elective reviewer.pdf

Full Transcript

REVIEWER
Subject: Elective 4: Cyber Security and OS Management
Professor: Dr. Josephine Evangelista

History of Internet Parallel Networks developed by other universities and other
Internet countries
➔ Among the most important inventions of the United Kingdom: National Physical Laboratory(NPL)
21st century which have affected our life. 1965, proposed a packing switching network.
➔ Whose foundation was laid during the cold war Michigan Educational Research Information Triad:
between the USA and Russia. MERIT network (1966), funded and supported by State
Sputnik of Michigan and the National Science Foundation (NSF).
➔ World’s first satellite launched by Russia on France: CYCLADES (1973), packet switching network.
October 4, 1957.
➔ This was clearly the victory of Russia over Development of TCP/IP Protocol Suite
cyberspace. ➔ Many parallel systems were working on different
➔ As a counter step, Advanced Research protocols.
Projects Agency, the research arm of the ➔ Scientists were seeking a common standard for network
Department of Defence, United States, interconnection.
declared the launch of ARPANET(Advanced ➔ In 1978, the TCP/IP protocol suite was developed and
Research Projects Agency NETwork) in early adopted by ARPANET in 1983.
1960‟s.
ARPANET (Advanced Research Projects Agency 1981 Integration of Two Large Networks
NETwork) ➔ NSF developed the Computer Science Network
➔ an experimental network and was designed to (CSNET) and connected it to ARPANET using the
keep the computers connected to this network TCP/IP protocol suite.
to communicate with each other even if any of ➔ The network attracted interest from both the research
the nodes (connection point among network community and private sector.
devices), due to the bomb attack, fails to
respond. Initial Speed and Upgrade
LO ➔ NSF initially supported a speed of 56 kbit/s.
➔ The first message was sent over the ➔ In 1988, the speed was upgraded to 1.5 Mbit/s, allowing
ARPANET, a packing switching network, by involvement from Merit Network, IBM, MCA, and the
Leonard Kleinrock's laboratory at University of state of Michigan.
California, Los Angeles (UCLA).
➔ They intended to send the word “LOGIN” and Corporate Interest and Emergence of ISPs
only the first two letters reached its destination ➔ Corporations realized the network’s potential and
at the second network node at Stanford participated in its development.
Research Institute (SRI) and before the last ➔ By the late 1980s, many Internet Service Providers
three letters could reach the destination the (ISPs) emerged to provide backbone services for
network was down due to a glitch. Soon the network traffic.
error was fixed and the message was resent.
NSFNET Upgrade and Decommissioning
ARPANET ➔ NSFNET was expanded and upgraded to 45 Mbit/s by
Major task: Develop rules for communication 1991.
i.e.protocols for communicating over ARPANET. ➔ NSFNET was decommissioned in 1995 to facilitate
Led to the development of protocols for internetworking, commercial traffic on the Internet.
in which multiple separate networks could be joined into
a network of networks. Growth of Universities and Research Centers
It resulted in the development of the TCP/IP ➔ More universities and research centers worldwide are
(Transmission Control Protocol/Internet connected to the network.
Protocol)protocol suite, which specifies the rules for ➔ The network became increasingly popular among the
joining and communicating over ARPANET. research community.

NSF (National Science Foundation) Formation of NREN and Release of the World Wide Web
The backbone that was created in 1986 and five US ➔ The National Research and Education Network (NREN)
universities computing centers were connected to form was founded in 1991.
NSFnet. ➔ The World Wide Web (WWW) was released,
The successor of ARPANET became popular by 1990 transforming how the internet was used.
and ARPANET was decommissioned.
Role of the Internet and Development of the WWW
The participating Universities were: ➔ Initially, the internet was mainly used for file transfers.
➔ Princeton University - John von Neumann National ➔ Tim Berners-Lee introduced the World Wide Web
Supercomputer Center, JvNC (WWW), revolutionizing the way information was
➔ Cornell University - Cornell Theory Center, CTC accessed online.
➔ University of Illinois at Urbana-Champaign - National
Center for Supercomputing Applications, NCSA Development of the Mosaic Browser
➔ Carnegie Mellon University - Pittsburgh ➔ Researchers at the University of Illinois developed the
Supercomputer Center, PSC Mosaic browser in 1992.
➔ General Atomics - San Diego Supercomputer Center, ➔ Mosaic enabled modern-style internet browsing, similar
SDSC to how we navigate the web today.

