elective reviewer.pdf
Document Details
Uploaded by PopularHamster2820
Full Transcript
REVIEWER Subject: Elective 4: Cyber Security and OS Management Professor: Dr. Josephine Evangelista History of Internet Parallel Networks developed by other universities and other Internet...
REVIEWER Subject: Elective 4: Cyber Security and OS Management Professor: Dr. Josephine Evangelista History of Internet Parallel Networks developed by other universities and other Internet countries ➔ Among the most important inventions of the United Kingdom: National Physical Laboratory(NPL) 21st century which have affected our life. 1965, proposed a packing switching network. ➔ Whose foundation was laid during the cold war Michigan Educational Research Information Triad: between the USA and Russia. MERIT network (1966), funded and supported by State Sputnik of Michigan and the National Science Foundation (NSF). ➔ World’s first satellite launched by Russia on France: CYCLADES (1973), packet switching network. October 4, 1957. ➔ This was clearly the victory of Russia over Development of TCP/IP Protocol Suite cyberspace. ➔ Many parallel systems were working on different ➔ As a counter step, Advanced Research protocols. Projects Agency, the research arm of the ➔ Scientists were seeking a common standard for network Department of Defence, United States, interconnection. declared the launch of ARPANET(Advanced ➔ In 1978, the TCP/IP protocol suite was developed and Research Projects Agency NETwork) in early adopted by ARPANET in 1983. 1960‟s. ARPANET (Advanced Research Projects Agency 1981 Integration of Two Large Networks NETwork) ➔ NSF developed the Computer Science Network ➔ an experimental network and was designed to (CSNET) and connected it to ARPANET using the keep the computers connected to this network TCP/IP protocol suite. to communicate with each other even if any of ➔ The network attracted interest from both the research the nodes (connection point among network community and private sector. devices), due to the bomb attack, fails to respond. Initial Speed and Upgrade LO ➔ NSF initially supported a speed of 56 kbit/s. ➔ The first message was sent over the ➔ In 1988, the speed was upgraded to 1.5 Mbit/s, allowing ARPANET, a packing switching network, by involvement from Merit Network, IBM, MCA, and the Leonard Kleinrock's laboratory at University of state of Michigan. California, Los Angeles (UCLA). ➔ They intended to send the word “LOGIN” and Corporate Interest and Emergence of ISPs only the first two letters reached its destination ➔ Corporations realized the network’s potential and at the second network node at Stanford participated in its development. Research Institute (SRI) and before the last ➔ By the late 1980s, many Internet Service Providers three letters could reach the destination the (ISPs) emerged to provide backbone services for network was down due to a glitch. Soon the network traffic. error was fixed and the message was resent. NSFNET Upgrade and Decommissioning ARPANET ➔ NSFNET was expanded and upgraded to 45 Mbit/s by Major task: Develop rules for communication 1991. i.e.protocols for communicating over ARPANET. ➔ NSFNET was decommissioned in 1995 to facilitate Led to the development of protocols for internetworking, commercial traffic on the Internet. in which multiple separate networks could be joined into a network of networks. Growth of Universities and Research Centers It resulted in the development of the TCP/IP ➔ More universities and research centers worldwide are (Transmission Control Protocol/Internet connected to the network. Protocol)protocol suite, which specifies the rules for ➔ The network became increasingly popular among the joining and communicating over ARPANET. research community. NSF (National Science Foundation) Formation of NREN and Release of the World Wide Web The backbone that was created in 1986 and five US ➔ The National Research and Education Network (NREN) universities computing centers were connected to form was founded in 1991. NSFnet. ➔ The World Wide Web (WWW) was released, The successor of ARPANET became popular by 1990 transforming how the internet was used. and ARPANET was decommissioned. Role of the Internet and Development of the WWW The participating Universities were: ➔ Initially, the internet was mainly used for file transfers. ➔ Princeton University - John von Neumann National ➔ Tim Berners-Lee introduced the World Wide Web Supercomputer Center, JvNC (WWW), revolutionizing the way information was ➔ Cornell University - Cornell Theory Center, CTC accessed online. ➔ University of Illinois at Urbana-Champaign - National Center for Supercomputing Applications, NCSA Development of the Mosaic Browser ➔ Carnegie Mellon University - Pittsburgh ➔ Researchers at the University of Illinois developed the Supercomputer Center, PSC Mosaic browser in 1992. ➔ General Atomics - San Diego Supercomputer Center, ➔ Mosaic enabled modern-style internet browsing, similar SDSC to how we navigate the web