CyberSecurity CompleteNote PDF

1. Cyber Crime Introduction Cybercrime or a computer-oriented crime is a crime that includes a computer and a network. The computer may have been used in the execution of a crime or it may be the target. Cybercrime is the use of a computer as a weapon for committing crimes such as committing fraud, identity theft, or breaching privacy. Cybercrime, especially through the Internet, has grown in importance as the computer has become central to every field like commerce, entertainment, and government. Cybercrime may endanger a person or a nation’s security and financial health. Cybercrime encloses a wide range of activities, but these can generally be divided into two categories: 1. Crimes that aim at computer networks or devices. These types of crimes involve different threats (like virus, bugs etc.) and denial-of-service (DoS) attacks. 2. Crimes that use computer networks to commit other criminal activities. These types of crimes include cyber stalking, financial fraud or identity theft. Why is Cybercrime considered a grave offense? There are many privacy concerns surrounding cybercrime when sensitive information is intercepted and leaked to the public, legally or otherwise. Some of that information may include data about military deployments, internal government communications, and even private data about high-value individuals. Cybercrime is not confined to individuals alone. Internationally, both governmental and non-state actors engage in cybercrimes, including espionage, financial theft, and other cross-border crimes. Cybercrimes crossing international borders and involving the actions of at least one nation- state is sometimes referred to as cyberwarfare. In 2018, a study by Center for Strategic and International Studies (CSIS), in partnership with McAfee, a leading cybersecurity firm concludes that close to $600 billion, nearly one percent of global GDP, is lost to cybercrime each year. Challenges of Cyber Crime: 1. People are unaware of their cyber rights- The Cybercrime usually happen with illiterate people around the world who are unaware about their cyber rights implemented by the government of that particular country. 2. Anonymity- Those who Commit cyber crime are anonymous for us so we cannot do anything to that person. 3. Less numbers of case registered- Every country in the world faces the challenge of cyber crime and the rate of cyber crime is increasing day by day because the people who even don’t register a case of cyber crime and this is major challenge for us as well as for authorities as well. 4. Mostly committed by well educated people- Committing a cyber crime is not a cup of tea for every individual. The person who commits cyber crime is a very technical person so he knows how to commit the crime and not get caught by the authorities. 5. No harsh punishment- In Cyber crime there is no harsh punishment in every cases. But there is harsh punishment in some cases like when somebody commits cyber terrorism in that case there is harsh punishment for that individual. But in other cases there is no harsh punishment so this factor also gives encouragement to that person who commits cyber crime. Prevention of Cyber Crime: Below are some points by means of which we can prevent cyber crime: 1. Use strong password – Maintain different password and username combinations for each account and resist the temptation to write them down. Weak passwords can be easily cracked using certain attacking methods like Brute force attack, Rainbow table attack etc, So make them complex. That means combination of letters, numbers and special characters. 2. Use trusted antivirus in devices – Always use trustworthy and highly advanced antivirus software in mobile and personal computers. This leads to the prevention of different virus attack on devices. 3. Keep social media private – Always keep your social media accounts data privacy only to your friends. Also make sure only to make friends who are known to you. 4. Keep your device software updated – Whenever you get the updates of the system software update it at the same time because sometimes the previous version can be easily attacked. 5. Use secure network – Public Wi-Fi are vulnerable. Avoid conducting financial or corporate transactions on these networks. 6. Never open attachments in spam emails – A computer get infected by malware attacks and other forms of cybercrime is via email attachments in spam emails. Never open an attachment from a sender you do not know. 7. Software should be updated –Operating system should be updated regularly when it comes to internet security. This can become a potential threat when cybercriminals exploit flaws in the system. Laws against Cybercrime in India Ever since the introduction of cyber laws in India, the Information Technology Act (IT Act) 2000 covers different types of crimes under cyber law in India. The following types of cybercrimes are covered under the IT Act 2000. Identity theft – Identity theft is defined as theft of personnel information of an individual to avail financial services or steal the financial assets themselves. Cyberterrorism – Cyberterrorism is committed with the purpose of causing grievous harm or extortion of any kind subjected towards a person, groups of individuals, or governments. Cyberbullying – Cyberbullying is the act of intimidating, harassment, defaming, or any other form of mental degradation through the use of electronic means or modes such as social media. Hacking – Access of information through fraudulent or unethical means is known as hacking. This is the most common form of cybercrime know to the general public. Defamation – While every individual has his or her right to speech on internet platforms as well, but if their statements cross a line and harm the reputation of any individual or organization, then they can be charged with the Defamation Law. Trade Secrets – Internet organization spends a lot of their time and money in developing software, applications, and tools and rely on Cyber Laws to protect their data and trade secrets against theft; doing which is a punishable offense. Freedom of Speech – When it comes to the internet, there is a very thin line between freedom of speech and being a cyber-offender. As freedom of speech enables individuals to speak their mind, cyber law refrains obscenity and crassness over the web. Harassment and Stalking – Harassment and stalking are prohibited over internet platforms as well. Cyber laws protect the victims and prosecute the offender against this offense. IT Act, 2000 went through amendments under the Indian Penal Code in the year 2008. These were made in light of the laws on cybercrime – IT Act, 2000 by way of the IT Act, 2008. They were enforced at the beginning of 2009 to strengthen the cybersecurity laws. Classification of Cyber Crime: 1. Cyber Terrorism – Cyber terrorism is the use of the computer and internet to perform violent acts that result in loss of life. This may include different type of activities either by software or hardware for threatening life of citizens. In general, Cyber terrorism can be defined as an act of terrorism committed through the use of cyberspace or computer resources. 2. Cyber Extortion – Cyber extortion occurs when a website, e-mail server or computer system is subjected to or threatened with repeated denial of service or other attacks by malicious hackers. These hackers demand huge money in return for assurance to stop the attacks and to offer protection. 3. Cyber Warfare – Cyber warfare is the use or targeting in a battle space or warfare context of computers, online control systems and networks. It involves both offensive and defensive operations concerning to the threat of cyber attacks, espionage and sabotage. 4. Internet Fraud – Internet fraud is a type of fraud or deceit which makes use of the Internet and could include hiding of information or providing incorrect information for the purpose of deceiving victims for money or property. Internet fraud is not considered a single, distinctive crime but covers a range of illegal and illicit actions that are committed in cyberspace. 5. Cyber Stalking – This is a kind of online harassment wherein the victim is subjected to a barrage of online messages and emails. In this case, these stalkers know their victims and instead of offline stalking, they use the Internet to stalk. However, if they notice that cyber stalking is not having the desired effect, they begin offline stalking along with cyber stalking to make the victims’ lives more miserable. 6. Phishing It is a process of acquiring personal and sensitive information of an individual via email by disguising as a trustworthy entity in an electronic communication. The purpose of phishing is identity theft and the personal information like username, password, and credit card number etc. may be used to steal money from user account. If a telephone is used as a medium for identity theft, it is known as Vishing (voice phishing). Another form of phishing is Smishing, in which sms is used to lure customers. 7. Forgery and Counterfeiting It is a use of computer to forgery and counterfeiting is a document. With the advancement in the hardware and the software, it is possible to produce counterfeit which matches the original document to such an extent that it is not possible to judge the authenticity of the document without expert judgement. 8. Child Pornography It is an act of possessing image or video of a minor (under 18), engaged in sexual conduct. 9. Software Piracy and Crime related to IPRs Software piracy is an illegal reproduction and distribution for personal use or business. It comes under crime related to IPR infringement. Some of the other crimes under IPR infringement are: downloading of pirated software, songs, movies, etc. Hacking In the context of computer security, hacking refers to the unauthorized access, manipulation, or exploitation of computer systems or networks. This can include activities such as breaking into a computer system, stealing sensitive information, or disrupting normal system functions. Hacking, when used to gain unauthorized access to computer systems, networks, or data, is a criminal activity. Perpetrators, known as hackers, exploit vulnerabilities to steal sensitive information, disrupt services, or commit fraud. Such actions violate privacy, compromise security, and can lead to severe legal consequences, including fines and imprisonment. Cybersecurity measures are crucial to prevent and mitigate the impact of hacking crimes in an increasingly digital world. Types of Hackers Grey, black, and white hackers are terms used to categorize individuals based on their ethical and moral stance when it comes to hacking and cybersecurity. These terms help differentiate between hackers who use their skills for different purposes. Here's an overview of each type: 1. White Hat Hacker: Ethical Intentions: White hat hackers, also known as ethical hackers, are individuals who use their hacking skills for good and with ethical intentions. Legal: They operate within the boundaries of the law and typically have permission to test and secure computer systems, networks, and software. Goals: Their primary goal is to identify and fix vulnerabilities and weaknesses in computer systems and network infrastructure to strengthen security. Examples: White hat hackers may work as security professionals, penetration testers, or cybersecurity consultants. 