Internet Addresses
Need for Unique Device Identification
➔ With numerous devices connected to the internet, a
mechanism is needed to uniquely identify each device.
➔ This prevents duplicate identification, ensuring proper
functionality.
REVIEWER
Subject: Elective 4: Cyber Security and OS Management
Professor: Dr. Josephine Evangelista

Role of IANA (Internet Assigned Numbers Authority) DNS (Domain Name System)
➔ IANA is a centralized authority responsible for assigning When browsing websites, users typically enter domain
unique Internet Protocol (IP) addresses. names (e.g., www.uou.ac.in) rather than IP addresses
(e.g., 104.28.2.92).
IP Address DNS translates domain names into IP addresses,
➔ Is a unique address that identifies a device on the simplifying the process and eliminating the need to
internet or a local network. IP stands for "Internet remember numerical addresses.
Protocol”.
➔ IP addresses are 32-bit binary numbers divided into IP Address Usage in Data Transfer
four octets, with each octet separated by a dot (e.g., ➔ Data transfer over the internet relies on IP addresses
11110110.01011010.10011100.1111100). for routing packets.
➔ DNS allows users to use domain names while
Structure of an IP Address converting them into corresponding IP addresses in the
➔ Each octet consists of 8 binary digits (0 or 1), allowing background.
for values between 0 (00000000) and 255 (11111111).
➔ IP addresses are expressed in decimal for human DNS Resolution Process
readability but are understood by computers in binary. ➔ DNS resolution starts when a user enters a domain
name in the browser.
Example of an IP Address ➔ The local computer checks its DNS cache for the
➔ A binary IP address such as corresponding IP address.
11110110.01011010.10011100.1111100 is expressed ➔ If not found locally, the request is sent to the DNS
in decimal as 123.45.78.125. server of the Internet Service Provider (ISP).
➔ If the ISP’s DNS server doesn’t have the IP address,
Network and Host Parts the query is forwarded to root nameservers.
➔ An IP address has two components: Network (which
identifies different networks) and Host (which identifies Root Nameservers
a device within a network). ➔ There are 13 root nameservers that direct queries to the
➔ This structure is similar to a postal system where the appropriate Top-Level Domain (TLD) nameservers.
address helps identify specific locations. ➔ Examples of TLD names include.com,.org,.in, etc.

Classification of IP Addresses Root nameservers include:
➔ IP addresses are classified into five categories based A - VeriSign Global Registry Services
on their range and availability. B - University of Southern California (Information Sciences
Institute)
Class Address Range Supports
C - Cogent Communications
A 1.0.0.1 to Supports 16 million hosts on D - University of Maryland
126.255.255.254 each of 127 networks. E - NASA Ames Research Center
F - Internet Systems Consortium, Inc.
B 128.1.0.1 to Supports 65,000 hosts on each G - U.S. DOD Network Information Center
191.255.255.254 of 16,000 networks. H - U.S. Army Research Lab
I - Autonomica/NORDUnet
C 192.0.1.1 to Supports 254 hosts on each of J - VeriSign Global Registry Services
223.255.254.254 2 million networks
K - RIPE NCC
D 224.0.0.0 to Reserved for multicast groups L - ICANN
239.255.255.255 M - WIDE Project

E 240.0.0.0 to Reserved for future use, or TLD Nameservers and Authoritative Nameservers
254.255.255.254 Research and Development ➔ TLD nameservers direct queries to the authoritative
Purposes. nameserver for the domain (e.g.,.com,.in).
➔ Authoritative nameservers store DNS records and
Decentralization of IP Address Allocation by IANA return the IP address to the requesting host.
➔ IANA decentralizes the task of assigning IP addresses ➔ Intermediate DNS servers cache this IP address to
by allocating large blocks of IP addresses to five speed up future requests.
Regional Internet Registries (RIRs).
➔ These RIRs are responsible for distributing IP Root zone file
addresses in their respective regions. ➔ Describes where the authoritative servers for the DNS
top-level domains (TLD) are located.
Regional Internet Registries (RIRs)
➔ APNIC: Responsible for the Asia-Pacific region. DNS Caching
➔ AfriNIC: Responsible for the African region. ➔ If the same URL is requested again, the DNS cache of
➔ ARIN: Responsible for North America, several the local computer or ISP’s server retrieves the IP
Caribbean islands, and North Atlantic islands. address without querying the root or TLD nameservers.
➔ LACNIC: Responsible for Latin America and the
Caribbean. Four DNS Servers:
➔ RIPE NCC: Responsible for Europe, the Middle East, DNS Recursor
and parts of Central Asia. ➔ Also referred to as a DNS resolver, it receives the query
from the DNS client. Then it communicates with other
Role of the Number Resource Organization (NRO) DNS servers to find the right IP address. After the
➔ The NRO serves as the coordinating organization resolver retrieves the request from the client, the
between the five RIRs. resolver acts like a client itself. As it does this, it makes
queries that get sent to the other three DNS servers:
root nameservers, top-level domain (TLD) nameservers,
and authoritative nameservers.
REVIEWER
Subject: Elective 4: Cyber Security and OS Management
Professor: Dr. Josephine Evangelista