today. Internet Addresses Need for Unique Device Identification ➔ With numerous devices connected to the internet, a mechanism is needed to uniquely identify each device. ➔ This prevents duplicate identification, ensuring proper functionality. REVIEWER Subject: Elective 4: Cyber Security and OS Management Professor: Dr. Josephine Evangelista Role of IANA (Internet Assigned Numbers Authority) DNS (Domain Name System) ➔ IANA is a centralized authority responsible for assigning When browsing websites, users typically enter domain unique Internet Protocol (IP) addresses. names (e.g., www.uou.ac.in) rather than IP addresses (e.g., 104.28.2.92). IP Address DNS translates domain names into IP addresses, ➔ Is a unique address that identifies a device on the simplifying the process and eliminating the need to internet or a local network. IP stands for "Internet remember numerical addresses. Protocol”. ➔ IP addresses are 32-bit binary numbers divided into IP Address Usage in Data Transfer four octets, with each octet separated by a dot (e.g., ➔ Data transfer over the internet relies on IP addresses 11110110.01011010.10011100.1111100). for routing packets. ➔ DNS allows users to use domain names while Structure of an IP Address converting them into corresponding IP addresses in the ➔ Each octet consists of 8 binary digits (0 or 1), allowing background. for values between 0 (00000000) and 255 (11111111). ➔ IP addresses are expressed in decimal for human DNS Resolution Process readability but are understood by computers in binary. ➔ DNS resolution starts when a user enters a domain name in the browser. Example of an IP Address ➔ The local computer checks its DNS cache for the ➔ A binary IP address such as corresponding IP address. 11110110.01011010.10011100.1111100 is expressed ➔ If not found locally, the request is sent to the DNS in decimal as 123.45.78.125. server of the Internet Service Provider (ISP). ➔ If the ISP’s DNS server doesn’t have the IP address, Network and Host Parts the query is forwarded to root nameservers. ➔ An IP address has two components: Network (which identifies different networks) and Host (which identifies Root Nameservers a device within a network). ➔ There are 13 root nameservers that direct queries to the ➔ This structure is similar to a postal system where the appropriate Top-Level Domain (TLD) nameservers. address helps identify specific locations. ➔ Examples of TLD names include.com,.org,.in, etc. Classification of IP Addresses Root nameservers include: ➔ IP addresses are classified into five categories based A - VeriSign Global Registry Services on their range and availability. B - University of Southern California (Information Sciences Institute) Class Address Range Supports C - Cogent Communications A 1.0.0.1 to Supports 16 million hosts on D - University of Maryland 126.255.255.254 each of 127 networks. E - NASA Ames Research Center F - Internet Systems Consortium, Inc. B 128.1.0.1 to Supports 65,000 hosts on each G - U.S. DOD Network Information Center 191.255.255.254 of 16,000 networks. H - U.S. Army Research Lab I - Autonomica/NORDUnet C 192.0.1.1 to Supports 254 hosts on each of J - VeriSign Global Registry Services 223.255.254.254 2 million networks K - RIPE NCC D 224.0.0.0 to Reserved for multicast groups L - ICANN 239.255.255.255 M - WIDE Project E 240.0.0.0 to Reserved for future use, or TLD Nameservers and Authoritative Nameservers 254.255.255.254 Research and Development ➔ TLD nameservers direct queries to the authoritative Purposes. nameserver for the domain (e.g.,.com,.in). ➔ Authoritative nameservers store DNS records and Decentralization of IP Address Allocation by IANA return the IP address to the requesting host. ➔ IANA decentralizes the task of assigning IP addresses ➔ Intermediate DNS servers cache this IP address to by allocating large blocks of IP addresses to five speed up future requests. Regional Internet Registries (RIRs). ➔ These RIRs are responsible for distributing IP Root zone file addresses in their respective regions. ➔ Describes where the authoritative servers for the DNS top-level domains (TLD) are located. Regional Internet Registries (RIRs) ➔ APNIC: Responsible for the Asia-Pacific region. DNS Caching ➔ AfriNIC: Responsible for the African region. ➔ If the same URL is requested again, the DNS cache of ➔ ARIN: Responsible for North America, several the local computer or ISP’s server retrieves the IP Caribbean islands, and North Atlantic islands. address without querying the root or TLD nameservers. ➔ LACNIC: Responsible for Latin America and the Caribbean. Four DNS Servers: ➔ RIPE NCC: Responsible for Europe, the Middle East, DNS Recursor and parts of Central Asia. ➔ Also referred to as a DNS resolver, it receives the query from the DNS client. Then it communicates with other Role of the Number Resource Organization (NRO) DNS servers to find the right IP address. After the ➔ The NRO serves as the coordinating organization resolver retrieves the request from the client, the between