2. Grey Hat Hacker: Ambiguous Intentions: Grey hat hackers are somewhere in between white and black hat hackers. They may have mixed motivations, and their actions can be morally ambiguous. Legal: They may perform hacking activities without explicit authorization, which can be illegal in some cases. Goals: Grey hat hackers may identify vulnerabilities and disclose them to the affected parties without consent, sometimes with the expectation of receiving a reward or acknowledgment. Examples: Some grey hat hackers disclose security flaws they discover, but they may not always follow legal procedures or ethical guidelines. 3. Black Hat Hacker: Malicious Intentions: Black hat hackers are individuals who engage in hacking with malicious intent. Their actions are typically illegal and unethical. Illegal: They break into computer systems, networks, and software without permission and often for personal gain or to cause harm. Goals: Their primary goals include stealing data, spreading malware, conducting cyberattacks, and engaging in criminal activities. Examples: Cybercriminals, hackers involved in identity theft, data breaches, and other illicit activities fall into this category. Phases of Hacking Hacking typically involves several phases, often referred to as the "hacking lifecycle" or "cyberattack lifecycle." These phases may vary slightly depending on the model or framework being used, but generally include the following: 1. Reconnaissance (Information Gathering): In this phase, hackers gather information about the target, such as identifying potential vulnerabilities, system architecture, and the network environment. This can involve passive methods, like searching for publicly available information, or active methods, such as network scanning. 2. Scanning: Hackers use various tools and techniques to actively scan the target network for open ports, services, and vulnerabilities. This phase helps them identify potential entry points into the system. 3. Gaining Access (Exploitation): Once vulnerabilities are identified, hackers attempt to exploit them to gain unauthorized access to the target system. This may involve using known exploits, social engineering, or other methods to compromise security. 4. Maintaining Access: After successfully gaining access, hackers aim to maintain a persistent presence in the system. This involves installing backdoors, rootkits, or other means to ensure continued access, even if the initial point of entry is discovered and addressed. 5. Covering Tracks: To avoid detection, hackers cover their tracks by deleting logs, modifying timestamps, and taking other actions to erase evidence of their activities. This makes it more difficult for security professionals to trace the attack back to its source. Security Threats The CIA Triad One of the models often used to describe the relationship between security and its objects is known the CIA triad. CIA stands for Confidentiality, Integrity, and Availability. Each of these is a desirable property of the things we might want to secure, and each of these three properties can be attacked 1. Confidentiality: Can actors who should not have access to the system or information access the system or information? 2. Integrity: Can the data or the system be modified in some way that is not intended? 3. Availability: Are the data or the system accessible when and how they are intended to be? Risks, Threats, Vulnerabilities, and Exploits Risk: A simple way to define risk is to consider two axes: the probability that a negative event will occur, and the impact on something we value if such an event happens. As cybersecurity professionals, we should always consider risk by examining the questions How likely is it that a particular attack might happen? and What would be the worst possible outcome if the attack occurs? Threat: In cybersecurity, a threat is something that poses risk to an asset we care about protecting. Not all threats are human; if our network depends on the local electricity grid, a severe lightning storm could be a threat to ongoing system operations. A person or group of people embodying a threat is known as a threat actor, a term signifying agency, motivation, and intelligence. Vulnerability: For a threat to become an actual risk, the target being threatened must be vulnerable in some manner. A vulnerability is a flaw that allows a threat to cause harm. Not all flaws are vulnerabilities. To take a non-security example, let's imagine a bridge. A bridge can have some aesthetic flaws; maybe some pavers are scratched or it isn't perfectly straight. However, these flaws aren't vulnerabilities because they don't pose any risk of damage to the bridge. Alternatively, if the bridge does have structural flaws in its construction, it may be vulnerable to specific threats such as overloading or too much wind. Exploits: In computer programs, vulnerabilities occur when someone who interacts with the program can achieve specific objectives that are unintended by the programmer. When these objectives provide the user with access or privileges that they aren't supposed to have, and when they are pursued deliberately and maliciously, the user's actions become an exploit. The word exploit in cybersecurity can be used as both a noun and as a verb. As a noun, an exploit is a procedure for abusing a particular vulnerability. As a verb, to exploit a vulnerability is to perform the procedure that reliably abuses it. An attack surface describes all the points of contact on our system or network that could be vulnerable to exploitation. An attack vector is a specific vulnerability and exploitation combination that can further a threat actor's objectives. Defenders attempt to reduce their attack surfaces as much as possible, while attackers try to probe a given attack surface to locate promising attack vectors. Cyber Attacks Categories Here are some popular categories of cyber attacks: 1. Malware Attacks: Viruses: Malicious software that attaches itself to a legitimate program and spreads when that program is executed. Worms: Self-replicating malware that spreads across networks without user interaction. Trojans: Malware disguised as legitimate software, which often tricks users into installing it. 2. Phishing Attacks: Phishing: Deceptive attempts to obtain sensitive information (such as usernames, passwords, or financial details) by posing as a trustworthy entity in electronic communication. 3. Man-in-the-Middle (MitM) Attacks: Eavesdropping: Unauthorized interception of communication between two parties. Session Hijacking: Intercepting and taking over an established session between a user and a system. 4. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks: DoS: Overloading a system, service, or network to disrupt its availability. DDoS: Coordinating multiple systems to flood a target with traffic, overwhelming its resources. 5. Ransomware Attacks: Ransomware: Malware that encrypts a user's data and demands payment (usually in cryptocurrency) for its release. 6. SQL Injection: Exploiting vulnerabilities in a web application's database by injecting malicious SQL code, potentially gaining unauthorized access to the database. 7. Cross-Site Scripting (XSS): Injecting malicious scripts into web pages viewed by other users, often to steal sensitive information. 8. Drive-by Downloads: Automatically downloading malicious software onto a user's device when they visit a compromised or malicious website. 9. Credential Stuffing: Using previously stolen usernames and passwords to gain unauthorized access to multiple accounts, exploiting the tendency of users to reuse passwords. 10.Social Engineering Attacks: Manipulating individuals into divulging confidential information through psychological manipulation. 11.IoT-Based Attacks: Exploiting vulnerabilities in Internet of Things (IoT) devices to gain unauthorized access or launch attacks. 12.Zero-Day Exploits: Attacks that target undisclosed vulnerabilities in software or hardware before the vendor releases a patch. 13.Advanced Persistent Threats (APTs): Long-term targeted attacks in which adversaries gain unauthorized access to a network and remain undetected for an extended period. Types of Malware Malware is a broad term that can be associated to any program or script that was intentionally developed to destroy data or cause damage to the normal functionality of a computer or network, or to perform malicious activities such as stealing sensitive information (e.g. login credentials, credit card numbers, financial information, etc.) or gaining unauthorized access to computer systems. It can come in different formats, such as executables, binary shell code, script, or firmware. The widely used classification is made by malware type, with some being more common than others. The most significant and common malware types are Virus: It is malicious software that injects its malicious code into other files in a target system, thus spreading within the target system and potentially to other systems as well. Viruses must execute to do their malicious activities, so they target any type of file that could be executed on the system. Worms: It is like virus, worms are infectious and designed to replicate themselves. However, a worm duplicates itself without targeting and infecting specific files that are already present on the target system. Worms can spread very quickly through the network, relying on security weaknesses and vulnerabilities in the target host to access it, and perform its malicious activities like stealing or deleting data. Trojan horses: This malicious program pretends to be harmless, in order to deceive the victim into loading and executing it, and therefore perform its malicious tasks. A Trojan payload can be anything but is usually a form of a backdoor that allows attackers unauthorized access to the affected devices. It can also be used to install keyloggers that can easily capture sensitive data such as names and passwords, credit card, financial information, etc. Rootkits: These are a set of malicious software tools that give attackers privileged access to the victim system. Attackers can then remotely execute files, steal sensitive information, change the system configuration, or alter the functionality of the security mechanism. Unlike virus and worms, rootkits cannot self-propagate or replicate but, it must be installed on the target system. Adware: This malicious software automatically displays advertisements to users and collect data about their activities without their consent. This type of malware does not usually harm the system, and most of the times the user will never be able to identify its malicious activities; for this reason, adware is also referred to as grayware. Some adware may come with integrated spyware such as keyloggers and other privacy-invasive software Spyware: This kind of malware installs secretly on the target system for the purpose of monitoring the user's activities without their knowledge. The main goal of spyware is usually to capture sensitive information like bank accounts, passwords, or credit card information. Any software that is downloaded and installed without the user's authorization can be classified as spyware. Ransomware: This malicious program prevents users from accessing their system, either by disabling the system's functionality or by locking the users' files and displays a message that demands payment (or ransom) to