Root Nameserver Internet Service Providers (ISPs)
➔ Is designated for the internet's DNS root zone. Its job is ➔ ISPs serve as intermediaries between users and the
to answer requests sent to it for records in the root zone. internet backbone, which is the infrastructure used to
It answers requests by sending back a list of the route data globally.
authoritative nameservers that go with the correct TLD. ➔ They provide the connection you need to access online
services.
Top-level Domain/TLD nameservers ➔ ISPs link your devices to larger networks, eventually
➔ Keeps the IP address of the second-level domain connecting to the global internet infrastructure.
contained within the TLD name. It then releases the
website’s IP address and sends the query to the Network Access Points (NAPs)
domain’s nameserver. ➔ Network Access Points (NAPs) are connection points
where ISPs link to the internet backbone.
Authoritative Nameserver ➔ Large telecommunication companies provide NAPs and
➔ Is what gives you the real answer to your DNS query. maintain the internet backbone that connects countries
➔ There are two types of authoritative nameservers: and continents.
Master server or Primary nameserver - keeps ➔ ISPs manage local networks and route data through
the original copies of the zone records. NAPs to connect users globally.
Slave server or Secondary nameserver - is an
exact copy of the master server. It shares the Data Routing Process
DNS server load and acts ➔ When you connect to the internet through an ISP, you
become part of their network.
RECURSIVE DNS QUERY – request made to a DNS resolver ➔ Data travels from your local ISP, through the internet
requiring the resolution of the query. backbone, to the NAP nearest to your destination (e.g.,
your friend’s ISP).
RECURSIVE DNS RESOLVER – ➔ Once your friend connects to their ISP, the data is
computer that accepts a recursive query and processes the delivered to their computer.
response by making the necessary requests.
The Internet Backbone
RECURSIVE QUERY – DNS client requires that a DNS server ➔ The internet backbone is like the main highway of the
will respond to the client with either the requested resource internet, carrying a huge amount of data across long
record or an error message if the resolver can't find the record. distances.
➔ It consists of high-speed cables and is powerful.
ITERATIVE QUERY – DNS client will allow a DNS server to ➔ Routers that connect major cities and continents.
return the best answer it can. If the queried DNS server does not ➔ This backbone ensures that data travels quickly and
have a match for the query name, it will return a referral to a efficiently from one part of the world to another, helping
DNS server authoritative for a lower level of the domain the internet work seamlessly.
namespace.
World Wide Web (WWW)
NON RECURSIVE QUERY – DNS resolver client queries a DNS The World Wide Web (web) is just one of the many
server for a record that it has access to either because it's services provided by the internet, alongside others such
authoritative for the record or the record exists inside of its cache. as email, Usenet, messaging services, and FTP.
The web uses the HTTP protocol for communication
BROWSER DNS CACHING – Stores DNS resource records and information exchange over the internet.
through the use of caching. Caching prevents redundancy when
someone tries to go to a site. Development of the Web
➔ The web was developed in 1989 at CERN (European
OS DNS CACHING – The operating systems of many devices Organization for Nuclear Research) in Switzerland by
are capable of maintaining a local copy of DNS lookups. This UK scientist Tim Berners-Lee.
makes it possible for the OS to quickly get the information it ➔ It consists of all public websites and devices that
needs to resolve the URL to the correct IP address. access web content.

