Cyber Security

Unit 1

Introduction to Cyber Security

Cyber Security refers to the practice of protecting systems, networks, and programs from digital
attacks. These cyberattacks are often aimed at accessing, altering, or destroying sensitive
information, extorting money from users, or interrupting normal business processes. Cyber
Security involves multiple layers of protection across the devices, networks, and data.

Importance and Challenges in Cyber Security

Importance:

1. Data Protection: Safeguards sensitive information like personal details, financial

records, and intellectual property.
2. Business Continuity: Ensures operations are not disrupted by cyber threats.
3. Trust Maintenance: Builds customer and stakeholder confidence in organizational
security.
4. Legal Compliance: Meets regulatory requirements like GDPR, HIPAA, etc.

Challenges:

1. Evolving Threats: Hackers continuously develop sophisticated attack methods.

2. Lack of Awareness: Insufficient knowledge among users about safe practices.
3. Resource Constraints: Small organizations often lack sufficient budgets for robust
security.
4. Insider Threats: Employees or contractors with malicious intent.
5. Zero-Day Exploits: Attacks exploiting unknown vulnerabilities.

Cyberspace

Cyberspace is the virtual environment where digital communication occurs. It encompasses the
internet, computer systems, networks, and associated digital technologies. It serves as a medium
for interaction, data exchange, and resource sharing.

Cyber Threats

Cyber threats are malicious acts aiming to damage, steal, or disrupt digital assets.
Common Types:

1. Phishing: Fraudulent emails to steal sensitive information.

2. Malware: Software designed to harm systems (e.g., viruses, ransomware).
3. DDoS Attacks: Overloading systems to cause downtime.
4. Man-in-the-Middle (MITM): Intercepting communication to steal data.
5. Insider Threats: Exploits by trusted individuals within an organization.

Cyberwarfare

Cyberwarfare involves the use of cyberattacks by nations or groups to damage another nation's
infrastructure or assets. Objectives include espionage, sabotage, and economic disruption.
Examples include the Stuxnet worm and attacks on critical systems like power grids.

CIA Triad

The CIA Triad forms the cornerstone of Cyber Security:

1. Confidentiality: Ensures information is accessible only to authorized parties.

2. Integrity: Protects information from unauthorized modification.
3. Availability: Ensures data and systems are accessible when needed.

Cyber Terrorism

Cyber terrorism involves the use of digital attacks to instill fear or coerce governments. It targets
critical infrastructure, financial systems, or public safety networks, potentially leading to
physical or financial damage.

Cyber Security of Critical Infrastructure

Critical infrastructure includes essential systems like power grids, water supply, transportation,
and healthcare. Protecting these systems from cyber threats ensures national security and public
safety. Techniques include:

1. Network Segmentation: Isolating critical systems from general networks.

2. Intrusion Detection Systems: Identifying and mitigating attacks.
3. Redundancy: Backups to ensure service continuity.
Cybersecurity - Organizational Implications

Organizations face several implications from cyber risks:

1. Financial Loss: Costs due to data breaches, fines, or operational disruption.

2. Reputation Damage: Loss of customer trust and market credibility.
3. Legal Liabilities: Penalties for non-compliance with regulations.
4. Operational Impact: Disruptions due to ransomware or other attacks.

Effective measures include employee training, incident response plans, and advanced threat
detection systems.

Unit 2

Hackers and Cyber Crimes

Types of Hackers

Hackers are individuals who exploit vulnerabilities in systems to gain unauthorized access. They
can be classified based on their intent and activities:

1. White Hat Hackers (Ethical Hackers) – Security experts who identify and fix
vulnerabilities to enhance protection.
2. Black Hat Hackers – Malicious hackers who exploit systems for personal or financial
gain.
3. Gray Hat Hackers – Operate in between; they hack systems without malicious intent but
without permission.
4. Script Kiddies – Inexperienced individuals using pre-written scripts to attack systems.
5. Hacktivists – Hackers driven by political or social motives to disrupt or deface websites.
6. State-Sponsored Hackers – Employed by governments to engage in espionage or cyber
warfare.

Hackers and Crackers

 Hackers: Can have positive or negative intent; their focus is primarily on exploring or
securing systems.
 Crackers: Malicious individuals who break into systems, bypass security, and cause
damage or steal data.
Cyber-Attacks and Vulnerabilities

 Cyber-Attacks are attempts to damage, disrupt, or gain unauthorized access to systems.

 Vulnerabilities are weaknesses in software, hardware, or networks that hackers exploit.

