REPORT ON

“CYBER SECURITY”

SUBMITTED T0 :
DEPARTMENT OF COMPUTER ENGINEERING
MR.B.L PAL
MEWAR UNIVERSITY,GANGRAR
(CHITTORGARH) – 312091

SUBMITTED BY:
PAWAN NATH YOGI
B.TECH CSE
V SEM
MUR2100428
 CERTIFICATE
This is to certify that the below mentioned third year engineering students have carried out the
neccesary an project report on “CYBER SECURITY” in the department of computer engineering ,
MEWAR UNIVERSITY ,Gangrar,(Chittorgarh(raj.))-312091.
They have completed this report under my guidence in satisfactory manner in nov.2023 of third year
of engineering.

PAWAN NATH YOGI (MUR2100428).

Computer engineering students have succesfully completed an project report on

“CYBER SECURITY” towards the fullfillment of their degree in computer engineering in academic
year 2023-2024 .The performance of each of these student during the course was very good.

PLACE:
DATE:

GUIDE H.O.D
 ACKNOWLEDGEMENT
Apart from the efforts of all the team members ,the section of these an project report on
“cyber security” these topic depends largely on the encouragement and guidance of our teachers.
We take this opportunity to express our gratitude to the teachers who have been instrumental in the
approval of this project report.

We would like to show our greatest appreciation to H.O.D of C.S department “MR. B.LPAL” and
other staff members .we cannot think them enough for their tremendous support and help.
They motivated and encouragement use very time while selecting the proper an cyber security topic.
Without their encouragement and guidance ,we would not have been able to select the proper topic.

The contribution and support received from all the team members including “PAWAN NATH” is
vital. Spirit of all members shown by all has made an project report are successful.

PAWAN NATH YOGI B.TECH (C.S.E) ,MUR2100428.

S. No List of contents

1 Cyber security introduction -Basics

2 Layers of Security
Security vulnerabilities, threats and Attacks
3

4 Cyber Threats-Cyber-Warfare

5 Cyberspace and the Law & Cyber Forensics

6 National Cyber security Policy

7 Cyber Forensics

8 Cybercrime-Mobile and wireless devices

9 Security Challenges proposed by Mobile devices

10 Cyber security-Organizational Implications

11 Social Media Marketing

12 Privacy Issues-Data Privacy attacks

13 Privacy Policy Languages

 Introduction to Cyber Security

Cyber Security Introduction - Cyber Security Basics:

Cyber security is the most concerned matter as cyber threats and attacks are overgrowing.
Attackers are now using more sophisticated techniques to target the systems. Individuals,
small-scale businesses or large organization, are all being impacted. So, all these firms whether
IT or non-IT firms have understood the importance of Cyber Security and focusing on adopting
all possible measures to deal with cyber threats.

What is cyber security?

"Cyber security is primarily about people, processes, and technologies working together to
encompass the full range of threat reduction, vulnerability reduction, deterrence, international
engagement, incident response, resiliency, and recovery policies and activities, including
computer network operations, information assurance, law enforcement, etc."
OR
Cyber security is the body of technologies, processes, and practices designed to protect networks,
computers, programs and data from attack, damage or unauthorized access.

• The term cyber security refers to techniques and practices designed to protect digital data.

• The data that is stored, transmitted or used on an information system.

OR
Cyber security is the protection of Internet-connected systems, including hardware, software, and
data from cyber attacks.
It is made up of two words one is cyber and other is security.
• Cyber is related to the technology which contains systems, network and programs or data.

• Whereas security related to the protection which includes systems security, network
security and application and information security.

Why is cyber security important?

Listed below are the reasons why cyber security is so important in what’s become a predominant
digital world:

• Cyber attacks can be extremely expensive for businesses to endure.

• In addition to financial damage suffered by the business, a data breach can also inflict
untold reputational damage.
• Cyber-attacks these days are becoming progressively destructive. Cybercriminals are
using more sophisticated ways to initiate cyber attacks.

• Regulations such as GDPR are forcing organizations into taking better care of the
personal data they hold.
 Because of the above reasons, cyber security has become an important part of the
business and the focus now is on developing appropriate response plans that minimize
the damage in the event of a cyber attack.

But, an organization or an individual can develop a proper response plan only when he
has a good grip on cyber security fundamentals.

Cyber security Fundamentals – Confidentiality:

Confidentiality is about preventing the disclosure of data to unauthorized parties.

It also means trying to keep the identity of authorized parties involved in sharing and holding
data private and anonymous.

Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle

(MITM) attacks, disclosing sensitive data.