Internet Infrastructure Purpose of the Web
The internet is a network of networks, consisting of ➔ The web is an information-sharing model designed to
small, medium, and large networks. exchange information over the internet.
No single entity owns the internet; it is a collaborative ➔ Websites are collections of web pages containing text,
effort across many networks. videos, audio, and images, which are accessible using
web browsers.
Role of the Internet Society
➔ Formed in 1992, The Internet Society is an international Popular Web Browsers
organization that frames rules, regulations, and Examples of popular web browsers include:
protocols for the internet. Internet Explorer
➔ It ensures the smooth functioning of the internet across Chrome
countries and continents. Safari
Firefox
How the Internet Works
➔ When a device is not connected to the internet, it is a
standalone system.
➔ Connecting to the internet via an Internet Service
Provider (ISP) turns the device into part of the global
network.
REVIEWER
Subject: Elective 4: Cyber Security and OS Management
Professor: Dr. Josephine Evangelista

Components of World Wide Web: ➔ These attackers possess advanced tools and
➔ Web Browser – a software application used to access techniques, often modifying or developing them to
display web pages from the World Wide Web. (Google bypass security systems.
Chrome, Safari, Mozilla, etc.) ➔ Common perpetrators include professional criminals,
➔ Web Server – a piece of software, or a system that rival companies, terrorist groups, and nation-states
manages web applications, creates responses and targeting financial organizations, defense systems, and
takes input from clients. nuclear establishments.
➔ Web Pages – documents or resources written in HTML
and displayed in a web browser.
➔ HyperText Transfer Protocol (HTTP) – enables Crim
communication between the browser and the web
server. Und
➔ HyperText Markup Language (HTML) – structures the
content (text, images, links, etc.) and defines how it
should appear in a web browser. Cam Cam Cam
➔ Uniform Resource Locator (URL) – the address used
to locate a specific web page or resource on the Stole
internet.

Introduction to Cyber Crime
The internet's evolution from the 1960s to its
Figure 1 : Hierarchical Organizational Structure
widespread public use in 1996 has led to the rapid
growth of cybercrime. Initially, computer crimes were
In the world of cybercrime, roles within criminal organizations are
limited to physical damage, but by the 1980s, malicious
fluid, often shifting based on opportunities. A hacker who steals
software (like viruses) became more prevalent. Once
sensitive data from an organization may choose to exploit it
the internet was made available to the public, the focus
personally for financial gain. However, if the hacker lacks the
of cybercrime shifted to financial fraud, with
technical skills needed for further exploitation, they may sell the
cyberattacks becoming increasingly sophisticated. By
data to a buyer with the necessary expertise.
2013, it was estimated that 800 million individuals were
affected by cybercrime annually.
There are also on-demand cybercrime services, where
In India, cybercrime has also grown significantly, with
organizations, individuals, or even governments may hire
308,371 Indian websites hacked between 2011 and
hackers to perform specific tasks like stealing sensitive
2013. With an estimated 100 million internet users in
information or launching denial-of-service (DoS) attacks
2011, India ranks third globally in internet usage.
against competitors. These cybercriminals create malware or
Despite this, many cybercrimes go unreported, and the
viruses tailored to their clients' needs, causing both financial
actual financial losses due to cybercrime are likely
losses and reputational damage to targeted organizations.
much higher than the reported $160 million per year.
Reasons for the Commission of Cyber Crimes
Cyber Crime
Money:
➔ Cybercrime refers to any unlawful activity in which
➔ The pursuit of quick and easy financial gain is a major
computers or computing devices (smartphones, tablets,
motivator for many cybercriminals.
etc.) are used as tools or targets of criminal activity. The
motives behind cybercrimes can include revenge, greed,
Revenge:
or adventure.
➔ Some people commit cybercrimes as an act of
retaliation, either targeting an individual, an organization,
Types of Cyber Crimes
or even a group based on caste, religion, or society.
Insider Attack:
This form of attack often falls under cyber terrorism.
➔ Carried out by someone with authorized access to a
system, such as a dissatisfied employee or contractor.
Fun:
➔ Often easier to execute due to the attacker's knowledge
➔ Amateur hackers may engage in cybercrime purely for
of the organization's policies and system vulnerabilities.
enjoyment or to test out new hacking tools.
➔ Prevention: Internal Intrusion Detection Systems (IDS)
can help detect and prevent insider attacks.
Recognition:
➔ Hacking highly secured systems, such as defense
External Attack:
networks, is seen by some as a source of pride and
➔ Perpetrated by someone outside the organization or
accomplishment.
hired by an insider.
➔ These attacks can result in financial loss and damage
Anonymity:
to the organization's reputation.
➔ The anonymity provided by cyberspace makes it easier
➔ Prevention: Regular monitoring of firewall logs and the
for individuals to commit crimes without fear of being
installation of IDS can help detect external attacks.
identified. This sense of invisibility can lead people to
abandon their ethical principles in pursuit of personal
Structure of Cyber Attacks
gains.
Unstructured Attacks:
➔ Performed by amateurs with no clear motive.
Cyber Espionage:
➔ Often involves testing readily available tools on random
➔ Governments may engage in cyber espionage to gather
networks.
intelligence on political, economic, or social matters by
infiltrating the networks of other individuals,
Structured Attacks:
organizations, or countries. This type of crime is often
➔ Carried out by skilled individuals or organized groups
motivated by national interests.
with clear motives.
REVIEWER
Subject: Elective 4: Cyber Security and OS Management
Professor: Dr. Josephine Evangelista