restore its functionality. It can be spread to the victim's devices through vulnerabilities in the system or through downloaded files and links in phishing emails. According to security reports, recent ransomware attacks focused on healthcare, local government, and education sectors, in particular. Keylogger: It is a malicious piece of software that records the keystrokes on a device to intercept sensitive information typed in through the keyboard. This gives attackers the benefit of access to account numbers and PIN codes, passwords to online shopping websites, email logins, and other confidential information. Bot/Botnet: Short for "robot network", is a software application or script that is programmed to do certain repetitive tasks automatically. Malicious bots are used by cyber-criminals to remotely take control over compromised devices and use them to launch more attacks, or create botnets, which are networks of infected devices. In this case, infected devices (also referred as zombies) are orchestrated by a command and control (C&C) server that instructs them with specific malicious actions, such as Distributed Denial of Service (DDoS) attacks, Application Programming Interface (API) abuse, phishing attacks, spam emails, ransomware, etc. Malware programs can span multiple categories. For instance, a worm might include a keylogger that collects login credentials. Malware can also create new vulnerabilities in the victim host or network by disabling their security mechanisms (e.g. removing antivirus), or changing passwords and firewall settings, installing backdoors, and more. For instance, the Gh0st RAT (Remote Access Terminal) Trojan, which is one of the top ten alerted malware in February 2020, can create a backdoor into infected devices, and therefore allows the attacker to fully control them. Cryptography Cryptography is the technique of taking plain, legible text and implementing an algorithm to it to encrypt it to produce ciphertext, which seems to be gibberish before it is decrypted. Cryptographic functions have a randomization property. If you want to reverse the results of cryptography, like decrypt or verify the cipher, you will need the key. That is why they are called one-way functions. We can apply encryption to maintain two of the three security principle - confidentiality and integrity cryptographic digest A cryptographic digest, also known as a hash function or hash algorithm, is a mathematical function that takes an input (or "message") and produces a fixed-size string of characters, which is typically a hexadecimal number. The output, commonly called the hash value or hash code, is unique to the input data. Even a small change in the input data should produce a significantly different hash value. The primary purposes of cryptographic digests are: 1. Data Integrity: Hash functions are used to ensure the integrity of data. If the data changes in any way, the hash value will change as well. By comparing the hash values of the original and received data, one can verify if the data has been altered. 2. Digital Signatures: Cryptographic digests are a fundamental component of digital signatures. When someone signs a message or a document, they create a hash of the content and encrypt it with their private key. The recipient can use the sender's public key to verify the signature by checking that the decrypted hash matches the hash of the received data. 3. Password Storage: Hash functions are commonly used to store passwords securely. Instead of storing the actual passwords, systems store the hash values of passwords. When a user attempts to log in, the system hashes the entered password and compares it to the stored hash. 4. Checksums: Hash functions are used to create checksums for data transmitted over a network. The sender computes the hash of the data and sends both the data and the hash to the receiver. The receiver recalculates the hash upon receiving the data and compares it with the received hash to verify data integrity. Common cryptographic hash functions include SHA-256 (Secure Hash Algorithm 256-bit), SHA-3, and MD5 (Message Digest Algorithm 5). However, MD5 is considered insecure for cryptographic purposes due to vulnerabilities, and it is recommended to use stronger hash functions like SHA-256 for security-critical applications. Symmetric cryptography Symmetric cryptography, also known as secret-key or private-key cryptography, is a form of encryption where the same key is used for both the encryption of the plaintext and the decryption of the ciphertext. In other words, the communicating parties must share a secret key and keep it private. This shared key is used both to transform the original message (plaintext) into an unreadable format (ciphertext) and to reverse the process, turning the ciphertext back into its original form. Here's how symmetric cryptography works: 1. Key Generation: Two parties who wish to communicate securely must first agree on a secret key. This key is then used for both encryption and decryption. 2. Encryption: The sender uses the shared secret key to encrypt the plaintext message, turning it into ciphertext. The encryption algorithm and the key are kept secret. 3. Transmission: The ciphertext is sent over the communication channel. 4. Decryption: The recipient uses the same secret key to decrypt the received ciphertext, transforming it back into the original plaintext. Symmetric Cryptography Scheme The main advantage of symmetric cryptography is its efficiency. The algorithms used for symmetric encryption are generally fast and require less computational resources compared to their asymmetric counterparts. However, a significant challenge with symmetric key cryptography lies in securely distributing and managing the secret keys, especially when there are many communicating parties. One common use of symmetric cryptography is in securing the confidentiality of data in transit. For example, when you access a secure website (using HTTPS), symmetric cryptography is often used to encrypt the data exchanged between your browser and the web server. Common symmetric key algorithms include Advanced Encryption Standard (AES), Data Encryption Standard (DES), and Triple DES. While symmetric cryptography is efficient for confidentiality, it doesn't provide a mechanism for key exchange or digital signatures, which are addressed by asymmetric (public-key) cryptography. Often, a combination of both symmetric and asymmetric cryptography is used to achieve a balance of efficiency and security in various cryptographic applications. Asymmetric cryptography Asymmetric cryptography, also known as public-key cryptography, is a cryptographic system that uses pairs of keys: public keys, which may be disseminated widely, and private keys, which are known only to the owner. The idea is that what one key encrypts, only the other corresponding key can decrypt. This is in contrast to symmetric cryptography, where the same key is used for both encryption and decryption. Key exchange using asymmetric cryptography Here's how asymmetric cryptography works: 1. Key Pair Generation: Each participant generates a pair of keys – a public key and a private key. The public key is shared openly, while the private key is kept secret. 2. Encryption: If someone wants to send an encrypted message to a recipient, they use the recipient's public key to encrypt the message. 3. Transmission: The encrypted message (ciphertext) is sent to the recipient. 4. Decryption: The recipient uses their private key to decrypt the received ciphertext and recover the original message (plaintext). The use of asymmetric cryptography brings several advantages: Key Distribution: Unlike symmetric cryptography, where sharing secret keys securely can be a challenge, in asymmetric cryptography, only the public keys need to be shared openly. Private keys are kept secret, and there's no need to transmit them. Digital Signatures: Asymmetric cryptography is often used for digital signatures. The sender can use their private key to create a digital signature, and the recipient can verify the signature using the sender's public key. This ensures the authenticity and integrity of the message. Key Exchange: Asymmetric cryptography can facilitate secure key exchange for symmetric cryptography. Two parties can use asymmetric encryption to exchange a shared secret key that is then used for secure communication using symmetric encryption. Common asymmetric key algorithms include RSA (Rivest-Shamir-Adleman), DSA (Digital Signature Algorithm), and ECC (Elliptic Curve Cryptography). These algorithms are computationally more intensive than symmetric algorithms, so they are often used for tasks where efficiency is less critical, such as key exchange, digital signatures, and securing the initial connection in secure communication protocols like HTTPS. In many cryptographic systems, a combination of symmetric and asymmetric cryptography is used to leverage the strengths of both approaches. Digital signature A digital signature is a cryptographic technique used to ensure the authenticity and integrity of a digital message, document, or transaction. It provides a way for the sender of a message to demonstrate that the message was indeed created by them (authentication) and that it has not been altered in transit (integrity). Here's how digital signatures typically work: 1. Key Pair Generation: Similar to asymmetric cryptography, a user generates a pair of cryptographic keys - a private key and a corresponding public key. 2. Signing: To digitally sign a message or document, the sender uses their private key to create a unique digital signature for the content. This process involves applying a mathematical algorithm to the message or a hash of the message. 3. Distribution: The signed message, along with the digital signature, is sent to the recipient. The sender's public key is usually made publicly available or provided to the recipient through a trusted channel. 4. Verification: The recipient uses the sender's public key to verify the digital signature. If the verification is successful, it confirms that the message was indeed signed by the possessor of the private key and that the message has not been altered since it was signed. Hashing functions and asymmetric cryptography used to create digital signatures Digital signatures provide the following benefits: Authentication: The recipient can be confident that the message was sent by the claimed sender, as only the possessor of the private key could have produced the digital signature. Integrity: The recipient can be sure that the message has not been tampered with in transit since any alteration to the message would result in an invalid digital signature. Non-repudiation: The sender cannot later deny their involvement in creating the message because the digital signature is uniquely tied to their private key. Digital signatures are widely used in various applications, including secure email communication, online transactions, software distribution, and legal documents. Common digital signature algorithms include RSA (Rivest-Shamir-Adleman), DSA (Digital Signature Algorithm), and ECDSA (Elliptic Curve Digital Signature Algorithm). The use of digital signatures is a crucial aspect of secure and trusted communication in the digital age. Digital certificate A digital certificate is a cryptographic credential that is used to verify the identity of an entity, such as a person, device, or organization, in the digital realm. Digital certificates are a crucial component of public-key cryptography and are often used in various online security protocols to establish trust and enable secure communication. Here are key components and concepts related to digital certificates: 1. Public Key Infrastructure (PKI): Digital certificates are a fundamental component of a PKI, a framework that manages digital keys and certificates. PKI provides a way to secure communication over networks like the internet. 