1.Essentials and Applications of Mathematical- Physical and Chemical Sciences.pdf

Full Transcript

ESSENTIALS AND APPLICATIONS OF MATHEMATICAL, PHYSICAL AND
CHEMICAL SCIENCES
UNIT V: ESSENTIALS OF COMPUTER SCIENCE:
Milestones of computer evolution - Internet, history, Internet Service Providers,
Types of Networks, IP, Domain Name Services, applications.
Ethical and social implications: Network and security concepts- Information
Assurance Fundamentals, Cryptography-Symmetric and Asymmetric, Malware,
Firewalls, Fraud Techniques- Privacy and Data Protection
Recommended books:
Fundamentals of Computers by V. Raja Raman, Cyber Security Essentials by James
Graham, Richard Howard, Ryan Olson, Data Communication & Networking by
Bahrouz Forouzan.

****************************************************************************************

Milestones of computer evolution:

Jan 1, 1939:First Electronic Computer
John Atanasoff invents the first "official" electronic computer. Importance: It is the
first major milestone in computer history. It is the true beginning of the digital age.

Jan 1, 1951:First General Purpose Computer
Eckert and Mauchly design the first computer geared toward business use.
Importance: Is signaled the movement of computers from just research institutions
and large corporations to smaller institutes.

Jan 1, 1957:First Successful "high-programming" Language Created
An IBM team designed the first programming language designed to solve
engineering and science problems. Importance: Programmers and engineers are
beginning to design programs that are capable of much larger tasks.

Jan 1, 1964:First Computer with Integrated Circuits
IBM announces the first computer with integrated circuits. Importance: Computers
are beginning to get smaller in size and moving toward the modern computer. It was
also the first computer to cover a wide range of operations, small and large.

Jan 1, 1975:First Microcomputer, the ALTAIR is introduced
The first microcomputer was created by a small company in Albuquerque NM. It ran
on it intel 8080 processor. Importance: It is the first computer to have a
microprocessor which is in most computers today.

Aug 12, 1981:IBM Releases the 'IBM PC'
IBM Releases the 'IBM PC', one of the first computer geared toward practical use
other than engineering aspects of it. Importance: It signifies that computer
companies are beginning to build their computers based on consumer needs and are
being geared less toward the few "advanced" computer users.

Jan 1, 1984:Apple Introduces the Macintosh Computer
Apple Introduces the Macintosh Computer This computer, released by Apple, is their
1
first computer geared toward consumer use and was designed with a "user-friendly"
operating system. Importance: It shows computer companies, including apple, are
moving toward consumer use. Apple's GUI operating system was considered "user-
friendly" because most OS's were hard to use.

Jan 1, 1989:Microsoft Releases Windows (specifically for IBM computers)
Microsoft Releases windows to be ran on the 'IBM PC'. Importance: Microsoft
Windows is currently the most used desktop operating system in use in the world
today.
++++++++++++++++++++++++++++++++++++++++++++++++++++++

History of Internet:

The Internet has revolutionized many aspects of our daily lives. It has affected
the way we do business as well as the way we spend our leisure time. Count the ways
you've used the Internet recently. Perhaps you've sent electronic mail (e-mail) to a
business associate, paid a utility bill, read a newspaper from a distant city, or looked
up a local movie schedule-all by using the Internet. Or maybe you researched a
medical topic, booked a hotel reservation, chatted with a fellow Trekkie, or
comparison-shopped for a car. The Internet is a communication system that has
brought a wealth of information to our fingertips and organized it for our use.
A Brief History
A network is a group of connected communicating devices such as computers
and printers. An internet is two or more networks that can communicate with each
other. The most notable internet is called the Internet a collaboration of more than
hundreds of thousands of interconnected networks. Private individuals as well as
various organizations such as government agencies, schools, research facilities,
corporations, and libraries in more than 100 countries use the Internet. Millions of
people are users. Yet this extraordinary communication system only came into being
in 1969.
In the mid-1960s, mainframe computers in research organizations were
standalone devices. Computers from different manufacturers were unable to
communicate with one another. The Advanced Research Projects Agency (ARPA)
in the Department of Defense (DoD) was interested in finding a way to connect
computers so that the researchers they funded could share their findings, thereby
reducing costs and eliminating duplication of effort.
In 1967, at an Association for Computing Machinery (ACM) meeting, ARPA
presented its ideas for ARPANET, a small network of connected computers. The idea
was that each host computer (not necessarily from the same manufacturer) would be
attached to a specialized computer, called an interface message processor (IMP).
The IMPs, in tum, would be connected to one another. Each IMP had to be able to
communicate with other IMPs as well as with its own attached host.
By 1969, ARPANET was a reality. Four nodes, at the University of California at
Los Angeles (UCLA), the University of California at Santa Barbara (UCSB), Stanford
Research Institute (SRI), and the University of Utah, were connected via the IMPs to
form a network. Software called the Network Control Protocol (NCP) provided
communication between the hosts.

2
 In 1972, Vint Cerf and Bob Kahn, both of whom were part of the core
ARPANET group, collaborated on what they called the Internetting Project. Cerf and
Kahn's landmark 1973 paper outlined the protocols to achieve end-to-end delivery of
packets. This paper on Transmission Control Protocol (TCP) included concepts
such as encapsulation, the datagram, and the functions of a gateway.
Shortly thereafter, authorities made a decision to split TCP into two protocols:
Transmission Control Protocol (TCP) and Internetworking Protocol (lP). IP would
handle datagram routing while TCP would be responsible for higher-level functions
such as segmentation, reassembly, and error detection. The internetworking protocol
became known as TCP/IP.
+++++++++++++++++++++++++++++++++++++++++++++++++++
Internet Service Providers(ISP):
The Internet has come a long way since the 1960s. The Internet today is not a simple
hierarchical structure. It is made up of many wide and local-area networks joined by
connecting devices and switching stations. It is difficult to give an accurate
representation of the Internet because it is continually changing-new networks are
being added, existing networks are adding addresses, and networks of defunct
companies are being removed.
Today most end users who want Internet connection use the services of
Internet service providers (lSPs). The Internet today is run by private companies, not
the government. Figure 1.13 shows a conceptual (not geographic) view of the
Internet.
Types of ISP’s:
International Internet Service Providers:
At the top of the hierarchy are the international service providers that connect
nations together.
National Internet Service Providers:
The national Internet service providers are backbone networks created and
maintained by specialized companies. There are many national ISPs operating in
North America; some of the most well-known are SprintLink, PSINet, UUNet
Technology, AGIS, and internet Mel.To provide connectivity between the end users,
these backbone networks are connected by complex switching stations (normally run
by a third party) called network access points (NAPs). Some national ISP networks
are also connected to one another by private switching stations called peering
points. These normally operate at a high data rate (up to 600 Mbps).
Regional Internet Service Providers:
Regional internet service providers or regional ISPs are smaller ISPs that are
connected to one or more national ISPs. They are at the third level of the hierarchy
with a smaller data rate.
Local Internet Service Providers
Local Internet service providers provide direct service to the end users. The local
ISPs can be connected to regional ISPs or directly to national ISPs. Most end users
are connected to the local ISPs. Note that in this sense, a local ISP can be a company
that just provides Internet services, a corporation with a network that supplies
services to its own employees, or a non-profit organization, such as a college or a
university, that runs its own network. Each of these local ISPs can be connected to a
regional or national service provider.
3
 ++++++++++++++++++++++++++++++++++++++++++++++++++++

Types of Networks:

A computer network is a group of computers linked to each other that enables the
computer to communicate with another computer and share their resources, data,
and applications.

