory access control is at access control which is designed to overcome the problems faced by discretionary access contro, In this access control only system administrator alone is responsible for managing security oriented attributes that are assigned to the users and the resources ofthe system. These sceurity attributes are fixed ic, these attributes cannot be modified or ‘changed by users other than system administrator, He js the one who has the authority of defining the usage and security policy, which are not dependent on the users’s compliance, This access control is responsible for performing following activities () Assigning a security clearance level to all the system’s users. Gi) Assigning a classification level to all the object resources. Ensuring that the users can access only that data for which they have been assigned security clearance. Discretionary Access Control Discretionary access control is considered as ‘one of the oldest and most widely used class of access control. It is an access control system that allows the users to specify which entities (people, processes, devices) are authorized for accessing their files. Here, the users themselves have the privilege of either allowing or restricting other users from accessing their files. Discretionary access control can be well- understood by considering an authorization matrix consisting of rows that signifies system resources and columns that signifies system users. The value the cell specifies the action privileges that are assigned toa user inaccordance to the resources. Gi) Sac | ysert | Usr2 | user | Users yuan rier [Append tor | Emer | Ener | Ener | Ener stl Progam? ready Fie? Read Tendsoree colony Figure: Authorization Matrix System administrator alone has the authority of either adding new users/resources or deleting the ‘existing users/resources of the system. Apart from system ‘administrator other users are even responsible for adding, or deleting the programs of files thatare created or owned by those users. Such users also have the authority of assigning action privileges to other users. These action Privileges specifies whether a user wants other users {0 Share their files or restrict them from being accessed. (743.2 Audi Q28, What Is Security Audit? Explain the areas In which audit Is performed. Answer: Securlty Audit Security Audit can be defined as a process of reviewing and examining the various records and activities of the system. It ensures that various policies, procedures and security controls of the system are working effectively. The main purpose of security audit is to provide a checklist for validating the security controls of system. Cyber security audit evaluates/reviews the following areas, 1. Operational Security: In this area, the system policies, procedures and security controls are reviewed. Data Security: In this area, network access control, encryption technique used for preventing security breaches and theft are reviewed. 3. Physical Security: In this area, disk encryption, role-based access controls, biometric data, and multifactor authentication are reviewed. Network Security: In this area, network & security controls, SOC, anti-virus config and security monitoring capabi reviewed. 5. System Security: In this area, hardening processes, patching processes, privileged account management and role-based access are reviewed. Advantages Some of the advantages by implementing the security audit are as follows, 1, Ithelps to identify the gaps in the security. 2. It provides assurance to vendors, employees and clients, Itimproves the security standards and policies. 4, Itprovides an analysis of the current security ——*pmmaticen, Q29. Whats authentication? Explain its types. Answer: Authentication Authentication refer to the process of assuring that the communication is authentic. Incase ofa single message transmission, its function is to ensure the recipient that the message is from the intended source. For an ongoing interaction, such as the terminal to host connection, two perspectives are involved. Sictig ocenatiescnerhi eon book on GAIPINAL MCAR/DSS Sued iorb Linge Ga TRGAL peeeanign)12 (Initially, atthe time of connection establishment, the authentication service must ensure the authenticity of the two communicating parties involved, Gi) The authentication service must assure that the connection between the two hosts is not interrupted by any third party which is pretending to be as one of the two authorized hosts. Types of Authentication Two types of authentication services are defined. They are as follows, () Peer entity authentication (ii) Data origin authentication, (i) Peer Entity Authentication: This type of authentication is used to verify the identities of the peer entities involved in communication. It is also used for providing authentication at the time of connection establishment and during, the process of data transmission. Data Origin Authentication: It is used for ensuring the authenticity of the source data without providing protection against the alterations or replications of the data units. It is primarily used for the applications that do not require prior interactions between the two ‘communicating parties (such as electronic mail). qi) 30. Whatis Biometric Authentication? Explain the biometric techniques. Answer: Biometric Authentication ‘Model Paper, @9(b) Biometric devices are the most commonly used authentication method of modern technology. It