Standard measures to establish confidentiality include:

• Data encryption
• Two-factor authentication
• Biometric verification
• Security tokens

Integrity

Integrity refers to protecting information from being modified by unauthorized parties.

Standard measures to guarantee integrity include:

• Cryptographic checksums
• Using file permissions
• Uninterrupted power supplies
• Data backups

Availability

Availability is making sure that authorized parties are able to access the information when
needed.

Standard measures to guarantee availability include:

• Backing up data to external drives

• Implementing firewalls
• Having backup power supplies
• Data redundancy
Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to

alter computer code, logic or data and lead to cybercrimes, such as information and identity
theft.

Cyber-attacks can be classified into the following categories:

1) Web-based attacks 2) System-based attacks

Web-based attacks

These are the attacks which occur on a website or web applications. Some of the important web-
based attacks are as follows-

1. Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting traffic
to the attackers computer or any other computer. The DNS spoofing attacks can go on for a
long period of time without being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have access
to all of the user data.

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a trustworthy
entity in electronic communication.

5. Brute force

It is a type of attack which uses a trial and error method. This attack generates a large number
of guesses and validates them to obtain actual data like user password and personal
identification number. This attack may be used by criminals to crack encrypted data, or by
security, analysts to test an organization's network security.
6. Denial of Service

It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a
crash. It uses the single system and single internet connection to attack a server. It can be
classified into the following-

Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is measured
in bit per second.

Protocol attacks- It consumes actual server resources, and is measured in a packet.

Application layer attacks- Its goal is to crash the web server and is measured in request per
second.

7. Dictionary attacks

This type of attack stored the list of a commonly used password and validated them to get original
password.

8. URL Interpretation

It is a type of attack where we can change the certain parts of a URL, and one can make a web
server to deliver web pages for which he is not authorized to browse.

9. File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of
the include functionality.

10. Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read, insert
and modify the data in the intercepted connection.

System-based attacks

These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows-

1. Virus

It is a type of malicious software program that spread throughout the computer files without
the knowledge of a user. It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed. It can also execute
instructions that cause harm to the system.
2. Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected

computers. It works same as the computer virus. Worms often originate from email attachments
that appear to be from trusted senders.

3. Trojan horse

It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It appears
to be a normal application but when opened/executed some malicious code will run in the
background.

4. Backdoors

It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes. 5. Bots

A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they receive
specific input. Common examples of bots program are the crawler, chatroom bots, and
malicious bots.
SECURITY VULNERABILITIES, THREATS AND ATTACKS –
Categories of vulnerabilities
• Corrupted (Loss of integrity)
• Leaky (Loss of confidentiality)
• Unavailable or very slow (Loss of availability)
– Threats represent potential security harm to an asset when vulnerabilities are
exploited - Attacks are threats that have been carried out
• Passive – Make use of information from the system without affecting system
resources

• Active – Alter system resources or affect operation

• Insider – Initiated by an entity inside the organization Outsider – Initiated from

outside the perimeter

Computer criminals
Computer criminals have access to enormous amounts of hardware, software, and data;
they have the potential to cripple much of effective business and government throughout
the world. In a sense, the purpose of computer security is to prevent these criminals from
doing damage.
We say computer crime is any crime involving a computer or aided by the use of one.
Although this definition is admittedly broad, it allows us to consider ways to protect
ourselves, our businesses, and our communities against those who use computers
maliciously.
One approach to prevention or moderation is to understand who commits these crimes and
why. Many studies have attempted to determine the characteristics of computer criminals.
By studying those who have already used computers to commit crimes, we may be able in
the future to spot likely criminals and prevent the crimes from occurring.

CIA Triad
The CIA Triad is actually a security model that has been developed to help people think
about various parts of IT security.
CIA triad broken down:
Assets and Threat

What is an Asset: An asset is any data, device or other component of an organization’s

systems that is valuable – often because it contains sensitive data or can be used to access
such information.

For example: An employee’s desktop computer, laptop or company phone would be

considered an asset, as would applications on those devices. Likewise, critical
infrastructure, such as servers and support systems, are assets. An organization’s most
common assets are information assets. These are things such as databases and physical files
– i.e. the sensitive data that you store

What is a threat: A threat is any incident that could negatively affect an asset – for
example, if it’s lost, knocked offline or accessed by an unauthorized party.

Threats can be categorized as circumstances that compromise the confidentiality, integrity

or availability of an asset, and can either be intentional or accidental.

Intentional threats include things such as criminal hacking or a malicious insider stealing
information, whereas accidental threats generally involve employee error, a technical
malfunction or an event that causes physical damage, such as a fire or natural disaster.