2. Certificate Authority (CA): A certificate authority is a trusted third party that issues digital certificates. The CA's role is to verify the identity of the entity requesting the certificate (through a process known as authentication) and then digitally sign the certificate. Popular CAs include Verisign, DigiCert, and Let's Encrypt. 3. Certificate Contents: Public Key: The digital certificate includes the public key of the entity to which the certificate is issued. Subject: Information about the entity (such as its name and other identifying information) is included in the certificate. Issuer: The entity (usually a CA) that issues and signs the certificate. Validity Period: The time during which the certificate is considered valid. Digital Signature: The CA's digital signature, which verifies the authenticity of the certificate. 4. Digital Signature Verification: When a digital certificate is presented, the recipient can verify its authenticity by checking the digital signature. This involves using the public key of the CA (which is typically widely available and trusted) to verify that the signature was indeed generated by the CA. 5. SSL/TLS Certificates: One common use of digital certificates is in securing web communication through the use of SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols. Websites use SSL/TLS certificates to encrypt data in transit and to authenticate the server to the client. 6. Code Signing Certificates: Developers and software publishers use digital certificates to sign their software. This provides a way for users to verify the origin and integrity of the software. Digital certificates play a critical role in establishing a secure and trusted digital environment, allowing users to confidently engage in online transactions, access secure websites, and communicate over the internet without compromising the confidentiality and integrity of their data. Security Technology Introduction to Computer Network How the Internet Transmits Data Packets All information on the internet is transmitted in packets. You can think of a packet as an envelope that contains the data that you want to send. As with the postal service, these packets are routed to their destinations based on a specified address. Parallels between envelopes and packets The From Address section on an envelope contains two critical pieces of information: 1) the name of the person sending the letter, and 2) where they live. Similarly, packets have a source (media access control [MAC] address) that represents the machine sending the packet and a source (IP address) that represents where the packet came from. Other similar fields, known as packet headers, represent the packet’s destination. The internet uses devices called routers to sort and forward packets. MAC Addresses Your laptop contains a network interface card (NIC) that allows it to connect to WiFi routers. This card has a unique address, called a MAC address, that identifies your machine on the network. When the router wants to send your computer information, it labels that packet with your laptop’s MAC address and then broadcasts it as a radio signal. All machines connected to that router receive this radio signal and check the packet’s MAC address to see whether the packet is intended for them. MAC addresses are normally 48 bit numbers written in hexadecimal (for example, 08:00:27:3b:8f:ed) IP Addresses You probably already know that IP addresses also identify machines on a network. So why do we need both IP and MAC addresses? Well, networks consist of hierarchical regions similarly to how some countries are split into states, which themselves contain cities. IP addresses follow a structure that allows them to identify a device’s place in the larger network. If you moved to another coffee shop, your laptop would be assigned a new IP address to reflect its new location; however, your MAC address would remain the same. An IPv4 address encodes the network hierarchy information in a 32 - bit number. This number is typically represented in four sections separated by dots (such as 192.168.3.1). Each section represents an 8 - bit binary number. For example, the 3 in 192.168.3.1 actually represents the 8bit binary number 00000011. A simplified view of the network hierarchy Packets and the Internet Protocol Stack A protocol is a set of rules that governs the communication between systems. In addition to governing communication rules, a protocol determines how information is laid out in a packet. They usually require the packet header to contain specific information. How header fields in a packet are like addresses on an envelope In addition to IP addresses, this figure contains header fields for the source and destination port numbers, which are assigned by the operating system when it allows a process to communicate over the network. Port numbers are unique, meaning that no two processes on a machine can use the same port number. A process is an abstraction that represents a running program. Ports are necessary because they allow multiple processes on your computer to communicate with the internet simultaneously. When your operating system receives a packet from the network, it examines the port number to decide whether the packet is intended for your browser or messenger. However, ports also create a security risk because they open your computer to outside attackers. Often, one of the first things an attacker will do is scan a machine to discover open ports. A port is open if it accepts a connection from an external process. If the attacker finds an open port, they will attempt to infect your machine by sending it malicious packets. The Five-Layer Internet Protocol Stack To address the complexity of designing software for the internet, engineers decided to abstract the architecture into five independent layers. Each layer is responsible for managing the communication between specific components in the network. Each layer is independent, meaning its actions aren’t affected by the actions performed at the other layers. The protocol stack achieves this through a process called encapsulation, in which each layer treats information from the layers above it as generic data and does not try to interpret it. Five-layer internet protocol stack Let’s say a user composes an email. This happens at the application layer. As you can see, the messages associated with the email are then placed in transport layer packets. The transport layer does not read or alter the email in any way. It simply labels the packet with the information needed to process it. These transport layer packets are then placed into network layer packets and then data link layer packets before they are finally transmitted. By encapsulating and labeling each packet with its own headers, each layer can make decisions without depending on information from another layer. The Application Layer The application layer is responsible for communications between applications.There are several application layer protocols. The hypertext transfer protocol (HTTP) sends web pages to browsers, Domain name system (DNS) translate URL to ip address and the file transfer protocol (FTP) uploads files to a server. Email is sent using SMTP. The network components that are communicating at each layer of the five-layer internet protocol stack The Transport Layer The transport layer is responsible for managing communication between processes communicating over the internet. This layer has two main protocols: the transmission control protocol (TCP), which provides a guarantee that packets have reached their destination, and the user datagram protocol (UDP), which is less complex and provides no guarantees. The Network Layer The network layer is responsible for controlling how packets flow between routers in the network. IP addresses are implemented at this layer. The Data Link Layer The data link layer is responsible for communication between NICs. It also detects errors that might have occurred during transmissions. The data link layer also implements the MAC protocol, which is responsible for sharing the transmission medium (for example, radio spectrum or wires). The Physical Layer The physical layer is responsible for converting the ones and zeros that represent data in a computer into a transmittable form. This could mean translating them into pulses of light, radio or electrical signals, or even sound. Security Technology Virus Scanners A virus scanner is essentially software that tries to prevent a virus from infecting your system. In general, virus scanners work in two ways. The first method is that they contain a list of all known virus definitions. The virus definitions are simply files that list known viruses, their file size, properties, and behaviour. Generally, one of the services that vendors of virus scanners provide is a periodic update of this file. This list is typically in a small file, often called a.data file (short for data). When you update your virus definitions, what actually occurs is that your current file is replaced by the more recent one on the vendor’s website. Any file on your PC or attached to an email is compared to the virus definition file to see whether there are matches. With emails, this can be done by looking for specific subject lines and content. The virus definitions often also include details on the file, file size, and more. This provides a complete signature of the virus. The second way a virus scanner can work is to look for virus-like behaviour. Essentially, the scanner is looking to see if the file in question is doing things that viruses typically do—things like manipulating the Registry or looking through your address book. It is important to differentiate between on-demand virus scanning and ongoing scanners. An ongoing virus scanner runs in the background and is constantly checking your PC for any sign of a virus. On-demand virus scanners run only when you launch them. Many modern antivirus scanners offer both options. Keep in mind that any antivirus program will have some false positives and some false negatives. A false positive occurs when the virus scanner detects a given file as a virus, when in fact it is not. For example, a legitimate program may edit a Registry key or interact with your email address book. A false negative occurs when a virus is falsely believed to be a legitimate program. Virus-Scanning Techniques In general, there are five ways a virus scanner might scan for virus infections. Some of these are outlined and defined here: Email and attachment scanning: Since the primary propagation method for a virus is email, email and attachment scanning is the most important function of any virus scanner. Some virus scanners actually examine your email on the email server before downloading it to your machine. Other virus scanners work by scanning your emails and attachments on your computer before passing it to