considers various human characteristics including finger print retina, voice, face etc. The most basic among these methods is finger print authentication. It is nothing but an application to provide access to the CYBER SECURITY 1. Fingerprint Scan 2 Fingerprint scan is a technique used for performing user identification based on the pattems found on the fingertips of every human, These are the pattems that remain same throughout the life of an individual. The main reason of selecting fingerprint ag an identification technique is the difference between the ridge pattems of every individual is unique. Working of Finger Print Scan An electronic device called a fingerprint sensor is employed so as to perform line scan, wherein the image of the fingerprint pattern is captured ina digitized form. This captured image is processed in order to create a biometric template. The processing is done by maintaining the information about the different ridge patterns along with different print patterns, The created template is processed either as a image or as a computer algorithm that is in encoded format. Once the processing is done, the image is compared with the other fingerprint records. This comparison is performed by initially determining the position of minutiae points on the finger and then searching the similar information regarding the minutiae within the database. This search is performed by implementing an algorithm that is capable of encoding the information in character format so that the time required for searching the match can be reduced. Uses 4 [tis used in investigating criminal cases. ‘Fingerprint reader is used for authorizing the users at ATMs. Fingerprint scan is used by vendors so as to automatically identify whether the credit card or debit account of a user is authentic or not. Advantages —_Itis user-friendly ie., the process of fingerprint scan can be easily understood with little training. P ‘© _ Itprovides high performance, thereby making system by verifying the proof of identit Seca y 1 the proof of identity. it the most accurate identification technology: Types of Biometrics Fi & _ Itisan easy way of authenticating a person since _ The following are the different emerging numerous people have legible fingerprints. biometric techniques used for performing user identification and authentication, Disadvantages 4 Fingerpeind San % Its very intrusive i,, it is not preferred bY punanes many people (not socially accepted). 4 © _ Itis error-prone especially when there is 3. Facial feature scan. or dryness on the finger’s skin. € 4d SIA PUBLISHERS AND DISTRIBUTORS PVT.LTD. J aUNIT Intodustion fo Cyber Seturty, Cyber Security Vulnerabilities and Cybor Security Sefoguards 13 iris/Retinal Scan Iristetinal scan is another user identifica technique which preferred because of the niece ofirises Le, n0 00 ities ae similar among hones beings. This technique of identification is verysoheen theirs doesnot change throughout theente lifeesele ofahumanandisneither susceptible any injury tig identification is done based on the pattems of blot vessels present at the back of retina, Working of Retina Scan A biometric identifier called retinal scan is employed for scanning the unique pattem of an individual retina. The light emitted by alight emiting device is easily absorbed by the blood vessels within the retina and the pattems are identified with appropriate lighting. A low-intensity infrared light used for performing retinal scan which is casted within the eye of a person when they look through the eyepiece of the scanner, 2 Uses % —Itisused in prisons for identity verification @ Its used by state agencies so as to stop unskilled person in obtaining license. Advantages _Itishighly accurate since the false acceptance rate of this technique is below 0.001%, + Itisa reliable and stable technique as the blood vessel patterns are unique and remain same for the entire life period of an individual. % tis very difficult to recreate or replicate the details of retinal patterns. * It performs the verification process at a very high speed. Disadvantages % Itis not very user friendly and is an expensive technique because of highly expensive equipment, * The result may vary because of poor infrared light and vulnerability to degenerative diseases. * — Itis highly invasive (spread quickly) and requires user involvement. 3. Facial Feature Scan Facial feature scan is a natural biometric ‘etnology used for identification of an individual. jg technique is inherent in every individual since it jug sible to distinguish a person from other persons ‘alby looking at their face. The facial identification “*88 performs the following two subprocesses, @ Detection bee (a) Detection In this subprocess, a human face is located within the captured images and is then isolated from the remaining faces captured within the same image. The facial software scans the isolated face so as to determine the facial structure and measures the iimension (geometry) of each facial feature. Once the image is constructed, the software creates a binary mask of the image by cropping the unnecessary background details. (b) Recognition In this subprocess, a comparison is performed between the captured face and the other faces present in a database. The most commonly used recognition technology consists of eigen features or eigen faces approaches. The eigen feature approach computes eigen vector values from the captured image by