A computer network can be categorized by their size. A computer network is mainly
of four types:

o LAN(Local Area Network)
o PAN(Personal Area Network)
o MAN(Metropolitan Area Network)

4
 o WAN(Wide Area Network)

LAN(Local Area Network)
o Local Area Network is a group of computers connected to each other in a
small area such as building, office.
o LAN is used for connecting two or more personal computers through a
communication medium such as twisted pair, coaxial cable, etc.
o It is less costly as it is built with inexpensive hardware such as hubs, network
adapters, and ethernet cables.
o The data is transferred at an extremely faster rate in Local Area Network.
o Local Area Network provides higher security.

PAN(Personal Area Network)
o Personal Area Network is a network arranged within an individual person,
typically within a range of 10 meters.
o Personal Area Network is used for connecting the computer devices of
personal use is known as Personal Area Network.
o Thomas Zimmerman was the first research scientist to bring the idea of the
Personal Area Network.
o Personal Area Network covers an area of 30 feet.
o Personal computer devices that are used to develop the personal area
network are the laptop, mobile phones, media player and play stations.

5
There are two types of Personal Area Network:

o Wired Personal Area Network
o Wireless Personal Area Network

Wireless Personal Area Network: Wireless Personal Area Network is developed by
simply using wireless technologies such as WiFi, Bluetooth. It is a low range network.

Wired Personal Area Network: Wired Personal Area Network is created by using
the USB.

Examples Of Personal Area Network:
o Body Area Network: Body Area Network is a network that moves with a
person. For example, a mobile network moves with a person. Suppose a
person establishes a network connection and then creates a connection with
another device to share the information.
o Offline Network: An offline network can be created inside the home, so it is
also known as a home network. A home network is designed to integrate the
devices such as printers, computer, television but they are not connected to
the internet.
o Small Home Office: It is used to connect a variety of devices to the internet
and to a corporate network using a VPN

6
MAN(Metropolitan Area Network)
o A metropolitan area network is a network that covers a larger geographic area
by interconnecting a different LAN to form a larger network.
o Government agencies use MAN to connect to the citizens and private
industries.
o In MAN, various LANs are connected to each other through a telephone
exchange line.
o The most widely used protocols in MAN are RS-232, Frame Relay, ATM, ISDN,
OC-3, ADSL, etc.
o It has a higher range than Local Area Network(LAN).

Uses Of Metropolitan Area Network:
o MAN is used in communication between the banks in a city.
o It can be used in an Airline Reservation.
o It can be used in a college within a city.
o It can also be used for communication in the military.

WAN(Wide Area Network)
o A Wide Area Network is a network that extends over a large geographical area
such as states or countries.
o A Wide Area Network is quite bigger network than the LAN.
o A Wide Area Network is not limited to a single location, but it spans over a
large geographical area through a telephone line, fibre optic cable or satellite
links.
o The internet is one of the biggest WAN in the world.
o A Wide Area Network is widely used in the field of Business, government, and
education.

7
Examples Of Wide Area Network:
o Mobile Broadband: A 4G network is widely used across a region or country.
o Last mile: A telecom company is used to provide the internet services to the
customers in hundreds of cities by connecting their home with fiber.
o Private network: A bank provides a private network that connects the 44
offices. This network is made by using the telephone leased line provided by
the telecom company.

Advantages Of Wide Area Network:

Following are the advantages of the Wide Area Network:

o Geographical area: A Wide Area Network provides a large geographical area.
Suppose if the branch of our office is in a different city then we can connect
with them through WAN. The internet provides a leased line through which
we can connect with another branch.
o Centralized data: In case of WAN network, data is centralized. Therefore, we
do not need to buy the emails, files or back up servers.
o Get updated files: Software companies work on the live server. Therefore, the
programmers get the updated files within seconds.
o Exchange messages: In a WAN network, messages are transmitted fast. The
web application like Facebook, Whatsapp, Skype allows you to communicate
with friends.
o Sharing of software and resources: In WAN network, we can share the
software and other resources like a hard drive, RAM.
o Global business: We can do the business over the internet globally.
o High bandwidth: If we use the leased lines for our company then this gives
the high bandwidth. The high bandwidth increases the data transfer rate
which in turn increases the productivity of our company.

Disadvantages of Wide Area Network:

The following are the disadvantages of the Wide Area Network:
8
 o Security issue: A WAN network has more security issues as compared to LAN
and MAN network as all the technologies are combined together that creates
the security problem.
o Needs Firewall & antivirus software: The data is transferred on the internet
which can be changed or hacked by the hackers, so the firewall needs to be
used. Some people can inject the virus in our system so antivirus is needed to
protect from such a virus.
o High Setup cost: An installation cost of the WAN network is high as it
involves the purchasing of routers, switches.
o Troubleshooting problems: It covers a large area so fixing the problem is
difficult.

+++++++++++++++++++++++++++++++++++++++++++++++++++

IP(Internet Protocol):

Here, IP stands for internet protocol. It is a protocol defined in the TCP/IP model
used for sending the packets from source to destination. The main task of IP is to
deliver the packets from source to the destination based on the IP addresses
available in the packet headers. IP defines the packet structure that hides the data
which is to be delivered as well as the addressing method that labels the datagram
with a source and destination information.

An IP protocol provides the connectionless service, which is accompanied by two
transport protocols, i.e., TCP/IP and UDP/IP, so internet protocol is also known
as TCP/IP or UDP/IP.

The first version of IP (Internet Protocol) was IPv4. After IPv4, IPv6 came into the
market, which has been increasingly used on the public internet since 2006.

History of Internet Protocol

The development of the protocol gets started in 1974 by Bob Kahn and Vint Cerf. It
is used in conjunction with the Transmission Control Protocol (TCP), so they together
named the TCP/IP.

The first major version of the internet protocol was IPv4, which was version 4. This
protocol was officially declared in RFC 791 by the Internet Engineering Task Force
(IETF) in 1981.

After IPv4, the second major version of the internet protocol was IPv6, which was
version 6. It was officially declared by the IETF in 1998. The main reason behind the
development of IPv6 was to replace IPv4. There is a big difference between IPv4 and
IPv6 is that IPv4 uses 32 bits for addressing, while IPv6 uses 128 bits for addressing.

9
Function

The main function of the internet protocol is to provide addressing to the hosts,
encapsulating the data into a packet structure, and routing the data from source to
the destination across one or more IP networks. In order to achieve these
functionalities, internet protocol provides two major things which are given below.

An internet protocol defines two things:

o Format of IP packet
o IP Addressing system

What is an IP packet?

Before an IP packet is sent over the network, two major components are added in an
IP packet, i.e., header and a payload.

An IP header contains lots of information about the IP packet which includes:

o Source IP address: The source is the one who is sending the data.
o Destination IP address: The destination is a host that receives the data from
the sender.
o Header length
o Packet length
o TTL (Time to Live): The number of hops occurs before the packet gets
discarded.
o Transport protocol: The transport protocol used by the internet protocol,
either it can be TCP or UDP.

There is a total of 14 fields exist in the IP header, and one of them is optional.

Payload: Payload is the data that is to be transported.

10
How does the IP routing perform?

IP routing is a process of determining the path for data so that it can travel from the
source to the destination. As we know that the data is divided into multiple packets,
and each packet will pass through a web of the router until it reaches the final
destination. The path that the data packet follows is determined by the routing
algorithm. The routing algorithm considers various factors like the size of the packet
and its header to determine the efficient route for the data from the source to the
destination. When the data packet reaches some router, then the source address and
destination address are used with a routing table to determine the next hop's
address. This process goes on until it reaches the destination. The data is divided into
multiple packets so all the packets will travel individually to reach the destination.