Common Cyber Attacks:

1. Denial of Service (DoS) and Distributed DoS (DDoS) – Overloading systems to disrupt
services.
2. SQL Injection – Injecting malicious SQL code to manipulate databases.
3. Cross-Site Scripting (XSS) – Injecting scripts into web pages viewed by other users.
4. Man-in-the-Middle (MITM) – Intercepting communication between two parties.
5. Zero-Day Exploits – Attacks exploiting unknown vulnerabilities.

Malware Threats

Malware refers to malicious software designed to harm or exploit systems.

1. Viruses – Attach to legitimate programs and spread when executed.

2. Worms – Self-replicating malware that spreads across networks without human
intervention.
3. Trojans – Disguise as legitimate software but contain malicious code.
4. Ransomware – Encrypts files and demands ransom for decryption.
5. Spyware – Secretly collects user information.
6. Rootkits – Provides unauthorized access and hides malware.

Sniffing

Sniffing is the practice of intercepting and capturing data packets as they travel across a network.

 Passive Sniffing: Monitoring unencrypted traffic without altering it.

 Active Sniffing: Injecting packets into the network to capture data from switched
networks.

Tools: Wireshark, Tcpdump

Gaining Access
Hackers use various methods to gain unauthorized access to systems:

1. Phishing – Tricking users into revealing sensitive information.

2. Brute Force Attack – Repeatedly guessing passwords until correct.
3. Exploiting Vulnerabilities – Using tools to exploit weaknesses in software.

Escalating Privileges

Once access is gained, hackers escalate their privileges to gain administrative control.
Methods:

 Privilege Escalation Exploits

 Misconfigurations
 Buffer Overflow Attacks

Executing Applications

Hackers may execute malicious applications to control or compromise systems.

 Remote Code Execution (RCE)

 Script Injection

Hiding Files

To avoid detection, hackers hide files within the system.

Techniques:

 Steganography – Hiding data within other files (e.g., images).

 Rootkits
 File Attribute Modification

Covering Tracks

After gaining access, hackers erase evidence to avoid detection.

 Log Tampering
 Clearing Event Logs
 Using Anti-Forensic Tools
Worms

 Definition: Self-replicating malware that spreads across networks without user

intervention.
 Impact: Consumes bandwidth and overloads networks.
 Example: ILOVEYOU Worm, Conficker

Trojans

 Definition: Malware disguised as legitimate software that provides unauthorized access.

 Function: Opens a backdoor for remote control.
 Example: Zeus Trojan

Viruses

 Definition: Malware that attaches to files and spreads when executed.

 Impact: Corrupts data and disrupts operations.
 Example: Michelangelo Virus, Melissa Virus

Backdoors

Backdoors are hidden entry points in software or hardware that allow unauthorized access.

 Intentional: Left by developers for maintenance.

 Malicious: Installed by hackers to retain access.

Unit 3

Ethical Hacking and Social Engineering

Ethical Hacking Concepts and Scopes

Ethical Hacking refers to the authorized practice of intentionally probing systems, networks, or
applications for vulnerabilities to enhance security. Ethical hackers, also known as “white hat
hackers,” simulate cyberattacks to identify and fix security flaws.

Scope of Ethical Hacking:

1. Network Security – Testing firewalls, routers, and network configurations.

2. Web Application Security – Examining websites for vulnerabilities like SQL injection
or XSS.
3. System Hacking – Testing operating systems for weak spots.
4. Wireless Security – Assessing vulnerabilities in wireless networks.
5. Physical Security – Identifying risks in physical infrastructure that could compromise
systems.

Objectives:

 Improve security posture.

 Identify vulnerabilities before malicious hackers do.
 Ensure compliance with security regulations.
 Protect customer and organizational data.

Threats and Attack Vectors

Threats: Any circumstance that can compromise the security of data or systems.
Attack Vectors: Methods used by hackers to breach systems.

Common Threats and Attack Vectors:

1. Malware – Viruses, worms, and Trojans.

2. Phishing – Deceiving users to extract sensitive information.
3. Denial of Service (DoS) – Disrupting services through overwhelming traffic.
4. Man-in-the-Middle (MITM) – Intercepting communications.
5. Zero-Day Exploits – Attacking systems with unknown vulnerabilities.

Information Assurance

Information Assurance (IA) ensures the protection, integrity, and availability of data.
Key Pillars:

1. Confidentiality – Restricting data access to authorized users.

2. Integrity – Ensuring data accuracy and consistency.
3. Availability – Keeping data accessible when required.
 4. Authentication – Verifying identities before granting access.
5. Non-Repudiation – Preventing parties from denying actions they performed.