determining the distance between different facial features (like nose, mouth, eyebrows). Once the eigen vectors are known, then a comparison is performed wherein the computed eigen vectors are compared against the eigen vectors stored within the database. ‘The eigen face approach represents the facial image as 2D-set of light and dark area patterns. These patterns are converted and are represented as computer algorithm. This algorithm is stored as a combination of eigen faces, which are then compared against the eigen faces saved in a database. Working of Facial Recognition The following steps are considered while performing facial recognition process, Step 1- Capture Image: in this step, the existing photograph of an individual is digitally scanned so as to generate a line picture of the respective individual, Step 2- Locate Face: Facial detection software is used to find the face from among the different faces within the captured image. Step 3 ~ Extract Feature: The feature of the identified face is extracted by facial recognition software. This is done by determining the spatial geometry of different facial features, Spatial geometry refers to the process of measuring the features in accordance to peaks and valleys (nodal points). The nodal points are then used in generating a template. Step 4 - Compare Template: The generated template is compared against the template saved within the database, Step 5 ~ Declare Match: After performing the comparison, the system declares the match only if the generated template is similar to the saved template. ©) Recognition. = Crema Gyahis book ia CRIMINAL act Anyone found guilty is IABLE fo face LEGAL proceedings.14 Uses 4 Itisused in airport for protecting against terror attacks. It is used in multinational organizations for preventing unauthorized people from obtaining fake identification cards. Its used for surveillance purposes such as to find criminals, terrorists etc. ° Tt is used in law enforcement areas. Advantages Itisanon-intrusive, non-expensive technique. Itmakes use of legacy database and integrates with current surveillance technique. Disadvantages The result may get affected by change in age, hairstyle It imposes many restrictions on the way the images are to be captured. ofe Fyptouraphy, Q31. Discuss in brief about Cryptography. Answer: For answer refer Unit-IV, Page No. 61, Q.No. U1, Topic: Cryptography @32. Explain about the following, (i) Deception (i) Denial of service Filters. Answer : () Deception Model Papert, @9(b) Deception can be defined as a process of creating false perception for the attacker. The main objective of implementing this is to divert/change the route of attackers towards already failure system. With this it owers the risk and improves the security posture of organization. One of the most commonly used deception technique is Honey pots. Honey Pots Honey pots can be defined asthe decay systems that are used to distract the attention of potential attackers from the critical systems. The purpose of designing honey pots is, 1. To distract the attacker while using critical systems. 2. To gather information about th activi performed by the attackers, 3 ‘To inspire the attacker to stay for long time on the systems so that the admin can respond to the system, @® SIA PUBLISHERS AND DISTRIBUTORS PVT. LTD. CYBER SECURITY “The honey pot systems are designed in such g way that it appears as valuable information only to the attacker but not to the authentic users. These systems consist of sensitive monitors and event loggers which help in detecting the access as well as other activities being performed by the attackers, When the attacker tries to access the system, the admin in the mean time retrieves information about the attacker’s location and activities. Ittracks the attacker without disclosing the effective system. (ii) Denial of Service Filters Denial of Service (DoS) Filters can be defined ‘as a defense mechanism that can be used to prevent ‘the DoS attacks. These attacks interrupt the normal usage of various facilities provided by system (or) network. Types of DoS Filters The following are the two types of DoS filters, Ingress Filters: Ingress filters are used to examine the incoming packets in the network in order to prevent any suspicious attack to enter the network. These filters behave as checkpost at the network borders and search for any spoofing attacks in the incoming traffic. Egress Filters: Egress filters are used fo examine the outgoing packets of the network in order to prevent any suspicious attack to enter another network. These filters are placed atthe exit point of the network and helps in finding the origin of the attack by keeping track of the outbound traffic. 