Cyber Security Module 2 Notes PDF
Document Details
Uploaded by GratifyingMagnolia1292
Sai Vidya Institute of Technology
Dr. Asha K and Prof. Santhosh Y N
Tags
Summary
These notes from the Sai Vidya Institute of Technology cover the different aspects of cyber security, specifically focusing on cybercrime and related concepts. The notes include explanations of various terminologies, including hackers, brute force hacking, and crackers.
Full Transcript
Introduction to Cyber Security (22ETC15I) Module 2 Chapter 2: Cybercrime: Cyber Offenses: How Criminals Plan Them: Introduction, how criminals plan the attacks, Social Engineering, Cyber Stalking, C...
Introduction to Cyber Security (22ETC15I) Module 2 Chapter 2: Cybercrime: Cyber Offenses: How Criminals Plan Them: Introduction, how criminals plan the attacks, Social Engineering, Cyber Stalking, Cybercafe & cybercrimes. Botnets: The fuel for cybercrime, Attack Vector. Textbook:1 Chapter 2 (2.1 to 2.7) 2.1 Introduction 1. Explain the following terminologies? (06 M) I. Hacker II. Brute Force Hacking III. Cracker IV. Cracker tools V. Phreaking VI. War dialer Hacker: A hacker is person with strong interest in computers who enjoys learning and experimenting with them. He/She is very talented, smart people who understand computer better than the others. Brute Force Hacking: It is a technique used to find passwords or encryption keys. It involves trying every possible combination of letters, number, etc, until the code is broken. Cracker: A Cracker is a person who breaks into computers. Crackers should not be confused with hackers the term "cracker” is usually connected to computer criminals. Crimes conducted by crackers are vandalism, theft and snooping in unauthorized areas. Cracking: It's the act of breaking into computers. Cracking is a popular growing subject on the internet. There are website→ supplying crackers with programs that allows them to crack computers (like guessing passwords); they used to break phone line (phreaking). These files display warnings such as "These files are illegal, we are not responsible for what you do with them” Cracker tools: These are programs that’ break into computer. These are widely distributed on the internet. Like password crackers, Trojans, Viruses, war dialers and worms Phreaking: This is notorious art of breaking into phone or other communication systems. War dialer: It is program that automatically dials phone numbers looking for computers on the other end. It catalogs numbers so that the hackers can call back and try to break in. Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 2. With neat sample network, explain the categories of vulnerabilities that hackers typically search (06 M) The network shown in figure 1 consists of the many workstations. These workstations are connected by switch. Intern switch is connected to the Citrix server and applications servers. The clinical data is analyzed and intern connected to the switch. BIND: Berkely Internet Name Domain IDS: Intrusion Detection System IIS: Internet Information Service DNS: Domain Name Service Categories of vulnerabilities that hackers typically search for are 1. Inadequate border protection (border as in the sense of network periphery); Many workstations are connected together and employee instals the PC without a password. Poor password allows the guessing of password easily. 2. Remote Access Servers (RASs) with weak access controls These are connected to all the network. A Firewall will protect the PC, by reporting suspicious activity, when admis tarator fails to monitor the IDS alters. IDS is a Intrusion Detection system, It is a system that monitors network traffic for suspicious activity and alters when such activity is discovered. 3. Application servers with well-known exploits; Administrator fails to install patch to fix the BIND Vulnerability. Web admis tarator fails to install patch to fix IIS Unicode vulnerability 4. Misconfigured systems and systems with default configurations. The router which is misconfigured highly vulnerable to DoS attack. Fig1. Network vulnerabilities-Sample network Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 3.Explain the Four different hat concept in cyber security? (06 M) Ans: Black Hat- Just like in the old westerns, these are the bad guys. A black hat is also called cracker. To add insult to injury, black hats may also share information about the “break in” with other black hat crackers so they can exploit the same vulnerabilities before the victim becomes aware and takes appropriate measures. White Hat- White black hats use their skill for malicious purposes, white hats are ethical hackers. They use their knowledge and skill to thwart the black hats and secure the integrity of computer systems or networks. If a black hat decides to target you, it’s a great thing to have a white hat around. White hat focuses on securing IT systems. Whereas black hat would like to break into them. It's like thief and police game. Brown hat hacker is one who thinks before acting or committing a malice or non-malice deed. A Grey hat Commonly refers to a hacker who releases information about any exploits or security holes he/she finds openly to the public. He/she does so without concern for how the information is used in the end. (whether for patching or exploiting). 