VAC2-Introduction to Cyber Security.pdf
Document Details
Uploaded by Deleted User
Tags
Full Transcript
1 VAC 2- Introduction to Cyber Security Internet: The word internet is obtained from two words: International and Network. It is a worldwide system of interc...
1 VAC 2- Introduction to Cyber Security Internet: The word internet is obtained from two words: International and Network. It is a worldwide system of interconnected computer networks and electronic devices that communicate with each other using an established set of protocols. IP Address: An IP address, or Internet Protocol address, is a unique number that identifies a device connected to a network or the internet. Web Browser: It is the software on your computer that is used to connect to the Internet. Some popular web browsers are Google Chrome, Safari, Mozilla Firefox, Opera, Microsoft Edge, Internet Explorer etc. Routers: Routers forward data packets between computer networks. By using routing tables, routers determine the best routes or paths for data transfer between devices. Domain name system (DNS): converts human-readable domain names, such as www.example.com, into machine-readable IP addresses. It also acts as a decentralized directory that helps users navigate the internet. Internet and World Wide Web (WWW): Internet is a global connection of networks, while the WWW or web is a collection of information or websites that can be accessed using the internet. In other words, the internet is the infrastructure and the web is a service on top of it. Website: A website is a collection of publicly accessible, interlinked web pages that share a single domain name. Websites can be created and maintained by an individual, group, business, or organization to serve a variety of purposes. Home Page: A home page is the default or front page of a site. It is the first page that visitors see when they load a URL. Uniform Resource Locator (URL): A URL (Uniform Resource Locator) is the address of a unique resource on the internet. Cyber Space: Cyberspace is a virtual world that's created by the interaction of people, software, and services on the internet. 2 3 Cyber Crime: Cybercrime is any criminal activity that involves a computer, network or networked device. Types of Cyber Crime:- Cyberextortion This crime involves an attack or threat of an attack coupled with a demand for money to stop the attack. Cryptojacking This attack uses scripts to mine cryptocurrencies within browsers without the user's consent. Identity theft This type of attack occurs when an individual accesses a computer to steal a user's personal information, which is then used to steal that person's identity or access their valuable accounts, such as banking and credit cards. Credit card fraud This is an attack that occurs when malicious hackers infiltrate retailers' systems to get their customers' credit card or banking information. Cyberespionage This crime involves cybercriminals hacking into systems or networks to gain access to confidential information held by a government or other organization. Software piracy This attack involves the unlawful copying, distribution and use of software programs with the intention of commercial or personal use. Trademark violations, copyright infringements and patent violations are often associated with software piracy. Exit scam The dark web has given rise to the digital version of an old crime known as the exit scam. In today's form, dark web administrators divert virtual currency held in marketplace escrow accounts to their own accounts -- essentially, criminals stealing from other criminals. Commonly seen cybercrime attacks include: Distributed DoS (DDoS) attacks, which use a network's own communications protocol against it by overwhelming its ability to respond to connection requests. Malware is another common cybercrime that can damage systems, software or data stored on a system. Ransomware attacks are a type of malware that encrypts or shuts down victim systems until a ransom is paid. Phishing campaigns help attackers infiltrate corporate networks. Phishing includes sending fraudulent emails to users in an organization, enticing them to download malicious attachments or click on malicious links that then spread the malware across the network. Credential attacks, a cybercriminal aims to steal or guess victims' usernames and passwords. These attacks can use of brute-force -- for example, by installing keylogger software -- or by exploiting software or hardware vulnerabilities that expose the victim's credentials. Hijack websites to change or delete content or to access or modify databases without authorization. Other common examples of cybercrime include illegal gambling, the sale of illegal items -- such as weapons, drugs or counterfeit goods -- and the solicitation, production, possession or distribution of child pornography. 4 Internet Security: Internet security refers to a set of techniques and methods targeted at safeguarding online activities and transactions. Users can take the following steps to protect their online privacy: Install antivirus and antimalware software on devices and endpoints. Create difficult, varied passwords that are impossible to guess. Use a virtual private network or, at least, a private browsing mode, such as Google Chrome's Incognito window. Use secure protocols, such as HTTPS, instead of HTTP for online transactions. Make all social media accounts private. Deactivate autofill. Turn off the device's Global Positioning System (GPS). Update cookies so an alert is sent anytime a cookie is installed. Log out of accounts instead of just closing the tab or window. Use caution with spam emails and never open or download content from unknown sources. Use caution when accessing public Wi-Fi or hotspots. Regularly back up important data both offsite and on the cloud. Firewalls and security measures: Incoming and outgoing network traffic on the internet is monitored and controlled by different types of security firewalls and security measures. Firewalls safeguard networks and devices against unauthorized internet access, cyber threats and malicious activities. Introduction to Ethical Hacking Ethical hacking, also known as "penetration testing" or "white-hat hacking," is a proactive approach to cybersecurity that involves simulating cyberattacks to identify and fix vulnerabilities within systems, networks, or applications. This practice is conducted with the explicit permission of the system owner and is aimed at enhancing overall security. Key Aspects of Ethical Hacking: 1. Definition: - Ethical hacking is the authorized practice of probing and assessing systems for security weaknesses. Unlike malicious hackers, ethical hackers work with the goal of improving security and are permitted by the system’s owner. 2. Objectives: -Identify Vulnerabilities: Discover security flaws that could be exploited by attackers. -Test Defenses: Assess the effectiveness of current security measures and protocols. - Provide Recommendations: Suggest improvements and solutions to enhance security posture. - Prevent Attacks: Help organizations defend against potential cyberattacks by fixing vulnerabilities before they can be exploited. 3. Types of Ethical Hackers: - White Hat Hackers: Professionals who conduct ethical hacking to strengthen security. They often work in roles such as security consultants, penetration testers, or within internal security teams. 5 - Gray Hat Hackers: Operate in a legal gray area. They may find and report vulnerabilities without explicit permission but do not exploit them for personal gain. 4. Techniques and Tools: - Penetration Testing: Simulates attacks to evaluate how well systems can withstand them. - Vulnerability Scanning: Uses automated tools to identify security weaknesses. - Social Engineering: Tests human factors by attempting to deceive individuals into divulging confidential information. - Tools: Commonly used tools include Nmap (for network scanning), Metasploit (for exploitation), Burp Suite (for web application testing), and Wireshark (for network analysis). 5. Ethical Guidelines: - Permission: Always obtain explicit, written consent from the system owner before conducting any tests. - Confidentiality: Protect sensitive information and maintain confidentiality of findings. - Integrity: Ensure that your activities do not disrupt or damage systems. - Reporting: Clearly document and responsibly disclose vulnerabilities to the system owner, providing recommendations for remediation. 6. Legal Considerations: - Ethical hackers must comply with legal and regulatory requirements related to cybersecurity. This includes adhering to laws and standards governing data protection and cybercrime. 7. Benefits: - Ethical hacking helps organizations to: - Strengthen their security measures. - Prevent data breaches and cyberattacks. - Ensure compliance with regulations. - Build trust with clients and stakeholders by demonstrating a commitment to security. 8. Career Path: - Many ethical hackers hold certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or other relevant credentials. These certifications validate their skills and adherence to ethical standards. Ethics and Cyber Laws Ethical hacking is a critical component of modern cybersecurity strategies, providing a valuable service by identifying and addressing potential security threats before they can be exploited by malicious actors. Ethics and cyber laws are fundamental components of the cybersecurity landscape, guiding how individuals and organizations should conduct themselves in the digital realm. They help ensure that actions in cyberspace are legal, responsible, and respectful of privacy and security. Ethics in Cybersecurity 6 Ethics in cybersecurity involves adherence to moral principles and professional standards when dealing with information and technology. It emphasizes responsible behavior, integrity, and respect for privacy while working with digital systems and data. Key aspects include: 1. Confidentiality: - Protecting sensitive information from unauthorized access or disclosure. This involves ensuring that personal data, corporate secrets, and other sensitive information are handled with care and not exposed to unauthorized individuals. 2. Integrity: - Maintaining the accuracy and reliability of information and systems. Ethical behavior requires ensuring that data is not tampered with, and systems are not manipulated for personal gain or to cause harm. 3. Accountability: - Taking responsibility for one's actions and decisions. This includes being transparent about activities, acknowledging mistakes, and ensuring that corrective actions are taken when necessary. 4. Respect for Privacy: - Honoring individuals' rights to privacy and ensuring that personal data is collected, stored, and used in a manner that respects individuals' rights and complies with legal standards. 