Motive of Attackers

The categories of cyber-attackers enable us to better understand the attackers' motivations

and the actions they take. As shown in Figure, operational cyber security risks arise from
three types of actions: i) inadvertent actions (generally by insiders) that are taken without
malicious or harmful intent; ii) deliberate actions (by insiders or outsiders) that are taken
intentionally and are meant to do harm; and iii) inaction (generally by insiders), such as a
failure to act in a given situation, either because of a lack of appropriate skills, knowledge,
guidance, or availability of the correct person to take action Of primary concern here are
deliberate actions, of which there are three categories of motivation.

1. Political motivations: examples include destroying, disrupting, or taking control of

targets; espionage; and making political statements, protests, or retaliatory actions.
2. Economic motivations: examples include theft of intellectual property or other
economically valuable assets (e.g., funds, credit card information); fraud; industrial
espionage and sabotage; and blackmail.
3. Socio-cultural motivations: examples include attacks with philosophical, theological,
political, and even humanitarian goals. Socio-cultural motivations also include fun,
curiosity, and a desire for publicity or ego gratification.
Types of cyber-attacker actions and their motivations when deliberate

Active attacks: An active attack is a network exploit in which a hacker attempts to make
changes to data on the target or data en route to the target.

Types of Active attacks:

Masquerade: in this attack, the intruder pretends to be a particular user of a system to gain
access or to gain greater privileges than they are authorized for. A masquerade may be
attempted through the use of stolen login IDs and passwords, through finding security gaps
in programs or through bypassing the authentication mechanism.

Session replay: In this type of attack, a hacker steals an authorized user’s log in information
by stealing the session ID. The intruder gains access and the ability to do anything the
authorized user can do on the website.

Message modification: In this attack, an intruder alters packet header addresses to direct
a message to a different destination or modify the data on a target machine.

In a denial of service (DoS) attack, users are deprived of access to a network or web
resource. This is generally accomplished by overwhelming the target with more traffic than
it can handle.

In a distributed denial-of-service (DDoS) exploit, large numbers of compromised systems

(sometimes called a botnet or zombie army) attack a single target.

Passive Attacks:Passive attacks are relatively scarce from a classification perspective, but
can be carried out with relative ease, particularly if the traffic is not encrypted.
Types of Passive attacks:

Eavesdropping (tapping): the attacker simply listens to messages exchanged by two

entities. For the attack to be useful, the traffic must not be encrypted. Any unencrypted
information, such as a password sent in response to an HTTP request, may be retrieved by
the attacker.

Traffic analysis: the attacker looks at the metadata transmitted in traffic in order to deduce
information relating to the exchange and the participating entities, e.g. the form of the
exchanged traffic (rate, duration, etc.). In the cases where encrypted data are used, traffic
analysis can also lead to attacks by cryptanalysis, whereby the attacker may obtain
information or succeed in unencrypting the traffic.

Software Attacks: Malicious code (sometimes called malware) is a type of software

designed to take over or damage a computer user's operating system, without the user's
knowledge or approval. It can be very difficult to remove and very damaging. Common
malware examples are listed in the following table:

Attack Characteristics
Virus A virus is a program that attempts to damage a computer system and replicate itself
to other computer systems. A virus:

• Requires a host to replicate and usually attaches itself to a host file or a hard
drive sector.
• Replicates each time the host is used.
• Often focuses on destruction or corruption of data.
• Usually attaches to files with execution capabilities such as .doc, .exe, and
.bat extensions.
• Often distributes via e-mail. Many viruses can e-mail themselves to
everyone in your address book.
• Examples: Stoned, Michelangelo, Melissa, I Love You.

Worm A worm is a self-replicating program that can be designed to do any number of

things, such as delete files or send documents via e-mail. A worm can negatively
impact network traffic just in the process of replicating itself. A worm:

• Can install a backdoor in the infected computer.

• Is usually introduced into the system through a vulnerability.
• Infects one system and spreads to other systems on the network.
• Example: Code Red.
Trojan A Trojan horse is a malicious program that is disguised as legitimate software.
horse Discretionary environments are often more vulnerable and susceptible to Trojan
horse attacks because security is user focused and user directed. Thus the
compromise of a user account could lead to the compromise of the entire
environment. A Trojan horse:

• Cannot replicate itself.

• Often contains spying functions (such as a packet sniffer) or backdoor
functions that allow a computer to be remotely controlled from the network.
• Often is hidden in useful software such as screen savers or games.
• Example: Back Orifice, Net Bus, Whack-a-Mole.

Logic A Logic Bomb is malware that lies dormant until triggered. A logic bomb is a specific
Bomb example of an asynchronous attack.

• A trigger activity may be a specific date and time, the launching of a

specific program, or the processing of a specific type of activity.
• Logic bombs do not self-replicate.

Hardware Attacks:
Common hardware attacks include:

• Manufacturing backdoors, for malware or other penetrative purposes; backdoors

aren’t limited to software and hardware, but they also affect embedded
radiofrequency identification (RFID) chips and memory

• Eavesdropping by gaining access to protected memory without opening other

hardware

• Inducing faults, causing the interruption of normal behaviour

• Hardware modification tampering with invasive operations

• Backdoor creation; the presence of hidden methods for bypassing normal computer
authentication systems

• Counterfeiting product assets that can produce extraordinary operations and those
made to gain malicious access to systems.
Cyber Threats-Cyber Warfare:Cyber warfare refers to the use of digital attacks --
like computer viruses and hacking -- by one country to disrupt the vital computer
systems of another, with the aim of creating damage, death and destruction. Future wars
will see hackers using computer code to attack an enemy's infrastructure, fighting
alongside troops using conventional weapons like guns and missiles.
 Cyber warfare involves the actions by a nation-state or international organization to
attack and attempt to damage another nation's computers or information networks
through, for example, computer viruses or denial-of-service attacks.
Cyber Crime:
Cybercrime is criminal activity that either targets or uses a computer, a computer
network or a networked device.Cybercrime is committed by cybercriminals or hackers
who want to make money. Cybercrime is carried out by individuals or organizations.
Some cybercriminals are organized, use advanced techniques and are highly technically
skilled. Others are novice hackers.
Cyber Terrorism:
Cyber terrorism is the convergence of cyberspace and terrorism. It refers to unlawful
attacks and threats of attacks against computers, networks and the information stored
therein when done to intimidate or coerce a government or its people in furtherance of
political or social objectives.
Examples are hacking into computer systems, introducing viruses to vulnerable
networks, web site defacing, Denial-of-service attacks, or terroristic threats made via
electronic communication.
Cyber Espionage:
Cyber spying, or cyber espionage, is the act or practice of obtaining secrets and
information without the permission and knowledge of the holder of the information
from individuals, competitors, rivals, groups, governments and enemies for personal,
economic, political or military advantage using methods on the Internet.

Security Policies:
Security policies are a formal set of rules which is issued by an organization to ensure that
the user who are authorized to access company technology and information assets comply
with rules and guidelines related to the security of information.

A security policy also considered to be a "living document" which means that the document
is never finished, but it is continuously updated as requirements of the technology and
employee changes.

We use security policies to manage our network security. Most types of security policies
are automatically created during the installation. We can also customize policies to suit our
specific environment. Need of Security policies-

1) It increases efficiency.

2) It upholds discipline and accountability

3) It can make or break a business deal

4) It helps to educate employees on security literacy

There are some important cyber security policies recommendations describe below-

Virus and Spyware Protection policy:

• It helps to detect threads in files, to detect applications that exhibits suspicious

behavior.
• Removes, and repairs the side effects of viruses and security risks by using
signatures.

Firewall Policy:

• It blocks the unauthorized users from accessing the systems and networks that
connect to the Internet.
• It detects the attacks by cybercriminals and removes the unwanted sources of
network traffic.

Intrusion Prevention policy:

• This policy automatically detects and blocks the network attacks and browser
attacks.
• It also protects applications from vulnerabilities and checks the contents of one or
more data packages and detects malware which is coming through legal ways.

Application and Device Control:

• This policy protects a system's resources from applications and manages the
peripheral devices that can attach to a system
 CYBERSPACE AND THE LAW & CYBER FORENSICS

CYBERSPACE
Cyberspace can be defined as an intricate environment that involves interactions between
people, software, and services. It is maintained by the worldwide distribution of
information and communication technology devices and networks.
With the benefits carried by the technological advancements, the cyberspace today has
become a common pool used by citizens, businesses, critical information infrastructure,
military and governments in a fashion that makes it hard to induce clear boundaries among
these different groups. The cyberspace is anticipated to become even more complex in the
upcoming years, with the increase in networks and devices connected to it.

REGULATIONS
There are five predominant laws to cover when it comes to cybersecurity:
Information Technology Act, 2000 The Indian cyber laws are governed by the Information
Technology Act, penned down back in 2000. The principal impetus of this Act is to offer
reliable legal inclusiveness to eCommerce, facilitating registration of real-time records
with the Government.
But with the cyber attackers getting sneakier, topped by the human tendency to misuse
technology, a series of amendments followed.
The ITA, enacted by the Parliament of India, highlights the grievous punishments and
penalties safeguarding the e-governance, e-banking, and e-commerce sectors. Now, the
scope of ITA has been enhanced to encompass all the latest communication devices.
The IT Act is the salient one, guiding the entire Indian legislation to govern cybercrimes
rigorously:
Section 43 - Applicable to people who damage the computer systems without permission
from the owner. The owner can fully claim compensation for the entire damage in such
cases.
Section 66 - Applicable in case a person is found to dishonestly or fraudulently committing
any act referred to in section 43. The imprisonment term in such instances can mount up to
three years or a fine of up to Rs. 5 lakh.
Section 66B - Incorporates the punishments for fraudulently receiving stolen
communication devices or computers, which confirms a probable three years
imprisonment. This term can also be topped by Rs. 1 lakh fine, depending upon the severity.
Section 66C - This section scrutinizes the identity thefts related to imposter digital
signatures, hacking passwords, or other distinctive identification features. If proven guilty,
imprisonment of three years might also be backed by Rs.1 lakh fine.
Section 66 D - This section was inserted on-demand, focusing on punishing cheaters doing
impersonation using computer resources.
Indian Penal Code (IPC) 1980
Identity thefts and associated cyber frauds are embodied in the Indian Penal Code (IPC),
1860 - invoked along with the Information Technology Act of 2000.
The primary relevant section of the IPC covers cyber frauds:
Forgery (Section 464)
Forgery pre-planned for cheating (Section 468)
False documentation (Section 465)
Presenting a forged document as genuine (Section 471)
Reputation damage (Section 469)
Companies Act of 2013
The corporate stakeholders refer to the Companies Act of 2013 as the legal obligation
necessary for the refinement of daily operations. The directives of this Act cements all the
required techno-legal compliances, putting the less compliant companies in a legal fix.
The Companies Act 2013 vested powers in the hands of the SFIO (Serious Frauds
Investigation Office) to prosecute Indian companies and their directors. Also, post the
notification of the Companies Inspection, Investment, and Inquiry Rules, 2014, SFIOs has
become even more proactive and stern in this regard.
The legislature ensured that all the regulatory compliances are well-covered, including
cyber forensics, e-discovery, and cybersecurity diligence. The Companies (Management
and Administration) Rules, 2014 prescribes strict guidelines confirming the cybersecurity
obligations and responsibilities upon the company directors and leaders.
NIST Compliance
The Cybersecurity Framework (NCFS), authorized by the National Institute of Standards
and Technology (NIST), offers a harmonized approach to cybersecurity as the most reliable
global certifying body.
NIST Cybersecurity Framework encompasses all required guidelines, standards, and best
practices to manage the cyber-related risks responsibly. This framework is prioritized on
flexibility and cost-effectiveness.
It promotes the resilience and protection of critical infrastructure by: Allowing better
interpretation, management, and reduction of cybersecurity risks – to mitigate data loss,
data misuse, and the subsequent restoration costs Determining the most important activities
and critical operations - to focus on securing them Demonstrates the trust-worthiness of
organizations who secure critical assets Helps to prioritize investments to maximize the
cybersecurity ROI Addresses regulatory and contractual obligations Supports the wider
information security program By combining the NIST CSF framework with ISO/IEC
27001 - cybersecurity risk management becomes simplified. It also makes communication
easier throughout the organization and across the supply chains via a common
cybersecurity directive laid by NIST.
DIGITAL FORENSICS LIFECYCLE:

Collection: The first step in the forensic process is to identify potential sources of data and
acquire data from them.
Examination:After data has been collected, the next phase is to examine the data, which
involves assessing and extracting the relevant pieces of information from the collected data.
This phase may also involve bypassing or mitigating OS or application features that
obscure data and code, such as data compression, encryption, and access control
mechanisms.
Analysis: Once the relevant information has been extracted, the analyst should study and
analyze the data to draw conclusions from it. The foundation of forensics is using a
methodical approach to reach appropriate conclusions based on the available data or
determine that no conclusion can yet be drawn.
Reporting: The process of preparing and presenting the information resulting from the
analysis phase. Many factors affect reporting, including the following:
a. Alternative Explanations:When the information regarding an event is incomplete,
it may not be possible to arrive at a definitive explanation of what happened. When
an event has two or more plausible explanations, each should be given due
consideration in the reporting process. Analysts should use a methodical approach
to attempt to prove or disprove each possible explanation that is proposed.

b. Audience Consideration. Knowing the audience to which the data or information

will be shown is important.