4. How are cybercrimes classified? Explain with examples. OR Explain the categories of cybercrime? Ans: Categories of Cybercrime Cybercrime can be categorized based on the following: The target of the crime and whether the crime occurs as a Single event or as a series of events Target of the crime Cybercrime can be targeted against individuals (persons), asses (property) and/or organizations (government, business and social). Whether the crime occurs as a Single event or as a series of events Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 Single event of cybercrime: hacking or fraud Series of events: Cyberstalking 1. Crimes targeted at Individuals The goal is to exploit human weakness such as greed and naivety. These crimes include financial frauds, sale of non-existent or stolen items, child pornography, copyright violation, harassment, etc. with the development in the IT and the Internet; thus, criminals have a new tool that allows them to expand the pool of potential victims. However, this also makes difficult to trace and apprehend the criminals Crimes targeted at Property These includes stealing mobile devices such as cell phone, laptops, personal digital assistant (PDAs), and removable medias (CDs and pen drives); Transmitting harmful programs that can disrupt functions of the systems and/or can wipe out data from hard disk. And can create the malfunctioning of the attached devices in the system such as modem, CD drive etc., Crimes targeted at Organizations Cyberterrorism is one of the distinct crimes against organizations/governments. Attackers (individuals or groups of individuals) use computer tools and the Internet to usually terrorize the citizens of a particular country by stealing the private information and also to damage the programs files They plant programs to get control of the network system. Single event of Cybercrime It is the single event from the perspective of the victim. Ex. Unknowingly open an attachment that may contain virus that will infect the system (PC/Laptop). It is known as hacking or fraud. Series of events This involves attacker interacting with the victims repetitively. Example, attacker interacts with the victim on the phone and/or via chat rooms to establish relationship first and then exploit that relationship to commit sexual assault. Ex. Cyberstalking Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 2.2 How criminals plan the attacks, 5. What are the six phases involved in planning cybercrime. And Discuss (10M) Phases involved in planning Cybercrime: 1. Reconnaissance 2. Information gathering, first phase passive attack 3. Scanning and scrutinizing the gathered information 4. For validity of the information as well as to identify the existing vulnerabilities 5. Launching an attack and Gaining and maintaining the system access. Phase 1: Reconnaissance It is an act of reconnoitering- explore, often with the goal of finding something or somebody (gain information about enemy (potential enemy) In the world of "hacking," reconnaissance phase begins with foot printing - this is the preparation toward preattack phase, and involves accumulating data about the target environment and computer architecture to find ways to intrude into that environment. The objective of this preparatory phase is to understand the system, its networking ports and services, and any other aspects of its security that are needful for launching the attack. Two phases: passive and active attacks. Phase 2: Information gathering, first phase passive attack This Phase Involves gathering information about the target without his/her knowledge. 1. Google or Yahoo search locate information about employees 2. Surfing online community groups Facebook to gain information about an individual 3. Organizations website for personal directly or information about the key employees used in social engineering attack to reach the target. 4. Blogs news groups press releases etc., 5. Going through job posting 6. Network sniffing information on internet protocol address ranges hidden server or network or service on the system. Active Attacks: It involves probing the network to discover individual host to confirm the information (IP address, operating system type and version, and services on the network) gathered in the passive attack phase Also called as Rattling the Doorknobs or Active Reconnaissance Can provide confirmation to an attacker about security measures in place (Whether front door is locked?) Phase 3: Scanning and scrutinizing the gathered information Is a key to examine intelligently while gathering information about the target The objectives are: 1. Port scanning 2. Network scanning 3. Vulnerability scanning Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 Port scanning: The act of systematically scanning a computer port. Support is a place where information goes into and out of a computer port scanning identify is open doors to a computer. It is a similar to a test going through your neighborhood and checking every door and window on each house to see which ones are open and which ones are locked. There is no way to stop someone from port scanning your computer while you are on the Internet because accessing internet server open supp ort which open the door to your computer. Scrutinizing Phase It is also called as enumeration in the hacking world. The object to behind the step is to identify the following 1. The valid user accounts or groups; 2. Network resources and/or shared resources; 3. Operating System (OS) and different applications that are running on the OS. Phase 4: For validity of the information as well as to identify the existing vulnerabilities. After collecting the data on the victim, validate the acquired information and also identify the vulnerabilities. Phase 5: Launching an attack and gaining and maintaining the system access. After scanning and scrutinizing (enumeration) the attack is launched using the following steps. 1. Crack the password 2. Exploit the privileges 3. Execute the malicious command or application 4. Hide the files 5. Cover the tracks- delete access logs, so that there is no trial illicit activity 6. Explain the difference between passive and active attacks. Provide examples. (10M) Key Passive Attacks Active Attacks Definition Attempts to Gain information It involves probing the network to about the target without discover individual host to confirm his/her permission. the information (IP address, operating system type and version, and services on the network) gathered in the passive attack phase Requirement Leads to Breaches of Affects the Availability, Integrity and confidentiality. Authenticity of data Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 In Active Attack, information is In Passive Attack, information remains Modification modified. unchanged. Dangerous Active Attack is dangerous for Passive Attack is dangerous for For Integrity as well as Availability. Confidentiality. Attention is to be paid on Attention is to be paid on prevention. Attention detection. An Active Attack can damage A Passive Attack does not have any Impact on the system. impact on the regular functioning of a System system. The victim gets informed in an The victim does not get informed in a Victim active attack. passive attack. Tracking It is difficult to track, it Comparatively easy to trace. does not leave the any traces of the attacker's interference. Example of Spying, War driving, Session hijacking, Man-in the attacks Eavesdropping, Dumpster middle (MITM), impersonation, diving, Foot printing, DoS, DDoS etc., Traffic analysis 7. Explain in details Ports and Ports scanning in cyber offenses (06M) The act of systematically scanning a computer port. Support is a place where information goes into and out of a computer port scanning identify is open doors to a computer. It is a similar to a test going through your neighborhood and checking every door and window on each house to see which ones are open and which ones are locked. There is no way to stop someone from port scanning your computer while you are on the Internet because accessing internet server open support which open the door to your computer. There are however software product that can stop port scanner from doing any damage to your system. Port scan consists of sending message to each port one at a time. The kind of response received indicates whether the port is used and can there for be proved for weakness. The result of a scan on a port is usually generalized into one of the following categories Open or accepted Closed or not listening Filtered or blocked. A port is an interface on a computer to which one can connect a Device. TCP IP Protocol suite made out of the two protocol TCP and UDP is used Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 Universally to communicate on the Internet each of these ports 0 through 65536 (that is in the range rover 2^0 to 2^16 for binary address calculations. The port numbers are divided into 3 ranges: 1. Well known ports from 0 to 1023 2. Registered ports 3. Dynamic and/or private ports Ports 20 and 21 File Transfer Protocols (FTP) are used for uploading and downloading of information. Port 25-Simple Mail Transfer Protocol (SMTP) is used for sending/receiving E-Mails. Port 23- Telnet Protocol-is used to connect directly to a remote host and internet control message. Port 80-it is used for Hypertext Transfer Protocol (HTTP). Internet Control Message Protocol (ICMP) -It does not have a port abstraction and is used for checking network errors, for example. ping. We have the following types of Ports scans namely Vanilla: the scanner attempts to connect all 65,535 ports. Probe: Amore focus scan looking only for non-services to exploit Fragmented packets: the scanner since packets fragments that get through