5. Professional Conduct: - Adhering to ethical standards and best practices in cybersecurity. This includes following codes of conduct established by professional organizations and certifications, such as those from (ISC)² or ISACA. Cyber Laws Cyber laws, also known as information technology laws or cybercrime laws, are legal regulations that govern activities in the digital world. They address issues related to data protection, cybercrimes, and the legal use of technology. Key areas include: 1. Data Protection and Privacy Laws: - General Data Protection Regulation (GDPR): A comprehensive data protection regulation in the European Union that governs the collection, processing, and storage of personal data. - California Consumer Privacy Act (CCPA): A California law that provides residents with rights regarding their personal data, including the right to know what data is collected and to request deletion. - Health Insurance Portability and Accountability Act (HIPAA): U.S. legislation that provides data privacy and security provisions for safeguarding medical information. 2. Cybercrime Laws: - Computer Fraud and Abuse Act (CFAA): U.S. legislation that addresses computer-related crimes, including unauthorized access to computer systems and data. - Digital Millennium Copyright Act (DMCA): U.S. law that protects copyright holders by addressing issues related to digital rights and online piracy. 7 3. Intellectual Property Laws: - These laws protect creations of the mind, such as software, digital content, and inventions. They include patents, trademarks, and copyrights, which ensure that creators' rights are upheld and that their works are not used without permission. 4. E-Commerce and Electronic Transactions Laws: - Regulations governing online transactions, digital contracts, and electronic signatures. Examples include the Electronic Signatures in Global and National Commerce (ESIGN) Act and the Uniform Electronic Transactions Act (UETA) in the U.S. 5. International Cyber Laws: - International agreements and treaties that address cross-border cybercrime and cybersecurity issues. Examples include the Council of Europe’s Convention on Cybercrime and various United Nations initiatives aimed at promoting international cooperation in tackling cyber threats. Intersection of Ethics and Cyber Laws - Compliance: Ethical behavior often overlaps with legal requirements. Adhering to laws and regulations helps ensure that cybersecurity practices are ethical and lawful. - Best Practices: Ethical principles guide the development and implementation of cybersecurity policies and practices that align with legal standards. - Responsibility: Both ethics and laws emphasize the importance of protecting data, respecting privacy, and preventing harm. They ensure that individuals and organizations act responsibly in the digital environment. In summary, ethics and cyber laws are integral to ensuring responsible behavior and legal compliance in the digital world. While ethics provide a framework for moral conduct, cyber laws establish the legal boundaries within which individuals and organizations must operate. Together, they help maintain the integrity, security, and privacy of digital systems and data. Concept of Web Browsers and Web Crawlers Web Browsers and Web Crawlers are essential components of the internet infrastructure, each serving distinct but complementary roles in how we interact with and manage web content. Web browsers are software applications used to access, retrieve, and display content from the World Wide Web. They enable users to navigate websites and interact with web-based applications. Key Features and Functions of Web Browsers: 8 1. Rendering Web Pages: - Web browsers interpret, and display content written in HTML (Hypertext Markup Language), CSS (Cascading Style Sheets), and JavaScript. They render text, images, videos, and interactive elements on web pages. 2. Navigation: - Browsers allow users to enter URLs (Uniform Resource Locators) to access specific web pages. They also support navigation through bookmarks, history, and back/forward buttons. 3. User Interface: - Provides a graphical interface for users to interact with the web. This includes address bars, tabs for multiple pages, and various tools for managing settings and extensions. 4. Security Features: - Modern browsers include features like secure browsing modes (e.g., incognito), phishing protection, and encryption (SSL/TLS) to protect users' data and privacy. 5. Extensions and Plugins: - Browsers support extensions and plugins that enhance functionality, such as ad blockers, password managers, and custom themes. Popular Web Browsers: - Google Chrome - Mozilla Firefox - Apple Safari - Microsoft Edge - Opera Web crawlers, also known as web spiders or bots, are automated programs designed to systematically browse and index content from the web. They are fundamental to search engines and various data aggregation services. Key Functions of Web Crawlers: 1. Systematic Browsing: - Crawlers navigate the web by following hyperlinks from one page to another. They visit websites, extract content, and follow links to discover additional pages. 2. Indexing: - The primary purpose of a web crawler is to index web content for search engines. This involves cataloging information from web pages to make it searchable. The indexed data is used to generate search results when users perform queries. 3. Data Collection: - Crawlers collect data from web pages, including text, metadata, and sometimes multimedia content. This data is used for analysis, aggregation, or reporting purposes. 4. Scheduled Crawling: - To keep their indexes up-to-date, search engines use crawlers that periodically revisit websites to check for new or updated content. This ensures that search results reflect the most current information available. 9 Common Features of Web Crawlers: - Crawl Depth: Determines how many levels of links a crawler will follow from the starting page. - Crawl Frequency: How often the crawler revisits a website to update its index. - Robots.txt: A file used by websites to communicate rules to crawlers about which parts of the site should not be crawled or indexed. Popular Use Cases: - Search Engines: Google, Bing, and Yahoo use web crawlers to index the vast amount of information available on the web. - Data Mining: Companies and researchers use crawlers to collect and analyze data from websites for various purposes, such as market research and competitive analysis. - Content Aggregation: Services that compile news, reviews, or other content from multiple sources use crawlers to gather and present this information in one place. Cyber Attacks When a system is accessed by some third party or unauthorized persons, it is referred to as a cyber-attack. The people who do this attack are termed as the attacker or hackers. When an attack happens, it will lead to loss of data or misuse of data and also the manipulation of data. So, everyone needs to protect their systems with cyber security. 1. Malware Attack One of the most common cyber-attacks is a Malware attack. It performs some malicious software actions. The three main types of malware attacks namely Trojan horses, viruses, and worms. It gets installed when you click any link or email attachments. Once the malware enters the system, the ransomware will block access to the network. And it will install some malicious software. To secure the system from Malware attacks, one needs to install antivirus software or use Firewall. 2. Man-in-the-middle Attack (MITM) In this attack, the hacker places themselves between the user and the software that makes the new connection for the theft of information and tracks the user’s activity. Their main objective is to steal the personal data and credentials of the user. There are two phases in MITM, they are interception and Decryption. 10 We can avoid this cyber-attack, by avoiding using public Wi-Fi networks like coffee shops or restaurants that are not password protected. 3. Password Attack The Passwords that we put for creating accounts on any website are being attacked by attackers. For this purpose, they use various password-cracking tools like Cain, Air crack, etc. Some of the easy ways to get prevented the attacks are using a strong password that includes alphanumeric values, Changing the passwords often so they are less prone to attacks, and avoiding the password choices given by the respective passwords. 4. SQL Injection Attack SQL stands for Structured Query Language. This SQL query is scripted mainly for databases. With this SQL injection attack, the attackers will enter the database website and insert some malicious code into the entire script, and will take over the functions of the website. When the attack happens, the hacker will change the functions of the database by editing it, viewing, changing, or deleting the tables in the database. Some of the ways to prevent it are by using an intrusion detection system if any unauthorized login occurs. 5. Phishing A phishing attack is a type of cyber-attack that attempts to steal personal data, information, or login details. It happens mostly in the Email when you reply to fraudulent emails. Phishing happens when you click any attachment, enable macros in the word document, use a WIFI hotspot, responding to a request from social media. 11 There are some common types of phishing; spear phishing, whaling, Email phishing, Smishing, and Vishing. Spear phishing means malicious emails to some specific persons. The whaling attacks a specific person in a high position namely the CEO or Chief Executive. Different types of Phishing Attacks? Phishing is one of the most common social engineering attacks conducted by cybercriminals to trap users into providing sensitive information or install malware into their system. According to the FBI, Phishing was the most conducted cybercrime in 2020; the number got doubled from 2019 to 2020. Though the final goal is the same, i.e., to attack victims psychologically, the attackers use different means to conduct Phishing. Depending on the way it is conducted, Phishing can be categorized into various types. In this post, we would discuss the five most popular types of Phishing attacks. Email Phishing Phishing through emails is pretty widespread among cyber attackers as through emails, thousands of users can be targeted at once. The Phisher behind the email would generally try to deceive the users by sending intriguing offers or fake virus alerts. Due to greed of getting the offer or fear of viruses, most receivers would do what exactly instructed in the email and thus either provide their confidential information or install malware programs disguised as fake antivirus to remove viruses. Spear Phishing While in Email Phishing emails are sent to a large number of people at once, in Spear Phishing, the cybercriminals target specific people through emails. For that, the attackers conduct extensive research of the target person and know details like Name, Job, Place of employment, job title, email address, bank, and more. After getting all the details, they trap the targets by sending an email pretending from their seniors or from their bank. The targeted emails are designed carefully so that victims cannot doubt them. Domain Spoofing In this type of Phishing, the domain of the popular eCommerce sites and banks are copied and modified to look exactly like the original URL so that users misjudge them as the official sites; for example, amazon.com is spoofed as amzn.xyz. After spoofing a domain, users are sent unsolicited links and asked to click on them to get offers and deals. The attackers even design web pages similar to the website they have copied. Other than that, the Phishers also send emails with the ID generated with the spoofed domain so that the email appears authentic and official. 