1.3.5. Ethical Hacking 33. Explain the concept of Ethical hacking. Answer: et (a) (b) ‘al Hacking Hacking is an illegal act, which destroys the important computer files of affected persons. Hacking is also used for some desired purposes such as identifying the loop holes of a system or process. ‘When hacking is performed for some legal purpose, it is known as ‘Ethical Hacking’. Ethical hacking tends to identify the weaknesses of a computer system rathet than destroying the operations of computer system. Ethical hacking is performed by professions! and computer network experts who are also termed as “White Hat Hackers”, “Ethical Hackers” or “Good guys”. They are enriched with professional soundnes* and posses a variety of skills relating to programmin® networking, operating systems, hardware and softwa® security, knowledge of web etc. These hackers follo¥ the same methods and techniques which are followe!UNIT-1: Introduction to Cyber Security, Cyher Security Vulnerabilities and Cyber Security Safeguards 15 by unethical hackers. The only difference is, ethical hackers aims at identifying the loopholes, ofcomputer systems and report them to the owners. Wherens tnethical hackers aims at taking advantage from Toopholes and attacking the systems for fulfiling their desired motives. It is to be noticed that while implementing ethical hacking, itis important to choose appropriate ethical hacker. Because the sensitive or confidential information is vital to the organization. If this information is misused in any way, it will severely affect the decisions of company. One of the best way is to select the well known experts of this field for ethical hacking activity. Well-known experts seems to be more trustworthy and they understand the importance of their client’s sensitive information. Following are some of the aspects, which will be considered by ethical hackers while performing hacking activity. ¢ Identifying the locations through which unwanted persons can access to secret information. Identifying the areas which needs high protection. 4 Ifanunwanted person gain accesso information what can be the consequences. % How soon will be the access of unwanted person get noticed to the owners? Finalizing the required amount of resources which ensures the appropriate security of overall computer systems. Thus ethical hacking is a legal activity performed by professional hackers on the desire of owners. It is also termed as “Penetration Testing”, “Red teaming”, “Vulnerability Scanning” and “Intrusion Testing”. Q34. Describe in brief about Firewalls. Answer : For answer refer Unit-1V, Page No. 72, QN0.22- Q35. Explain about Intrusion detection systems. Answer : Intrusion Detection Systems An Intrusion Detection System (IDS) is a defensive tool which is used for detecting malicious Tttks that can affect the security features of system. X18 software program installed at a higher level of an Cperating system. These systems (IDSs) are employed jot only for the early detection of attacks but also for Hreventing the attacks. The size and scope of IDSs ingen’ UPon the internal networks and sensitive ‘Srmation stored in an organized form. Com There are two types of intrusion detection systems, (i) Network-based intrusion detection System (ii) Host-based intrusion detection System. (l)_ Network-based Intrusion Detection System For answer refer Unit-III, Page No. 47, Q.No. 15. (ii) Host-based Intrusion Detection System Host-based Intrusion Detection Systems (HIDSs) is located on a specific computer network designed to monitor and detect the actions. It also responds to attacks occurred on the respective host system. On the other hand, it monitors the packets entering into the server including inbound and outbound traffic. Later on, information about malicious attacks is transformed to the database administrator available on its own server. HIDS scrutinizes different regions in a system to track malicious attacks. It then approaches log files which include kernel, system, server, network, firewall and compares the logfiles with the internal signature database to track the attacks where as other HIDSs like UNIX and Linux utilizes the syslog. These logged files are segregated based on their severity level. Therefore, the actions performed by a HIDS includes filtering, analyzing logs, re-tagging the malicious messages. HIDSs verifies the data integrity of the major and executable files. Apart from this, it also verifies database with sensitive files, checksum of all the files. Therefore, checksum of each file need to be same as its original file, If not, then signals are sent to the administrator in relative to the malicious attacks. In general, HIDSs are associated with the respective operating system. The characteristics of a HIDS are given below, 1, It monitors the privileges of users. 2, It offers an efficient method to detect the malicious attacks. Advantages The advantages of HIDS are given as follows, 1. The success or failure of an attack is verified through the logs. 2. It monitors the actions performed by each user and administrator when connected with @ network. It also monitors and detects the ‘modifications performed on the kernal system files and executables. Apart from NIDS, it detects and aborts the implementation of Trojanhorses and backdoors. 3. It detects the attacks occurred due to critical server Which go undetected by NIDS. aah ef Noo COMMA ECARD SS yw STE HS saa ee4, Ithas high visibili ‘in comparison to NIDS at the regions are switched and enerypted in host system, It minimizes the time taken by the HIDSs in identifying and responding to respe« malicious attacks. 