simple packet filters in a Firewall. UDP the scanner Looks for open UDP ports sweep the scanner connects to a same port on more than one machine FTP Bounce the scanner goes through FTP server in order to disguise the sources of the scan Stealth scanner the scanner blocks the scanned computer from recording the port can activities 2.3 Social Engineering, 8. What is social engineering? Explain with example social engineering Is a Technique to influence and persuasion to device people to obtain the information or perform some action. A social engineer uses telecommunications or internet to get them to do something that is against the security practices and/or policies of the organization. SE involves gaining sensitive information or unauthorized access privileges by building inappropriate trust relationship with insiders. It is an art of exploiting the trust of people. The goal of SE is to fool someone into providing valuable information or access to that information. SE studies human behavior so that people will help because of the desire to be helpful, the attitude to trust people, and fear of getting into trouble. An example is calling a user and pretending to be someone from the service desk working on a network issue; the attacker then proceeds to ask question Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 about what the user is working on, what files shares he/she uses, what his/her password is and so on.., Example: Talking to an employee of a company, in the name of technical support from the same office. While taking with the employee the attacker will collect the confidential information such as name of the company, username and password etc. 9. Explain the classification of social engineering with examples. (08M) Human based Social Engineering It refers to person to person interaction to get the required/desired information. Impersonating an employee or valid user: Impersonation" (e.g.. posing oneself as an employee of the same organization) is perhaps the greatest techniques used by SE to deceive people. SE take the advantages of the fact that most people are basically helpful, so they are harmless to tell someone who appears to be lost where the computer room is located. Or pretending some one as employee or valid user on the system. Posing as an important user: The attacker pretends to be an important user for example a chief Executive Officer (CEO) or high-level manager who needs immediate assistance to gain access to a system. They think that low level employee don’t ask about the proof or questions to the higher level employees. Using a third person: An attacker pretends to have permission from an authorized source to use a system. This trick is useful when the supposed authorized personnel is on vacation or cannot be contacted for verification. Calling technical support Calling the technical support for assistance is a classic social engineering example. Help- desk and technical support personnel are trained to help users, which makes them good prey for Social Engineering attacks. Shoulder surfing It is a technique of gathering information such as usernames and passwords by watching over a person's shoulder while he/she logs into the system, thereby helping an attacker to gain access to the system. Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 Fig Shoulder Surfing Dumpster diving It involves looking in the trash for information written on pieces of paper or computer printouts. This is a typical North American term; it is used to describe the practice of rummaging through commercial or residential trash to find useful free items that have been discarded. It is also called dumpstering, binning, trashing garbing or garbage gleaning "Scavenging is another term to describe these habits. In the UK, the practice is referred to as "binning or "skipping and the person doing it is a "binner" or a "skipper. Example: gong through someone's trash for to recover documentation of his/her critical data [ e.g., social security number (SSN) in the US, PAN/AADHAR number in India, credit card identity (ID) numbers, etc.]. Computer based Social Engineering It uses a computer software/Internet to get the required/ desired information. Fake E-Mails An attacker sends emails to numerous users in such that the user finds it as legitimate mail. This activity is called as Phishing. Free websites are available to send fake emails. One can observe here that "To" in the text box is a blank space. Phishing involves false emails, chats or websites designed to impersonate real systems with the goal of capturing sensitive data. A mail might send to victim (Internet users/ Netizens) by attacker to reveal their personal information. Phishing is carried through email or instant messaging. E-Mail attachment E-Mail attachments are used to send malicious code to a victim's system, which will automatically (e.g. keylogger utility to capture passwords) get executed. Viruses. Trojans, and worms can be included cleverly into the attachments to entice a victim to open the attachment. Pop-up windows Pop-up windows are also used. in a similar manner to E Mail attachments Pop-up windows with special offers or tree stuff can encourage a user to unintentionally install malicious software. Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 2.4 Cyber Stalking, 10. What is cyberstalking? As per your understanding is it a crime under the Indian IT act? (06M) cyberstalking is the use of Internet or other electronics means to stalk or harass an individual, a group or an organization. It may include false accusation, defamation, slander and liable. It also include monitoring, identity (ID) theft, threats, vandalism, solicitation of minors for sex, or gathering information that may be used to threaten or harass a person. Cyberstalking is sometimes referred to as Internet stalking, e-stalking or online stalking. It refers to the use of Internet or electronic communication such as e-mail or instant messages to harass the individual. As per Law Cyber Stalking is a punishable offence and attracts section 354 (D), 509 IPC, and section 67 under I.T. Amendment Act 2008. Information Technology Act, 2000 (amended in 2008) - When a person publishes or sends salacious material via electronic media is to be charged under Section 67 of the Act. [Source: https://infosecawareness.in/concept/safety-on- cyberstalking#:~:text=As%20per%20Law%20Cyber%20Stalking,Section%2067%20of%20the %20Act.] 11. Explain types of Stalkers (06M) We have two types of stalkers namely, Online Stalkers and Offline Stalkers. Both are criminal offenses, both are motivated by a desire to control, intimidate of influence a victim. A Stalker may be an online stranger or a person whom the target knows. He may be anonymous and solicit involvement of other people online who do not even know the target. Online Stalkers Offline Stalkers They aim to start the interaction with the The stalker may begin the attack using victim directly with the help of s traditional methods such as following the Internet. E-Mail and chat rooms are the victim, watching the daily routine of the most popular communication medium to victim, etc. Searching on message get connected with the victim, rather than boards/newsgroups. Personal websites, and using traditional instrumentation like people finding services or websites are most telephone cell phone. The stalker common ways to gather information makes sure that the victim recognizes the about the victim using the Internet. The attack attempted on him/her. The stalker victim is not aware that the Internet has can make use of been used to perpetuate an attack against a third party to harass the victim. them. 12. Explain the steps of how stalking works? (08M) The working of stalking is discussed in the below seven steps, Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 1. Personal information gathering about the victim. 2. Established a contact with the victim through telephone or cell phone start threatening or Harass. 3. Establish a contact with the victim through email 4. Keep sending repeated emails asking for various kinds of favors or threaten the victim 5. Post victim's personal information's on any website related to illicit services 6. Who so ever comes across the information start calling the victim on the given contact details asking for sexual services 7. Some stalkers may Subscribe/Register email account of the victim to innumerable pornographic and sex sites, because of which victim will start receiving such kinds of unsolicited e-mails. 13. Explain the Real-life Incident of Cyberstalking? (06M) Case Study The Indian police have registered first case of cyberstalking in Delhi- the brief account of the case has been mentioned here. To maintain confidentiality and privacy of the entities involved, we have changed their names. Mrs. Joshi received almost 40 calls in 3 days mostly at odd hours from as far away as Kuwait, Cochin, Bombay, and Ahmadabad. The said calls created havoc in the personal life destroying mental peace of Mrs. Joshi who decided to register a complaint with Delhi Police. A person was using her ID to chat over the Internet at the website www.mirc.com, mostly in the Delhi channel for four consecutive days. This person was chatting on the Internet, using her name and giving her address, talking in obscene language. The same person was also deliberately giving her telephone number to other chatters encouraging them to call Mrs. Joshi at odd hours. This was the first time when a case of cyberstalking was registered. Cyberstalking does not have a standard definition but it can be defined to mean threatening, unwarranted behaviour, or advances directed by one person toward another person using Internet and other forms of online communication channels as medium. 2.6 Cybercafe & cybercrimes. 14. How cybercafes are creating the paths for cybercrimes? (08M) An Internet café or Cybercafé is a place which provides internet access to the public usually for a fee. According to Nielsen Survey on the profile of Cybercafe users in India: 1. 