Hacktivism 5. WORMS
➔ Some individuals or groups use cybercrime to promote They are a class of viruses which can replicate
political, social,or ideological causes. They may deface themselves. They are different from the virus
websites, launch distributed denial of service (DDoS) by the fact that they do not require human
attacks, or steal and release sensitive information to intervention to travel over the network and
further their agendas. spread from the infected machine to the whole
network. Worms can spread either through the
Psychological Factors network, using the loopholes of the Operating
➔ In some cases, psychological factors such as antisocial System or via email.
behavior, addiction, or a lack of empathy can drive The replication and spreading of the worm
individuals to engage in cybercrime. over the network consumes the network
resources like space and bandwidth and
MALWARE forces the network to choke.
Malicious Software or Malware – is designed to gain 6. TROJAN HORSE
access or installed into the computer without the Trojan horse is a malicious code that is
consent of the user. They perform unwanted tasks in installed in the host machine by pretending to
the host computer for the benefit of a third party. be useful software. The user clicks on the link
There is a full range of malwares which can seriously or downloads the file which pretends to be a
degrade the performance of the host machine. useful file or software from a legitimate source.
There is a full range of malwares which are simply It not only damages the host computer by
written to distract/annoy the user, to the complex ones manipulating the data but also it creates a
which capture the sensitive data from the host machine backdoor in the host computer so that it could
and send it to remote servers. be controlled by a remote computer. It can
become a part of botnet (robot-network).
Some of the popular various types of malwares present in the Robot Network (botnet) – a network of
Internet: computers which are infected by malicious
1. ADWARE code and controlled by a central controller.
A special type of malware which is used for The computers of this network which are
forced advertising. They either redirect the infected by malicious code are known as
page to some advertising page or pop-up an zombies.
additional page which promotes some product Trojens neither infect the other computers in
or event. These adware are financially the network nor do they replicate.
supported by the organizations whose 7. SCAREWARE
products are advertised. While surfing the Internet, suddenly a pop-up
2. SPYWARE alert appears on the screen which warns of the
A special type of which is installed in the target presence of dangerous viruses, spywares, etc.
computer with or without the user permission in the user’s computer.
and is designed to steal sensitive information As a remedial measure, the message
from the target machine. Mostly it gathers the suggests the user download the full paid
browsing habits of the user and then sends it version of the software. As the user proceeds
to the remote server without the knowledge of to download, a malicious code, known as
the owner of the computer. Most of the time scareware is downloaded into the host
they are downloaded into the host computer computer.
while downloading freeware i.e. free It holds the host computer hostage until the
application programmes from the internet. ransom is paid. The malicious code can
Spywares may be of various types; It can keep neither be uninstalled nor can the computer be
track of the cookies of the host computer, it used till the ransom is paid
can act as a keylogger to sniff the banking
passwords and sensitive information, etc.
3. BROWSER HIJACKING SOFTWARE
There is some malicious software which is
downloaded along with the free software
offered over the internet and installed in the
host computer without the knowledge of the
user. This software modifies the browsers
setting and redirects links to other
unintentional sites.
4. VIRUS
A virus is a malicious code written to
damage/harm the host computer by deleting or
appending a file, occupy memory space of the
computer by replicating the copy of the code,
slow down the performance of the computer,
format the host machine, etc.
It can be spread via email attachment, pen
drives, digital images, e-greeting, audio or
video clips, etc.
A virus may be present in a computer but it
cannot activate itself without human
intervention.
Until and unless the executable file(.exe) is
executed, a virus cannot be activated in the
host machine.