the five RIRs. resolver acts like a client itself. As it does this, it makes queries that get sent to the other three DNS servers: root nameservers, top-level domain (TLD) nameservers, and authoritative nameservers. REVIEWER Subject: Elective 4: Cyber Security and OS Management Professor: Dr. Josephine Evangelista Root Nameserver Internet Service Providers (ISPs) ➔ Is designated for the internet's DNS root zone. Its job is ➔ ISPs serve as intermediaries between users and the to answer requests sent to it for records in the root zone. internet backbone, which is the infrastructure used to It answers requests by sending back a list of the route data globally. authoritative nameservers that go with the correct TLD. ➔ They provide the connection you need to access online services. Top-level Domain/TLD nameservers ➔ ISPs link your devices to larger networks, eventually ➔ Keeps the IP address of the second-level domain connecting to the global internet infrastructure. contained within the TLD name. It then releases the website’s IP address and sends the query to the Network Access Points (NAPs) domain’s nameserver. ➔ Network Access Points (NAPs) are connection points where ISPs link to the internet backbone. Authoritative Nameserver ➔ Large telecommunication companies provide NAPs and ➔ Is what gives you the real answer to your DNS query. maintain the internet backbone that connects countries ➔ There are two types of authoritative nameservers: and continents. Master server or Primary nameserver - keeps ➔ ISPs manage local networks and route data through the original copies of the zone records. NAPs to connect users globally. Slave server or Secondary nameserver - is an exact copy of the master server. It shares the Data Routing Process DNS server load and acts ➔ When you connect to the internet through an ISP, you become part of their network. RECURSIVE DNS QUERY – request made to a DNS resolver ➔ Data travels from your local ISP, through the internet requiring the resolution of the query. backbone, to the NAP nearest to your destination (e.g., your friend’s ISP). RECURSIVE DNS RESOLVER – ➔ Once your friend connects to their ISP, the data is computer that accepts a recursive query and processes the delivered to their computer. response by making the necessary requests. The Internet Backbone RECURSIVE QUERY – DNS client requires that a DNS server ➔ The internet backbone is like the main highway of the will respond to the client with either the requested resource internet, carrying a huge amount of data across long record or an error message if the resolver can't find the record. distances. ➔ It consists of high-speed cables and is powerful. ITERATIVE QUERY – DNS client will allow a DNS server to ➔ Routers that connect major cities and continents. return the best answer it can. If the queried DNS server does not ➔ This backbone ensures that data travels quickly and have a match for the query name, it will return a referral to a efficiently from one part of the world to another, helping DNS server authoritative for a lower level of the domain the internet work seamlessly. namespace. World Wide Web (WWW) NON RECURSIVE QUERY – DNS resolver client queries a DNS The World Wide Web (web) is just one of the many server for a record that it has access to either because it's services provided by the internet, alongside others such authoritative for the record or the record exists inside of its cache. as email, Usenet, messaging services, and FTP. The web uses the HTTP protocol for communication BROWSER DNS CACHING – Stores DNS resource records and information exchange over the internet. through the use of caching. Caching prevents redundancy when someone tries to go to a site. Development of the Web ➔ The web was developed in 1989 at CERN (European OS DNS CACHING – The operating systems of many devices Organization for Nuclear Research) in Switzerland by are capable of maintaining a local copy of DNS lookups. This UK scientist Tim Berners-Lee. makes it possible for the OS to quickly get the information it ➔ It consists of all public websites and devices that needs to resolve the URL to the correct IP address. access web content. Internet Infrastructure Purpose of the Web The internet is a network of networks, consisting of ➔ The web is an information-sharing model designed to small, medium, and large networks. exchange information over the internet. No single entity owns the internet; it is a collaborative ➔ Websites are collections of web pages containing text, effort across many networks. videos, audio, and images, which are accessible using web browsers. Role of the Internet Society ➔ Formed in 1992, The Internet Society is an international Popular Web Browsers organization that frames rules, regulations, and Examples of popular web browsers include: protocols for the internet. Internet Explorer ➔ It ensures the smooth functioning of the internet across Chrome countries and continents. Safari Firefox How the Internet Works ➔ When a device is not connected to the internet, it is a standalone system. ➔ Connecting to the internet via an Internet Service Provider (ISP) turns the device into part of the global network. REVIEWER Subject: Elective 4: Cyber Security and OS Management Professor: Dr. Josephine Evangelista Components of World Wide Web: ➔ These attackers possess advanced tools and ➔ Web Browser – a software application used to access techniques, often modifying or developing them to display web pages from the World Wide Web. (Google bypass security systems. Chrome, Safari, Mozilla, etc.) ➔ Common perpetrators include professional criminals, ➔ Web Server – a piece of software, or a system that rival companies, terrorist groups, and nation-states manages web applications, creates responses and targeting financial organizations, defense systems, and takes input from clients. nuclear establishments. ➔ Web Pages – documents or resources written in HTML and displayed in a web browser. ➔ HyperText Transfer Protocol (HTTP) – enables Crim communication between the browser and the web server. Und ➔ HyperText Markup Language (HTML) – structures the content (text, images, links, etc.) and defines how it should appear in a web browser. Cam Cam Cam ➔ Uniform Resource Locator (URL) – the address used to locate a specific web page or resource on the Stole internet. Introduction to Cyber Crime The internet's evolution from the 1960s to its Figure 1 : Hierarchical Organizational Structure widespread public use in 1996 has led to the rapid growth of cybercrime. Initially, computer crimes were In the world of cybercrime, roles within criminal organizations are limited to physical damage, but by the 1980s, malicious fluid, often shifting based on opportunities. A hacker who steals software (like viruses) became more prevalent. Once sensitive data from an organization may choose to exploit it the internet was made available to the public, the focus personally for financial gain. However, if the hacker lacks the of cybercrime shifted to financial fraud, with technical skills needed for further exploitation, they may sell the cyberattacks becoming increasingly sophisticated. By data to a buyer with the necessary expertise. 2013, it was estimated that 800 million individuals were affected by cybercrime annually. There are also on-demand cybercrime services, where In India, cybercrime has also grown significantly, with organizations, individuals, or even governments may hire 308,371 Indian websites hacked between 2011 and hackers to perform specific tasks like stealing sensitive 2013. With an estimated 100 million internet users in information or launching denial-of-service (DoS) attacks 2011, India ranks third globally in internet usage. against competitors. These cybercriminals create malware or Despite this, many cybercrimes go unreported, and the viruses tailored to their clients' needs, causing both financial actual financial losses due to cybercrime are likely losses and reputational damage to targeted organizations. much higher than the reported $160 million per year. Reasons for the Commission of Cyber Crimes Cyber Crime Money: ➔ Cybercrime refers to any unlawful activity in which ➔ The pursuit of quick and easy financial gain is a major computers or computing devices (smartphones, tablets, motivator for many cybercriminals. etc.) are used as tools or targets of criminal activity. The motives behind cybercrimes can include revenge, greed, Revenge: or adventure. ➔ Some people commit cybercrimes as an act of retaliation, either targeting an individual, an organization, Types of Cyber Crimes or even a group based on caste, religion, or society. Insider Attack: This form of attack often falls under cyber terrorism. ➔ Carried out by someone with authorized access to a system, such as a dissatisfied employee or contractor. Fun: ➔ Often easier to execute due to the attacker's knowledge ➔ Amateur hackers may engage in cybercrime purely for of the organization's policies and system vulnerabilities. enjoyment or to test out new hacking tools. ➔ Prevention: Internal Intrusion Detection Systems (IDS) can help detect and prevent insider attacks. Recognition: ➔ Hacking highly secured systems, such as defense External Attack: networks, is seen by some as a source of pride and ➔ Perpetrated by someone outside the organization or accomplishment. hired by an insider. ➔ These attacks can result in financial loss and damage Anonymity: to the organization's reputation. ➔ The anonymity provided by cyberspace makes it easier ➔ Prevention: Regular monitoring of firewall logs and the for individuals to commit crimes without fear of being installation of IDS can help detect external attacks. identified. This sense of invisibility can lead people to abandon their ethical principles in pursuit of personal Structure of Cyber Attacks gains. Unstructured Attacks: ➔ Performed by amateurs with no clear motive. Cyber Espionage: ➔ Often involves testing readily available tools on random ➔ Governments may engage