For example, when an email is sent from the email server, then the TCP layer in this
email server divides the data into multiple packets, provides numbering to these
packets and transmits them to the IP layer. This IP layer further transmits the packet
to the destination email server. On the side of the destination server, the IP layer
transmits these data packets to the TCP layer, and the TCP layer recombines these
data packets into the message. The message is sent to the email application.

What is IP Addressing?

An IP address is a unique identifier assigned to the computer which is connected to
the internet. Each IP address consists of a series of characters like 192.168.1.2. Users
cannot access the domain name of each website with the help of these characters, so
DNS resolvers are used that convert the human-readable domain names into a series
of characters. Each IP packet contains two addresses, i.e., the IP address of the device,
which is sending the packet, and the IP address of the device which is receiving the
packet.

Types of IP addresses

IPv4 addresses are divided into two categories:

o Public address
o Private address

Public address

The public address is also known as an external address as they are grouped under
the WAN addresses. We can also define the public address as a way to communicate
outside the network. This address is used to access the internet. The public address
available on our computer provides the remote access to our computer. With the
help of a public address, we can set up the home server to access the internet. This
address is generally assigned by the ISP (Internet Service Provider).

Key points related to public address are:

11
 o The scope of the public address is global, which means that we can
communicate outside the network.
o This address is assigned by the ISP (Internet Service Provider).
o It is not available at free of cost.
o We can get the Public IP by typing on Google "What is my IP".

Private address

A private address is also known as an internal address, as it is grouped under the
LAN addresses. It is used to communicate within the network. These addresses are
not routed on the internet so that no traffic can come from the internet to this
private address. The address space for the private address is allocated
using InterNIC to create our own network. The private addresses are assigned to
mainly those computers, printers, smartphones, which are kept inside the home or
the computers that are kept within the organization. For example, a private address is
assigned to the printer, which is kept inside our home, so that our family member
can take out the print from the printer.

If the computer is assigned with a private address, then the devices available within
the local network can view the computer through the private ip address. However,
the devices available outside the local network cannot view the computer through
the private IP address, but they can access the computer if they know the router's
public address. To access the computer directly, NAT (Network Address Translator) is
to be used.

+++++++++++++++++++++++++++++++++++++++++++++++++++++

Domain Name Services:

An application layer protocol defines how the application processes running on
different systems, pass the messages to each other.

o DNS stands for Domain Name System.
o DNS is a directory service that provides a mapping between the name of a
host on the network and its numerical address.
o DNS is required for the functioning of the internet.
o Each node in a tree has a domain name, and a full domain name is a sequence
of symbols specified by dots.
o DNS is a service that translates the domain name into IP addresses. This allows
the users of networks to utilize user-friendly names when looking for other
hosts instead of remembering the IP addresses.
o For example, suppose the FTP site at EduSoft had an IP address of
132.147.165.50, most people would reach this site by specifying
ftp.EduSoft.com. Therefore, the domain name is more reliable than IP address.

12
DNS is a TCP/IP protocol used on different platforms. The domain name space is
divided into three different sections: generic domains, country domains, and inverse
domain.

Generic Domains
o It defines the registered hosts according to their generic behavior.
o Each node in a tree defines the domain name, which is an index to the DNS
database.
o It uses three-character labels, and these labels describe the organization type.

Label Description

aero Airlines and aerospace companies

biz Businesses or firms

com Commercial Organizations

coop Cooperative business Organizations

edu Educational institutions

gov Government institutions

info Information service providers

int International Organizations

mil Military groups

museum Museum & other nonprofit organizations

name Personal names

13
net Network Support centers

org Nonprofit Organizations

pro Professional individual Organizations

Country Domain
The format of country domain is same as a generic domain, but it uses two-character
country abbreviations (e.g., us for the United States) in place of three character
organizational abbreviations.

Inverse Domain
The inverse domain is used for mapping an address to a name. When the server has
received a request from the client, and the server contains the files of only authorized
clients. To determine whether the client is on the authorized list or not, it sends a
query to the DNS server and ask for mapping an address to the name.

Working of DNS
o DNS is a client/server network communication protocol. DNS clients send
requests to the. server while DNS servers send responses to the client.
o Client requests contain a name which is converted into an IP address known
as a forward DNS lookups while requests containing an IP address which is
converted into a name known as reverse DNS lookups.
o DNS implements a distributed database to store the name of all the hosts
available on the internet.
o If a client like a web browser sends a request containing a hostname, then a
piece of software such as DNS resolver sends a request to the DNS server to
obtain the IP address of a hostname. If DNS server does not contain the IP
address associated with a hostname, then it forwards the request to another
DNS server. If IP address has arrived at the resolver, which in turn completes
the request over the internet protocol.

14
 ++++++++++++++++++++++++++++++++++++++++++++++++

Basic Applications of Computer:

Computers play a role in every field of life. They are used in homes, business,
educational institutions, research organizations, medical field, government offices,
entertainment, etc.
Home
Computers are used at homes for several purposes like online bill payment, watching
movies or shows at home, home tutoring, social media access, playing games,
internet access, etc. They provide communication through electronic mail. They help
to avail work from home facility for corporate employees. Computers help the
student community to avail online educational support.
Medical Field
Computers are used in hospitals to maintain a database of patients’ history,
diagnosis, X-rays, live monitoring of patients, etc. Surgeons nowadays use robotic
surgical devices to perform delicate operations, and conduct surgeries remotely.
Virtual reality technologies are also used for training purposes. It also helps to
monitor the fetus inside the mother’s womb.
Entertainment
Computers help to watch movies online, play games online; act as a virtual
entertainer in playing games, listening to music, etc. MIDI instruments greatly help
people in the entertainment industry in recording music with artificial instruments.
Videos can be fed from computers to full screen televisions. Photo editors are
available with fabulous features.
Industry
Computers are used to perform several tasks in industries like managing inventory,
designing purpose, creating virtual sample products, interior designing, video
conferencing, etc. Online marketing has seen a great revolution in its ability to sell
various products to inaccessible corners like interior or rural areas. Stock markets
have seen phenomenal participation from different levels of people through the use
of computers.
Education
Computers are used in education sector through online classes, online examinations,
referring e-books, online tutoring, etc. They help in increased use of audio-visual aids
in the education field.
Government
In government sectors, computers are used in data processing, maintaining a
database of citizens and supporting a paperless environment. The country’s defense
organizations have greatly benefitted from computers in their use for missile
development, satellites, rocket launches, etc.