your email program. Download scanning: Anytime you download anything from the Internet, either via a web link or through some FTP program, there is a chance you might download an infected file. File scanning: This is the type of scanning in which files on your system are checked to see whether they match any known virus. This sort of scanning is generally done on an on- demand basis instead of an ongoing basis. It is a good idea to schedule your virus scanner to do a complete scan of the system periodically Heuristic scanning: Perhaps the most advanced form of virus scanning, this uses rules to determine whether a file or program is behaving like a virus and is one of the best ways to find a virus that is not a known virus. However, this process is not foolproof. Some actual virus infections will be missed, and some nonvirus files might be suspected of being a virus. Sandbox: Another approach is the sandbox approach. This basically means that you have a separate area, isolated from the operating system, in which a download or attachment is run. Then if it is infected, it won’t infect the operating system. Intrusion Detection System (IDS) An Intrusion Detection System (IDS) is a security technology that monitors network or system activities for malicious or suspicious behavior and issues alerts or takes predefined actions when it detects such activity. The primary goal of an IDS is to identify potential security incidents and raise awareness about them so that appropriate measures can be taken to address the threat. IDS can be classified into different categories based on their deployment, detection methods, and functionality. Deployment Categories: 1. Network-based IDS (NIDS): Monitors network traffic in real-time and analyzes packet headers or content to identify suspicious patterns or signatures indicative of known threats. NIDS are typically placed at strategic points within a network to monitor traffic. 2. Host-based IDS (HIDS): Operates on individual devices (hosts) and monitors activities such as log files, file integrity, system calls, and application behavior on the host. HIDS is effective at detecting attacks that may not be visible in network traffic. 3. Hybrid IDS (H-IDS): Combines features of both NIDS and HIDS, providing a more comprehensive approach to intrusion detection. Hybrid IDS can provide a more holistic view of security by analyzing both network and host-level events. Detection Methods: 1. Signature-Based Detection: Relies on a database of known attack patterns, or signatures, to identify malicious activity. When the system detects a pattern that matches a known signature, it generates an alert. This method is effective against well-known and documented threats. 2. Anomaly-Based Detection: Establishes a baseline of normal behavior and alerts on deviations from that baseline. Anomaly-based detection is useful for identifying new, previously unknown threats or abnormal behavior that may indicate a security incident. 3. Behavioral-Based Detection: Focuses on the behavior of entities within the network or on a host. It looks for deviations from normal behavior, such as unusual patterns of data access or changes in user behavior, to detect potential threats. Functionality: 1. Network Intrusion Detection System (NIDS): Specifically designed to monitor network traffic and identify suspicious patterns or signatures. NIDS can be placed at various points within a network to analyze traffic passing through. 2. Host Intrusion Detection System (HIDS): Installed on individual hosts (computers or servers) to monitor activities on that specific device. HIDS is particularly useful for detecting attacks that may originate from within the network. 3. Signature-Based IDS: Relies on a database of known attack signatures. It is effective against known threats but may struggle with detecting new or modified attacks that don't match existing signatures. 4. Anomaly-Based IDS: Focuses on detecting deviations from normal behavior. This approach is effective at identifying previously unknown threats but may generate false positives if the baseline is not accurately established. Intrusion Detection Systems play a crucial role in a comprehensive cybersecurity strategy by providing real-time or near-real-time detection of potential security incidents, allowing organizations to respond promptly to mitigate risks. Honey Pots A honey pot is an interesting technology. Essentially, it assumes that an attacker is able to breach your network security. And it would be best to distract that attacker away from your valuable data. Therefore, one creates a server that has fake data—perhaps an SQL server or Oracle server loaded with fake data, and just a little less secure than your real servers. Then, since none of your actual users ever access this server, monitoring software is installed to alert you when someone does access this server. A honey pot achieves two goals. First, it will take the attacker’s attention away from the data you wish to protect. Second, it will provide what appears to be interesting and valuable data, thus leading the attacker to stay connected to the fake server, giving you time to try to track them. There are commercial solutions, like Specter (www.specter.com). These solutions are usually quite easy to set up and include monitoring/tracking software. Firewalls A firewall is a crucial security technology that acts as a barrier between a trusted internal network and untrusted external networks, such as the internet. Its primary purpose is to monitor and control incoming and outgoing network traffic based on predetermined security rules. Firewalls play a fundamental role in enhancing the overall security posture of an organization by preventing unauthorized access, protecting against cyber attacks, and managing network traffic. Importance of Firewalls: 1. Access Control: Firewalls control access to a network by examining the source, destination, and type of traffic. This helps in preventing unauthorized users or malicious entities from gaining access to sensitive systems and data. 2. Network Security: Firewalls act as a frontline defense against various cyber threats, including malware, viruses, and other malicious activities. They help block or filter malicious traffic before it can reach the internal network. 3. Policy Enforcement: Firewalls enforce security policies by allowing or blocking specific types of traffic based on predefined rules. This ensures that network users and devices adhere to the organization's security guidelines. 4. Prevention of Unauthorized Communication: Firewalls prevent unauthorized communication between internal and external networks, reducing the risk of data exfiltration and unauthorized access to sensitive information. 5. Logging and Monitoring: Firewalls log network traffic and events, allowing administrators to monitor and analyze activities. This aids in identifying potential security incidents, investigating breaches, and maintaining an audit trail. How Firewalls Work: Firewalls work by inspecting packets of data as they pass through the network and making decisions about whether to allow or block them based on predetermined rules. The key mechanisms used by firewalls include: 1. Packet Filtering: Examines the header information of packets, such as source and destination IP addresses, protocol type, and port numbers. It allows or denies packets based on specified rules. 2. Stateful Inspection (Dynamic Packet Filtering): Keeps track of the state of active connections and makes decisions based on the context of the traffic. This allows firewalls to understand the state of a connection and make more informed decisions. 3. Proxy Filtering: Acts as an intermediary between internal and external systems. It receives requests from internal users, forwards them to external servers, and then returns the results. This helps hide internal network details and provides an additional layer of security. 4. Deep Packet Inspection (DPI): Analyzes the content of data packets, not just the header information. DPI can identify and block specific types of content or applications, making it effective against certain advanced threats. Categories of Firewalls: 1. Packet Filtering Firewalls: Examines packets based on predefined rules for source and destination addresses, ports, and protocols. It works at the network layer (Layer 3) of the OSI model. 2. Stateful Inspection Firewalls: Maintains a state table to track the state of active connections and makes decisions based on the context of the traffic. It provides a higher level of security compared to packet filtering. 3. Proxy Firewalls (Application Layer Firewalls): Acts as an intermediary between clients and servers, forwarding requests and responses. It can inspect and filter traffic at the application layer (Layer 7) and provides a higher level of control. 4. Next-Generation Firewalls (NGFW): Combine traditional firewall features with advanced security capabilities, such as intrusion prevention, application awareness, and deep packet inspection. 5. Hardware Firewalls: Physical devices that provide dedicated firewall functionality. They are often deployed at the network perimeter to protect an entire network. 6. Software Firewalls: Software-based solutions that can be installed on individual computers or servers. They are suitable for protecting specific devices or segments of a network. 7. Cloud Firewalls: Designed to protect cloud-based infrastructure and applications. They operate in cloud environments and provide security for virtual machines, containers, and other cloud resources. Firewalls are a fundamental component of network security and are essential for safeguarding against a wide range of cyber threats. Their deployment and configuration should be part of a comprehensive cybersecurity strategy to ensure the protection of sensitive data and network resources. SSL/TLS SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security), are cryptographic protocols that play a crucial role in ensuring secure communication over the internet. These protocols provide a secure channel between two devices, such as a web browser and a web server, to protect the confidentiality and integrity of data during transmission. Here are the key roles of SSL/TLS in cybersecurity: 1. Encryption: Role: SSL/TLS encrypts data during transit, preventing unauthorized parties from intercepting and reading sensitive information. Encryption ensures that even if intercepted, the data appears as unreadable gibberish without the appropriate decryption key. Importance: Protects user credentials, personal information, financial transactions, and other sensitive data from eavesdropping and interception by malicious actors. 2. Data Integrity: Role: SSL/TLS ensures the integrity of transmitted data by using cryptographic hash functions. This guarantees that the data has not been tampered with or altered during transit. Importance: Prevents attackers from modifying data in transit, providing assurance that the information received is the same as what was sent. 3. Authentication: Role: SSL/TLS supports mutual authentication, where both the client and the server can verify each other's identity using digital certificates. This helps users ensure they are interacting with legitimate websites. Importance: Mitigates the risk of man-in-the-middle attacks by confirming the authenticity of the communicating parties, enhancing trust in online interactions. 