Threat Modelling

Threat modeling involves identifying and analyzing security threats to develop countermeasures.
Steps in Threat Modelling:

1. Identify Assets – Determine what needs protection.

2. Enumerate Threats – List possible threats.
3. Assess Vulnerabilities – Identify system weaknesses.
4. Prioritize Risks – Rank threats based on severity.
5. Develop Mitigations – Create solutions to address each threat.

Common Frameworks: STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure,

Denial of Service, Elevation of Privileges).

Enterprise Information Security Architecture (EISA)

EISA is a framework used to develop and manage an organization's IT security.

Key Components:

1. Risk Management – Identifying and mitigating risks.

2. Access Control – Defining roles and permissions.
3. Security Policies – Creating guidelines for data protection.
4. Incident Response – Planning for security breaches.
5. Security Awareness – Educating employees about threats.

Vulnerability Assessment and Penetration Testing (VAPT)

Vulnerability Assessment: The process of identifying weaknesses in systems.

Penetration Testing (Pen Testing): Simulating attacks to exploit vulnerabilities and assess
risks.

Phases of VAPT:

1. Planning and Reconnaissance – Gathering intelligence.

2. Scanning – Identifying vulnerabilities.
3. Exploitation – Simulating real attacks.
4. Reporting – Documenting findings and suggesting solutions.
Types of Social Engineering

Social engineering manipulates people into divulging confidential information.

Types:

1. Phishing – Fraudulent emails or messages.

2. Pretexting – Fabricating scenarios to obtain information.
3. Baiting – Luring victims with attractive offers.
4. Tailgating – Following authorized personnel into restricted areas.
5. Quid Pro Quo – Offering something in return for information.

Insider Attack

An Insider Attack occurs when an employee or contractor misuses their access to compromise
systems.
Types:

1. Malicious Insiders – Intentionally harm the organization.

2. Negligent Insiders – Cause damage through careless actions.
3. Compromised Insiders – Employees whose accounts are hijacked by hackers.

Preventing Insider Threats

1. Access Control – Restricting access to sensitive data.

2. Monitoring – Tracking employee actions and flagging anomalies.
3. Security Awareness – Training staff to recognize suspicious behavior.
4. Background Checks – Screening new hires for potential risks.
5. Separation of Duties – Distributing critical tasks among multiple employees.

Social Engineering Targets and Defense Strategies

Targets:

1. Employees – Often targeted for login credentials.

2. Help Desk – Exploited to reset passwords.
3. Executives – High-value targets with access to sensitive data.
Defense Strategies:

1. Employee Training – Educating staff about social engineering tactics.

2. Email Filtering – Blocking phishing attempts.
3. Verification Protocols – Verifying identities before sharing information.
4. Incident Response – Having a plan to address social engineering attacks.

Unit 4

Cyber Forensics and Auditing

Introduction to Cyber Forensics

Cyber Forensics is the process of collecting, analyzing, and preserving digital evidence to
investigate cybercrimes. It focuses on tracing unauthorized access, recovering data, and
identifying the perpetrators behind cyberattacks. The goal is to ensure the integrity and
admissibility of evidence in a legal context.

Key Areas of Cyber Forensics:

 Disk Forensics – Analyzing hard drives and storage devices.

 Network Forensics – Monitoring and analyzing network traffic.
 Memory Forensics – Examining RAM to extract volatile data.
 Mobile Forensics – Recovering data from smartphones and tablets.

Computer Equipment and Associated Storage Media

Forensic investigations often involve various types of computer equipment and storage devices.

Common Devices:

1. Hard Disk Drives (HDDs) – Primary source of non-volatile data.

2. Solid-State Drives (SSDs) – Faster but challenging for data recovery due to TRIM
functionality.
3. External Storage – USB drives, external hard disks, and memory cards.
4. Cloud Storage – Remote storage with logs and metadata.
5. RAID Systems – Redundant Array of Independent Disks for data redundancy.
Role of Forensics Investigator

A Forensics Investigator plays a crucial role in identifying, preserving, and presenting digital
evidence.

Key Responsibilities:

1. Evidence Collection – Gathering data from devices and networks.

2. Chain of Custody – Maintaining logs of who handles evidence to ensure admissibility.
3. Analysis – Using forensic tools to uncover hidden or deleted data.
4. Reporting – Documenting findings in a detailed and structured format.
5. Court Testimony – Presenting evidence and expert opinions in legal proceedings.