37% of the total population uses cyber cafes 2. 90% of this word male in the age group of 15 to 35 years 3. 52% graduates and post graduates 4. > than 50% were students Hence it is extremely important to understand the IT security and governance practice in the cyber café. Cyber café are Used for either real or falls terrorist communication For stealing bank password fraudulent withdraw of money Keyloggers or Spyware. Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 Shoulder Surfing For sending options Mails to harass people They are not network service providers (NSP) according to IT act 2000 They are responsible for due diligence 15. Illegal activities observed in cyber cafes. (07 M) 1. Pirated software's operating system Browser office. 2. Anti-virus software not updated 3. Cybercafes have installed deep freeze software to protect computer from prospective malware attacks. This software clears all the activities carried out details when then press the restart button, hence problem for police or crime investigators to search the victim. 4. Annual Maintenance Contract (AMC) found to be not in place for serving computer. Not having AMC is a risk, because cybercriminal can install malicious code for criminal activities without any interaction. 5. Pornographic websites and similar websites with indecent contents are not blocked. 6. Cybercafe Owners have less Government /ISPs/State Police (cyber-Cell wing) do not provide s awareness about the IT security and IT Governance. 7. IT Governance guidelines to cybercafé owners 8. No periodic visits to Cyber Cafe by cyber-Cell wing (state Police) or Cybercafe Association. 16. Discuss the safety and security measures while using the computer in a cybercafe? (08M) 1. Always logout do not save login information through automatic login information While checking E-Mails or logging into chatting services such as instant messaging or using any other service that requires a username and a password, always click "logout or sign out" before leaving the system. Simply closing the browser window is not enough, because if some body uses the same service after you then one can get an easy access to your account. However, do not save your login information through options that allow automatic login. Disable such options before logon 2. Stay with the computer While surfing/browsing, one should not leave the system unattended for any period of time. If one has to go out, logout and close all browser windows. 3. Clear history and temporary files Internet Explorer saves pages that you have visited in the history folder and in temporary Internet files. Your passwords may also be stored in the browser if that option has been enabled on the computer that you have used. therefore, before you begin browsing, do the following in case of the browser Internet Explorer: Go to Tools> Internet options click the Content tab > click AutoComplete. If the checkboxes for passwords are selected, deselect them. Click OK twice. After you have finished browsing, you should clear the history and temporary Internet files folders. Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 For this, go to Tools > Internet options again> click the General tab go to Temporary Internet Files > click Delete Files and then click Delete Cookies Then, under history, click clear history. Wait for the process to finish before leaving the computer 4. Be alert don't be a victim of Shoulder Surfing One should have to stay alert and aware of the surroundings while using a public computer. Snooping over the shoulder is an easy way of getting your username and password. 5. Avoid online financial transaction Ideally one should avoid online banking, shopping or other transactions that require one to provide personal, confidential and sensitive information such as credit card or bank account details. In case of urgency, one has to do it; however, one should take the precaution of changing all the passwords as soon as possible. One should change the passwords using a more trusted computer, such as at home and/or in office. 6. Change password ICICI Bank/SBI about changing the bank account/transaction passwords is the best practice to be followed by every one who does the online net banking. 7. Virtual Keyboard Nowadays almost every bank has provided the virtual keyboard on their website. The advantages of utilizing virtual keyboard is we can avoid the keylogger attack. 8. Security warnings One should take utmost care while accessing the websites of any banks/financial institution. The screenshot in Fig. 2.7 displays security warnings very clearly (marked in bold rectangle), and should be followed while accessing these financial accounts from cybercafe 2.7 Botnets: The fuel for cybercrime, 17. Explain how Botnets can be used as fuel to cybercrime (06M) Bot: “ An automated program for doing some particular task, often over a network” A botnet (also known as a zombie army) is a number of internet computer that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses ) Any such computer is called as a zombie-in effect, a computer “robot” or “bot” that servers the wishes of some master spam or virus originator. Most computers compromised in this way are home based. According to a report from Russian based Kaspersky labs botnets– not spam, viruses, or worms– currently pose the biggest threat to the Internet. 