12 Smishing Smishing or SMS Phishing is a type of Phishing in which the Phishers fool users by sending fake offers through SMS. The links shared through Smishing are generally malicious and redirect users to download fake malware containing apps. The attackers trick users by framing catchy text messages; for example - "Get 50% Off on your next purchase at Amazon. Click here to avail the offer" or "Get Spotify Premium for Free. Click this link to download." Vishing Yes, you guessed it correct. Like SMS Phishing is Smishing, the Voice Phishing is Vishing. Vishing is Phishing conducted through calls. The professional Phisher would call the targets pretending as some official and deceive them into providing sensitive information such as bank details or other essential credentials. Most banking frauds are conducted through Vishing, in which the attacker pretends to be a banking official, calls the victims, tricks them into providing the card details, and wipes out their money. 6. Denial of service It is the attack that most companies have been attacked. They target the servers, systems, and networks and push them to congestion or network traffic. Due to this network traffic, the website will face exhaustion of the resources allocation and there will be no space for receiving the acknowledgment. So due to this, the server will slow down and even shuts down. So, the request from legitimate requests is also avoided by the user. 7. Crypto Jacking The Crypto-jacking attack is one of the major cybercrimes. This attack is mainly implemented to get the third parties computing resources for mining cryptocurrency. This attack happens when you click on any ads that are coded mostly with JavaScript or by clicking any link. Difference between Virus, Worm and Trojan Horse A virus is malicious software (malware) made up of little bits of code attached to legitimate programs. When that software is launched, the virus is launched as well. Viruses are malicious programs that infect computer files and spread without the user's knowledge. The most common virus infections are spread via e-mail attachments that activate when opened. As infected e- mails are forwarded to multiple people, the virus's vicious cycle continues. Viruses can also be propagated through shared media, such as USB flash drives.Viruses are responsible for widespread and major computer systems and file loss. They were initially intended as pranks. Anti-virus software can assist prevent, block, or delete viruses that have already been installed. 13 A worm is a harmful software (virus) that replicates itself as it moves from computer to computer, leaving copies of itself in each computer's memory. A worm finds a computer's vulnerability and spreads like an illness throughout its associated network, constantly looking for new holes. Worms, like viruses, are spread by e-mail attachments from seemingly trustworthy senders. Worms then spread through an e-mail account and address book to a user's contacts. Some worms reproduce and then go dormant, while others inflict harm. The Worm's code is referred to as payload in such circumstances. A Trojan horse is malware that disguises itself as a genuine program and downloads it onto a computer. A Trojan horse gets its name from how it's delivered: an attacker often uses social engineering to disguise malicious code within genuine software. One of the critical characteristics of a Trojan is that it cannot replicate itself, and a user has to install it themselves. It produces a chance for another PC to fully control the infected PC and replicate to harm the host computer systems or steal data. A Trojan horse will damage your computer once it is installed or used, but it will look to be helpful software at first glance. A Trojan virus spreads by spamming genuine-looking e-mails and attachments to the inboxes of a large number of users. Trojans can also infect devices when cybercriminals persuade people to download malicious software. The malicious software could be disguised in banner advertisements, pop-up ads, or website links. Beast, Zeus, The Blackhole Exploit Kit, and Back Orifice are example of some famous Trojan horses. The following table highlights the major differences between Virus, Worm, and Trojan Horse Virus Worm Trojan Horse A Virus is a computer program or A Worm is a computer Trojan Horse is a hidden software loaded, either deliberately program similar to a virus that piece of malware that steals or unknowingly by the user. It does not communicate with sensitive information/data connects to another other system programs but from a user's system and software/program to execute multiplies and runs itself to sends it to another location unanticipated tasks when the slow down and damage the across the network. system's actual program is running. performance of the system. Viruses cannot be operated remotely Worms can be controlled by Trojan Horse can also be since they are installed on the target the remote because they can operated remotely, much like machine or by the user open a back door to the host. worms via the network. inadvertently. Viruses, like worms, cannot Worms replicate themselves In comparison to viruses and replicate themselves. Viruses also in the system and propagate worms, a Trojan Horse 14 propagate at a moderate rate. quicker than viruses and spreads slowly. Trojan horses. The Trojan horse virus, much Worms aim to degrade system The primary goal of a virus is to like in the story, disguises performance and slow it down alter or erase system data. itself as normal software and by eating system resources. steals crucial information Trojan horse is a type of Worms take use of system Viruses use executable files to malware that runs through a flaws to carry out their spread. program and is interpreted as attacks. utility software. Spyware is a broad category of malware program that infiltrates the user's system without permission to perform various malicious tasks. As its name suggests, Spyware is basically meant for spying on the users and collect their sensitive information like browsing habit, banking details, credit card details, and more. Cybercriminals can then use that information for hacking, extortions, and more such illicit activities. Antivirus Antivirus software (antivirus program) is a security program designed to prevent, detect, search and remove viruses and other types of malware from computers, networks and other devices Cryptography Cryptography is the study of Secret (crypto-)-Writing (-graphy).It is the science or art of encompassing the principles and methods of transforming an intelligible message into one that is intelligible and then transforming the message back to its original form. As the field of cryptography has advanced; cryptography today is assumed as the study of techniques and applications of securing the integrity and authenticity of transfer of information under difficult circumstances. Today’s cryptography is more than encryption and decryption. Authentication is as fundamentally a part of our lives as privacy. We use authentication throughout our everyday lives when we sign our name to some document and for instance and, as we move to world where our decisions and agreements are communicated electronically, we need to have electronic techniques for providing authentication. Cryptography provides mechanisms for such procedures. On the other hand Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient. While cryptography is the science of securing data, cryptanalysis is the science of analyzing and breaking secure communication. Classical cryptanalysis involves an interesting combination of analytical reasoning, application of mathematical tools, pattern finding, patience, determination, and luck. Cryptanalysts are also called attackers. Cryptology embraces both cryptography and cryptanalysis. Working Principle of Cryptography 15 A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key — a word, number, or phrase — to encrypt the plaintext. The same plaintext encrypts to different ciphertext with different keys. The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key. Steganography, hiding one message inside another, is an old technique that is still in use. For example a message can be hidden inside a graphics image file by using the low order 12 bit of each pixel to encode the message. The visual effect of these tiny changes is probably too small to be noticed by the user. The message can be hidden further by compressing it or by encrypting it with a conventional cryptosystems. Objective Cryptography plays an essential role in Authentication. This process to prove the identity of an entity can be based on something you know, such as a password; something you have, such as an encryption key or card; something you are, such as biometric measurements, including retinal scans or voice recognition; or any combination of these. Data confidentiality. With this property, information is not made available or disclosed to unauthorized individuals, entities, or processes. When two or more parties are involved in a communication, the purpose of confidentiality is to guarantee that only those parties can understand the data exchanged. Confidentiality is enforced by encryption. Data integrity. This property refers to data that has not been changed, destroyed, or lost in an unauthorized or accidental manner. The need for data integrity is especially evident if data is transmitted across a nonsecure network, such as the Internet, where a man-in-the-middle attack can easily be mounted. Integrity is enforced by mathematical functions applied to the message being transmitted. Non-repudiation. Repudiation is the denial by one of the entities involved in a communication of having participated in all or part of the communication. Non- repudiation is protection against repudiation and can be of two types. (i) Non-repudiation with proof of origin provides the recipient of data with evidence that proves the origin of the data and thus protects the recipient against an attempt by the originator to falsely deny sending the data. Its purpose is to prove that a particular transaction took place, by establishing accountability of information about a particular event or action to its originating entity. (ii) Non-repudiation with proof of receipt provides the originator of data with evidence proving that data was received as addressed and thus protects the originator against an attempt by the 16 recipient to falsely deny receiving the data. In most cases, the term non-repudiation is used as a synonym of non- repudiation with proof of origin. Like integrity, non-repudiation is based on mathematical functions applied to the data being generated during the transaction. Keeping secrets is a long-standing tradition in politics, the military, and commerce. The invention of public-key cryptography in the 1970s has enabled electronic commerce to blossom in systems based on public networks, such as the Internet. Cryptography Tools Keys A key is a value that works with a cryptographic algorithm to produce a specific ciphertext. Keys are basically really, really, really big numbers. Key size is measured in bits; the number representing a 1024-bit key is darn huge. In public key cryptography, the bigger the key, the more secure the ciphertext. Encryption: In cryptography, encryption is the process of encoding messages or information in such a way that only authorized parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor. In an encryption scheme, the message or information, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, large computational resources and skill are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorised interceptors. Types of encryption: Symmetric key encryption In symmetric-key schemes, the encryption and decryption keys are the same. Thus communicating parties must have the same key before they can achieve secret communication. 