Forensics Investigation Process

1. Identification – Recognize the potential evidence and the source.

2. Preservation – Secure and isolate the evidence to prevent tampering.
3. Acquisition – Create forensic images or copies of data.
4. Analysis – Examine the data to extract relevant information.
5. Documentation – Record every step of the process.
6. Presentation – Summarize findings and prepare reports for stakeholders.

Collecting Network-Based Evidence

Network-Based Evidence includes logs, traffic captures, and communications records.

Sources of Network Evidence:

 Firewalls – Traffic records and access logs.

 Intrusion Detection Systems (IDS) – Alerts on suspicious activity.
 Routers and Switches – Network configurations and routing tables.
 Packet Sniffers – Tools like Wireshark to capture data packets.
 VPN Logs – Traces of remote access.

Challenges:

 Volatility of data.
 Encryption of traffic.
 Real-time evidence collection.
Writing Computer Forensics Reports

A Forensics Report is a critical component that documents the investigation process and
findings.

Essential Elements:

1. Introduction – Scope and objectives of the investigation.

2. Methodology – Tools and techniques used during the investigation.
3. Findings – Detailed results, including recovered data and observed anomalies.
4. Evidence Logs – List of collected evidence and chain of custody.
5. Conclusion – Summary of findings and recommendations.

Best Practices:

 Maintain clarity and objectivity.

 Avoid technical jargon for non-technical stakeholders.
 Ensure all findings are backed by evidence.

Auditing

Auditing is the process of evaluating systems, processes, and policies to ensure compliance with
security standards and organizational requirements.

Types of Audits:

1. Internal Audit – Conducted by in-house teams to assess internal controls.

2. External Audit – Performed by third-party auditors for impartiality.
3. Compliance Audit – Verifies adherence to regulations like GDPR, HIPAA.
4. Operational Audit – Evaluates efficiency and effectiveness of processes.

Plan an Audit Against a Set of Audit Criteria

1. Define Objectives – Establish the purpose of the audit (e.g., compliance, risk
assessment).
2. Identify Criteria – Reference standards like ISO 27001, NIST, or organizational
policies.
3. Gather Data – Collect relevant logs, documents, and access records.
4. Evaluate Controls – Test and assess the effectiveness of security controls.
5. Report Findings – Highlight gaps, vulnerabilities, and recommendations.
Information Security Management System (ISMS)

ISMS is a structured framework that manages and protects sensitive data within an organization.

Core Components:

1. Risk Management – Identifying, analyzing, and mitigating risks.

2. Access Control – Ensuring only authorized individuals can access sensitive data.
3. Incident Response – Preparedness for handling security breaches.
4. Continuous Monitoring – Regular assessments and audits.
5. Policy Development – Establishing security policies and procedures.

Introduction to ISO 27001:2013

ISO 27001:2013 is an international standard for managing information security. It provides

requirements for establishing, implementing, maintaining, and continually improving an ISMS.

Key Principles:

1. Confidentiality, Integrity, Availability (CIA) – Protecting data across its lifecycle.

2. Risk-Based Approach – Continuous risk identification and management.
3. Leadership Commitment – Involvement of senior management in security practices.
4. Continuous Improvement – Regular updates to security measures.

Implementation Steps:

1. Gap Analysis – Assess current security posture against ISO standards.

2. Risk Assessment – Identify and evaluate potential risks.
3. Control Implementation – Deploy necessary controls to mitigate risks.
4. Employee Training – Educate staff on ISO standards.
5. Certification – Engage auditors for official ISO 27001 certification.

Unit 5

Cyber Ethics and Laws

Introduction to Cyber Laws

Cyber Laws are legal frameworks established to regulate activities conducted on the internet.
They address issues related to cybercrime, data privacy, intellectual property, and electronic
transactions. Cyber laws ensure that online interactions are secure, legal, and ethical, protecting
individuals and organizations from cyber threats.

Objectives of Cyber Laws:

 Prevent and penalize cybercrimes.

 Safeguard digital transactions and e-commerce.
 Protect intellectual property in cyberspace.
 Ensure data privacy and security.
 Facilitate electronic governance and promote trust in online activities.

E-Commerce and E-Governance

E-Commerce (Electronic Commerce) involves buying and selling goods or services over the
internet, while E-Governance refers to the use of digital platforms for government services and
administration.