c. Actionable Information. Reporting also includes identifying actionable

information gained from data that may allow an analyst to collect new sources of
information
FORENSICS INVESTIGATION:
Forensics are the scientific methods used to solve a crime. Forensic investigation is the
gathering and analysis of all crime-related physical evidence in order to come to a
 CYBERCRIMES: MOBILE AND WIRELESS
INTRODUCTION. Why should mobile devices be protected? Every day, mobile devices
are lost, stolen, and infected. Mobile devices can store important business and personal
information, and are often be used to access University systems, email, banking

Proliferation of mobile and wireless devices:

 people hunched over their smartphones or tablets in cafes, airports, supermarkets
and even at bus stops, seemingly oblivious to anything or anyone around them.
 They play games, download email, go shopping or check their bank balances on the
go.
They might even access corporate networks and pull up a document or two on their mobile
gadgets
Today, incredible advances are being made for mobile devices. The trend is for smaller
devices and more processing power. A few years ago, the choice was between a wireless
phone and a simple PDA. Now the buyers have a choice between high-end PDAs with
integrated wireless modems and small phones with wireless Web-browsing capabilities. A
long list of options is available to the mobile users. A simple hand-held mobile device
provides enough computing power to run small applications, play games and music, and
make voice calls. A key driver for the growth of mobile technology is the rapid growth of
business solutions into hand-held devices.
As the term "mobile device" includes many products. We first provide a clear distinction
among the key terms: mobile computing, wireless computing and hand-held devices.
Figure below helps us understand how these terms are related. Let us understand the
concept of mobile computing and the various types of devices.

Mobile computing is "taking a computer and all necessary files and software out into the
field." Many types of mobile computers have been introduced since 1990s. They are as
follows:
1. Portable computer: It is a general-purpose computer that can be easily moved
from one place to another, but cannot be used while in transit, usually because it requires
some "setting-up" and an AC power source.
2. Tablet PC: It lacks a keyboard, is shaped like a slate or a paper notebook and has
features of a touchscreen with a stylus and handwriting recognition software. Tablets may
not be best suited for applications requiring a physical keyboard for typing, but are
otherwise capable of carrying out most tasks that an ordinary laptop would be able to
perform.
3. Internet tablet: It is the Internet appliance in tablet form. Unlike a Tablet PC, the
Internet tablet does not have much computing power and its applications suite is limited.
Also it cannot replace a general-purpose computer. The Internet tablets typically feature an
MP3 and video player, a Web browser, a chat application and a picture viewer.
4. Personal digital assistant (PDA): It is a small, usually pocket-sized, computer
with limited functionality. It is intended to supplement and synchronize with a desktop
computer, giving access to contacts, address book, notes, E-Mail and other features.
5. Ultramobile (PC): It is a full-featured, PDA-sized computer running a general-
purpose operating system (OS).
6. Smartphone: It is a PDA with an integrated cell phone functionality. Current
Smartphones have a wide range of features and installable applications.
7. Carputer: It is a computing device installed in an automobile. It operates as a
wireless computer, sound system, global positioning system (GPS) and DVD player. It also
contains word processing software and is Bluetooth compatible.
8. Fly Fusion Pentop computer: It is a computing device with the size and shape of
a pen. It functions as a writing utensil, MP3 player, language translator, digital storage
device and calculator.
Trends in Mobility:
Mobile computing is moving into a new era, third generation ( 3G), which promises greater
variety in applications and have highly improved usability as well as speedier networking.
"iPhone" from Apple and Google-led "Android" phones are the best examples of this trend
and there are plenty of other developments that point in this direction. This smart mobile
technology is rapidly gaining popularity and the attackers (hackers and crackers) are among
its biggest fans.
It is worth noting the trends in mobile computing; this will help readers to readers to realize
the seriousness of cybersecurity issues in the mobile computing domain. Figure below
shows the different types of mobility and their implications.
The new technology 3G networks are not entirely built with IP data security. Moreover, IP
data world when compared to voice-centric security threats is new to mobile operators.
There are numerous attacks that can be committed against mobile networks and they can
originate from two primary vectors. One is from outside the mobile network - that is, public
Internet, private networks and other operator's networks - and the other is within the mobile
networks- that is, devices such as data-capable handsets and Smartphones, notebook
computers or even desktop computers connected to the 3G network.
Popular types of attacks against 3G mobile networks are as follows:
1. Malwares, viruses and worms: Although many users are still in the transient
process of switching from 2G,2.5G2G,2.5G to 3G,3G, it is a growing need to educate the
community people and provide awareness of such threats that exist while using mobile
devices. Here are few examples of malware(s) specific to mobile devices:
• Skull Trojan: I targets Series 60 phones equipped with the Symbian mobile OS.
• Cabir Worm: It is the first dedicated mobile-phone worm infects phones running
on Symbian OS and scans other mobile devices to send a copy of itself to the first
vulnerable phone it finds through Bluetooth Wireless technology. The worst thing
about this worm is that the source code for the Cabir-H and Cabir-I viruses is
available online.
• Mosquito Trojan: It affects the Series 60 Smartphones and is a cracked version of
"Mosquitos" mobile phone game.
• Brador Trojan: It affects the Windows CE OS by creating a svchost. exe file in the
Windows start-up folder which allows full control of the device. This executable
file is conductive to traditional worm propagation vector such as E-Mail file
attachments.
• Lasco Worm: It was released first in 2005 to target PDAs and mobile phones
running the Symbian OS. Lasco is based on Cabir's source code and replicates over
Bluetooth connection.