6. Itdoes not require extra hardware to perform actions thus it becomes cost-effective. Therefore, HIDs can be regarded as a type of service that monitors the machine logs, system events, application interactions. It communicates with the logon audit, kernel audit files which executes the application interfaces. LIDS EEvent Database Database iS tesponse, Sc Q36. Define Incident response. Explain the varlous phases involved in incidence response cycle. Answer: Incident Response Incident response can be defined as a process ‘plan which is implemented by the organization on the occurrence of any event or incident. The main objective of this plan is to manage and handle the incident by taking the effective counter measures, For remaining answer refer Unit- int Page No. ‘87. Define scanning, Explain iis types, Answer: Scanning can be defined as a phase where th collested data is examined thoroughly. It carried ut by skillful programmers and testing department. Scanning is of three types. They are as follows, a CYBER SECURITY 1. Port Scanning Ports are the interface present on the compute, which helps to connect to other devices. So according tothe vulnerabilities, a port scanning is recommen Ideally, ports are a point which allows the flow of information into and outwards from the computer using port scanning, the user can determine the door ‘open to the computer. In essence, they facilitate themselves as points with which the computer cay communicate with other machines. Every single computer holds at least three or more external ports which are basically utilized while forming communication with other computer devices such as printer, modems, mouse, video game, scanner so on, ‘More importantly, the external ports are visible anday attacker while doing port scanning will first penetrate the devices. Interestingly, the tool used is Nmap makes the entire process automate. In doing so, the attacker can scan the open ports and can scan what operating system is used. ‘The concept of port scanning can be related to a thief going through a certain area, performing systematic check on every single door and window of the house, to find out whether door is opened or closed. Itmakes use of many open-ended technologies, tools and commands capable of communicating with remote computer system or network. This communication is done in hidden mode and gain success in acquiring sensitive information with respect to functions of system, properties of the hardware and software implemented by remote systems. Technically, a host in ports scan method listens to the ports on one target host and on the other hand, the host in port sweep performs scanning of one or many hosts in order to listen to particular ports. Therefore, the generated resultant is categorized as, (a) Open or Accepted: In this category, the host gives the reply which represents that the service is listening to the port. (b) Closed or Not Listening: In this category, the host gives the reply which represents that the connection is rejected to the port. (c) _Filfered or Blocked: In this category, the host does not send any reply. 2. Network Scanning In network scanning, the computer network is used to collect information elated to computing systems. Its role is to perform security assessment, system ‘maintenance and carrying out attacks by hackers. This is also used for following purposes. (a) The network scanning becomes necessary {9 determine available UDP and TCP network services operated on targeted host. (b) It is also used to determine filtering system’ present in between the user and the target host G ‘SIA PUBLISHERS AND DISTRIBUTORS PVT.LTD. ): Introduction to Cyber Security, cy ul Ttis also used to find out the operating sysy © inplemented in calculating Ip responses (@) _ Itis also used t0 evaluate target host's Top sequence number 50 as to find the sequence predietion attack as well as TCP spoofing 3, Vulnerability Scanning In vulnerability scanning, the scanning performed with the help of software which identifies security lows in database. This can easily be done by testing system and checking the flaws, At last report is generated which shows the measures to fix the problems related to network security, @38. Explain in detail about security policy. What is the need of a security plan? Answer: Security Policy A formal statement that is prepared based on the security requirements, goals and objectives of an organization is referred to as “security policy” This policy basically specifies certain rules that are to be followed by every member of an organization, A security policy for an organization is defined in accordance to the existing technology, system and information present in the respective organization. The policy is practically implemented by defining it using certain standards, guidelines and procedures. ‘The main purpose of using these standards, guidelines and procedures is that, they provide the members with 4 particular way of interpreting the policy and also instruct them the method of implementing the policy. Security policy includes the methods or ‘measures that are followed by an organization so as to ensure the physical security of the valuable resources fan organization. Some of these measures include, * Storing the hardware resources in a secure location * Creating backups for preventing loss of data due to natural calamities, virus attack ete. * : ‘Securing the backup media. oleic Patt from defining security measures, security “ies even specify what actions (operations) are to are gttormed by the staff members and what actions tobe avoided, bs “ential Features of Security Policy tmustbe comprehensive i. thoroughly defined. Teraust be up-to-date ie. covering the current fechnolog . (Ceara CRRA A a > Security Vuln i! Cyber Security Safeguards 17. ‘It must be presented in such a way that easily understood. It must be available to all the members of an organization. + Itmuststrictly be enforced by every staffmember. Need for Security Plan Security policies are defined within a security plan, which provides a detail description regarding the ‘way of implementing the rules specified ina security policy. The main reason of including a security policy within a security plan is to ensure that every member of the organization has complete knowledge about the rules, boundaries and the consequences that they might face in case of violation or overstepping the specified boundary level. 39, Explain in detail about threat management. Answer : Mode! Papers, axa) Threat Management ‘Threat management can be defined as a process that is used by cyber security professionals in order to detect and prevent the cyber attacks. It makes use of a framework established by National Institute of Standards and Technology (NIST). ‘Threat management is mainly used to protect. the organization’s data from data breaches. It also informs that the organization need to face the cyber risks but at a low level. It minimizes the damage and the cost associated with the data breach. According to a survey conducted by Ponemon Institute report, threat management in organization saves more than 1 million dollars (when the breach available in an organization) ‘The concept of threat management frameworks ‘enhances the interaction between the people, processes and technology and helps the organization to detect and react to the cyber security incidents. Challenges Some of the various challenges faced by eyber threat management are as follows, 1. Lack of Visibility: The organizations must ensure that they don’t have any blind spots in their security processed, 2. Lack of Insight and Reporting: A threat management system in an organization must have KPIs inorder to detect and respond to the cyber security incidents, 3. Lack of Skilled Employees or Staff: Most of the organizations reports that moré than half of the employees in their organization are not skilled.CYBER SECURn, 18 1, Which of the following are the various cyber threats? ty (a) Cyber warfare (b) Cyber terrorism (©) “Cyber espionage (@) All the above 2. Budapest convention was introduced in the year__ ta (®) 2004 (b) 2003 © 200 2007 3. __ vulnerability occurs when the unauthorized content is sent as a query to the system, ‘ (Broken access control (©) Cryptographic failures (©: Injection (@) None of the above ‘4. the attack is initiated by a person working within the organization is called l (@) Outside attack () Inside attack (©) Both (a) and (b) @ Allie above 5 Ifthe attack is inated by any ouside souree and lies outside out ofthe security perimeter of tb organization iscalled L (@) Outside attack () Inside attack © Both (a) and (6) (@ None of the above & Which of the following ar evaluated in eyber security audi? U a (@) Data security (b) Physical security (©) Network security @ Allthe above 3 7. Which ofthe following are the types of DoS filters? i (2) Ingress fitter () Egress fitter (©) Both (a) ana (o) (@) None of the above 8 IDSstands for [ | (@ Intrusion Detection System (by Intrusion Defend System (© Imegrated Detection System (ay None of the above 9. Which of the following are the challenges faced by threat management? t ; () Lack of visibitity ©), ‘Task otiasighs | © Lack of skis (® Attihe above | "0. A-eybe time can be defined asa exminal ‘ctivity doing using computer l (Cyber warfare ©) Cyber terrorism © Cybercrime @ _ Allthe above i; (e @ SIAPUBLISHERS AND DISTRIBUTORS PVT. LTD.ue 13 Fill in the Blanicele. an be defined as ; ; F Saal ere fined as a set of rules, policies, standards and practices that coordinate and shape can be viewed as damay ais ead ge caused to a comy technology dependent enterpris refers (0 conflict based on internet, ICERT stands for can be defined as a software defect that helps the attacker to gain the control over a system. ay Mets 10 # evime where an unauthorized person tries to use some other person's identity for his illegal purpose. can be defined as a process of reviewing and examining the various records and activities of the system. can be defined as a process of creating false perception for the attacker. can be defined as a phase where the collected data is examined thoroughly. can be defined as a process that is used by eyber security professionals in order to detect and preven ine yb tacks “KEY! Multiple Choice 10, @ @ ) ® @) @ © @ @ © the Blanks Internet governance Cyber threat Cyber warfare Indian Computer Emergency Response Team Software vulnerability Identity theft Security Audit Deception Scanning, ‘Threat management Ra ay en NAT A iy A LAL pS) rapa an ,ae CYBER SECURITY Ql. Whatis a cyber threat? Answe Cyber threat can be viewed as damage caused to a computer, technology dependent enterprises ang networks by an unauthorized third party. @2._ Define weak authentication. Answer: Weak authentication can be defined as a process that involves the authentication either through a password or through a simple question that should be answered by the user. @3. What are honey pots? Answer: Honey pots can be defined as the decay systems that are used to distract the attention of potential attackers from the critical systems. @4. Write about IDs. Answer: An Intrusion Detection System (IDS) is a defensive tool which is used for detecting malicious attacks that can affect the security features of a system. QS. What does ICERT stands for? Answer: ICERT stands for Indian Computer Emergency Response Team. & SIA PUBLISHERS AND DISTRIBUTORS PVT.LTD. a)