Legal Aspects of E-Commerce:

1. Digital Contracts – Legal recognition of electronic agreements.

2. Consumer Protection – Safeguarding consumer rights in online transactions.
3. Taxation and Jurisdiction – Governing cross-border e-commerce.

E-Governance Initiatives:

1. Online Portals – Government services accessible through digital platforms.

2. Transparency and Accountability – Use of technology to reduce corruption and
improve governance.
3. Digital Signatures – Verifying authenticity and legality of government documents.

Certifying Authority and Controller

Certifying Authority (CA):

A Certifying Authority is an entity responsible for issuing and managing digital certificates
used to verify identities and ensure the integrity of online communications. CAs play a crucial
role in public key infrastructure (PKI) by certifying the ownership of encryption keys used in
securing data transfers.

Key Functions of Certifying Authority:

 Issuance and renewal of digital certificates.

 Verification of applicant credentials.
  Revocation of compromised certificates.

Controller of Certifying Authorities (CCA):

The CCA oversees and regulates certifying authorities in a country. In India, the CCA is
established under the IT Act 2000 to manage and license public key infrastructure.

Offences Under IT Act

The Information Technology (IT) Act 2000 is the primary legal framework in India addressing
cybercrime and electronic commerce. It was amended in 2008 to strengthen provisions against
emerging cyber threats.

Key Offences Under IT Act 2000:

1. Unauthorized Access – Gaining unauthorized access to computer systems.

2. Data Theft – Theft or unauthorized copying of data.
3. Hacking – Intentionally altering or damaging computer data.
4. Identity Theft – Fraudulently acquiring someone’s identity for malicious purposes.
5. Cyber Terrorism – Use of cyberspace to disrupt national security.
6. Phishing and Fraud – Deceiving individuals to extract sensitive information.
7. Obscenity – Publishing or transmitting obscene content.

Computer Offences and Penalties Under IT Act 2000

1. Section 43 – Data Breach and Hacking

o Penalty: Compensation up to ₹1 crore for unauthorized access, data breaches, or
introducing viruses.
2. Section 66 – Hacking and Identity Theft
o Penalty: Imprisonment up to 3 years or fine up to ₹5 lakh, or both.
3. Section 66C – Identity Theft
o Penalty: Imprisonment up to 3 years and fine up to ₹1 lakh.
4. Section 67 – Publishing Obscene Material
o Penalty: Imprisonment up to 5 years and fine up to ₹10 lakh for publishing
offensive content.
5. Section 72 – Breach of Confidentiality
o Penalty: Imprisonment up to 2 years or fine up to ₹1 lakh, or both.
6. Section 74 – Digital Signature Fraud
o Penalty: Imprisonment up to 2 years and fine up to ₹1 lakh.

Intellectual Property Rights (IPR) in Cyberspace

Intellectual Property Rights (IPR) protect creations and innovations in cyberspace, such as
software, digital content, trademarks, and patents.

Types of Intellectual Property in Cyberspace:

1. Copyrights – Protection of original works like software, music, and literature.

2. Trademarks – Securing brand logos, names, and symbols.
3. Patents – Exclusive rights over inventions and technological advancements.
4. Trade Secrets – Protecting confidential business information.

Challenges in Cyberspace:

 Digital piracy and illegal downloads.

 Counterfeiting and domain squatting.
 Infringement of software licenses.

Protection Strategies:

 Digital Rights Management (DRM).

 Encryption and watermarking of digital assets.
 Legal recourse through international treaties (e.g., WIPO).

IPSec at Network Layer

IPSec (Internet Protocol Security) is a protocol suite used to secure network communication at
the IP layer by authenticating and encrypting each IP packet during data transfer.

Functions of IPSec:

 Confidentiality – Encrypting data packets.

 Integrity – Ensuring data is not altered during transit.
 Authentication – Verifying the identity of parties exchanging data.
 Anti-Replay Protection – Preventing attackers from resending captured packets.

Modes of IPSec:

1. Transport Mode:
o Encrypts only the payload of the IP packet.
o Suitable for internal network communication.
2. Tunnel Mode:
o Encrypts the entire IP packet (header + payload).
o Used for secure communication between different networks.

Components of IPSec:
 1. Authentication Header (AH): Provides data integrity and authentication but does not
encrypt data.
2. Encapsulating Security Payload (ESP): Encrypts and authenticates data, ensuring
confidentiality and integrity.

Benefits of IPSec:

 Secure VPN communication.

 Protection against eavesdropping and MITM attacks.
 Facilitates secure remote access to enterprise networks.