18. Explain with neat diagram how Botnets create business and used for gainful purpose. (08M) Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 Botnets uses for gainful purpose 19. Define the following technical terms: Malware Adware Spam Spamdexing DDoS Malware: It is malicious software. designed to damage a computer system without the owners informed consent. Viruses and worms are the examples of malware. Adware: It is advertising-supported software. which automatically plays, displays, or downloads advertisements to a computer after the software is installed on it or while the application is being used. Few spywares are classified as adware. Spam: It means unsolicited or undesired E-Mail messages Spamdexing: It is also known as search Spam or search engine Spam. It involves a number of methods. such as repeating unrelated phrases, to manipulate the relevancy or prominence of resources indexed by a search engine in a manner inconsistent with the purpose of the indexing system. DDoS: Distributed denial-of service attack (DDoS) occurs when multiple systems flood bandwidth of resources of a targeted system, usually one or more web servers. These systems are by attackers using a variety of methods. 20. Discuss the steps to secure the computer system (04 M) Ways to secure the system [USUDDCT] 1. Use antivirus and anti-Spyware and keep it up-to-date lt is important to remove and/or quarantine the viruses. The settings of these software's should be done during the installations so that these software's get updated automatically on a daily basis. Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 2. Set the OS to download and install security patches automatically OS companies issue the security patches for flaws that are found in these systems. 3. Use firewall to protect the system from hacking attack, while it is connected to the Internet. A firewall is a software and/or hardware that is designed to block unauthorized access while permit- ting authorized communications. It is a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all (in and out) computer traffic between different security domains based upon a set of rules and other criteria. A firewall is different from antivirus protection. Antivirus software scans incoming communications and files for troublesome viruses vis-à-vis properly configured firewall that helps to block all incoming communications from unauthorized sources. 4. Disconnect internet when not in use Attackers cannot get into the system when the system is disconnected from the Internet. Firewall, antivirus, and anti-Spyware software's are not foolproof mechanisms to get access to the system 5. Don’t trust free downloads, download freeware from trustworthy websites. It is always appealing to download free software(s) such as games, file-sharing programs, customized toolbars, etc. However, one should remember that many free software(s) contain other software, which may include Spyware 6. Check regularly inbox and sent items, for those messages you did not send. If you do find such messages in your outbox, it is a sign that your system may have infected with Spyware, and maybe a part of a Botnet. This is not foolproof; many spammers have learned to hide their unauthorized access. 7. Take immediate action if system is infected. If your system is found to be infected by a virus, disconnect it from the Internet immediately. Then scan the entire system with fully updated antivirus and anti- Spyware software. Report the unauthorized accesses to ISP and to the legal authorities. There is a possibility that your passwords may have been compromised in such cases, so change all the passwords immediately. 2.8 Attack Vector. 21. What are the different attacks launched with attack vector and explain in detail. (08M) An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcomes. Attack vectors enable hackers to exploit system vulnerabilities, including the human element. Attack vector include viruses, email attachments, Web pages, pop-up windows, instant messages, chat rooms, and deception. All of these methods involve programming (or hardware), except deception, in which a human operator is fooled into removing or weaking system defenses. Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 To some extent, Firewalls and anti-virus software can block attack vectors. But no protection method is totally attempting proof. A defense method that is affected today may not remain so for long, because hackers are constantly updating Attack vectors, and seeking new ones, in their quest to gain unauthorized access to computers and servers. If vulnerability is at the entry point then attack vectors are the way attacks can launch their results are try to infrate the building. In the broadest sent purpose of the attack battery in plant or piece of code that makes use of a Wonderla score is called as pay load Android vector very in how a balloon is implemented the most common malicious follow the viruses which can function as their own attack vectors ) Trojan horses, worms and spyware. If an attack vector is thought of as guided missile, its payload can be compared to the warhead in the tip of the missile. Different ways to launch Attack Attack by E-mail: The hostile content is either embedded in the message or linked to by the message. Sometimes attacks combine the two vectors, so that if the message does not get you, the attachment will. Spam is almost always carrier for scams, fraud, dirty tricks, or malicious action of some kind. Any link that offers something "tree or tempting is a suspect. Attachments: Malicious attachments install malicious computer Code. The code could be a virus, Trojan Horse, Spyware, or any other kind of malware. Attachments attempts to install their payload as soon as you open them. Attacks by deception: social engineering/hoaxes Deception is aimed at the user/operator as a vulnerable entry Point. It is not just malicious computer code that one needs to monitor. Fraud, scams, hoaxes, and some extent Spam, not to mention viruses, worms and such require the unwitting cooperation of computer's operator to succeed. Social engineering and hoaxes are other forms of deception that are often an attack vector too. Hackers Hacker or cracker are a formidable attack vector because, unlike ordinary malicious code, people are flexible and they can improvise. They have hacking tool, heuristic, and social engineering to gain access to computer and online accounts. They often install Trojan Horse to commandeer the computer for their own use. Heedless guests (attack by webpages): Counterfeit websites are used to extract personal information. Such websites look very much like the genuine websites they imitate. One may think he/she is doing business with someone you trust. However, he/she is really giving their personal information, like address, credit card number, and expiration date. They are often used in conjunction with Spam, which gets you there in the first place. Pop-up webpages may install Spyware, Adware or Trojans. Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology Introduction to Cyber Security (22ETC15I) Module 2 Attack of the worms: Many worms are delivered as E-Mail attachments, but network worms use holes in network protocols directly. Any remote access service, like file sharing, is likely to be vulnerable to this sort of worm. In most cases, a firewall will block system worms. Many of these system worms install Trojan Horses. Next, they begin scanning the Internet from the computer they have just infected, and start looking for other computers to infect. If the worm is successful, it propagates rapidly. The worm owner soon has thousands of "zombie" computers to use for more mischief. Malicious macros: Microsoft Word and Microsoft Excel are some of the examples that allow macros. A macro does something like automating a spreadsheet, for example. Macros can also be used for malicious purposes. All Internet services like instant messaging, Internet Relay Chart (IRC), and P2P file-sharing networks rely on cozy connections between the computer and the other computers on the Internet. If one is using P2P software then his/her system is more vulnerable to hostile exploits Foistware/sneakware: Foistware is the software that adds hidden components to the system on the sly. Spyware is the most common form of Foistware. Foistware is quasi- legal software bundled with sone attractive software. Sneak software often hijacks your browser and diverts you to some "revenue opportunity" that the Foistware has set up. Viruses: These are malicious computer codes that hitch a ride and make the payload. Nowadays, virus vectors include E-Mail attachments, downloaded files, worms, etc. 22. Explain the Zero-Day Attack? (04 M) A zero-day attack A zero-day (or zero - hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer applications or operating system, one that developers have not had time to address and patch. Software vulnerabilities may be discovered by hackers by security companies or researchers, by the software vendors themselves of by users. If discovered by hackers, an exploit will be kept secret for as long as possible and will circulate only through the ranks of hackers, until software or security companies become aware of it or of the attacks targeting it. Zero-day emergency response team (ZERT): This is a group of software engineers who work to release non-vendor patches for zero-day exploits. Nevada is attempting to provide support with the Zero day Project at www.zerodayproject.com, which purports to provide information on upcoming attacks and provide support to vulnerable systems. ***********************end*************************** Dr. Asha K and Prof. Santhosh Y N Sai Vidya Institute of Technology