15
Banking
In the banking sector, computers are used to store details of customers and conduct
transactions, such as withdrawal and deposit of money through ATMs. Banks have
reduced manual errors and expenses to a great extent through extensive use of
computers.
Business
Nowadays, computers are totally integrated into business. The main objective of
business is transaction processing, which involves transactions with suppliers,
employees or customers. Computers can make these transactions easy and accurate.
People can analyze investments, sales, expenses, markets and other aspects of
business using computers.
Training
Many organizations use computer-based training to train their employees, to save
money and improve performance. Video conferencing through computers allows
saving of time and travelling costs by being able to connect people in various
locations.
Arts
Computers are extensively used in dance, photography, arts and culture. The fluid
movement of dance can be shown live via animation. Photos can be digitized using
computers.
Science and Engineering
Computers with high performance are used to stimulate dynamic process in Science
and Engineering. Supercomputers have numerous applications in area of Research
and Development (R&D). Topographic images can be created through computers.
Scientists use computers to plot and analyze data to have a better understanding of
earthquakes.
=====================================================

16
 Ethical and social implications:
Network and security concepts-

1. Information Assurance Fundamentals:
Authentication, authorization, and nonrepudiation are tools that system designers
can use to maintain system security with respect to confidentiality, integrity, and
availability. Understanding each of these six concepts and how they relate to one
another helps security professionals design and implement secure systems. Each
component is critical to overall security, with the failure of any one component
resulting in potential system compromise.
There are three key concepts, known as the CIA triad, which anyone who protects
an information system must understand: confidentiality, integrity, and availability.
Information security professionals are dedicated to ensuring the protection of these
principals for each system they protect. Additionally, there are three key concepts
that security professionals must understand to enforce the CIA principles properly:
authentication, authorization, and nonrepudiation.
All definitions used in this section originate from the National Information
Assurance Glossary (NIAG) published by the U.S. Committee on National Security
Systems.
1.1 Authentication:
Authentication is important to any secure system, as it is the key to verifying the
source of a message or that an individual is whom he or she claims. The NIAG
defines authentication as a “security measure designed to establish the validity of a
transmission, message, or originator, or a means of verifying an individual’s
authorization to receive specific categories of information.”

There are many methods available to authenticate a person. In each method, the
authenticator issues a challenge that a person must answer. This challenge normally
comprises requesting a piece of information that only authentic users can supply.
These pieces of information normally fall into the three classifications known as
factors of authentication (see Exhibit 1-1).
When an authentication system requires more than one of these factors, the
security community classifies it as a system requiring multifactor authentication. Two
instances of the same factor, such as a password combined with a user’s mother’s
17
maiden name, are not multifactor authentication, but combining a fingerprint scan
and a personal identification number (PIN) is, as it validates something the user is
(the owner of that fingerprint) and something the user knows (a PIN).
Authentication also applies to validating the source of a message, such as a
network packet or e-mail. At a low level, message authentication systems cannot rely
on the same factors that apply to human authentication. Message authentication
systems often rely on cryptographic signatures, which consist of a digest or hash of
the message generated with a secret key. Since only one person has access to the
key that generates the signature, the recipient is able to validate the sender of a
message. Without a sound authentication system, it is impossible to trust that a user
is who he or she says that he or she is, or that a message is from who it claims to be.
1.2 Authorization:
While authentication relates to verifying identities, authorization focuses on
determining what a user has permission to do. The NIAG defines authorization as
“access privileges granted to a user, program, or process.”
After a secure system authenticates users, it must also decide what privileges they
have. For instance, an online banking application will authenticate a user based on
his or her credentials, but it must then determine the accounts to which that user has
access. Additionally, the system determines what actions the user can take regarding
those accounts, such as viewing balances and making transfers.
1.3 Nonrepudiation:
Imagine a scenario wherein Alice is purchasing a car from Bob and signs a contract
stating that she will pay $20,000 for the car and will take ownership of it on Thursday.
If Alice later decides not to buy the car, she might claim that someone forged her
signature and that she is not responsible for the contract. To refute her claim, Bob
could show that a notary public verified Alice’s identity and stamped the document
to indicate this verification. In this case, the notary’s stamp has given the contract the
property of nonrepudiation, which the NIAG defines as “assurance the sender of data
is provided with proof of delivery and the recipient is provided with proof of the
sender’s identity, so neither can later deny having processed the data.”
In the world of digital communications, no notary can stamp each transmitted
message, but nonrepudiation is still necessary. To meet this requirement, secure
systems normally rely on asymmetric (or public key) cryptography. While symmetric
key systems use a single key to encrypt and decrypt data, asymmetric systems use a
key pair. These systems use one key (private) for signing data and use the other key
(public) for verifying data. If the same key can both sign and verify the content of a
message, the sender can claim that anyone who has access to the key could easily
have forged it. Asymmetric key systems have the nonrepudiation property because
the signer of a message can keep his or her private key secret. For more information
on asymmetric cryptography, see the “State of the Hack” article on the subject
published in the July 6, 2009, edition of the Weekly Threat Report.
1.4 Confidentiality:
The term confidentiality is familiar to most people, even those not in the security
industry. The NIAG defines confidentiality as “assurance that information is not
disclosed to unauthorized individuals, processes, or devices.”
Assuring that unauthorized parties do not have access to a piece of information is
a complex task. It is easiest to understand when broken down into three major steps.

18
First, the information must have protections capable of preventing some users from
accessing it. Second, limitations must be in place to restrict access to the information
to only those who have the authorization to view it. Third, an authentication system
must be in place to verify the identity of those with access to the data.
Authentication and authorization, described earlier in this section, are vital to
maintaining confidentiality, but the concept of confidentiality primarily focuses on
concealing or protecting the information.
One way to protect information is by storing it in a private location or on a private
network that is limited to those who have legitimate access to the information. If a
system must transmit the data over a public network, organizations should use a key
that only authorized parties know to encrypt the data. For information traveling over
the Internet, this protection could mean using a virtual private network (VPN), which
encrypts all traffic between endpoints, or using encrypted e-mail systems, which
restrict viewing of a message to the intended recipient. If confidential information is
physically leaving its protected location (as when employees transport backup tapes
between facilities), organizations should encrypt the data in case it falls into the
hands of unauthorized users.
Confidentiality of digital information also requires controls in the real world.
Shoulder surfing, the practice of looking over a person’s shoulder while at his or her
computer screen, is a nontechnical way for an attacker to gather confidential
information. Physical threats, such as simple theft, also threaten confidentiality. The
consequences of a breach of confidentiality vary depending on the sensitivity of the
protected data. A breach in credit card numbers, as in the case of the Heartland
Payment Systems processing system in 2008, could result in lawsuits with payouts
well into the millions of dollars.
1.5 Integrity:
In the information security realm, integrity normally refers to data integrity, or
ensuring that stored data are accurate and contain no unauthorized modifications.
The National Information Assurance Glossary (NIAG) defines integrity as follows:
Quality of an IS (Information System) reflecting the logical correctness and reliability of
the operating system; the logical completeness of the hardware and software
implementing the protection mechanisms; and the consistency of the data structures
and occurrence of the stored data. Note that, in a formal security mode, integrity is
interpreted more narrowly to mean protection against unauthorized modification or
destruction of information.
This principal, which relies on authentication, authorization, and nonrepudiation as
the keys to maintaining integrity, is preventing those without authorization from
modifying data. By bypassing an authentication system or escalating privileges
beyond those normally granted to them, an attacker can threaten the integrity of
data.
Software flaws and vulnerabilities can lead to accidental losses in data integrity and
can open a system to unauthorized modification. Programs typically tightly control
when a user has read-to-write access to particular data, but a software vulnerability
might make it possible to circumvent that control. For example, an attacker can
exploit a Structured Query Language (SQL) injection vulnerability to extract, alter, or
add information to a database.