4. Securing Login Credentials: Role: SSL/TLS protects login credentials (username and password) during the authentication process. This is crucial for secure access to websites, online applications, and other services. Importance: Safeguards against credential theft and unauthorized access, ensuring the confidentiality of user accounts. 5. Secure Online Transactions: Role: SSL/TLS is widely used in securing e-commerce transactions and online banking. It protects financial information, such as credit card details, during the transfer between the user and the server. Importance: Establishes a secure environment for conducting online transactions, building trust among users and facilitating the growth of e-commerce. 6. Securing Web Browsing: Role: SSL/TLS is employed in HTTPS (HTTP Secure), which encrypts data exchanged between web browsers and servers. It secures the browsing experience and protects users from various cyber threats. Importance: Guards against man-in-the-middle attacks, session hijacking, and other forms of data interception that can compromise user privacy and security. 7. Compliance and Regulations: Role: SSL/TLS compliance is often a requirement for various industry standards and regulations, such as PCI DSS (Payment Card Industry Data Security Standard) for handling credit card information. Importance: Helps organizations meet legal and regulatory obligations related to the protection of sensitive data. 8. Protection Against POODLE, BEAST, and Other Attacks: Role: SSL/TLS protocols evolve to address vulnerabilities and weaknesses. For example, newer versions of TLS address vulnerabilities like BEAST (Browser Exploit Against SSL/TLS) and POODLE (Padding Oracle On Downgraded Legacy Encryption). Importance: Regular updates to SSL/TLS help mitigate emerging security threats and vulnerabilities. In summary, SSL/TLS protocols are foundational to cybersecurity, providing a secure framework for data transmission, authenticating parties involved in communication, and safeguarding against a range of cyber threats. The adoption of SSL/TLS is essential for ensuring a secure and trustworthy online experience. Virtual Private Networks A VPN is a virtual private network. This is essentially a way to use the Internet to create a virtual connection between a remote user or site and a central location. The packets sent back and forth over this connection are encrypted, thus making it private. The VPN must emulate a direct network connection. There are three different protocols that are used to create VPNs: 1. Point-to-Point Tunneling Protocol (PPTP) Point-to-Point Tunneling Protocol (PPTP) is the oldest of the three protocols used in VPNs. It was originally designed as a secure extension to Point-to-Point Protocol (PPP). It adds the features of encrypting packets and authenticating users to the older PPP protocol. PPTP works at the data link layer of the OSI model. PPTP offers two different methods of authenticating the user: Extensible Authentication Protocol (EAP) and Challenge Handshake Authentication Protocol (CHAP). EAP was actually designed specifically for PPTP and is not proprietary. CHAP is a three-way process whereby the client sends a code to the server, the server authenticates it, and then the server responds to the client. CHAP also periodically reauthenticates a remote client, even after the connection is established. 2. Layer 2 Tunneling Protocol (L2TP) Layer 2 Tunneling Protocol (L2TP) was explicitly designed as an enhancement to PPTP. Like PPTP, it works at the data link layer of the OSI model. It has several improvements to PPTP. First, it offers more and varied methods for authentication—PPTP offers two, whereas L2TP offers five. In addition to CHAP and EAP, L2TP offers PAP, SPAP, and MS- CHAP. PPTP will only work over standard IP networks, whereas L2TP will work over X.25 networks (a common protocol in phone systems) and ATM (asynchronous transfer mode, a high-speed networking technology) systems. L2TP also uses IPsec for its encryption. 3. Internet Protocol Security (Ipsec) IPsec is the latest of the three VPN protocols. One of the differences between IPsec and the other two methods is that it encrypts not only the packet data (recall the discussion of packets in Chapter 2), but also the header information. It also has protection against unauthorized retransmission of packets. This is important because one trick that a hacker can use is to simply grab the first packet from a transmission and use it to get their own transmissions to go through. Essentially, the first packet (or packets) has to contain the login data. If you simply resend that packet (even if you cannot crack its encryption), you will be sending a valid logon and password that can then be followed with additional packets. Preventing unauthorized retransmission of packets prevents this from happening. IPsec operates in one of two modes: Transport mode, in which only the payload is encrypted, and Tunnel mode, in which both data and IP headers are encrypted. Authentication and Authorization Authentication and authorization are fundamental components of cybersecurity that work together to ensure the security and integrity of systems, networks, and data. These two processes play distinct but interconnected roles in controlling access to resources and protecting against unauthorized activities. Authentication: Definition: Authentication is the process of verifying the identity of a user, device, or system. It ensures that the entity attempting to access a system is who or what it claims to be. Key Aspects: 1. Identification: Users or entities provide a unique identifier, such as a username, email address, or digital certificate, to assert their identity. 2. Verification: The system validates the provided identifier by comparing it with stored credentials, such as passwords, biometric data, or cryptographic keys. 3. Authentication Factors: Knowledge Factor: Something the user knows (e.g., passwords, PINs). Possession Factor: Something the user possesses (e.g., smart cards, security tokens). Biometric Factor: Something inherent to the user's physiology (e.g., fingerprints, facial recognition). 4. Multi-Factor Authentication (MFA): Involves using two or more authentication factors to enhance security. For example, combining a password with a fingerprint scan. Importance: Authentication ensures that only authorized users or entities can access systems, applications, or data. It helps prevent unauthorized access, identity theft, and protects against various cyber threats. Authorization: Definition: Authorization is the process of granting or denying access rights and permissions to authenticated users or systems based on their identity and level of trust. Key Aspects: 1. Access Control: Determines what resources (files, databases, applications) a user or system is allowed to access and what actions they can perform. 2. Permission Levels: Assigns specific permissions or privileges to users based on their roles, responsibilities, and the principle of least privilege. 3. Policy Enforcement: Enforces security policies by controlling the actions users can take within a system or network. Importance: Authorization ensures that authenticated users have the appropriate level of access to resources, minimizing the risk of unauthorized activities. It helps maintain data integrity, confidentiality, and overall system security. Information Security Standards and IPRs Cyber Laws (IT Law) in India Cyber Law also called IT Law is the law regarding Information-technology including computers and the internet. It is related to legal informatics and supervises the digital circulation of information, software, information security, and e-commerce. IT law does not consist of a separate area of law rather it encloses aspects of contract, intellectual property, privacy, and data protection laws. Intellectual property is a key element of IT law. The area of software license is controversial and still evolving in Europe and elsewhere. According to the Ministry of Electronics and Information Technology, Government of India : Cyber Laws yields legal recognition to electronic documents and a structure to support e-filing and e-commerce transactions and also provides a legal structure to reduce, check cyber crimes Importance of Cyber Law: 1. It covers all transactions over the internet. 2. It keeps eye on all activities over the internet. 3. It touches every action and every reaction in cyberspace. Area of Cyber Law: Cyber laws contain different types of purposes. Some laws create rules for how individuals and companies may use computers and the internet while some laws protect people from becoming the victims of crime through unscrupulous activities on the internet. The major areas of cyber law include: 1. Fraud: Consumers depend on cyber laws to protect them from online fraud. Laws are made to prevent identity theft, credit card theft, and other financial crimes that happen online. A person who commits identity theft may face confederate or state criminal charges. They might also encounter a civil action brought by a victim. Cyber lawyers work to both defend and prosecute against allegations of fraud using the internet. 2. Copyright: The internet has made copyright violations easier. In the early days of online communication, copyright violations were too easy. Both companies and individuals need lawyers to bring an action to impose copyright protections. Copyright violation is an area of cyber law that protects the rights of individuals and companies to profit from their creative works. 3. Defamation: Several personnel uses the internet to speak their mind. When people use the internet to say things that are not true, it can cross the line into defamation. Defamation laws are civil laws that save individuals from fake public statements that can harm a business or someone’s reputation. When people use the internet to make statements that violate civil laws, that is called Defamation law. 4. Harassment and Stalking: Sometimes online statements can violate criminal laws that forbid harassment and stalking. When a person makes threatening statements again and again about someone else online, there is a violation of both civil and criminal laws. Cyber lawyers both prosecute and defend people when stalking occurs using the internet and other forms of electronic communication. 5. Freedom of Speech: Freedom of speech is an important area of cyber law. Even though cyber laws forbid certain behaviors online, freedom of speech laws also allows people to speak their minds. Cyber lawyers must advise their clients on the limits of free speech including laws that prohibit obscenity. Cyber lawyers may also defend their clients when there is a debate about whether their actions consist of permissible free speech. 6. Trade Secrets: Companies doing business online often depend on cyber laws to protect their trade secrets. For example, Google and other online search engines spend lots of time developing the algorithms that produce search results. They also spend a great deal of time developing other features like maps, intelligent assistance, and flight search services to name a few. Cyber laws help these companies to take legal action as necessary to protect their trade secrets. 