17 Illustration of how a file or document is sent using Public key encryption. Public key encryption In public-key encryption schemes, the encryption key is published for anyone to use and encrypt messages. However, only the receiving party has access to the decryption key that enables messages to be read. Public-key encryption was first described in a secret document in 1973; before then all encryption schemes were symmetric-key (also called private-key). A publicly available public key encryption application called Pretty Good Privacy (PGP) was written in 1991 by Phil Zimmermann, and distributed free of charge with source code; it was purchased by Symantec in 2010 and is regularly updated. [2,a] Uses of encryption Encryption has long been used by military and governments to facilitate secret communication. It is now commonly used in protecting information within many kinds of civilian systems Encryption is also used to protect data in transit, for example data being transferred via networks (e.g. the Internet, e-commerce), mobile telephones, wireless microphones, wireless intercom systems, Bluetooth devices and bank automatic teller machines. Decryption: Decryption is the process of transforming data that has been rendered unreadable through encryption back to its unencrypted form. In decryption, the system extracts and converts the garbled data and transforms it to texts and images that are easily understandable not only by the reader but also by the system. Decryption may be accomplished manually or automatically. It may also be performed with a set of keys or passwords. The following table highlights the major differences between encryption and decryption − Key Encryption Decryption 18 Key Encryption Decryption Encryption is a process of converting a Decryption is a process of converting the Definition plain text into an encrypted or cipher encrypted or cipher text into plain text. text. Place of Encryption takes place at the sender's Decryption is done at the receiver's end. Occurrence end. A secret key or a public key must be Any communication that requires the use Process used to encrypt every message. of a secret key or private key to decode. After encrypting the data with a secret The receiver gets the encrypted data and Actor key or a public key, the sender delivers it uses the secret key or private key to to the recipient. decode it. Asymmetric Key Ciphers RSA(Ron Rivest, Adi Shamir and Leonard Adleman) Introduction RSA is one of the first practical public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and differs from the decryption key which is kept secret. In RSA, this asymmetry is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem. RSA is made of the initial letters of the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described the algorithm in 1977. Clifford Cocks, an English mathematician, had developed an equivalent system in 1973, but it was not declassified until 1997. A user of RSA creates and then publishes a public key based on the two large prime numbers, along with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public key to encrypt a message, but with currently published methods, if the public key is large enough, only someone with knowledge of the prime numbers can feasibly decode the message. Breaking RSA encryption is known as the RSA problem; whether it is as hard as the factoring problem remains an open question. Algorithm The RSA algorithm involves three steps: key generation, encryption and decryption. Key generation RSA involves a public key and a private key. The public key can be known by everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted in a reasonable amount of time using the private key. The keys for the RSA algorithm are generated 19 the following way: 1. Choose two distinct prime numbers p and q. For security purposes, the integers p and q should be chosen at random, and should be of similar bit-length. Prime integers can be efficiently found using a primality test. 2. Compute n = pq. n is used as the modulus for both the public and private keys. Its length, usually expressed in bits, is the key length. 3. Compute φ(n) = φ(p)φ(q) = (p − 1)(q − 1) = n - (p + q -1), where φ is Euler's totient function. This value is kept private. 4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1; i.e., e and φ(n) are coprime. e is released as the public key exponent. e having a short bit-length and small Hamming weight results in more efficient encryption – most commonly 216 + 1 = 65,537. However, much smaller values of e (such as 3) have been shown to be less secure in some settings. Determine d as d ≡ e−1 (mod φ(n)); i.e., d is the modular multiplicative inverse of e (modulo φ(n)). This is more clearly stated as: solve for d given d e ≡ 1 (mod φ(n)) This is often computed using the extended Euclidean algorithm. Using the pseudocode in the Modular integers section, inputs a and n correspond to e and φ(n), respectively. d is kept as the private key exponent. The public key consists of the modulus n and the public (or encryption) exponent e. The private key consists of the modulus n and the private (or decryption) exponent d, which must be kept secret. p, q, and φ(n) must also be kept secret because they can be used to calculate d. An alternative, used by PKCS#1, is to choose d matching de ≡ 1 (mod λ) with λ = lcm(p − 1, q − 1), where lcm is the least common multiple. Using λ instead of φ(n) allows more choices for d. λ can also be defined using the Carmichael function, λ(n). Encryption Alice transmits her public key (n, e) to Bob and keeps the private key d secret. Bob then wishes to send message M to Alice. He first turns M into an integer m, such that 0 ≤ m < n and gcd(m, n) = 1 by using an agreed-upon reversible protocol known as a padding scheme. He then computes the ciphertext c corresponding to 20 This can be done efficiently, even for 500-bit numbers, using Modular exponentiation. Bob then transmits c to Alice. Note that at least nine values of m will yield a ciphertext c equal to m, Decryption Alice can recover m from c by using her private key exponent d via computing Given m, she can recover the original message M by reversing the padding scheme. (In practice, there are more efficient methods of calculating cd using the precomputed values below.) What is Digital Signature? In the technologically advance world, where everything is being advanced electronic; a signature that approves the respective documents, also became digital. Likewise, a digital signature is a technique of verifying the authenticity and integrity of electronic documents or messages by using a secure digital code generated from a set of unique and private encryption keys. In fact, the digital signature serves as an electronic equivalent of a traditional handwritten signature and provides proof of the authenticity of the sender, the integrity of the data, and the non-repudiation of the content. password policy A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part of security awareness training. Either the password policy is merely advisory, or the computer systems force users to comply with it. Some governments have national authentication frameworks that define requirements for user authentication to government services, including requirements for passwords. The key points of these are: Verifiers shall not impose composition rules (e.g., not require mixtures of different character types and not prohibit consecutively repeated characters) Verifiers shall not require passwords to be changed arbitrarily or regularly (e.g. no 90-day or 365-day change rule) Passwords must be at least 8 characters in length Password systems should permit subscriber-chosen passwords at least 64 characters in length. All printing ASCII characters, the space character, and Unicode characters should be acceptable in passwords 21 When establishing or changing passwords, the verifier shall advise the subscriber that they need to select a different password if they have chosen a weak or compromised password Verifiers should offer guidance such as a password-strength meter, to assist the user in choosing a strong password Verifiers shall store passwords in a form that is resistant to offline attacks. Passwords shall be salted and hashed using a suitable one-way key derivation function. Key derivation functions take a password, a salt, and a cost factor as inputs then generate a password hash. Their purpose is to make each password guessing trial by an attacker who has obtained a password hash file expensive and therefore the cost of a guessing attack high or prohibitive. I. INTRUSION DETECTION SYSTEM (IDS) AND INTRUSION PREVENTION SYSTEM (IPS) 1. What are Intrusion Detection system (IDS) and Intrusion Prevention System (IPS)? Intrusion Detection and Prevention System is a part of network security measures taken to detect and stop potential intrusions. They are included functionality within next-generation firewalls (NGFW). Intrusion detection is the process of monitoring the network traffic and analyzing it for signs of possible malicious activity like exploit attempts and incidents that may be imminent threats to a network. Intrusion prevention is the process of performing intrusion detection and then stopping/blocking the detected incidents, typically done by dropping packets or terminating sessions. Major functions of intrusion prevention systems are to identify malicious activity, collect information about this activity, report it and attempt to block or stop it. 2. What are the benefits of IDS/IPS? IDS/IPS are necessary security technologies, both at the network edge and within the data centre, precisely because they can stop attackers while they are gathering information about a network. 