19
 Disrupting the integrity of data at rest or in a message in transit can have serious
consequences. If it were possible to modify a funds transfer message passing
between a user and his or her online banking website, an attacker could use that
privilege to his or her advantage. The attacker could hijack the transfer and steal the
transferred funds by altering the account number of the recipient of the funds listed
in the message to the attacker’s own bank account number. Ensuring the integrity of
this type of message is vital to any secure system.
1.6 Availability:
Information systems must be accessible to users for these systems to provide any
value. If a system is down or respond-ing too slowly, it cannot provide the service it
should. The NIAG defines availability as “timely, reliable access to data and
information services for authorized users.” Attacks on availability are somewhat
different from those on integ-rity and confidentiality. The best-known attack on
availability is a denial of service (DoS) attack. A DoS can come in many forms, but
each form disrupts a system in a way that prevents legitimate users from accessing it.
One form of DoS is resource exhaustion, whereby an attacker overloads a system to
the point that it no longer responds to legitimate requests. The resources in question
may be memory, central processing unit (CPU) time, network bandwidth, and/or any
other component that an attacker can influence. One example of a DoS attack is
network flooding, during which the attacker sends so much network traffic to the
targeted system that the traffic saturates the network and no legitimate request can
get through.
Understanding the components of the CIA triad and the concepts behind how
to protect these principals is important for every security professional. Each
component acts like a pillar that holds up the security of a system. If an attacker
breaches any of the pillars, the security of the system will fall. Authentication,
authorization, and nonrepudiation are tools that system designers can use to
maintain these pillars. Understanding how all of these concepts interact with each
other is necessary to use them effectively.

++++++++++++++++++++++++++++++++++++++++++++++++++++++

20
2. Cryptography:

Cryptography, a word with Greek origins, means "secret writing." However, we use
the term to refer to the science and art of transforming messages to make them
secure and immune to attacks. Figure 30.1 shows the components involved in
cryptography.

Plaintext and Cipher text
The original message, before being transformed, is called plaintext. After the
message is transformed, it is called cipher text. An encryption algorithm transforms
the plaintext into cipher text; a decryption algorithm transforms the cipher text back
into plaintext. The sender uses an encryption algorithm, and the receiver uses a
decryption algorithm.
Cipher
We refer to encryption and decryption algorithms as ciphers. The term cipher
is also used to refer to different categories of algorithms in cryptography. This is not
to say that every sender-receiver pair needs their very own unique cipher for a secure
communication. On the contrary, one cipher can serve millions of communicating
pairs.
Key
A key is a number (or a set of numbers) that the cipher, as an algorithm,
operates on. To encrypt a message, we need an encryption algorithm, an encryption
key, and the plaintext. These create the ciphertext. To decrypt a message, we need a
decryption algorithm, a decryption key, and the ciphertext. These reveal the original
plaintext.
Alice, Bob, and Eve
In cryptography, it is customary to use three characters in an information
exchange scenario; we use Alice, Bob, and Eve. Alice is the person who needs to send
secure data. Bob is the recipient of the data. Eve is the person who somehow disturbs
the communication between Alice and Bob by intercepting messages to uncover the
data or by sending her own disguised messages. These three names represent
computers or processes that actually send or receive data, or intercept or change
data.
Two Categories
We can divide all the cryptography algorithms (ciphers) into two groups:
symmetric key (also called secret-key) cryptography algorithms and asymmetric (also
called public-key) cryptography algorithms.

21
Symmetric-Key Cryptography
In symmetric-key cryptography, the same key is used by both parties. The
sender uses this key and an encryption algorithm to encrypt data; the receiver uses
the same key and the corresponding decryption algorithm to decrypt the data (see
Figure 30.3).

Asymmetric-Key Cryptography
In asymmetric or public-key cryptography, there are two keys: a private key
and a public key. The private key is kept by the receiver. The public key is announced
to the public.
In Figure 30.4, imagine Alice wants to send a message to Bob. Alice uses the public
key to encrypt the message. When the message is received by Bob, the private key is
used to decrypt the message.

In public-key encryption/decryption, the public key that is used for encryption is
different from the private key that is used for decryption. The public key is available
to the public;' the private key is available only to an individual.
Three Types of Keys:
The reader may have noticed that we are dealing with three types of keys in
cryptography: the secret key, the public key, and the private key. The first, the secret
key, is the shared key used in symmetric-key cryptography. The second and the third
are the public and private keys used in asymmetric-key cryptography. We will use
three different icons for these keys throughout the book to distinguish one from the
others.

22
+++++++++++++++++++++++++++++++++++++++++++++++++++++

Malware:

Malware, short for malicious software, refers to any intrusive software developed by
cybercriminals (often called hackers) to steal data and damage or destroy computers
and computer systems. Examples of common malware include viruses, worms, Trojan
viruses, spyware, adware, and ransomware. Recent malware attacks have exfiltrated
data in mass amounts.
What is the intent of malware?
Malware is developed as harmful software that invades or corrupts your computer
network. The goal of malware is to cause havoc and steal information or resources
for monetary gain or sheer sabotage intent.

How do I protect my network against malware?
Typically, businesses focus on preventative tools to stop breaches. By securing the
perimeter, businesses assume they are safe. However, some advanced malware will
eventually make their way into your network. As a result, it is crucial to deploy
technologies that continually monitor and detect malware that has evaded perimeter
defenses. Sufficient advanced malware protection requires multiple layers of
safeguards along with high-level network visibility and intelligence.
Ex:
Cisco Umbrella
Effectively protect your users against malware in minutes with fast, flexible, cloud-
delivered security.

How do I detect and respond to malware?
Malware will inevitably penetrate your network. You must have defenses that provide
significant visibility and breach detection. To remove malware, you must be able to
identify malicious actors quickly. This requires constant network scanning. Once the
threat is identified, you must remove the malware from your network. Today's
antivirus products are not enough to protect against advanced cyberthreats.

7 types of malware
Virus
Viruses are a subgroup of malware. A virus is malicious software attached to a
document or file that supports macros to execute its code and spread from host to
host. Once downloaded, the virus will lie dormant until the file is opened and in use.
Viruses are designed to disrupt a system's ability to operate. As a result, viruses can
cause significant operational issues and data loss.

Worms
A worm is a type of malicious software that rapidly replicates and spreads to any
device within the network. Unlike viruses, worms do not need host programs to
disseminate. A worm infects a device through a downloaded file or a network
connection before it multiplies and disperses at an exponential rate. Like viruses,
worms can severely disrupt the operations of a device and cause data loss.

23
Trojan virus
Trojan viruses are disguised as helpful software programs. But once the user
downloads it, the Trojan virus can gain access to sensitive data and then modify,
block, or delete the data. This can be extremely harmful to the performance of the
device. Unlike normal viruses and worms, Trojan viruses are not designed to self-
replicate.

Spyware
Spyware is malicious software that runs secretly on a computer and reports back to a
remote user. Rather than simply disrupting a device's operations, spyware targets
sensitive information and can grant remote access to predators. Spyware is often
used to steal financial or personal information. A specific type of spyware is a
keylogger, which records your keystrokes to reveal passwords and personal
information.

Adware
Adware is malicious software used to collect data on your computer usage and
provide appropriate advertisements to you. While adware is not always dangerous, in
some cases adware can cause issues for your system. Adware can redirect your
browser to unsafe sites, and it can even contain Trojan horses and spyware.
Additionally, significant levels of adware can slow down your system noticeably.
Because not all adware is malicious, it is important to have protection that constantly
and intelligently scans these programs.

Ransomware
Ransomware is malicious software that gains access to sensitive information within a
system, encrypts that information so that the user cannot access it, and then
demands a financial payout for the data to be released. Ransomware is commonly
part of a phishing scam. By clicking a disguised link, the user downloads the
ransomware. The attacker proceeds to encrypt specific information that can only be
opened by a mathematical key they know. When the attacker receives payment, the
data is unlocked.