in cyber espionage to gather networks. intelligence on political, economic, or social matters by infiltrating the networks of other individuals, Structured Attacks: organizations, or countries. This type of crime is often ➔ Carried out by skilled individuals or organized groups motivated by national interests. with clear motives. REVIEWER Subject: Elective 4: Cyber Security and OS Management Professor: Dr. Josephine Evangelista Hacktivism 5. WORMS ➔ Some individuals or groups use cybercrime to promote They are a class of viruses which can replicate political, social,or ideological causes. They may deface themselves. They are different from the virus websites, launch distributed denial of service (DDoS) by the fact that they do not require human attacks, or steal and release sensitive information to intervention to travel over the network and further their agendas. spread from the infected machine to the whole network. Worms can spread either through the Psychological Factors network, using the loopholes of the Operating ➔ In some cases, psychological factors such as antisocial System or via email. behavior, addiction, or a lack of empathy can drive The replication and spreading of the worm individuals to engage in cybercrime. over the network consumes the network resources like space and bandwidth and MALWARE forces the network to choke. Malicious Software or Malware – is designed to gain 6. TROJAN HORSE access or installed into the computer without the Trojan horse is a malicious code that is consent of the user. They perform unwanted tasks in installed in the host machine by pretending to the host computer for the benefit of a third party. be useful software. The user clicks on the link There is a full range of malwares which can seriously or downloads the file which pretends to be a degrade the performance of the host machine. useful file or software from a legitimate source. There is a full range of malwares which are simply It not only damages the host computer by written to distract/annoy the user, to the complex ones manipulating the data but also it creates a which capture the sensitive data from the host machine backdoor in the host computer so that it could and send it to remote servers. be controlled by a remote computer. It can become a part of botnet (robot-network). Some of the popular various types of malwares present in the Robot Network (botnet) – a network of Internet: computers which are infected by malicious 1. ADWARE code and controlled by a central controller. A special type of malware which is used for The computers of this network which are forced advertising. They either redirect the infected by malicious code are known as page to some advertising page or pop-up an zombies. additional page which promotes some product Trojens neither infect the other computers in or event. These adware are financially the network nor do they replicate. supported by the organizations whose 7. SCAREWARE products are advertised. While surfing the Internet, suddenly a pop-up 2. SPYWARE alert appears on the screen which warns of the A special type of which is installed in the target presence of dangerous viruses, spywares, etc. computer with or without the user permission in the user’s computer. and is designed to steal sensitive information As a remedial measure, the message from the target machine. Mostly it gathers the suggests the user download the full paid browsing habits of the user and then sends it version of the software. As the user proceeds to the remote server without the knowledge of to download, a malicious code, known as the owner of the computer. Most of the time scareware is downloaded into the host they are downloaded into the host computer computer. while downloading freeware i.e. free It holds the host computer hostage until the application programmes from the internet. ransom is paid. The malicious code can Spywares may be of various types; It can keep neither be uninstalled nor can the computer be track of the cookies of the host computer, it used till the ransom is paid can act as a keylogger to sniff the banking passwords and sensitive information, etc. 3. BROWSER HIJACKING SOFTWARE There is some malicious software which is downloaded along with the free software offered over the internet and installed in the host computer without the knowledge of the user. This software modifies the browsers setting and redirects links to other unintentional sites. 4. VIRUS A virus is a malicious code written to damage/harm the host computer by deleting or appending a file, occupy memory space of the computer by replicating the copy of the code, slow down the performance of the computer, format the host machine, etc. It can be spread via email attachment, pen drives, digital images, e-greeting, audio or video clips, etc. A virus may be present in a computer but it cannot activate itself without human intervention. Until and unless the executable file(.exe) is executed, a virus cannot be activated in the host machine.