3. How do IDS/IPS work? IDS monitors all traffic on the network to identify any known malicious behaviour. One of the ways in which an attacker will try to compromise a network is by exploiting vulnerability/weakness within a device or within software. IPS works by analyzing network traffic in real-time and comparing it against known attack patterns and signatures. When the system detects suspicious traffic, it blocks it from entering the network, and reports them to security administrators. 4. What are three IDS detection methodologies typically used to detect incidents? Signature-based detection compares signatures against observed events to identify possible incidents. This is the simplest detection method because it compares only the current unit of activity (such as a packet or a log entry to a list of signatures) using string comparison operations. Anomaly-based detection compares definitions of what is considered normal activity with observed events in order to identify significant deviations. This detection method can be very effective at spotting previously unknown threats. Stateful protocol analysis compares predetermined profiles of generally accepted definitions for benign protocol activity for each protocol state against observed events in order to identify deviations. 5. What are the characteristics of an IPS? An IPS is an essential tool for network security. Here are some reasons why: Protection against Known and Unknown Threats: An IPS can block known threats and also detect and 22 block unknown threats that haven’t been seen before. Real-Time Protection: An IPS can detect and block malicious traffic in real-time, preventing attacks from doing any damage. Cost-Effective: An IPS is a cost-effective way to protect your network compared to the cost of dealing with the aftermath of a security breach. Increased Network Visibility: An IPS provides increased network visibility, allowing you to see what’s happening on your network and identify potential security risks. 6. What are the types of IPS? There are two main types of IPS: Network-Based IPS: A Network-Based IPS is installed at the network perimeter and monitors all traffic that enters and exits the network. It monitors the entire network for suspicious traffic by analyzing protocol activity. Host-Based IPS: A Host-Based IPS is installed on individual hosts and monitors the traffic that goes in and out of that host. It is an inbuilt software package which operates a single host for doubtful activity by scanning events that occur within that host. 7. Comparison of IPS with IDS: The main difference between Intrusion Prevention System (IPS) with Intrusion Detection Systems (IDS) are: Intrusion prevention systems are placed in-line and are able to actively prevent or block intrusions that are detected. IPS can take such actions as sending an alarm, dropping detected malicious packets, resetting a connection or blocking traffic from the offending IP address. IPS also can correct cyclic redundancy check (CRC) errors, defragment packet streams, mitigate TCP sequencing issues and clean up unwanted transport and network layer options. 8. Is a firewall an IDS or IPS? True next-generation firewalls contain IDS and IPS functionality. However, not all firewalls are next- generation firewalls. Also, a firewall blocks and filters network traffic, while IDS and IPS detect and alert or block an exploit attempt, depending on configuration. IDS and IPS act on traffic after the firewall filters the traffic, according to configured policy. 9. Conclusion:-- An IDS/IPS system is a crucial component of any network security strategy. It monitors network traffic in real-time, compares it against known attack patterns and signatures, and blocks any malicious activity or traffic that violates network policies. An IPS is an essential tool for protecting against known and unknown threats, complying with industry regulations, and increasing network visibility. Consider implementing an IPS to protect your network and prevent security breaches. II. SOCIAL MEDIA MARKETING 1. What is social media marketing (SMM)? Social media marketing involves the use of social media platforms to promote products and/or services, connect with the consumers to build a brand, increase sales, and drive website traffic to business. With new features and platforms emerging every day, social media marketing is constantly evolving. 2. What are the 5 steps in social media marketing (SMM)? 23 A solid social media strategy has 5 core steps: defining your goals, choosing platforms (e.g. Facebook, YouTube, Instagram, LinkedIn, Twitter, TikTok, Snapchat), identifying your audience, connecting with them through engaging content, and always looking for opportunities to optimize and improve. III. DEFENSE TOOLS FOR SOCIAL MEDIA SECURITY Social media is part of our social fabric. So much so that over 56% of the global population are social media users to some degree or other. With all that sharing, conversing, and information passing between family and friends, social media can be a distinct digital extension of ourselves—making it important to know how you can protect your social media accounts from hacks and attacks. Given how much we enjoy and rely on social media, now’s a fine time to give your social media settings and habits a closer look so that you can get the most out of it with less fuss and worry. Whether you’re using Facebook, Instagram, TikTok, or whatnot, here are several things you can do that can help keep you safe and secure out there. 1. What is Social Media Security? Social media security refers to the measures and practices implemented to protect individuals, organizations, and their data from various threats and risks associated with using social media platforms. 2. What are the basic objectives of Social Media Security? Privacy: Controlling who sees your information and ensuring it’s not accessed by unauthorized individuals. Identity theft prevention: Stopping hackers from taking over your accounts and potentially harming others in your name. Cybersecurity: Staying safe from malware, phishing attempts, and social engineering tricks designed to steal your information. Reputation management: Managing your online image and minimizing the impact of negative content. Data protection: Safeguarding your personal information, photos, videos, and messages on social media platforms. 3. What is Multi-factor authentication (MFA)? Multi-factor authentication acts as an additional layer of security to prevent unauthorized users from accessing these accounts, even when the password has been stolen. Businesses use multi-factor authentication to validate user identities and provide quick and convenient access to authorized users. 4. How to Protect Your Social Media Accounts? (a) Set strong, unique passwords Passwords mark square one in your protection, with strong and unique passwords across all your accounts forming the primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one. (b) Go private Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re 24 doing, saying, and posting, which can help protect your privacy. (c) Say “no” to strangers bearing friend requests Be critical of the invitations you receive. Out-and-out strangers could be more than just a stranger, they could be a fake account designed to gather information on users for purposes of cybercrime, or they could be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2021 alone, Facebook took action on 1.8 billion fake accounts. Reject such requests. (d) Think twice before checking in Nothing says ―there’s nobody at home right now‖ like that post of you on vacation or sharing your location while you’re out on the town. In effect, such posts announce your whereabouts to a broad audience of followers (even a global audience, if you’re not posting privately, as called out above). Consider sharing photos and stories of your adventures once you’ve returned. (e) The internet is forever It’s a famous saying for a reason. Whether your profile is set to private or if you are using an app with ―disappearing‖ messages and posts (like Snapchat), what you post can indeed be saved and shared again. It’s as simple as taking a screenshot. If you don’t want it out there, forever or otherwise, simply don’t post it. (f) Watch out for phishing scams We’re increasingly accustomed to the warnings about phishing emails, yet phishing attacks happen plenty on social media. The same rules apply. Don’t follow any links you get from strangers by way of instant or direct messengers. And keep your personal information close. Don’t pass out your email, address, or other info as well. Even those so-called ―quiz‖ posts and websites can be ruses designed to steal bits and pieces of personal info that can be used as the basis of an attack. (g) Also keep an eye out for scams of all kinds Sadly, social media can also be a place where people pull a fast one. Get-rich-quick schemes, romance cons, and all kinds of imposters can set up shop in ads, posts, and even direct messages—typically designed to separate you from your personal information, money, or both. This is an entire topic in itself, and you can learn plenty more about quizzes and other identity theft scams to avoid on social media. (h) Review your tags Some platforms such as Facebook allow users to review posts that are tagged with their profile names. Check your account settings and give yourself the highest degree of control over how and where your tags are used by others. This will help keep you aware of where you’re being mentioned by others and in what way. (i) Protect yourself and your devices Security software can protect you from clicking on malicious links while on social media while steering you clear of other threats like viruses, ransomware, and phishing attacks. It can look out for you as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other personal information. With identity theft a rather commonplace occurrence today, security software is really a must. 25 (j) Check your Protection Score and see how safe you are Now you can point to a number that shows you just how safe you are with our Protection Score. It’s an industry first, and it works by taking stock of your overall security and grading it on a scale of 0 to 1,000. From there, it calls out any weak spots and then walks you through the steps to shore it up with personalized guidance. This way, you’re always in the know about your security, privacy, and personal identity on social media and practically wherever else your travels take you online. 5. How do you deal with the challenges of managing multiple social media accounts or platforms? (a) Use a password manager One of the most basic and essential steps to secure your social media accounts is to use a strong and unique password for each one. However, remembering and typing different passwords can be cumbersome and prone to errors. That's why we recommend using a password manager, a software that securely stores and autofills your passwords for different websites and apps. Some popular password managers are LastPass, Dashlane, and 1Password. They can also help you generate and change passwords regularly, as well as alert you of any breaches or suspicious activities. (b) Enable two-factor authentication Another way to enhance your social media security is to enable two-factor authentication (2FA), a feature that requires you to enter a code or use a device in addition to your password when logging in. This adds an extra layer of protection against hackers or phishing attempts, as they would need access to both your password and your code or device. Most social media platforms offer 2FA options, such as SMS, email, or authenticator apps. You can usually find them in the security or privacy settings of your account. (c) Review your permissions and settings It's also important to review your permissions and settings regularly, as they may change over time or vary across different platforms. For example, you may want to check who can see your posts, tag you, or contact you, as well as what information you share with third-party apps or advertisers. You may also want to adjust your notifications, preferences, and data usage, depending on your needs and goals. You can access these options in the account or privacy settings of each platform. (d) Use a social media management tool If you manage multiple social media accounts or platforms for personal or professional purposes, you may benefit from using a social media management tool, a software that allows you to create, schedule, monitor, and analyze your content from one place. Some popular social media management tools are Hootsuite, Buffer, and Sprout Social. They can help you save time, maintain consistency, and optimize your performance across different channels. They can also help you secure your accounts by providing access levels, audit logs, and encryption features. (e) Educate yourself and your team Finally, one of the best ways to deal with the challenges of social media software security and privacy is to educate yourself and your team about the best practices and the latest trends. You can follow reputable sources, such as the platforms themselves, industry experts, or security blogs, to stay updated and 26 informed. You can also create and follow guidelines, policies, and procedures that outline how to use and protect your social media accounts. Moreover, you can train and test your team members on how to handle common scenarios, such as password resets, account recovery, or data breaches. IV. SIGNIFICANCE OF APPLET OVER SECURITY Advantages of Applet in Java In the ever-evolving world of technology, Java has played a significant role in empowering developers to create robust and versatile applications. One of the fascinating components of Java is the applet, a small, lightweight Java program that runs within a web browser. Applets gained popularity in the early days of the internet and continue to be relevant today. In this section, we will explore the advantages of applets in Java and understand how they provide dynamic and interactive web content seamlessly. 1. Platform Independent: One of the primary reasons for Java's popularity is its platform independence, and the same applies to applets. Applets can run on any platform that supports Java, making them truly cross-platform solutions. This characteristic allows developers to create interactive web content that can be accessed by users across different operating systems without any modification. 2. Reduced Network Load: Unlike traditional web applications, which require reloading the entire page to display new content, applets provide a smoother user experience. Once the applet is downloaded and cached, subsequent interactions with the applet require minimal data exchange between the server and the client, reducing the network load and providing faster response times. 3. Interactive User Experience: Applets enable developers to create interactive user interfaces that go beyond static web pages. By leveraging the Java API's rich set of GUI components, developers can build visually appealing and highly interactive web applications. From animated graphics to responsive forms, applets offer a dynamic experience that captivates users. 4. Enhanced Security: Applets operate within a "sandbox," a secure environment that restricts their access to the client's system resources. This sandboxed approach ensures that applets cannot harm the user's computer or access sensitive information without explicit permission. As a result, applets provide a safer alternative to native applications when it comes to running untrusted code over the internet. 5. Reusability: Java's object-oriented nature allows developers to create reusable code, and applets are no exception. By developing applets that encapsulate specific functionality, developers can easily integrate them into various web pages. This reusability leads to reduced development time and effort, promoting code maintainability and modularity. 6. Real-time Data Processing: Applets are excellent tools for processing real-time data, making them ideal for applications like live chat support, online gaming, or financial market analysis. They can handle data streams and update the user interface dynamically, providing an immersive experience. Computer Network 27 A network is a set of devices (often referred to as nodes) connected by communication links. A node can be a computer, printer, or any other device capable of sending and/or receiving data generated by other nodes on the network. Software modules in one system are used to communicate with one or more software modules in the distance System. Such interfaces across a distance are termed as ―peer-to-peer‖ interfaces; and the local interfaces are termed as ―service‖ interfaces. The modules on each end are organized as a sequence of functions called ―layers‖. The set of modules organized as layers is also commonly called a ―protocol stack‖. Over the years, some layered models have been standardized. The ISO Open Systems Interconnection (ISO/OSI) layered model has seven layers and was developed by a set of committees under the auspices of International Standards Organization (ISO). Classification of Computer Networks Based on Transmission Mode Transmission mode defines the direction of signal flow between two linked devices. There are three types of transmission modes. Simplex In simplex mode, the communication is unidirectional. Among the stations only one can transmit and the other can only receive. Half-Duplex In half-Duplex mode, the communication is bidirectional. In this both station can sent and receive but not at the same time. Full-Duplex In Full-Duplex mode, both stations can transmit and receive simultaneously. Based on Time in Transmission Type Synchronous Transmission In synchronous Transmission both the sender and the receiver use the same time cycle for the transmission. We send bits one after another without start/stop bits or gaps. It is the responsibility of the receiver to group the bits. Bit stream is delivered with a fixed delay and given error rate. Each bit reaches the destination with the same time delay after leaving the source. Asynchronous Transmission In Asynchronous Transmission we send one start bit at the beginning and one stop bit at the end of each byte. There may be a gap between each byte. Bit stream is divided into packets. Packets are received with 28 varying delays, so packets can arrive out of order. Some packets are not received correctly. Based on Authentication Peer to Peer Connection In peer-to-peer networks, there are no dedicated servers. All the computers are equal and, therefore, are termed as peers. Normally, each computer functions as both a client and a server. No one can control the other computers. Server Based Connection Most networks have a dedicated server. A dedicated server is a computer on a network which functions as a server, and cannot be used as a client or a workstation. A dedicated server is optimized to service requests from network clients. A server can control the clients for its services. Based on Geographical location Local Area Networks (LAN) LAN is a small high speed network. In LAN few numbers of systems are interconnected with networking device to create network. As the distance increases between the nodes or system it speed decreases. So it is limed to few meters only. Networks which cover close geographical area. LAN used to link the devices in a single office, building or campus. It provides high speeds over short distance. Systems are connecting directly to Network. The LAN is owned by private people. Wide Area Network (WAN) WAN is collection of network (or LAN). This network speed is less than the LAN network speed.WAN network connect systems indirectly. WAN spread over the world may be spread over more than one city country or continent. Systems in this network are connected indirectly. Generally WAN network are slower speed than LAN’s. The WAN network are owned or operated by network providers. If it is owned by a single owner then it is called Enterprise network. Often these types have combination of more than one topology. MAN (Metropolitan Area Network) Metropolitan area network is an extension of local area network to spread over the city. It may be a single network or a network in which more than one local area network can share their resources. Based on Reliability Reliability is maintained by authentication. Connection-oriented This type of communication establishes a session connection before data can be sent. This method is often called a "reliable" network service. It can guarantee that data will arrive inthe same order. Connection less This type of communication does not require a session connection between sender and receiver for data transfer. The sender simply starts sending packets to the destination. A connectionless network provides minimal services. 29 Topology Topology refers to physical layout including computers, cables, and other resources; it determines how components communicate with each other. Today’s network designs are based on three topologies: Bus consists of series of computers connected along a single cable segment Star connects computers via central connection point or hub Ring connects computers to form a loop All computers, regardless of topology, communicate by addressing data to one or more computers and transmitting it across cable as electronic signals. Data is broken into packets and sent as electronic signals that travel on the cable. Only the computer to which the data is addressed accepts it. Protocol Protocols mean set of rules. It is a formal description of message formats and the rules two or more machines has follow to exchange messages. The key elements of a protocol are syntax, semantics and timing. Syntax Syntax refers to the structure or format of the data, meaning the order in which they are presented. Semantics Semantics refers to the meaning of each section of bits. Timing Timing refers to when data should be sent and how fast it can be sent. Internet working Technologies Internet working Technologies tell how the Internet accommodating multiple underlying hardware technologies and how they are interconnected and formed the network, and set of communication standard which the network used to inter-operate. The lowercase internet means multiple networks connected together, using a common protocol suite. The uppercase Internet refers to the collection of hosts around the world that can communicate with each other using TCP/IP. While the Internet is an internet, the reverse is not true. Network Infrastructure or Transmission Infrastructure: Network infrastructure is divided into two parts. 30 1. Access Networks An access network is the part of a telecommunications network which connects end system to the firstrouter or subscribers to their immediate service provider as shown in figure 1. Figure 1 Network Infrastructure It is different from core network which connects all the routers to each other and ISP(Internet service provider). An access network may be a so-called local area network within a company or university, a dial telephone line with a modem, or a high-speed cable-based or phone-based access network. Access networks can be loosely divided into three categories: Residential access networks, connecting a home end system into the network. Institutional access networks, connecting an end system in a business or educational institution into the network. Mobile access networks, connecting a mobile end system into the network Core Networks: Core network connects all the routers to each other and ISP (Internet service provider). It is a main back bone for internet. Core network uses circuit switching and packet switching for data transmission. ISPs: (Internet Service Provider) In internet bottom-to-top the hierarchy consists of end systems (PCs, workstations, 31 etc.)connected to local Internet Service Providers (ISPs). The local ISPs are in turn connected to regional ISPs, which are in turn connected to national and international ISPs. The national and international ISPs are connected together at the highest tier in the hierarchy. Let's begin at the top of the hierarchy and work our way down. Residing at the very top of the hierarchy are the national ISPs, which are called National Backbone Provider (NBPs). The NBPs form independent backbone networks that span North America (and typically abroad as well). Just as there are multiple long-distance telephone companies in the USA, there are multiple NBPs that compete with each other for traffic and customers. The existing NBPs include internet MCI, Sprint Link, PSINet, UUNet Technologies, and AGIS. The NBPs typically have high-bandwidth transmission links, with bandwidths ranging from 1.5 Mbps to 622 Mbps and higher. Each NBP also has numerous hubs which interconnect its links and at which regional ISPs can tap into the NBP. The NBPs themselves must be interconnected to each other. To see this, suppose one regional ISP, say MidWestnet, is connected to the MCI NBP and another regional ISP, say EastCoastnet, is connected to Sprint's NBP. How can traffic be sent from MidWestnet to EastCoastnet? The solution is to introduce switching centers, called Network Access Points (NAPs), which interconnect the NBPs, thereby allowing each regional ISP to pass traffic to any other regional ISP. To keep us all confused, some of the NAPs are not referred to as NAPs but instead as MAEs (Metropolitan Area Exchanges). Component of Internet: A network (or internet) is formed using Hardware (or network device) and network software or Application and protocols. Hardware or Network device: Hub: It is uses to connect systems or nodes or networks. It has direct connection to a node (point to point connection). It suffers from high collision of data, results to data loss. A hub takes data from input port and retransmits the input data on output port. Repeater: A repeater is a device which regenerates or amplifies the data or signal so that it can betravel to the other segment of cable. It is use to connect two networks that uses same technology and protocol. It does not filter or translate any data. 32 Work in physical layer. Bridge: It is used to connect two networks. It divides the collision domain based on number of ports or interface present in a bridge. It uses the packet switches that forward and filter the frames using LAN destination address. Bridge examines the destination address of frame and forwards it to the interface or portwhich leads to the destination. It uses the routing table for routing frame from one node to other using MAC address. It works in Data Link Layer. Switch : It is similar to bridge. It has more number of interfaces as compared to bridge. It allows direct communication between the nodes. It works in Data Link Layer. It uses MAC address for data transmission and communication. Router: It is used to connect different types of network (types- architecture/ Protocol). It work similar to bridge but it uses IP address for routing data. Router can't be used for connecting Systems. It works in Network Layer. Gateways: Gateways make communication possible between systems that use different communication protocols, data formatting structures, languages and architectures. Gateways repackage data going from one system to another. Gateways are usually dedicated servers on a network and are task-specific. Windows operating system security Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system 33 security, and intelligent safeguards against ever-evolving threats. System security Secure Boot and Trusted Boot: Secure Boot and Trusted Boot help to prevent malware and corrupted components from loading when a device starts. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure the system boots up safely and securely. Measured Boot: Measured Boot measures all important code and configuration settings during the boot of Windows. This includes: the firmware, boot manager, hypervisor, kernel, secure kernel and operating system. Measured Boot stores the measurements in the TPM on the machine, and makes them available in a log that can be tested remotely to verify the boot state of the client. The Measured Boot feature provides anti-malware software with a trusted (resistant to spoofing and tampering) log of all boot components that started before it. The anti-malware software can use the log to determine whether components that ran before it are trustworthy, or if they're infected with malware. The anti-malware software on the local machine can send the log to a remote server for evaluation. The remote server may initiate remediation actions, either by interacting with software on the client, or through out-of-band mechanisms, as appropriate. Network security Transport Layer Security (TLS): Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a network. TLS 1.3 is the latest version of the protocol and is enabled by default in Windows 11. This version eliminates obsolete cryptographic algorithms, enhances security over older versions, and aims to encrypt as much of the TLS handshake as possible. The handshake is more performant with one fewer round trip per connection on average, and supports only five strong cipher suites which provide perfect forward secrecy and less operational risk. Domain Name System (DNS) security: Starting in Windows 11, the Windows DNS client supports DNS over HTTPS (DoH), an encrypted DNS protocol. This allows administrators to ensure their devices protect DNS queries from on-path attackers, whether they're passive observers logging browsing behavior or active attackers trying to redirect clients to malicious sites. In a zero-trust model where there is no trust placed in a network boundary, having a secure connection to a trusted name resolver is required. Bluetooth pairing and connection protection: The number of Bluetooth devices connected to Windows continues to increase. Windows supports all standard Bluetooth pairing protocols, including classic and LE Secure connections, 34 secure simple pairing, and classic and LE legacy pairing. Windows also implements host based LE privacy. Windows updates help users stay current with OS and driver security features in accordance with the Bluetooth Special Interest Group (SIG), Standard Vulnerability Reports, and issues beyond those required by the Bluetooth core industry standards. Microsoft strongly recommends that users ensure their firmware and/ or software of their Bluetooth accessories are kept up to date. WiFi Security: Wi-Fi Protected Access (WPA) is a security certification program designed to secure wireless networks. WPA3 is the latest version of the certification and provides a more secure and reliable connection method as compared to WPA2 and older security protocols. Windows supports three WPA3 modes: WPA3 personal with the Hash-to-Element (H2E) protocol, WPA3 Enterprise, and WPA3 Enterprise 192-bit Suite B. Windows 11 also supports WFA defined WPA3 Enterprise that includes enhanced Server Cert validation and TLS 1.3 for authentication using EAP-TLS Authentication. Opportunistic Wireless Encryption (OWE): Opportunistic Wireless Encryption (OWE) is a technology that allows wireless devices to establish encrypted connections to public Wi-Fi hotspots. Windows Firewall: Windows Firewall provides host-based, two-way network traffic filtering, blocking unauthorized traffic flowing into or out of the local device based on the types of networks to which the device is connected. Windows Firewall reduces the attack surface of a device with rules to restrict or allow traffic by many properties such as IP addresses, ports, or program paths. Reducing the attack surface of a device increases manageability and decreases the likelihood of a successful attack. With its integration with Internet Protocol Security (IPsec), Windows Firewall provides a simple way to enforce authenticated, end-to-end network communications. It provides scalable, tiered access to trusted network resources, helping to enforce integrity of the data, and optionally helping to protect the confidentiality of the data. Windows Firewall is a host-based firewall that is included with the operating system, there's no additional hardware or software required. Windows Firewall is also designed to complement existing non-Microsoft network security solutions through a documented application programming interface (API). Virtual private network (VPN): The Windows VPN client platform includes built in VPN protocols, configuration support, a common VPN user interface, and programming support for custom VPN protocols. VPN apps are available in the Microsoft Store for both enterprise and consumer VPNs, including apps for the most popular enterprise VPN gateways. In Windows 11, the most commonly used VPN controls are integrated right into the Quick 35 Actions pane. From the Quick Actions pane, users can see the status of their VPN, start and stop the VPN tunnels, and access the Settings app for more controls. Always On VPN (device tunnel): With Always On VPN, you can create a dedicated VPN profile for the device. Unlike User Tunnel, which only connects after a user logs on to the device, Device Tunnel allows the VPN to establish connectivity before a user sign-in. Both Device Tunnel and User Tunnel operate independently with their VPN profiles, can be connected at the same time, and can use different authentication methods and other VPN configuration settings as appropriate. Direct Access: Direct Access allows connectivity for remote users to organization network resources without the need for traditional Virtual Private Network (VPN) connections. With Direct Access connections, remote devices are always connected to the organization and there's no need for remote users to start and stop connections. Server Message Block (SMB) file service: SMB Encryption provides end-to-end encryption of SMB data and protects data from eavesdropping occurrences on internal networks. In Windows 11, the SMB protocol has significant security updates, including AES-256 bits encryption, accelerated SMB signing, Remote Directory Memory Access (RDMA) network encryption, and SMB over QUIC for untrusted networks. Windows 11 introduces AES-256-GCM and AES-256-CCM cryptographic suites for SMB 3.1.1 encryption. Windows administrators can mandate the use of more advanced security or continue to use the more compatible, and still-safe, AES-128 encryption. Server Message Block Direct (SMB Direct): SMB Direct (SMB over remote direct memory access) is a storage protocol that enables direct memory-to-memory data transfers between device and storage, with minimal CPU usage, while using standard RDMA-capable network adapters. SMB Direct supports encryption, and now you can operate with the same safety as traditional TCP and the performance of RDMA. Previously, enabling SMB encryption disabled direct data placement, making RDMA as slow as TCP. Now data is encrypted before placement, leading to relatively minor performance degradation while adding AES-128 and AES-256 protected packet privacy. Encryption and data protection BitLocker management: The BitLocker CSP allows an MDM solution, like Microsoft Intune, to manage the BitLocker encryption features on Windows devices. This includes OS volumes, fixed drives and removeable storage, and recovery key management into Microsoft Entra ID. BitLocker enablement: BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately 36 decommissioned computers. BitLocker uses AES algorithm in XTS or CBC mode of operation with 128-bit or 256-bit key length to encrypt data on the volume. Cloud storage on Microsoft OneDrive or Azure can be used to save recovery key content. BitLocker can be managed by any MDM solution such as Microsoft Intune, using a configuration service provider (CSP). BitLocker provides encryption for the OS, fixed data, and removable data drives leveraging technologies like hardware security test interface (HSTI), Modern Standby, UEFI Secure Boot and TPM. Encrypted hard drive: Encrypted hard drives are a class of hard drives that are self-encrypted at the hardware level and allow for full disk hardware encryption while being transparent to the device user. These drives combine the security and management benefits provided by BitLocker Drive Encryption with the power of self-encrypting drives. By offloading the cryptographic operations to hardware, encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. Because encrypted hard drives encrypt data quickly, BitLocker deployment can be expanded across enterprise devices with little to no impact on productivity. Personal data encryption (PDE): Personal data encryption (PDE) works with BitLocker and Windows Hello for Business to further protect user documents and other files, including when the device is turned on and locked. Files are encrypted automatically and seamlessly to give users more security without interrupting their workflow. Windows Hello for Business is used to protect the container, which houses the encryption keys used by PDE. When the user signs in, the container gets authenticated to release the keys in the container to decrypt user content. Email Encryption (S/MIME): Email encryption enables users to encrypt outgoing email messages and attachments, so only intended recipients with a digital ID (certificate) can read them. Users can digitally sign a message, which verifies the identity of the sender and confirms the message hasn't been tampered with. The encrypted messages can be sent by a user to other users within their organization or external contacts if they have proper encryption certificates. Block Diagram of mobile Typically Mobile phone will have display (LCD, touch screen), keypad, microphone, speaker, SIM card, battery, USB port, antenna, memory unit(RAM,ROM), camera, CODEC, RF part, DAC/ADC, baseband part (L1/Layer1/physical layer) running on DSP, Application/protocol layers running on CPU, ON/OFF switch and Bluetooth/GPS features. All these features are based on specific standard specifications designed, like it may be based on GSM, WCDMA or LTE etc. RF Part: As shown in figure above, every phone has RF part which consists of RF frequency up converter 37 and frequency down converter, many analog filters, digital attenuator, driver amplifiers etc. For system, up converter converts modulated baseband signal (I and Q) either at zero IF (Intermediate frequency) or some IF to RF frequency. RF down converter converts RF signal to baseband signal (I and Q). The basic component used for frequency conversion is RF mixer. Analog filters pass only desired band of signals. Amplifiers boost up the signal to the required transmit power level. Baseband Part: Baseband part in a mobile is comprised of a digital signal processor (DSP) to process forward voice/data signals for transmission and to process reverse voice/data signals received. This is the core processing part which changes for various air interface standards like GSM, HSPA, LTE and more. It is often named as physical layer or Layer 1 or L1. For Speech/audio, codec is used to compress and decompress the signal to match the data rate to the frame it has to fit in. The baseband or physical layer will add redundant bits to enable error detection as well as error correction. ADC and DAC: ADC (Analog to Digital Converter) and DAC (Digital to Analog Converter) is used to convert analog speech signal to digital signal and vice versa in the mobile handset. RF Switch / Duplexer: RF switch is used for TDD (Time Division Duplex) configuration, which switches the RF path between transmit chain and receive chain and on the other side, Duplexer is used for FDD (Frequency Division Duplex) configuration which passes the transmitted signal and received signal at the same time through it. Application layer: It consists of protocols that focus on process-to-process communication across an IP network and provides a firm communication interface and end-user services. It also runs on CPU. It include audio, video and image/graphics applications. The application layer provides many services, including: Simple Mail Transfer, Protocol File transfer, graphics etc. Camera: Now-a-days with almost all the mobile phone camera feature is available for one to click pictures at various occasions. It is the major specifications in increasing cost of mobile phone. There are various mega pixel cameras such as 13 MP, 23 MP, 48 MP or even 64 MP available in smart phones. This has become evident because of advancement in sensor technology. Display: There are lot of display types used in mobile phones. They can be either colour or monochrome. The colour displays usually are CSTN, TFT, TFD or OLED with a predominant use of TFT displays in current mobile lineups. There are also two types of touch screen displays – capacitive and resistive, which are both based on TFT technology. Capacitive touch screens work by sensing the electrical properties of the human body, while Resistive ones operate by sensing direct 38 pressure applied by the user. The Resistive type can be activated by pressing not only with human skin but also with a stylus and thus allow handwriting recognition input. Microphone: Microphone or mic converts air pressure variations (result of our speech) to electrical signal to couple on the PCB for further processing. Usually in mobile phone mic of types condenser, dynamic, carbon or ribbon is used. Speaker: It converts electrical signal to audible signal(pressure vibrations) for human being to hear. This is often coupled with audio amplifier to get required amplification of audio signal. It also tied with volume control circuit to change (increase or decrease) the amplitude of the audio signal. Antenna: An antenna converts electromagnetic radiation into electric signal and vice versa. In mobile phone, antenna is embedded inside, which is not visible to us. A metal strip pattern is served as an antenna. Connectivity (Wi-Fi, Bluetooth, USB, GPS): To make data transfer fast enough between mobile phone and other computing devices (laptop, desktop, tablet) or between mobile and mobile various technologies are evolved which include Wi-Fi, Bluetooth, USB. GPS (global positioning system) is used for location assistance and will enable google map to work efficiently. Sensors: A sensor is a transducer whose purpose is to sense (that is, to detect) some characteristic of its environs. It detects events or changes in quantities and provides a corresponding output, generally as an electrical or optical signal. In mobile phone, there are various kind of sensors are used like accelerometer, magnetometer, proximity sensor, light sensor, barometer, pedometer, thermometer etc. Various mobile phones have different concepts and design on every aspects, but the methods and operational flow are all exactly the same. It differs on how and what certain IC chips and parts they are being used and installed to a certain mobile phone circuitry. 39 1. HTTP: Full form : Hypertext Transfer Protocol HTTP (Hypertext Transfer Protocol) is the set of rules for transferring files -- such as text, images, sound, video and other multimedia files -- over the web. As soon as a user opens their web browser, they are indirectly using HTTP 2. HTTPS: Full form: Hypertext Transfer Protocol Secure Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary protocol used to send data between a web browser and a website. HTTPS is encrypted in order to increase security of data transfer. 3. E-Commerce Definition: E-commerce (electronic commerce) is the exchange of goods and services and the transmission of funds and data over the internet. E-commerce relies on technology and digital platforms, including website