Fileless malware
Fileless malware is a type of memory-resident malware. As the term suggests, it is
malware that operates from a victim's computer's memory, not from files on the hard
drive. Because there are no files to scan, it is harder to detect than traditional
malware. It also makes forensics more difficult because the malware disappears when
the victim computer is rebooted. In late 2017, the Cisco Talos threat intelligence
team posted an example of fileless malware that they called DNSMessenger.

++++++++++++++++++++++++++++++++++++++++++++++++++++

24
Firewalls:

A firewall is a device (usually a router or a computer) installed between the internal
network of an organization and the rest of the Internet. It is designed to forward
some packets and filter (not forward) others.
Figure 32.22 shows a firewall.

For example, a firewall may filter all incoming packets destined for a specific
host
or a specific server such as HTTP. A firewall can be used to deny access to a specific
host or a specific service in the organization.
A firewall is usually classified as a packet-filter firewall or a proxy-based firewall.
Packet-Filter Firewall
A firewall can be used as a packet filter. It can forward or block packets based
on the information in the network layer and transport layer headers: source and
destination IP addresses, source and destination port addresses, and type of protocol
(TCP or UDP). A packet-filter firewall is a router that uses a filtering table to decide
which packets must be discarded (not forwarded). Figure 32.23 shows an example of
a filtering table for this kind of a firewall.

According to Figure 32.23, the following packets are filtered:
1. Incoming packets from network 131.34.0.0 are blocked (security precaution). Note
that the * (asterisk) means "any."
2. Incoming packets destined for any internal TELNET server (port 23) are blocked.

25
3. Incoming packets destined for internal host 194.78.20.8 are blocked. The
organization wants this host for internal use only.
4. Outgoing packets destined for an HTfP server (port 80) are blocked. The
organization does not want employees to browse the Internet.
A packet-filter firewall filters at the network or transport layer
Proxy Firewall
The packet-filter firewall is based on the information available in the network layer
and transport layer headers (IP and TCPIUDP). However, sometimes we need to filter
a message based on the information available in the message itself (at the
application layer). As an example, assume that an organization wants to implement
the following policies regarding its Web pages: Only those Internet users who have
previously established business relations with the company can have access; access
to other users must be blocked. In this case, a packet-filter firewall is not feasible
because it cannot distinguish between different packets arriving at TCP port 80
(HTTP). Testing must be done at the application level (using URLs).
One solution is to install a proxy computer (sometimes called an application
gateway), which stands between the customer (user client) computer and the
corporation computer shown in Figure 32.24.

When the user client process sends a message, the proxy firewall runs a server
process to receive the request. The server opens the packet at the application level
and finds out if the request is legitimate. If it is, the server acts as a client process and
sends the message to the real server in the corporation. If it is not, the message is
dropped and an error message is sent to the external user. In this way, the requests
of the external users are filtered based on the contents at the application layer..
Figure 32.24 shows a proxy firewall implementation.
A proxy firewall filters at the application layer.

+++++++++++++++++++++++++++++++++++++++++++++++++++++

26
Fraud Techniques:

1. Phishing, Smishing, Vishing, and Mobile Malicious Code:
Phishing, Smishing, Vishing, and Mobile Malicious Code Many phishing attacks
against mobile devices use short message service (SMS, or smishing) and voice-over
Internet protocol (VoIP, or vishing) to distribute lures and collect personal
information. Attackers often send fraudulent SMS messages containing a URL or
phone number using traditional phishing themes. Responders either enter their
personal information into a fraudulent website, as with traditional e-mail phishing, or,
if calling phone numbers, may even provide their information directly to other
people. To limit exposure to these growing threats, organizations should not send
contact information to users via SMS but instead should be sure phone numbers are
readily available on their websites. In addition, financial institutions should carefully
consider using mobile devices as two-factor authentication devices, given that
customers may use the same mobile device to access the online banking system.
Phishing by way of mobile phones introduces new challenges for attackers and
administrators alike. Many phishing attacks against mobile devices use SMS
(smishing) and VoIP (vishing). Attackers often send fraudulent SMS messages to
many users attempting to gain private information or distribute malicious files. The
messages include a URL or a phone number with themes similar to those of
traditional phishing messages. Upon calling a phone number, the user may interact
with an actual person or a voicemail system—both of which are risks to the user’s
personal information.
Many legitimate services suffer from doubt and uncertainty related to sending
legitimate SMS messages. Organizations should avoid repeating mistakes made with
e-mail, which for many organizations is no longer a viable means of communicating
with customers due to the pervasiveness of phishing and other fraud.
1.1. Mobile Malicious Code:
Although rare and only a more recent occurrence, SMS messages sent to mobile
devices may also attempt to convince users to install a mobile malicious code. On or
before February 4, 2009, Chinese mobile phone users began report-ing a new virus
that affects Symbian S60.25 A signature is required on all code that runs on the S60
third edition, and this virus is no exception; it uses a certificate from Symbian
licensed to “ShenZhen ChenGuangWuXian.” After the user installs the program, it
spreads to other users by sending SMS messages that contain URLs, such as the
following, for users to download and install the code:
hxxp://www.wwqx-mot.com/game
hxxp://www.wwqx-cyw.com/game
hxxp://www.wwqx-sun.com/game
The “Sexy View” virus attempts to convince recipients to download and install a
Symbian Installation file (SISX) at the URL, but it does not use any exploits to install
automatically. Details on this virus are publicly available.

27
1.2. Phishing against Mobile Devices:

Most instances of SMS phishing (smishing) target banks or financial institutions by
sending a phone number that the victim calls after receiving the message, resulting
in a vishing attack (see Exhibit 2-8).
In the past, attackers used vishing against random targets and were successful at
evading defensive filters. For instance, actors have used SMS gateways that allow
users to send e-mails instead of spending money per SMS message. In this way,
actors send messages to all possible SMS recipients for a gateway. As an example,
the SMS gateway receives e-mail messages sent to the phone number 111-222-3333
at the e-mail address [email protected]. SMS gateway
providers have responded to abuse by rejecting excessive numbers of messages or
fraudulent messages. This is dependent upon the cooperation of the Internet service
providers (ISPs) themselves, rather than defensive tools on a mobile device.
Uncooperative or unwilling ISPs could cause this type of filtering to fail. There are
several common themes in smishing messages. The following examples all include
phone numbers for victims to call. The messages may originate from either a phone
number or an e-mail address, both of which an attacker can spoof.

Application Center/This is an automated message from Lafayette F.C.U..Your ATM
card has been suspended. To reactivate call urgent at 1-567- 248-859427
From: Jennifer [@] fortheloveofmarketing.com
Your Treasury Department FCU account is expired, for renewal please call us toll
free 818.462.5049
JAPANESS MOTORS AUTO AFRIC, You have won a Brand new Toyota landcruiser
VX, in our annual draw. Call Mr. Peter Aganyanya through this No.
+254727925287.28
Announcement from PETRONAS MLSY. CONGRATULATIONS your phone
number has won a prize of RM 11000. (About US$3,200) Please contact the
following number at 0062858853982xx tomorrow morning at 8.00am. Thank you
Official Microsoft ANNOUNCEMENT: Congratulations! Your mobile phone has
won US$ 10 Million prize money. To claim your money, call this number
XXXXXXXX tomorrow at 8 AM. Thank you.29
Many of these systems use voicemail systems to steal user information, including
bank account information. There have been attacks where vishers answer the phones
28
themselves. F-Secure documented one such incident regarding the
0062858853982xx phone number with a transcript and audio files.30 Similar to
traditional phishing attacks, smishing and vishing attacks frequently use fake rewards
and fake account alerts.
In January 2008, the Facebook application Secret Crush began phishing users by
requesting their mobile phone number through the social-networking website.
Subsequently, it would send them messages from a premium SMS service that
costs $6.60 per mes-sage according to one user afflicted by the scam. Users that
reply to the premium rate number (19944989) would receive the bill to their
mobile phone.31 Whocallsme.com is a resource where users frequently report
issues related to phone numbers. Users often report SMS scams, banking fraud,
and other incidents to this website based upon the originating phone number. A
few examples include Dear Credit union customer, we regret to inform you that
we had to lock your bank account access. Call (647) 827-2796 to restore your
bank account.
!!Urgent! Your number has been selected for a $5000 prize guaranteed! To claim
your prize call +423697497459
Organizations should monitor their own SMS number services via sites like
whocallsme.com to see if users are suspicious of their services. Such suspicions could
indicate mistrust in the legitimate service or attackers who are spoofing the number
of the affected organization to improve their chances of gaining trust.
Smishing and vishing are serious problems. Antiphishing products are designed to
filter e-mails, but mobile phishing is more difficult to filter for both users and
automatic products. SMS messages contain much less tracking information;
therefore, recipients will not be able to determine from where they originate. Mobile
phone browsers and SMS programs also lack integrated phishing defenses built into
today’s e-mail clients and browsers. Smishers also often spoof the source address
and use a large number of different phone numbers to perform vishing. Mobile
browsers also make it difficult to determine the legitimacy of a URL. The small-form
factor and limited display are incapable of displaying full URLs, and it can take as
many as ten clicks to access the security information of a site. Most mobile browsers
lack support for protections normally available on desktop systems such as URL
filtering, phishing toolbars, and extended validation (EV) SSL certificates. Based upon
these concerns, it seems likely that users of mobile devices have an increased risk of
falling victim to a phishing attack when they surf with mobile browsers or receive
fraudulent SMS messages.
2. Rogue Antivirus:
During the past year, fake antivirus programs have become dramatically more
prevalent and are now a major threat to enterprises and home users. Moreover,
attackers often bundle this software with stealthier malicious programs. Fortunately,
in attackers’ attempts to get users’ attention, rogue antivirus software also alerts
administrators to system compromises and inadvertently exposes other malicious
software.
Attackers aggressively target users with Trojan applications that claim to be
antivirus programs. These rogue antivirus applications, once installed, falsely report

29
security issues to mislead victims into purchasing a purported “full” version, which
can cost each victim up to US$89.95. Victims have had little success when contacting
the payment providers for refund and removal.32
PandaSecurity estimates that rogue antivirus applications infect approximately 35
million com-puters each month and that cyber criminals earn US$34 million each
month through rogue software attacks.33 “Antivirus XP” and numerous other rogue
security applications are some of the most prevalent pieces of malicious code that
have appeared in the first half of 2009 (see Exhibit 2-9). According to Luis Corrons of
PandaLabs, his company observed a significant growth in rogue antivirus
applications from January to June 2009, the highest being in June 2009 with 152,197
samples.34

One possible reason for the increase is that pay-per-install and affiliate programs
encourage more attackers to install such software. According to some pay-per-install
rogue antivirus sites, affiliate programs offer an attacker approximately half of the
purchase price for each victim who buys the software.36 This encourages a diverse
group of attackers to distribute the software. Though rogue antivirus software
emerged in 2004, iDefense has observed a huge increase in this type of malicious
activity between 2007 and 2010.
Although the main goal of the Antivirus XP 2008 program (see Exhibit 2-10) is to
convince users to purchase fake software, attackers who bundle it with other
malicious programs are a major concern to enterprises. The noisy nature of rogue
antivirus programs can be beneficial to organizations who take appropriate actions
to remove dangerous software that attackers bundle with it. Since the rogue antivirus
application often changes a user’s background, displays pop-up windows, modifies
search behavior, and displays fake windows and security center messages, it often
makes its presence repeatedly visible to users. This can be a benefit, if system
administrators aggressively audit infected computers for other malicious programs
with which it is bundled. iDefense has observed attackers distributing rogue antivi-
rus applications in conjunction with rootkits, banking Trojans, e-mail viruses, or other
information-stealing Trojans. These include, but are not limited to, Zeus and Torpig.
Attackers that install rogue antivirus applications often use social-engineering
techniques to trick victims. To spread, some variants are

30
 bundled with mass-mailing capabilities to send URL links or attachments through
e-mail messages. Others attempt to perform search engine poisoning, either through
sponsored links or by promoting their search terms associated with recent events. To
update their websites with the most common search terms, actors performing search
engine poisoning bundle their rogue antivirus applications with other programs that
monitor and collect user search terms. Some instances of social-engineering attacks
use fake Adobe Flash codecs or other themes to trick victims.
Many other examples of rogue antivirus applications install by using Web exploit
kits. Web exploit kit operators may choose to install rogue antivirus applications to
make money, or they may allow third-party groups to purchase installs. In either
case, the operator may install multiple different malicious programs. The business
model around rogue security applications encourages third parties to distribute code
and participate in the revenue stream. As a result, there are a variety of different
attacks that install rogue antivirus applications. No single group is responsible for
distributing the software because of the shared profits. The use of the pay-per-install
model is a strong motivator for attackers who wish to make money from installing
software. The huge success of this model of separation between deployment and
exploitation is similar to other successful business models like fast-flux and other
pay-per-install networks. This type of model will guarantee increased activity and
new actors in the near future.
Due to its shared benefit, many attackers can make additional revenue from
installing rogue antivirus applications. These applications do not require attackers to
alter existing behavior, and they can install multiple different programs at the same
time. Due to the frequent bundling of rogue antivirus applications with other
malicious programs, organizations should evaluate whether the attacker installed any
other malicious code.

31
2.1. Following the Money: Payments:

Most of the rogue antivirus incidents that iDefense investigated use third-party
payment organizations. These organizations accept credit card payments and create
a layer of protection and security for attackers who use them. These payment
processors typically use legitimate SSL certificates and claim to handle fraud requests
and operate on a permanent 24/7 basis. The payment processors’ connection with
rogue antivirus vendors is not exclusive; therefore, law enforcement cannot always
shut them down immediately. In past instances, iDefense reported the abuse to the
appropriate certificate authorities. Afterward, authorities were able to take the
payment processors offline.
In many instances that iDefense investigated, several similar payment providers
exist on the same IP address. The payment providers are highly suspicious because
they use multiple registration names,
domains, and contact addresses and countries, despite their singular purpose to
accept money for rogue antivirus payments. Several of the payment provider sites do
not list a phone number unless replying to an authorized customer. They also list in
their terms of service that they avoid taking responsibility for customer content.
3. Click Fraud
Having provided revenue for a substantial portion of online activity, advertising on
the Web has largely been a success for advertisers and online companies. Not
surprisingly, fraudsters abuse ad networks by generating invalid traffic for profit,
competitive advantage, or even retribution. Advertisers complaining about charges
for false traffic have made combating click fraud a major issue for online advertisers.
As with most “free” content in other media, advertising funds much of the World
Wide Web; however, unlike the world of television and print ads, it is very easy to
become an ad publisher on the Internet. The Web is interactive and allows
advertisers to know exactly how many potential customers viewed an ad and how
many clicked the ad. This knowledge leads to an advertising model known as pay-
per-click (PPC), in which advertisers pay ad publishers each time a potential
customer clicks an ad on the publisher’s website. This direct relation-ship between
the number of clicks and the amount of money earned by the publisher has resulted
in a form of fraud best known as click fraud. Anchor Intelligence reports that in the
second quarter of 2009, 22.9 percent of ad clicks are attempts at click fraud.37 In this
section, we will look at how criminals make money through click fraud and how
compromised computers make preventing this type of activity very difficult.
3.1. Pay-per-Click:

Any advertising transaction has three primary parties: the advertiser, the publisher,
and the viewer. The advertiser is a company that produces content it would like to
display to potential customers. This content is an advertisement for a specific product
or service that is likely to generate revenue for the advertiser. The publisher is a
creative outlet that produces content that will draw visitors to its medium. These
visitors view the ad and, ideally, purchase the advertised product or service. The
advertiser pays a fee for a specific number of “impressions,” which is the estimated
number of times a viewer will see the ad. This model is essentially the same across all
forms of media, including print, radio, and television.

32
 PPC uses the same general model as other forms of advertising, but introduces an
interactive component. While an especially impressive car commercial may entice a
television viewer into purchasing a new sedan, it is difficult for the advertiser to link a
particular ad directly to that sale. The Internet makes this possible because when a
viewer finds an ad compelling, he or she can click it to get more information or
purchase the product. If, and only if, the viewer clicks on the ad, the advertiser will
pay the publisher a fee. The direct correlation between the viewer’s action and the
cost to the advertiser is the primary distinction between PPC and impression-based
advertising.
The ultimate goal for the advertiser is to convert ad clicks to actions that generate
more revenue than the advertising campaign costs. When
the viewer takes the desired action, be it signing up for a newsletter or purchasing a
new car, a conversion has occurred. This conversion completes the PPC business
model. Exhibit 2-11 shows how money flows in this business model. With the advent
of PPC advertising networks like Google AdWords and Yahoo! Search Marketing,
anybody with a website can become an ad publisher. Publishers who use these
networks are affiliates. Affiliates add HTML code to their website, which draws ads
from the advertising network and displays them inline with the affiliate’s content. The
affiliate and the advertising network then split the PPC fee each time a viewer clicks
an ad.

3.2. Click Fraud Motivations:

Click fraud occurs when an ad network charges an advertiser for a click when there
was no opportunity for a legitimate conversion. There are many possible motivations
for a person to click an advertisement without any intention to purchase a product or
service. Publishers perform the most obvious and common form of click fraud.
Clicking an ad on one’s own website directly generates revenue for the publisher.
Clicking the ad fifty times generates even more revenue.

33
 While a publisher can click his or her own ad, he or she could just as easily ask
friends to click the ads. For instance, a blogger who wants to increase revenue might
make a post simply asking his or her read
ers to click every ad on his or her website each time they visit. While they are
legitimate users, these clicks will not result in a conversion for the advertiser. An
advertiser’s competitor might also be inclined to commit click fraud. If each click
costs the Acme Corp. money, Acme’s chief rival might click the ad a few hundred
times a day to cost them as much money as possible. In this case, the publisher
benefits from the fraudulent clicks, but the motivation is merely to harm the
advertiser.
Competing publishers might also be motivated to commit click fraud. Because click
fraud has become such a widespread problem, most advertising networks work very
hard to detect it and will ban affiliates suspected of committing click fraud. A
competing publisher can click ads on a competitor’s website to frame them for click
fraud. Once detected, the ad network may ban the competitor, which will result in an
increased share of the advertising revenue for the actual click fraudster.
Nonfinancial motivations might also cause a person to commit click fraud. If a person
disagrees with how Acme Corp. treats its workers, they might click Acme ads to cost
the company additional money. As in the case of clicks from a competitor, the intent
is to harm the advertisers, but the outcome also benefits the publisher.
3.3 Click Fraud Tactics and Detection:

The simplest form of click fraud involves manually clicking advertisements through
the browser. While this method is effective at generating a small number of addi-
tional clicks, fraudsters have developed sophisticated methods to produce the
volume necessary to earn higher revenue.
First, the fraudster must create a website that displays advertisements. A popular
way to do this is to create a search engine that only displays advertisements relevant
to a queried word. One such search page uses a very unlikely typo of google.com,
gooooooooogle.com. The top portion of Exhibit 2-12 shows the results returned
when searching this page for “puppies,” and the bottom portion shows
advertisements displayed on Google’s search page when querying for the same
word.
All of the results returned by gooooooooogle.com are actually advertisements, and
many of them are the same ads returned by a Google search for the same term. A
portion of the fee that advertisers pay for each click will go to the owners of
gooooooooogle.com.
With the advertisements in place, the fraudster must now find a way to click as
many of the ads as possible without the ad network noticing the abuse. Botnets, the
Swiss Army knife of the modern Internet miscreant, are the key to a successful click
fraud campaign. As the click fraud problem grew, ad networks began developing
fraud detection mechanisms that made simple click fraud impossible. For instance,
when a single IP address registers multiple clicks in a 30-minute period, the ad
network may simply discard all but the first click when

34
 charging the advertisers. Ad networks can also use browser cookies to determine
when the same user is clicking an ad multiple times. Botnets solve these problems for
the fraudster because each infected computer has a different IP address and a
different browser. In 2006, Google discovered the Clickbot. A botnet, a click fraud
botnet consisting of more than 100,000 nodes.
While the distributed nature of botnets benefits click fraud, it can also be a
detriment. Advertisers display many ads only in countries or regions in which their
ads are relevant. For instance, a U.S.-based restaurant chain may not want to
advertise to viewers in China or Russia. Clicks emanating from IP addresses in
countries that should not see the ads might indicate click fraud.
Behaviour patterns after the fraudster clicks an ad are another way in which ad
networks and advertisers can detect potential click fraud. In the PPC industry, an ad
click that does not result in any additional clicks on the website is a bounce, and the
percentage of visitors who exhibit that behaviour is the bounce rate. While a poor-
quality website might have a high bounce rate because visitors do not find it

35
interesting, if clicks from a particular publisher have a much higher bounce rate than
others, it may indicate click fraud.
A click fraud botnet can generate clicks in multiple ways. The botnet may simply
download a list of key words and visit a random ad returned by the query for each
word. Another technique is to redirect actual searches made by the infected system.
When an infected user makes a query to a search engine, the malicious software will
alter the results returned so that clicking them results in an ad click controlled by the
fraudster. This technique may be more effective at evading detection because real
users may actually click additional links on the page and potentially even purchase
products.

++++++++++++++++++++++++++++++++++++++++++++++++++++

Privacy and Data Protection:

1. Data Privacy:
Data Privacy refers to the proper handling of data means how a organization or
user is determining whether or what data to be shared with third parties. Data
privacy is important as it keeps some data secret from others/third parties. So we
can say data privacy is all about authorized access. It is also called as Information
privacy.
Example –
In Bank, A lot of customers have their account for monetary transactions. So the
bank needs to keeps customers data private, so that customers identity stays safe
and protected as much as possible by minimizing any external risks and also it
helps in maintaining the reputation standard of banks.
2. Data Protection:
Data Protection refers to the process of keeping safe to important information. In
simple it refers protecting data against unauthorized access which leads to no
corruption, no compromise, no loss and no security issues of data. Data protection
is allowed to all forms of data whether it is personal or data or organizational data.
Example –
A bank has lot of customers, so the bank needs to protect all types of data
including self-bank records as well as customer information from unauthorized
accesses to keep everything safe and to ensure everything is under the control of
bank administration.
++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++

36