7. Contracts and Employment Law: Every time you click a button that says you agree to the terms and conditions of using a website, you have used cyber law. There are terms and conditions for every website that are somehow related to privacy concerns. Advantages of Cyber Law: Organizations are now able to carry out e-commerce using the legal infrastructure provided by the Act. Digital signatures have been given legal validity and sanction in the Act. It has opened the doors for the entry of corporate companies for issuing Digital Signatures Certificates in the business of being Certifying Authorities. It allows Government to issue notifications on the web thus heralding e-governance. It gives authority to the companies or organizations to file any form, application, or any other document with any office, authority, body, or agency owned or controlled by the suitable Government in e-form using such e-form as may be prescribed by the suitable Government. The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. Cyber Law provides both hardware and software security. Information Technology Act, 2000 The Information Technology Act, 2000 also Known as an IT Act is an act proposed by the Indian Parliament reported on 17th October 2000. This Information Technology Act is based on the United Nations Model law on Electronic Commerce 1996 (UNCITRAL Model) which was suggested by the General Assembly of United Nations by a resolution dated on 30th January, 1997. It is the most important law in India dealing with Cybercrime and E-Commerce. The main objective of this act is to carry lawful and trustworthy electronic, digital and online transactions and alleviate or reduce cybercrimes. The IT Act has 13 chapters and 90 sections. The last four sections that starts from ‘section 91 – section 94’, deals with the revisions to the Indian Penal Code 1860. The IT Act, 2000 has two schedules: First Schedule – Deals with documents to which the Act shall not apply. Second Schedule – Deals with electronic signature or electronic authentication method. Key provisions of the Information Technology Act, 2000, include: 1. Digital Signatures: The Act recognizes digital signatures as equivalent to physical signatures, providing legal validity to electronic documents. 2. Electronic Governance: The Act encourages the use of electronic records and digital signatures in government offices to facilitate efficient and transparent governance. 3. Electronic Contracts: The legislation acknowledges the validity of contracts formed through electronic means, ensuring that electronic contracts have legal standing. 4. Cybercrimes: The IT Act addresses various cybercrimes and prescribes penalties for offenses such as unauthorized access to computer systems, data theft, and the introduction of viruses or malware. 5. Data Protection and Privacy: The Act includes provisions for the protection of sensitive personal data and prescribes penalties for the unauthorized disclosure of information. 6. Adjudication and Appeals: The Act establishes adjudicating officers and an Appellate Tribunal to handle disputes related to cybercrimes and other offenses under the Act. 7. Intermediaries Liability: The legislation outlines the liability of intermediaries, such as internet service providers and social media platforms, for the content hosted on their platforms. 8. Network Service Providers: The Act recognizes the liability of network service providers for any unlawful content transmitted through their networks. The offences and the punishments in IT Act 2000 The offences and the punishments that falls under the IT Act, 2000 are as follows : 1. Tampering with the computer source documents. 2. Directions of Controller to a subscriber to extend facilities to decrypt information. 3. Publishing of information which is obscene in electronic form. 4. Penalty for breach of confidentiality and privacy. 5. Hacking for malicious purposes. 6. Penalty for publishing Digital Signature Certificate false in certain particulars. 7. Penalty for misrepresentation. 8. Confiscation. 9. Power to investigate offences. 10. Protected System. 11. Penalties for confiscation not to interfere with other punishments. 12. Act to apply for offence or contravention committed outside India. 13. Publication for fraud purposes. 14. Power of Controller to give directions. Sections and Punishments under Information Technology Act, 2000 are as follows : SECTION PUNISHMENT Section 43 This section of IT Act, 2000 states that any act of destroying, altering or stealing computer system/network or deleting data with malicious intentions without authorization from owner of the computer is liable for the payment to be made to owner as compensation for damages. Section 43A This section of IT Act, 2000 states that any corporate body dealing with sensitive information that fails to implement reasonable security practices causing loss of other person will also liable as convict for compensation to the affected party. Section 66 Hacking of a Computer System with malicious intentions like fraud will be punished with 3 years imprisonment or the fine of Rs.5,00,000 or both. Section 66 B, C, Fraud or dishonesty using or transmitting information or identity theft is D punishable with 3 years imprisonment or Rs. 1,00,000 fine or both. Section 66 E This Section is for Violation of privacy by transmitting image of private area is punishable with 3 years imprisonment or 2,00,000 fine or both. Section 66 F This Section is on Cyber Terrorism affecting unity, integrity, security, sovereignty of India through digital medium is liable for life imprisonment. Section 67 This section states publishing obscene information or pornography or SECTION PUNISHMENT transmission of obscene content in public is liable for imprisonment up to 5 years or fine of Rs. 10,00,000 or both. The Information Technology (Amendment) Act, 2008, introduced several changes to the original Act, including the addition of provisions related to data protection, increased penalties for certain offenses, and the introduction of new offenses such as cyberterrorism. It's important to note that laws and regulations may be updated or amended, so it's advisable to refer to the latest legal texts or consult legal professionals for the most current information. IT Act – 2008 Amendments The IT Act, 2000 was amended in 2008. This amendment introduced the controversial Section 66A into the Act. Section 66A Section 66A gave authorities the power to arrest anyone accused of posting content on social media that could be deemed ‘offensive’. As per the said section, a person could be convicted if proved on the charges of sending any ‘information that is grossly offensive or has menacing character’. It also made it an offence to send any information that the sender knows to be false, but for the purpose of annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill-will, through a computer or electronic device. The penalty prescribed for the above was up to three years’ imprisonment with fine. Section 69A Section 69A empowers the authorities to intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource if it is necessary or expedient to do so in the interest of the sovereignty or integrity of India, defense of India, the security of the State, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence or for investigation of any offence. It also empowers the government to block internet sites in the interests of the nation. The law also contained the procedural safeguards for blocking any site. When parties opposed to the section stated that this section violated the right to privacy, the Supreme Court contended that national security is above individual privacy. The apex court upheld the constitutional validity of the section. The recent banning of certain Chinese Apps was done citing provisions under Section 69A of the IT Act. Intellectual Property Rights Intellectual property rights are the rights given to each and every person for the creation of new things according to their minds. IPR usually give the creator a complete right over the use of his/her creation for a certain period of time. Intellectual property rights are the legal rights that cover the benefits given to individuals who are the owners and inventors of work and have created something unique with their intellectual creativity or capability. Every person related to areas such as literature, music, invention, etc., can be granted such rights, which can then be used in their business practices by them. The creator/inventor gets complete rights against any misuse or use of work without his/her prior information. However, the rights are issued for a limited period of time to maintain equilibrium. What are Intellectual Properties? 1. Industrial designs 2. Scientific discoveries 3. Protection against unfair competition 1.Literary, artistic, and scientific works 2.Inventions in all fields of human endeavor 3.Trademarks, service marks, commercial names, and designations Types of Intellectual Property Rights: Intellectual Property Rights can be classified into four types: 1. Copyright: Copyright is a term that describes ownership or control of the rights to the use and distribution of certain works of creative expression, including books, videos, movies, music, and computer programs. 2. Patent: A patent gives its owner the right to exclude others from making, using, selling, and importing an invention for a limited period of time. The patent rights are granted in exchange for enabling public disclosure of the invention. 3. Trademark: A Trademark is a Graphical representation that is used to distinguish the goods and services of one party from those of others. A Trademark may consist of a letter, number, word, phrase, logo, graphic, shape, smell, sound, or combination of these things. 4. Trade Secrets: Trade secret describes about the general formula of any product and the key behind any organization’s progress. It also includes various firms’ different secret formulas for the same products which differ in quality. Advantages of Intellectual Property Rights: The advantages of intellectual property rights are as follows: IPR yields exclusive rights to the creators or inventors. It encourages individuals to distribute and share information and data instead of keeping it confidential. It provides legal defense and offers the creators the incentive of their work. It helps in social and financial development. It inspires people to create new things without fear of intellectual theft. Copyright in the Digital Medium Copyright in the digital medium refers to the application of copyright law to works that exist in digital or electronic form. The digital medium encompasses a wide range of content, including text, images, audio, video, software, and other creative works that are created, distributed, and accessed through digital platforms. Here are key aspects of copyright in the digital medium: 1. Digital Works: Copyright protection extends to digital works, including content created and distributed in digital form. This can include e-books, digital images, audio files, videos, and software. 2. Originality and Creativity: Copyright protection applies to original and creative works of authorship. In the digital context, this includes content created for websites, social media, blogs, online publications, and more. 3. Automatic Protection: Copyright protection is generally automatic upon the creation of an original work. In the digital medium, as soon as content is created and fixed in a tangible form (such as saving a digital file), it is considered copyrighted. 