2. Denial-of-service (DoS): The main objective behind this attack is to make the
system unavailable to the intended users. Virus attacks can be used to damage the system
to make the system unavailable. Presently, one of the most common cyber security threats
to wired Internet service providers (iSPs) is a distributed denial-of-service (DDos) attack
.DDoS attacks are used to flood the target system with the data so that the response from
the target system is either slowed or stopped.
3. Overbilling attack: Overbilling involves an attacker hijacking a subscriber's IP
address and then using it (i.e., the connection) to initiate downloads that are not "Free
downloads" or simply use it for his/her own purposes. In either case, the legitimate user is
charged for the activity which the user did not conduct or authorize to conduct.
4. Spoofed policy development process (PDP): These of attacks exploit the
vulnerabilities in the GTP [General Packet Radio Service (GPRS) Tunneling Protocol].
5. Signaling-level attacks: The Session Initiation Protocol (SIP) is a signaling
protocol used in IP multimedia subsystem (IMS) networks to provide Voice Over Internet
Protocol (VoIP) services. There are several vulnerabilities with SIP-based VolP systems.

Credit Card Frauds in Mobile and Wireless Computing Era:

These are new trends in cybercrime that are coming up with mobile computing - mobile
commerce (M-Commerce) and mobile banking (M-Banking). Credit card frauds are now
becoming commonplace given the ever-increasing power and the ever-reducing prices of
the mobile hand-held devices, factors that result in easy availability of these gadgets to
almost anyone. Today belongs to "mobile compüting," that is, anywhere anytime
computing. The developments in wireless technology have fuelled this new mode of
working for white collar workers. This is true for credit card processing too; wireless credit
card processing is a relatively new service that will allow a person to process credit cards
electronically, virtually anywhere. Wireless credit card processing is a very desirable
system, because it allows businesses to process transactions from mobile locations quickly,
efficiently and professionally. It is most often used by businesses that operate mainly in a
mobile environment

There is a system available from an Australian company "Alacrity" called closed-loop

environment for for wireless (CLEW). Figure above shows the flow of events with CLEW
which is a registered trademark of Alacrity used here only to demonstrate the flow in this
environment.

As shown in Figure, the basic flow is as follows:

 1. Merchant sends a transaction to bank
2. The bank transmits the request to the authorized cardholder
3. The cardholder approves or rejects (password protected)
4. The bank/merchant is notified
5. The credit card transaction is completed.

Security Challenges Posed by Mobile Devices:

Mobility brings two main challenges to cybersecurity: first, on the hand-held devices,
information is being taken outside the physically controlled environment and second
remote access back to the protected environment is being granted. Perceptions of the
organizations to these cybersecurity challenges are important in devising appropriate
security operating procedure. When people are asked about important in managing a
diverse range of mobile devices, they seem to be thinking of the ones shown in below
figure.
As the number of mobile device users increases, two challenges are presented: one at the
device level called "micro challenges" and another at the organizational level called
"macrochallenges."
Some well-known technical challenges in mobile security are: managing the registry
settings and configurations, authentication service security, cryptography security,
Lightweight Directory Access Protocol (LDAP) security, remote access server (RAS)
security, media player control security, networking application program interface (API),
security etc.

Registry Settings for Mobile Devices:

Let us understand the issue of registry settings on mobile devices through an example:
Microsoft Activesync is meant for synchronization with Windows-powered personal
computers (PCs) and Microsoft Outlook. ActiveSync acts as the "gateway between
Windows-powered PC and Windows mobile-powered device, enabling the transfer of
applications such as Outlook information, Microsoft Office documents, pictures, music,
videos and applications from a user's desktop to his/her device.
In addition to synchronizing with a PC, ActiveSync can synchronize directly with the
Microsoft exchange server so that the users can keep their E-Mails, calendar, notes and
contacts updated wirelessly when they are away from their PCs. In this context, registry
setting becomes an important issue given the ease with which various applications allow a
free flow of information.

Authentication Service Security:

There are two components of security in mobile computing: security of devices and security
in networks. A secure network access involves authentication between the device and the
base stations or Web servers. This is to ensure that only authenticated devices can be
connected to the network for obtaining the requested services. No Malicious Code can
impersonate the service provider to trick the device into doing something it does not mean
to. Thus, the networks also play a crucial role in security of mobile devices.
Some eminent kinds of attacks to which mobile devices are subjected to are: push attacks,
pull attacks and crash attacks.
Authentication services security is important given the typical attacks on mobile devices
through wireless networks: Dos attacks, traffic analysis, eavesdropping, man-in-the-middle
attacks and session hijacking. Security measures in this scenario come from Wireless
Application Protocols (WAPs), use of VPNs, media access control (MAC) address filtering
and development in 802.xx standards.

Attacks on Mobile-Cell Phones:

Mobile Phone Theft:

Mobile phones have become an integral part of everbody's life and the mobile phone
has transformed from being a luxury to a bare necessity. Increase in the purchasing
power and availability of numerous low cost handsets have also lead to an increase in
mobile phone users. Theft of mobile phones has risen dramatically over the past few
years. Since huge section of working population in India use public transport, major
locations where theft occurs are bus stops, railway stations and traffic signals. The
following factors contribute for outbreaks on mobile devices:
1. Enough target terminals: The first Palm OS virus was seen after the number of
Palm OS devices reached 15 million. The first instance of a mobile virus was observed
during June 2004 when it was discovered that an organization "Ojam" had engineered
an antipiracy Trojan virus in older versions of their mobile phone game known as
Mosquito. This virus sent SMS text messages to the organization without the users'
knowledge.
2. Enough functionality: Mobile devices are increasingly being equipped with office
functionality and already carry critical data and applications, which are often protected
insufficiently or not at all. The expanded functionality also increases the probability of
malware.
3. Enough connectivity: Smartphones offer multiple communication options, such as
SMS, MMS, synchronization, Bluetooth, infrared (IR) and WLAN connections.
Therefore, unfortunately, the increased amount of freedom also offers more choices for
virus writers.

• Mobile - Viruses
• Concept of Mishing
 • Concept of Vishing
• Concept of Smishing
• Hacking - Bluetooth
Organizational security Policies and Measures in Mobile Computing Era:
Proliferation of hand-held devices used makes the cybersecurity issue graver than what we
would tend to think. People have grown so used to their hand-helds they are treating them
like wallets! For example, people are storing more types of confidential information on
mobile computing devices than their employers or they themselves know; they listen to
music using their-hand-held devices.One should think about not to keep credit card and
bank account numbers, passwords, confidential E-Mails and strategic information about
organization, merger or takeover plans and also other valuable information that could
impact stock values in the mobile devices. Imagine the business impact if an employee's
USB, pluggable drive or laptop was lost or stolen, revealing sensitive customer data such
as credit reports, social security numbers (SSNs) and contact information.
Operating Guidelines for Implementing Mobile Device Security Policies
In situations such as those described above, the ideal solution would be to prohibit all
confidential data from being stored on mobile devices, but this may not always be practical.
Organizations can, however, reduce the risk that confidential information will be accessed
from lost or stolen mobile devices through the following steps:
1. Determine whether the employees in the organization need to use mobile
computing devices at all, based on their risks and benefits within the organization,
industry and regulatory environment.
2. Implement additional security technologies, as appropriate to fit both the
organization and the types of devices used. Most (and perhaps all) mobile
computing devices will need to have their native security augmented with such
tools as strong encryption, device passwords and physical locks. Biometrics
techniques can be used for authentication and encryption and have great potential
to eliminate the challenges associated with passwords.
3. Standardize the mobile computing devices and the associated security tools being
used with them. As a matter of fundamental principle, security deteriorates quickly
as the tools and devices used become increasingly disparate.
4. Develop a specific framework for using mobile computing devices, including
guidelines for data syncing, the use of firewalls and anti-malware software and the
types of information that can be stored on them.
5. Centralize management of your mobile computing devices. Maintain an inventory
so that you know who is using what kinds of devices.,
6. Establish patching procedures for software on mobile devices. This can often be
simplified by integrating patching with syncing or patch management with the
centralized
7. Provide education and awareness training to personnel using mobile devices.
People cannot be expected to appropriately secure their information if they have
not been told how.

Organizational Policies for the Use of Mobile Hand-Held Devices

There are many ways to handle the matter of creating policy for mobile devices. One way
is creating distinct mobile computing policy. Another way is including such devices
existing policy. There are also approaches in between where mobile devices fall under both