4. Exclusive Rights: Copyright grants the creator exclusive rights to reproduce, distribute, perform, and display their work. In the digital medium, these rights apply to actions like copying files, sharing content online, streaming, and displaying images or videos on websites. 5. Digital Reproduction and Distribution: Digital reproduction and distribution are central elements of copyright in the digital medium. Creators have the right to control how their digital works are reproduced and distributed, whether through downloads, streaming, or other methods. 6. Digital Rights Management (DRM): Content creators often use Digital Rights Management (DRM) technologies to control access to and usage of their digital works. DRM can restrict unauthorized copying or distribution of digital content. 7. Online Platforms and Copyright: Copyright issues are prevalent on online platforms, including social media, video- sharing sites, and content-sharing platforms. Users and platform operators must be aware of copyright laws to avoid infringement. 8. Fair Use and Digital Millennium Copyright Act (DMCA): Fair use principles and the Digital Millennium Copyright Act (DMCA) in the United States provide some flexibility for certain uses of copyrighted material, especially in educational, commentary, or transformative contexts. The DMCA also establishes a process for addressing online copyright infringement. 9. International Considerations: Copyright in the digital medium involves international considerations due to the global nature of the internet. Creators need to be aware of copyright laws in different jurisdictions. 10.Challenges and Evolving Issues: The digital medium poses challenges to copyright enforcement, such as the ease of copying and sharing digital files. Emerging technologies, like artificial intelligence-generated content, also raise new copyright-related questions. Understanding and navigating copyright in the digital medium is crucial for creators, publishers, and users alike to ensure that intellectual property rights are respected and protected in the digital landscape. Copyright Act As of my last knowledge update in January 2022, the copyright laws in India are primarily governed by the Copyright Act, 1957, and its subsequent amendments. 1. Copyright Protection: The Copyright Act, 1957, provides protection for a variety of creative works, including literary, dramatic, musical, and artistic works. 2. Duration of Copyright: The duration of copyright protection varies depending on the type of work. Generally, the duration is the lifetime of the author plus 60 years. In the case of anonymous and pseudonymous works, cinematograph films, sound recordings, and photographs, the duration is different. 3. Works Covered: Copyright protection extends to a wide range of works, including books, manuscripts, computer programs, artistic works, musical works, sound recordings, cinematograph films, and more. 4. Exclusive Rights: The copyright owner has exclusive rights to reproduce, distribute, perform, and display the work. Unauthorized use of copyrighted material without permission may constitute infringement. 5. Fair Dealing and Exceptions: The law provides for certain exceptions, such as fair dealing for purposes like research, private study, criticism, review, or news reporting. 6. Performers' Rights: The Copyright Act recognizes the rights of performers in their performances. This includes rights in the fixation of their performances and broadcasting. 7. Digital Rights: The law has been amended to address issues related to digital technology and the internet. This includes provisions related to circumvention of technological protection measures and protection for internet service providers. 8. Moral Rights: The Act recognizes the moral rights of authors, which include the right to claim authorship of the work and the right to prevent any distortion, mutilation, or modification of the work. 9. Registration: While copyright protection is automatic, authors can choose to register their works with the Copyright Office to provide additional evidence in case of disputes. 10.Enforcement and Remedies: The Act outlines various remedies and penalties for copyright infringement, including injunctions, damages, and the right to seize infringing copies. 11.International Conventions: India is a signatory to various international copyright conventions, including the Berne Convention, which provides for the recognition of copyright across member countries. 12.Amendments: The Copyright Act has undergone amendments, with the most recent being the Copyright (Amendment) Act, 2012, which introduced changes to address contemporary issues, including digital piracy. Concept of Patent Right Patents are a form of intellectual property protection granted to inventors for new, useful, and non- obvious inventions or discoveries. In the digital medium, this can encompass a wide range of technological advancements, software innovations, and digital processes. Here are key aspects of the concept of patent rights in the digital medium: 1. Software Patents: One significant aspect of patent rights in the digital medium is the granting of patents for unique and inventive software-related inventions. This can include new algorithms, methods, processes, and applications. 2. Hardware Innovations: Patents in the digital medium extend beyond software to cover hardware innovations. This includes inventions related to computer hardware, digital devices, and other technological hardware components. 3. Business Methods and Processes: In the digital realm, patents can be granted for innovative business methods and processes that are implemented using digital technology. This could include novel e- commerce methods, online transaction processes, and other digital business innovations. 4. Data Processing Algorithms: Algorithms and methods related to data processing, analysis, and manipulation may be eligible for patent protection in the digital medium. This is particularly relevant in fields such as data analytics, machine learning, and artificial intelligence. 5. User Interfaces and User Experience (UI/UX): Inventions related to user interfaces, user experience design, and interactive design in the digital space may be eligible for patent protection. This includes novel designs for websites, applications, and other digital interfaces. 6. Telecommunications and Networking: Patents can be granted for inventions related to digital communication, networking protocols, and telecommunications technologies. This includes innovations in data transmission, network security, and wireless communication. 7. Digital Medical Technologies: In the healthcare sector, digital medical technologies, such as medical imaging software, diagnostic algorithms, and health monitoring devices, may be eligible for patent protection. 8. Patentability Criteria: To be eligible for a patent, an invention in the digital medium must meet certain criteria, including novelty, inventive step, and industrial applicability. The invention should be new, non-obvious, and have practical utility. 9. International Considerations: Patents in the digital medium often involve considerations of international patent law, as digital innovations can be deployed and accessed globally. Understanding how patents are granted and enforced internationally is crucial for companies and inventors in the digital space. 10.Challenges and Debates: The patentability of certain digital inventions, particularly in the software and business method domains, has been a subject of debate and interpretation. Different jurisdictions may have varying approaches to patenting software. Patent rights in the digital medium play a crucial role in encouraging innovation and protecting the interests of inventors and technology creators in an increasingly digital and technologically advanced landscape. Patent Act 1970 The Patents Act, 1970, is the primary legislation in India that governs the grant and regulation of patents. The Act has undergone amendments over the years, including significant amendments in 1999 and 2005. Here are some of the relevant provisions of the Patents Act, 1970, as amended: 1. Patentable Inventions (Section 3): The Act outlines what inventions are patentable. Inventions that are new, involve an inventive step, and are capable of industrial application are generally eligible for patent protection. However, certain categories, such as inventions contrary to established laws of nature, traditional knowledge, and methods of agriculture and horticulture, are excluded from patentability. 2. Novelty and Anticipation (Section 2(1)(l)): An invention is considered new if it has not been anticipated by prior publication anywhere in the world or used in India before the date of filing of the patent application. 3. Inventive Step (Section 2(1)(ja)): The Act requires that an invention must involve an inventive step, meaning it must not be obvious to a person skilled in the art. 4. Industrial Applicability (Section 2(1)(ac)): The invention must be capable of industrial application, i.e., it must be useful and applicable in an industry. 5. Non-Patentable Inventions (Section 3 and Section 4): The Act provides a list of inventions that are not patentable. This includes inventions that are frivolous or contrary to public order or morality, methods for treatment of humans or animals, plants and animals in whole or any part thereof (other than microorganisms), and mathematical or business methods. 6. Patent Application (Section 7): The Act outlines the procedure for filing a patent application, including the contents of the application, the role of the patent office, and the filing requirements. 7. Examination and Opposition (Sections 11, 25, and 25(1)): The Act provides for the examination of patent applications to determine whether the invention meets the patentability criteria. It also allows for pre-grant opposition, providing an opportunity for third parties to oppose the grant of a patent before it is granted. 8. Term and Renewal of Patents (Section 53): Patents are granted for a limited period, usually 20 years from the filing date of the application. The Act provides for the renewal of patents by payment of prescribed fees. 9. Compulsory Licensing (Chapter XVI): The Act includes provisions for compulsory licensing, allowing the government to grant licenses to third parties to use a patented invention under certain circumstances, such as if the patented invention is not available to the public at a reasonable price. 10.Exclusive Marketing Rights (EMRs): The Act, as amended in 1999, introduced provisions for Exclusive Marketing Rights (EMRs) to protect the rights of persons who had earlier filed applications for patents in other countries. 11.Revocation of Patents (Section 64): The Act provides for the revocation of patents under certain conditions, including if the invention is not worked in the territory of India or is not available to the public at a reasonable price. 12.Rights of Patentees (Chapter VIII): The Act outlines the rights of patentees, including the exclusive right to make, use, sell, and import the patented product or use the patented process. It's important to note that the Patents Act, 1970, has been amended multiple times, and additional rules and guidelines have been issued to complement the Act.

CyberSecurity CompleteNote PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue