VAC2-Introduction to Cyber Security.pdf

Full Transcript

1

VAC 2- Introduction to Cyber Security

Internet: The word internet is obtained from two words: International and Network. It is a worldwide
system of interconnected computer networks and electronic devices that communicate with each other
using an established set of protocols.
IP Address: An IP address, or Internet Protocol address, is a unique number that identifies a device
connected to a network or the internet.
Web Browser: It is the software on your computer that is used to connect to the Internet. Some popular
web browsers are Google Chrome, Safari, Mozilla Firefox, Opera, Microsoft Edge, Internet Explorer etc.
Routers: Routers forward data packets between computer networks. By using routing tables, routers
determine the best routes or paths for data transfer between devices.
Domain name system (DNS): converts human-readable domain names, such as www.example.com, into
machine-readable IP addresses. It also acts as a decentralized directory that helps users navigate the
internet.
Internet and World Wide Web (WWW): Internet is a global connection of networks, while the WWW
or web is a collection of information or websites that can be accessed using the internet. In other words, the
internet is the infrastructure and the web is a service on top of it.
Website: A website is a collection of publicly accessible, interlinked web pages that share a single domain
name. Websites can be created and maintained by an individual, group, business, or organization to serve a
variety of purposes.
Home Page: A home page is the default or front page of a site. It is the first page that visitors see when
they load a URL.
Uniform Resource Locator (URL): A URL (Uniform Resource Locator) is the address of a unique
resource on the internet.
Cyber Space: Cyberspace is a virtual world that's created by the interaction of people, software, and
services on the internet.
2
 3

Cyber Crime: Cybercrime is any criminal activity that involves a computer, network or networked device.
Types of Cyber Crime:-
Cyberextortion
This crime involves an attack or threat of an attack coupled with a demand for money to stop the attack.
Cryptojacking
This attack uses scripts to mine cryptocurrencies within browsers without the user's consent.
Identity theft
This type of attack occurs when an individual accesses a computer to steal a user's personal information,
which is then used to steal that person's identity or access their valuable accounts, such as banking and
credit cards.
Credit card fraud
This is an attack that occurs when malicious hackers infiltrate retailers' systems to get their customers'
credit card or banking information.
Cyberespionage
This crime involves cybercriminals hacking into systems or networks to gain access to confidential
information held by a government or other organization.
Software piracy
This attack involves the unlawful copying, distribution and use of software programs with the intention of
commercial or personal use. Trademark violations, copyright infringements and patent violations are often
associated with software piracy.
Exit scam
The dark web has given rise to the digital version of an old crime known as the exit scam. In today's form,
dark web administrators divert virtual currency held in marketplace escrow accounts to their own accounts
-- essentially, criminals stealing from other criminals.
Commonly seen cybercrime attacks include:
Distributed DoS (DDoS) attacks, which use a network's own communications protocol against it by
overwhelming its ability to respond to connection requests.
Malware is another common cybercrime that can damage systems, software or data stored on a system.
Ransomware attacks are a type of malware that encrypts or shuts down victim systems until a ransom is
paid.
Phishing campaigns help attackers infiltrate corporate networks. Phishing includes sending fraudulent
emails to users in an organization, enticing them to download malicious attachments or click on malicious
links that then spread the malware across the network.

Credential attacks, a cybercriminal aims to steal or guess victims' usernames and passwords. These
attacks can use of brute-force -- for example, by installing keylogger software -- or by exploiting software
or hardware vulnerabilities that expose the victim's credentials.
Hijack websites to change or delete content or to access or modify databases without authorization.
Other common examples of cybercrime include illegal gambling, the sale of illegal items -- such as
weapons, drugs or counterfeit goods -- and the solicitation, production, possession or distribution of child
pornography.
 4

Internet Security: Internet security refers to a set of techniques and methods targeted at safeguarding
online activities and transactions. Users can take the following steps to protect their online privacy:
 Install antivirus and antimalware software on devices and endpoints.
 Create difficult, varied passwords that are impossible to guess.
 Use a virtual private network or, at least, a private browsing mode, such as Google Chrome's
Incognito window.
 Use secure protocols, such as HTTPS, instead of HTTP for online transactions.
 Make all social media accounts private.
 Deactivate autofill.
 Turn off the device's Global Positioning System (GPS).
 Update cookies so an alert is sent anytime a cookie is installed.
 Log out of accounts instead of just closing the tab or window.
 Use caution with spam emails and never open or download content from unknown sources.
 Use caution when accessing public Wi-Fi or hotspots.
 Regularly back up important data both offsite and on the cloud.
Firewalls and security measures: Incoming and outgoing network traffic on the internet is monitored and
controlled by different types of security firewalls and security measures. Firewalls safeguard networks and
devices against unauthorized internet access, cyber threats and malicious activities.
Introduction to Ethical Hacking

Ethical hacking, also known as "penetration testing" or "white-hat hacking," is a proactive approach to
cybersecurity that involves simulating cyberattacks to identify and fix vulnerabilities within systems,
networks, or applications. This practice is conducted with the explicit permission of the system owner and
is aimed at enhancing overall security.

Key Aspects of Ethical Hacking:

1. Definition:
- Ethical hacking is the authorized practice of probing and assessing systems for security weaknesses.
Unlike malicious hackers, ethical hackers work with the goal of improving security and are permitted by
the system’s owner.

2. Objectives:
-Identify Vulnerabilities: Discover security flaws that could be exploited by attackers.
-Test Defenses: Assess the effectiveness of current security measures and protocols.
- Provide Recommendations: Suggest improvements and solutions to enhance security posture.
- Prevent Attacks: Help organizations defend against potential cyberattacks by fixing vulnerabilities
before they can be exploited.

3. Types of Ethical Hackers:
- White Hat Hackers: Professionals who conduct ethical hacking to strengthen security. They often work
in roles such as security consultants, penetration testers, or within internal security teams.
 5

- Gray Hat Hackers: Operate in a legal gray area. They may find and report vulnerabilities without
explicit permission but do not exploit them for personal gain.

4. Techniques and Tools:
- Penetration Testing: Simulates attacks to evaluate how well systems can withstand them.
- Vulnerability Scanning: Uses automated tools to identify security weaknesses.
- Social Engineering: Tests human factors by attempting to deceive individuals into divulging
confidential information.
- Tools: Commonly used tools include Nmap (for network scanning), Metasploit (for exploitation), Burp
Suite (for web application testing), and Wireshark (for network analysis).

5. Ethical Guidelines:
- Permission: Always obtain explicit, written consent from the system owner before conducting any tests.
- Confidentiality: Protect sensitive information and maintain confidentiality of findings.
- Integrity: Ensure that your activities do not disrupt or damage systems.
- Reporting: Clearly document and responsibly disclose vulnerabilities to the system owner, providing
recommendations for remediation.

6. Legal Considerations: - Ethical hackers must comply with legal and regulatory requirements related to
cybersecurity. This includes adhering to laws and standards governing data protection and cybercrime.

7. Benefits:
- Ethical hacking helps organizations to:
- Strengthen their security measures.
- Prevent data breaches and cyberattacks.
- Ensure compliance with regulations.
- Build trust with clients and stakeholders by demonstrating a commitment to security.

8. Career Path:
- Many ethical hackers hold certifications such as Certified Ethical Hacker (CEH), Offensive Security
Certified Professional (OSCP), or other relevant credentials. These certifications validate their skills and
adherence to ethical standards.

Ethics and Cyber Laws

Ethical hacking is a critical component of modern cybersecurity strategies, providing a valuable service by
identifying and addressing potential security threats before they can be exploited by malicious actors.
Ethics and cyber laws are fundamental components of the cybersecurity landscape, guiding how
individuals and organizations should conduct themselves in the digital realm. They help ensure that actions
in cyberspace are legal, responsible, and respectful of privacy and security.

Ethics in Cybersecurity
 6

Ethics in cybersecurity involves adherence to moral principles and professional standards when dealing
with information and technology. It emphasizes responsible behavior, integrity, and respect for privacy
while working with digital systems and data. Key aspects include:

1. Confidentiality: - Protecting sensitive information from unauthorized access or disclosure. This involves
ensuring that personal data, corporate secrets, and other sensitive information are handled with care and not
exposed to unauthorized individuals.

2. Integrity: - Maintaining the accuracy and reliability of information and systems. Ethical behavior
requires ensuring that data is not tampered with, and systems are not manipulated for personal gain or to
cause harm.

3. Accountability: - Taking responsibility for one's actions and decisions. This includes being transparent
about activities, acknowledging mistakes, and ensuring that corrective actions are taken when necessary.

4. Respect for Privacy: - Honoring individuals' rights to privacy and ensuring that personal data is
collected, stored, and used in a manner that respects individuals' rights and complies with legal standards.

5. Professional Conduct: - Adhering to ethical standards and best practices in cybersecurity. This includes
following codes of conduct established by professional organizations and certifications, such as those from
(ISC)² or ISACA.

Cyber Laws

Cyber laws, also known as information technology laws or cybercrime laws, are legal regulations that
govern activities in the digital world. They address issues related to data protection, cybercrimes, and the
legal use of technology. Key areas include:

1. Data Protection and Privacy Laws:
- General Data Protection Regulation (GDPR): A comprehensive data protection regulation in the
European Union that governs the collection, processing, and storage of personal data.
- California Consumer Privacy Act (CCPA): A California law that provides residents with rights
regarding their personal data, including the right to know what data is collected and to request deletion.
- Health Insurance Portability and Accountability Act (HIPAA): U.S. legislation that provides data
privacy and security provisions for safeguarding medical information.

2. Cybercrime Laws:
- Computer Fraud and Abuse Act (CFAA): U.S. legislation that addresses computer-related crimes,
including unauthorized access to computer systems and data.
- Digital Millennium Copyright Act (DMCA): U.S. law that protects copyright holders by addressing
issues related to digital rights and online piracy.
 7

3. Intellectual Property Laws:
- These laws protect creations of the mind, such as software, digital content, and inventions. They include
patents, trademarks, and copyrights, which ensure that creators' rights are upheld and that their works are
not used without permission.

4. E-Commerce and Electronic Transactions Laws:
- Regulations governing online transactions, digital contracts, and electronic signatures. Examples
include the Electronic Signatures in Global and National Commerce (ESIGN) Act and the Uniform
Electronic Transactions Act (UETA) in the U.S.

5. International Cyber Laws:
- International agreements and treaties that address cross-border cybercrime and cybersecurity issues.
Examples include the Council of Europe’s Convention on Cybercrime and various United Nations
initiatives aimed at promoting international cooperation in tackling cyber threats.

Intersection of Ethics and Cyber Laws

- Compliance: Ethical behavior often overlaps with legal requirements. Adhering to laws and regulations
helps ensure that cybersecurity practices are ethical and lawful.
- Best Practices: Ethical principles guide the development and implementation of cybersecurity policies
and practices that align with legal standards.
- Responsibility: Both ethics and laws emphasize the importance of protecting data, respecting privacy, and
preventing harm. They ensure that individuals and organizations act responsibly in the digital environment.

In summary, ethics and cyber laws are integral to ensuring responsible behavior and legal compliance in
the digital world. While ethics provide a framework for moral conduct, cyber laws establish the legal
boundaries within which individuals and organizations must operate. Together, they help maintain the
integrity, security, and privacy of digital systems and data.

Concept of Web Browsers and Web Crawlers

Web Browsers and Web Crawlers are essential components of the internet infrastructure, each serving
distinct but complementary roles in how we interact with and manage web content.

Web browsers are software applications used to access, retrieve, and display content from the World Wide
Web. They enable users to navigate websites and interact with web-based applications.

Key Features and Functions of Web Browsers:
 8

1. Rendering Web Pages: - Web browsers interpret, and display content written in HTML (Hypertext
Markup Language), CSS (Cascading Style Sheets), and JavaScript. They render text, images, videos, and
interactive elements on web pages.

2. Navigation: - Browsers allow users to enter URLs (Uniform Resource Locators) to access specific web
pages. They also support navigation through bookmarks, history, and back/forward buttons.

3. User Interface: - Provides a graphical interface for users to interact with the web. This includes address
bars, tabs for multiple pages, and various tools for managing settings and extensions.

4. Security Features: - Modern browsers include features like secure browsing modes (e.g., incognito),
phishing protection, and encryption (SSL/TLS) to protect users' data and privacy.

5. Extensions and Plugins: - Browsers support extensions and plugins that enhance functionality, such as ad
blockers, password managers, and custom themes.

Popular Web Browsers:
- Google Chrome
- Mozilla Firefox
- Apple Safari
- Microsoft Edge
- Opera

Web crawlers, also known as web spiders or bots, are automated programs designed to systematically
browse and index content from the web. They are fundamental to search engines and various data
aggregation services.

Key Functions of Web Crawlers:

1. Systematic Browsing: - Crawlers navigate the web by following hyperlinks from one page to another.
They visit websites, extract content, and follow links to discover additional pages.

2. Indexing: - The primary purpose of a web crawler is to index web content for search engines. This
involves cataloging information from web pages to make it searchable. The indexed data is used to
generate search results when users perform queries.

3. Data Collection: - Crawlers collect data from web pages, including text, metadata, and sometimes
multimedia content. This data is used for analysis, aggregation, or reporting purposes.

4. Scheduled Crawling: - To keep their indexes up-to-date, search engines use crawlers that periodically
revisit websites to check for new or updated content. This ensures that search results reflect the most
current information available.
 9

Common Features of Web Crawlers: - Crawl Depth: Determines how many levels of links a crawler will
follow from the starting page.
- Crawl Frequency: How often the crawler revisits a website to update its index.
- Robots.txt: A file used by websites to communicate rules to crawlers about which parts of the site
should not be crawled or indexed.

Popular Use Cases: - Search Engines: Google, Bing, and Yahoo use web crawlers to index the vast amount
of information available on the web.
- Data Mining: Companies and researchers use crawlers to collect and analyze data from websites for
various purposes, such as market research and competitive analysis.
- Content Aggregation: Services that compile news, reviews, or other content from multiple sources use
crawlers to gather and present this information in one place.

 Cyber Attacks

When a system is accessed by some third party or unauthorized persons, it is referred to as a cyber-attack.
The people who do this attack are termed as the attacker or hackers. When an attack happens, it will lead to
loss of data or misuse of data and also the manipulation of data. So, everyone needs to protect their systems
with cyber security.

1. Malware Attack

One of the most common cyber-attacks is a Malware attack. It performs some malicious software actions.
The three main types of malware attacks namely Trojan horses, viruses, and worms. It gets installed when
you click any link or email attachments. Once the malware enters the system, the ransomware will block
access to the network. And it will install some malicious software.

To secure the system from Malware attacks, one needs to install antivirus software or use Firewall.

2. Man-in-the-middle Attack (MITM)

In this attack, the hacker places themselves between the user and the software that makes the new
connection for the theft of information and tracks the user’s activity. Their main objective is to steal the
personal data and credentials of the user. There are two phases in MITM, they are interception and
Decryption.
 10

We can avoid this cyber-attack, by avoiding using public Wi-Fi networks like coffee shops or restaurants
that are not password protected.

3. Password Attack

The Passwords that we put for creating accounts on any website are being attacked by attackers. For this
purpose, they use various password-cracking tools like Cain, Air crack, etc. Some of the easy ways to get
prevented the attacks are using a strong password that includes alphanumeric values, Changing the
passwords often so they are less prone to attacks, and avoiding the password choices given by the
respective passwords.

4. SQL Injection Attack

SQL stands for Structured Query Language. This SQL query is scripted mainly for databases. With this
SQL injection attack, the attackers will enter the database website and insert some malicious code into the
entire script, and will take over the functions of the website.

When the attack happens, the hacker will change the functions of the database by editing it, viewing,
changing, or deleting the tables in the database. Some of the ways to prevent it are by using an intrusion
detection system if any unauthorized login occurs.

5. Phishing

A phishing attack is a type of cyber-attack that attempts to steal personal data, information, or login details.
It happens mostly in the Email when you reply to fraudulent emails. Phishing happens when you click any
attachment, enable macros in the word document, use a WIFI hotspot, responding to a request from social
media.
 11

There are some common types of phishing; spear phishing, whaling, Email phishing, Smishing, and
Vishing. Spear phishing means malicious emails to some specific persons. The whaling attacks a specific
person in a high position namely the CEO or Chief Executive.
Different types of Phishing Attacks?
Phishing is one of the most common social engineering attacks conducted by cybercriminals to trap users
into providing sensitive information or install malware into their system. According to the FBI, Phishing
was the most conducted cybercrime in 2020; the number got doubled from 2019 to 2020.

Though the final goal is the same, i.e., to attack victims psychologically, the attackers use different means
to conduct Phishing.

Depending on the way it is conducted, Phishing can be categorized into various types. In this post, we
would discuss the five most popular types of Phishing attacks.

Email Phishing

Phishing through emails is pretty widespread among cyber attackers as through emails, thousands of users
can be targeted at once. The Phisher behind the email would generally try to deceive the users by sending
intriguing offers or fake virus alerts.

Due to greed of getting the offer or fear of viruses, most receivers would do what exactly instructed in the
email and thus either provide their confidential information or install malware programs disguised as fake
antivirus to remove viruses.

Spear Phishing

While in Email Phishing emails are sent to a large number of people at once, in Spear Phishing, the
cybercriminals target specific people through emails. For that, the attackers conduct extensive research of
the target person and know details like Name, Job, Place of employment, job title, email address, bank, and
more.

After getting all the details, they trap the targets by sending an email pretending from their seniors or from
their bank. The targeted emails are designed carefully so that victims cannot doubt them.

Domain Spoofing

In this type of Phishing, the domain of the popular eCommerce sites and banks are copied and modified to
look exactly like the original URL so that users misjudge them as the official sites; for example,
amazon.com is spoofed as amzn.xyz. After spoofing a domain, users are sent unsolicited links and asked to
click on them to get offers and deals.

The attackers even design web pages similar to the website they have copied. Other than that, the Phishers
also send emails with the ID generated with the spoofed domain so that the email appears authentic and
official.
 12

Smishing

Smishing or SMS Phishing is a type of Phishing in which the Phishers fool users by sending fake offers
through SMS. The links shared through Smishing are generally malicious and redirect users to download
fake malware containing apps.

The attackers trick users by framing catchy text messages; for example - "Get 50% Off on your next
purchase at Amazon. Click here to avail the offer" or "Get Spotify Premium for Free. Click this link to
download."

Vishing

Yes, you guessed it correct. Like SMS Phishing is Smishing, the Voice Phishing is Vishing. Vishing is
Phishing conducted through calls. The professional Phisher would call the targets pretending as some
official and deceive them into providing sensitive information such as bank details or other essential
credentials.

Most banking frauds are conducted through Vishing, in which the attacker pretends to be a banking
official, calls the victims, tricks them into providing the card details, and wipes out their money.

6. Denial of service

It is the attack that most companies have been attacked. They target the servers, systems, and networks and
push them to congestion or network traffic. Due to this network traffic, the website will face exhaustion of
the resources allocation and there will be no space for receiving the acknowledgment. So due to this, the
server will slow down and even shuts down. So, the request from legitimate requests is also avoided by the
user.

7. Crypto Jacking

The Crypto-jacking attack is one of the major cybercrimes. This attack is mainly implemented to get the
third parties computing resources for mining cryptocurrency. This attack happens when you click on any
ads that are coded mostly with JavaScript or by clicking any link.

 Difference between Virus, Worm and Trojan Horse

A virus is malicious software (malware) made up of little bits of code attached to legitimate programs.
When that software is launched, the virus is launched as well.

Viruses are malicious programs that infect computer files and spread without the user's knowledge. The
most common virus infections are spread via e-mail attachments that activate when opened. As infected e-
mails are forwarded to multiple people, the virus's vicious cycle continues. Viruses can also be propagated
through shared media, such as USB flash drives.Viruses are responsible for widespread and major
computer systems and file loss. They were initially intended as pranks. Anti-virus software can assist
prevent, block, or delete viruses that have already been installed.
 13

A worm is a harmful software (virus) that replicates itself as it moves from computer to computer, leaving
copies of itself in each computer's memory.

A worm finds a computer's vulnerability and spreads like an illness throughout its associated network,
constantly looking for new holes. Worms, like viruses, are spread by e-mail attachments from seemingly
trustworthy senders. Worms then spread through an e-mail account and address book to a user's contacts.

Some worms reproduce and then go dormant, while others inflict harm. The Worm's code is referred to
as payload in such circumstances.

A Trojan horse is malware that disguises itself as a genuine program and downloads it onto a computer. A
Trojan horse gets its name from how it's delivered: an attacker often uses social engineering to disguise
malicious code within genuine software.

One of the critical characteristics of a Trojan is that it cannot replicate itself, and a user has to install it
themselves. It produces a chance for another PC to fully control the infected PC and replicate to harm the
host computer systems or steal data. A Trojan horse will damage your computer once it is installed or used,
but it will look to be helpful software at first glance.

A Trojan virus spreads by spamming genuine-looking e-mails and attachments to the inboxes of a large
number of users. Trojans can also infect devices when cybercriminals persuade people to download
malicious software. The malicious software could be disguised in banner advertisements, pop-up ads, or
website links.

Beast, Zeus, The Blackhole Exploit Kit, and Back Orifice are example of some famous Trojan horses.

The following table highlights the major differences between Virus, Worm, and Trojan Horse
Virus Worm Trojan Horse

A Virus is a computer program or A Worm is a computer
Trojan Horse is a hidden
software loaded, either deliberately program similar to a virus that
piece of malware that steals
or unknowingly by the user. It does not communicate with
sensitive information/data
connects to another other system programs but
from a user's system and
software/program to execute multiplies and runs itself to
sends it to another location
unanticipated tasks when the slow down and damage the
across the network.
system's actual program is running. performance of the system.

Viruses cannot be operated remotely
Worms can be controlled by Trojan Horse can also be
since they are installed on the target
the remote because they can operated remotely, much like
machine or by the user
open a back door to the host. worms via the network.
inadvertently.

Viruses, like worms, cannot Worms replicate themselves In comparison to viruses and
replicate themselves. Viruses also in the system and propagate worms, a Trojan Horse
 14

propagate at a moderate rate. quicker than viruses and spreads slowly.
Trojan horses.

The Trojan horse virus, much
Worms aim to degrade system
The primary goal of a virus is to like in the story, disguises
performance and slow it down
alter or erase system data. itself as normal software and
by eating system resources.
steals crucial information

Trojan horse is a type of
Worms take use of system
Viruses use executable files to malware that runs through a
flaws to carry out their
spread. program and is interpreted as
attacks.
utility software.

Spyware is a broad category of malware program that infiltrates the user's system without permission to
perform various malicious tasks. As its name suggests, Spyware is basically meant for spying on the users
and collect their sensitive information like browsing habit, banking details, credit card details, and more.
Cybercriminals can then use that information for hacking, extortions, and more such illicit activities.
Antivirus
Antivirus software (antivirus program) is a security program designed to prevent, detect, search and
remove viruses and other types of malware from computers, networks and other devices

Cryptography

Cryptography is the study of Secret (crypto-)-Writing (-graphy).It is the science or art of
encompassing the principles and methods of transforming an intelligible message into one that is
intelligible and then transforming the message back to its original form. As the field of cryptography has
advanced; cryptography today is assumed as the study of techniques and applications of securing the
integrity and authenticity of transfer of information under difficult circumstances. Today’s cryptography is
more than encryption and decryption. Authentication is as fundamentally a part of our lives as privacy. We
use authentication throughout our everyday lives when we sign our name to some document and for
instance and, as we move to world where our decisions and agreements are communicated electronically,
we need to have electronic techniques for providing authentication. Cryptography provides mechanisms for
such procedures.

On the other hand Cryptography is the science of using mathematics to encrypt and decrypt data.
Cryptography enables you to store sensitive information or transmit it across insecure networks (like the
Internet) so that it cannot be read by anyone except the intended recipient. While cryptography
is the science of securing data, cryptanalysis is the science of analyzing and breaking secure
communication. Classical cryptanalysis involves an interesting combination of analytical reasoning,
application of mathematical tools, pattern finding, patience, determination, and luck. Cryptanalysts are also
called attackers. Cryptology embraces both cryptography and cryptanalysis.

Working Principle of Cryptography
 15

A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and
decryption process. A cryptographic algorithm works in combination with a key — a word, number, or
phrase — to encrypt the plaintext. The same plaintext encrypts to different ciphertext with different keys.
The security of encrypted data is entirely dependent on two things: the strength of the cryptographic
algorithm and the secrecy of the key.

Steganography, hiding one message inside another, is an old technique that is still in use. For example a
message can be hidden inside a graphics image file by using the low order 12 bit of each pixel to encode
the message. The visual effect of these tiny changes is probably too small to be noticed by the user. The
message can be hidden further by compressing it or by encrypting it with a conventional cryptosystems.

Objective

Cryptography plays an essential role in

 Authentication. This process to prove the identity of an entity can be based on something
you know, such as a password; something you have, such as an
encryption key or card; something you are, such as biometric measurements, including
retinal scans or voice recognition; or any combination of these.

 Data confidentiality. With this property, information is not made available or disclosed to
unauthorized individuals, entities, or processes. When two or more parties are involved in a
communication, the purpose of confidentiality is to guarantee that only those parties can
understand the data exchanged. Confidentiality is enforced by encryption.

 Data integrity. This property refers to data that has not been changed, destroyed, or lost in an
unauthorized or accidental manner. The need for data integrity is especially evident if data is
transmitted across a nonsecure network, such as the Internet, where a man-in-the-middle attack
can easily be mounted. Integrity is enforced by mathematical functions applied to the message
being transmitted.

 Non-repudiation. Repudiation is the denial by one of the entities involved in a communication
of having participated in all or part of the communication. Non- repudiation is protection against
repudiation and can be of two types.

(i) Non-repudiation with proof of origin provides the recipient of data with evidence that proves
the origin of the data and thus protects the recipient against an attempt by the originator to
falsely deny sending the data. Its purpose is to prove that a particular transaction took place, by
establishing accountability of information about a particular event or action to its originating
entity.

(ii) Non-repudiation with proof of receipt provides the originator of data with evidence proving
that data was received as addressed and thus protects the originator against an attempt by the
 16

recipient to falsely deny receiving the data.

In most cases, the term non-repudiation is used as a synonym of non- repudiation with proof of origin. Like
integrity, non-repudiation is based on mathematical functions applied to the data being generated during
the transaction.

Keeping secrets is a long-standing tradition in politics, the military, and commerce. The invention of
public-key cryptography in the 1970s has enabled electronic commerce to blossom in systems based on
public networks, such as the Internet.
 Cryptography Tools

Keys
A key is a value that works with a cryptographic algorithm to produce a specific ciphertext. Keys
are basically really, really, really big numbers. Key size is measured in bits; the number representing a
1024-bit key is darn huge. In public key cryptography, the bigger the key, the more secure the ciphertext.

Encryption:
In cryptography, encryption is the process of encoding messages or information in such a way that
only authorized parties can read it. Encryption does not of itself prevent interception, but denies the
message content to the interceptor. In an encryption scheme, the message or information, referred to as
plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if
decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key
generated by an algorithm. It is in principle possible to decrypt the message without possessing the key,
but, for a well-designed encryption scheme, large computational resources and skill are required. An
authorized recipient can easily decrypt the message with the key provided by the originator to recipients,
but not to unauthorised interceptors.

Types of encryption:
Symmetric key encryption
In symmetric-key schemes, the encryption and decryption keys are the same. Thus communicating
parties must have the same key before they can achieve secret communication.
 17

Illustration of how a file or document is sent using Public key encryption.

Public key encryption
In public-key encryption schemes, the encryption key is published for anyone to use and encrypt
messages. However, only the receiving party has access to the decryption key that enables messages to be
read. Public-key encryption was first described in a secret document in 1973; before then all encryption
schemes were symmetric-key (also called private-key).
A publicly available public key encryption application called Pretty Good Privacy (PGP) was written in
1991 by Phil Zimmermann, and distributed free of charge with source code; it was purchased by Symantec
in 2010 and is regularly updated. [2,a]

Uses of encryption
Encryption has long been used by military and governments to facilitate secret communication. It is
now commonly used in protecting information within many kinds of civilian systems
Encryption is also used to protect data in transit, for example data being transferred via networks (e.g.
the Internet, e-commerce), mobile telephones, wireless microphones, wireless intercom systems,
Bluetooth devices and bank automatic teller machines.

Decryption:
Decryption is the process of transforming data that has been rendered unreadable through
encryption back to its unencrypted form. In decryption, the system extracts and converts the garbled data
and transforms it to texts and images that are easily understandable not only by the reader but also by the
system. Decryption may be accomplished manually or automatically. It may also be performed with a set
of keys or passwords.

The following table highlights the major differences between encryption and decryption −

Key Encryption Decryption
 18

Key Encryption Decryption

Encryption is a process of converting a
Decryption is a process of converting the
Definition plain text into an encrypted or cipher
encrypted or cipher text into plain text.
text.

Place of Encryption takes place at the sender's
Decryption is done at the receiver's end.
Occurrence end.

A secret key or a public key must be Any communication that requires the use
Process
used to encrypt every message. of a secret key or private key to decode.

After encrypting the data with a secret The receiver gets the encrypted data and
Actor key or a public key, the sender delivers it uses the secret key or private key to
to the recipient. decode it.

Asymmetric Key Ciphers

RSA(Ron Rivest, Adi Shamir and Leonard Adleman)

Introduction
RSA is one of the first practical public-key cryptosystems and is widely used for secure data
transmission. In such a cryptosystem, the encryption key is public and differs from the decryption key
which is kept secret. In RSA, this asymmetry is based on the practical difficulty of factoring the product of
two large prime numbers, the factoring problem. RSA is made of the initial letters of the surnames of
Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described the algorithm in
1977. Clifford Cocks, an English mathematician, had developed an equivalent system in 1973, but it was
not declassified until 1997.
A user of RSA creates and then publishes a public key based on the two large prime numbers, along with
an auxiliary value. The prime numbers must be kept secret. Anyone can use the public key to encrypt a
message, but with currently published methods, if the public key is large enough, only someone with
knowledge of the prime numbers can feasibly decode the message. Breaking RSA encryption is
known as the RSA problem; whether it is as hard as the factoring problem remains an open question.

Algorithm
The RSA algorithm involves three steps: key generation, encryption and decryption.

Key generation
RSA involves a public key and a private key. The public key can be known by everyone and is
used for encrypting messages. Messages encrypted with the public key can only be decrypted in a
reasonable amount of time using the private key. The keys for the RSA algorithm are generated
 19

the following way:

1. Choose two distinct prime numbers p and q.
 For security purposes, the integers p and q should be chosen at random, and
should be of similar bit-length. Prime integers can be efficiently found using a
primality test.
2. Compute n = pq.
 n is used as the modulus for both the public and private keys. Its length, usually
expressed in bits, is the key length.
3. Compute φ(n) = φ(p)φ(q) = (p − 1)(q − 1) = n - (p + q -1), where φ is Euler's totient
function. This value is kept private.
4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1; i.e., e and φ(n) are
coprime.
 e is released as the public key exponent.
 e having a short bit-length and small Hamming weight results in more
efficient encryption – most commonly 216 + 1 = 65,537. However, much
smaller values of e (such as 3) have been shown to be less secure in some
settings.
Determine d as d ≡ e−1 (mod φ(n)); i.e., d is the modular multiplicative inverse of e
(modulo φ(n)).

 This is more clearly stated as: solve for d given d e ≡ 1 (mod φ(n))
 This is often computed using the extended Euclidean algorithm. Using the
pseudocode in the Modular integers section, inputs a and n correspond to e
and φ(n), respectively.
 d is kept as the private key exponent.
The public key consists of the modulus n and the public (or encryption) exponent e. The private
key consists of the modulus n and the private (or decryption) exponent d, which must be
kept secret. p, q, and φ(n) must also be kept secret because they can be used to calculate d.

 An alternative, used by PKCS#1, is to choose d matching de ≡ 1 (mod λ) with λ =
lcm(p − 1, q − 1), where lcm is the least common multiple. Using λ instead of φ(n)
allows more choices for d. λ can also be defined using the Carmichael function,
λ(n).

Encryption
Alice transmits her public key (n, e) to Bob and keeps the private key d secret. Bob then wishes to send
message M to Alice.
He first turns M into an integer m, such that 0 ≤ m < n and gcd(m, n) = 1 by using an agreed-upon reversible
protocol known as a padding scheme. He then computes the ciphertext c corresponding to
 20

This can be done efficiently, even for 500-bit numbers, using Modular
exponentiation. Bob then transmits c to Alice.
Note that at least nine values of m will yield a ciphertext c equal to m,

Decryption
Alice can recover m from c by using her private key exponent d via computing

Given m, she can recover the original message M by reversing the padding scheme.

(In practice, there are more efficient methods of calculating cd using the precomputed values
below.)

What is Digital Signature?

In the technologically advance world, where everything is being advanced electronic; a signature that
approves the respective documents, also became digital. Likewise, a digital signature is a technique of
verifying the authenticity and integrity of electronic documents or messages by using a secure digital code
generated from a set of unique and private encryption keys. In fact, the digital signature serves as an
electronic equivalent of a traditional handwritten signature and provides proof of the authenticity of the
sender, the integrity of the data, and the non-repudiation of the content.

password policy
A password policy is a set of rules designed to enhance computer security by encouraging users to employ
strong passwords and use them properly. A password policy is often part of an organization's official
regulations and may be taught as part of security awareness training. Either the password policy is merely
advisory, or the computer systems force users to comply with it. Some governments have national
authentication frameworks that define requirements for user authentication to government services,
including requirements for passwords.
The key points of these are:

 Verifiers shall not impose composition rules (e.g., not require mixtures of different character types and
not prohibit consecutively repeated characters)
 Verifiers shall not require passwords to be changed arbitrarily or regularly (e.g. no 90-day or 365-day
change rule)
 Passwords must be at least 8 characters in length
 Password systems should permit subscriber-chosen passwords at least 64 characters in length.
 All printing ASCII characters, the space character, and Unicode characters should be acceptable in
passwords
 21

 When establishing or changing passwords, the verifier shall advise the subscriber that they need to
select a different password if they have chosen a weak or compromised password
 Verifiers should offer guidance such as a password-strength meter, to assist the user in choosing a
strong password
 Verifiers shall store passwords in a form that is resistant to offline attacks. Passwords shall be salted and
hashed using a suitable one-way key derivation function. Key derivation functions take a password, a salt,
and a cost factor as inputs then generate a password hash. Their purpose is to make each password guessing
trial by an attacker who has obtained a password hash file expensive and therefore the cost of a guessing
attack high or prohibitive.

I. INTRUSION DETECTION SYSTEM (IDS) AND INTRUSION PREVENTION SYSTEM (IPS)

1. What are Intrusion Detection system (IDS) and Intrusion Prevention System (IPS)?
Intrusion Detection and Prevention System is a part of network security measures taken to detect and
stop potential intrusions. They are included functionality within next-generation firewalls (NGFW).
Intrusion detection is the process of monitoring the network traffic and analyzing it for signs of possible
malicious activity like exploit attempts and incidents that may be imminent threats to a network.
Intrusion prevention is the process of performing intrusion detection and then stopping/blocking the
detected incidents, typically done by dropping packets or terminating sessions. Major functions of intrusion
prevention systems are to identify malicious activity, collect information about this activity, report it and
attempt to block or stop it.
2. What are the benefits of IDS/IPS?
IDS/IPS are necessary security technologies, both at the network edge and within the data centre, precisely
because they can stop attackers while they are gathering information about a network.
3. How do IDS/IPS work?
IDS monitors all traffic on the network to identify any known malicious behaviour. One of the ways in
which an attacker will try to compromise a network is by exploiting vulnerability/weakness within a device
or within software.
IPS works by analyzing network traffic in real-time and comparing it against known attack patterns and
signatures. When the system detects suspicious traffic, it blocks it from entering the network, and reports
them to security administrators.
4. What are three IDS detection methodologies typically used to detect incidents?
Signature-based detection compares signatures against observed events to identify possible incidents.
This is the simplest detection method because it compares only the current unit of activity (such as a packet
or a log entry to a list of signatures) using string comparison operations.
Anomaly-based detection compares definitions of what is considered normal activity with observed
events in order to identify significant deviations. This detection method can be very effective at spotting
previously unknown threats.
Stateful protocol analysis compares predetermined profiles of generally accepted definitions for benign
protocol activity for each protocol state against observed events in order to identify deviations.
5. What are the characteristics of an IPS?
An IPS is an essential tool for network security. Here are some reasons why:
Protection against Known and Unknown Threats: An IPS can block known threats and also detect and
 22

block unknown threats that haven’t been seen before.
Real-Time Protection: An IPS can detect and block malicious traffic in real-time, preventing attacks from
doing any damage.
Cost-Effective: An IPS is a cost-effective way to protect your network compared to the cost of dealing with
the aftermath of a security breach.
Increased Network Visibility: An IPS provides increased network visibility, allowing you to see what’s
happening on your network and identify potential security risks.
6. What are the types of IPS?
There are two main types of IPS:
Network-Based IPS: A Network-Based IPS is installed at the network perimeter and monitors all traffic
that enters and exits the network. It monitors the entire network for suspicious traffic by analyzing protocol
activity.
Host-Based IPS: A Host-Based IPS is installed on individual hosts and monitors the traffic that goes in and
out of that host. It is an inbuilt software package which operates a single host for doubtful activity by
scanning events that occur within that host.
7. Comparison of IPS with IDS:
The main difference between Intrusion Prevention System (IPS) with Intrusion Detection Systems (IDS)
are:
Intrusion prevention systems are placed in-line and are able to actively prevent or block intrusions that are
detected.
IPS can take such actions as sending an alarm, dropping detected malicious packets, resetting a connection
or blocking traffic from the offending IP address.
IPS also can correct cyclic redundancy check (CRC) errors, defragment packet streams, mitigate TCP
sequencing issues and clean up unwanted transport and network layer options.

8. Is a firewall an IDS or IPS?
True next-generation firewalls contain IDS and IPS functionality. However, not all firewalls are next-
generation firewalls. Also, a firewall blocks and filters network traffic, while IDS and IPS detect and alert
or block an exploit attempt, depending on configuration. IDS and IPS act on traffic after the firewall filters
the traffic, according to configured policy.
9. Conclusion:--
An IDS/IPS system is a crucial component of any network security strategy. It monitors network traffic in
real-time, compares it against known attack patterns and signatures, and blocks any malicious activity or
traffic that violates network policies. An IPS is an essential tool for protecting against known and unknown
threats, complying with industry regulations, and increasing network visibility. Consider implementing an
IPS to protect your network and prevent security breaches.

II. SOCIAL MEDIA MARKETING
1. What is social media marketing (SMM)?
Social media marketing involves the use of social media platforms to promote products and/or services,
connect with the consumers to build a brand, increase sales, and drive website traffic to business. With new
features and platforms emerging every day, social media marketing is constantly evolving.
2. What are the 5 steps in social media marketing (SMM)?
 23

A solid social media strategy has 5 core steps: defining your goals, choosing platforms (e.g. Facebook,
YouTube, Instagram, LinkedIn, Twitter, TikTok, Snapchat), identifying your audience, connecting with
them through engaging content, and always looking for opportunities to optimize and improve.

III. DEFENSE TOOLS FOR SOCIAL MEDIA SECURITY
Social media is part of our social fabric. So much so that over 56% of the global population are social
media users to some degree or other. With all that sharing, conversing, and information passing between
family and friends, social media can be a distinct digital extension of ourselves—making it important to
know how you can protect your social media accounts from hacks and attacks. Given how much we enjoy
and rely on social media, now’s a fine time to give your social media settings and habits a closer look so
that you can get the most out of it with less fuss and worry. Whether you’re using Facebook, Instagram,
TikTok, or whatnot, here are several things you can do that can help keep you safe and secure out there.

1. What is Social Media Security?
Social media security refers to the measures and practices implemented to protect individuals,
organizations, and their data from various threats and risks associated with using social media platforms.

2. What are the basic objectives of Social Media Security?
Privacy: Controlling who sees your information and ensuring it’s not accessed by unauthorized individuals.
Identity theft prevention: Stopping hackers from taking over your accounts and potentially harming others
in your name.
Cybersecurity: Staying safe from malware, phishing attempts, and social engineering tricks designed to
steal your information.
Reputation management: Managing your online image and minimizing the impact of negative content.
Data protection: Safeguarding your personal information, photos, videos, and messages on social media
platforms.
3. What is Multi-factor authentication (MFA)?
Multi-factor authentication acts as an additional layer of security to prevent unauthorized users from
accessing these accounts, even when the password has been stolen. Businesses use multi-factor
authentication to validate user identities and provide quick and convenient access to authorized users.

4. How to Protect Your Social Media Accounts?

(a) Set strong, unique passwords
Passwords mark square one in your protection, with strong and unique passwords across all your accounts
forming the primary line of defense. Yet with all the accounts we have floating around, juggling dozens of
strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler
passwords. Hackers love this because one password can be the key to several accounts. Instead, try a
password manager that can create those passwords for you and safely store them as well. Comprehensive
security software will include one.

(b) Go private
Social media platforms like Facebook, Instagram, and others give you the option of making your profile
and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re
 24

doing, saying, and posting, which can help protect your privacy.

(c) Say “no” to strangers bearing friend requests
Be critical of the invitations you receive. Out-and-out strangers could be more than just a stranger, they
could be a fake account designed to gather information on users for purposes of cybercrime, or they could
be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2021
alone, Facebook took action on 1.8 billion fake accounts. Reject such requests.

(d) Think twice before checking in
Nothing says ―there’s nobody at home right now‖ like that post of you on vacation or sharing your location
while you’re out on the town. In effect, such posts announce your whereabouts to a broad audience of
followers (even a global audience, if you’re not posting privately, as called out above). Consider sharing
photos and stories of your adventures once you’ve returned.

(e) The internet is forever
It’s a famous saying for a reason. Whether your profile is set to private or if you are using an app with
―disappearing‖ messages and posts (like Snapchat), what you post can indeed be saved and shared again.
It’s as simple as taking a screenshot. If you don’t want it out there, forever or otherwise, simply don’t post
it.

(f) Watch out for phishing scams
We’re increasingly accustomed to the warnings about phishing emails, yet phishing attacks happen plenty
on social media. The same rules apply. Don’t follow any links you get from strangers by way of instant or
direct messengers. And keep your personal information close. Don’t pass out your email, address, or other
info as well. Even those so-called ―quiz‖ posts and websites can be ruses designed to steal bits and pieces
of personal info that can be used as the basis of an attack.

(g) Also keep an eye out for scams of all kinds
Sadly, social media can also be a place where people pull a fast one. Get-rich-quick schemes, romance
cons, and all kinds of imposters can set up shop in ads, posts, and even direct messages—typically
designed to separate you from your personal information, money, or both. This is an entire topic in itself,
and you can learn plenty more about quizzes and other identity theft scams to avoid on social media.

(h) Review your tags
Some platforms such as Facebook allow users to review posts that are tagged with their profile names.
Check your account settings and give yourself the highest degree of control over how and where your tags
are used by others. This will help keep you aware of where you’re being mentioned by others and in what
way.

(i) Protect yourself and your devices
Security software can protect you from clicking on malicious links while on social media while steering
you clear of other threats like viruses, ransomware, and phishing attacks. It can look out for you as well, by
protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other personal
information. With identity theft a rather commonplace occurrence today, security software is really a must.
 25

(j) Check your Protection Score and see how safe you are

Now you can point to a number that shows you just how safe you are with our Protection Score. It’s an
industry first, and it works by taking stock of your overall security and grading it on a scale of 0 to 1,000.
From there, it calls out any weak spots and then walks you through the steps to shore it up with
personalized guidance. This way, you’re always in the know about your security, privacy, and personal
identity on social media and practically wherever else your travels take you online.

5. How do you deal with the challenges of managing multiple social media accounts or platforms?

(a) Use a password manager
One of the most basic and essential steps to secure your social media accounts is to use a strong and unique
password for each one. However, remembering and typing different passwords can be cumbersome and
prone to errors. That's why we recommend using a password manager, a software that securely stores and
autofills your passwords for different websites and apps. Some popular password managers are LastPass,
Dashlane, and 1Password. They can also help you generate and change passwords regularly, as well as alert
you of any breaches or suspicious activities.

(b) Enable two-factor authentication
Another way to enhance your social media security is to enable two-factor authentication (2FA), a feature
that requires you to enter a code or use a device in addition to your password when logging in. This adds an
extra layer of protection against hackers or phishing attempts, as they would need access to both your
password and your code or device. Most social media platforms offer 2FA options, such as SMS, email, or
authenticator apps. You can usually find them in the security or privacy settings of your account.

(c) Review your permissions and settings
It's also important to review your permissions and settings regularly, as they may change over time or vary
across different platforms. For example, you may want to check who can see your posts, tag you, or contact
you, as well as what information you share with third-party apps or advertisers. You may also want to
adjust your notifications, preferences, and data usage, depending on your needs and goals. You can access
these options in the account or privacy settings of each platform.

(d) Use a social media management tool
If you manage multiple social media accounts or platforms for personal or professional purposes, you may
benefit from using a social media management tool, a software that allows you to create, schedule, monitor,
and analyze your content from one place. Some popular social media management tools are Hootsuite,
Buffer, and Sprout Social. They can help you save time, maintain consistency, and optimize your
performance across different channels. They can also help you secure your accounts by providing access
levels, audit logs, and encryption features.

(e) Educate yourself and your team
Finally, one of the best ways to deal with the challenges of social media software security and privacy is to
educate yourself and your team about the best practices and the latest trends. You can follow reputable
sources, such as the platforms themselves, industry experts, or security blogs, to stay updated and
 26

informed. You can also create and follow guidelines, policies, and procedures that outline how to use and
protect your social media accounts. Moreover, you can train and test your team members on how to handle
common scenarios, such as password resets, account recovery, or data breaches.

IV. SIGNIFICANCE OF APPLET OVER SECURITY

Advantages of Applet in Java
In the ever-evolving world of technology, Java has played a significant role in empowering developers to
create robust and versatile applications. One of the fascinating components of Java is the applet, a small,
lightweight Java program that runs within a web browser. Applets gained popularity in the early days of the
internet and continue to be relevant today. In this section, we will explore the advantages of applets in Java
and understand how they provide dynamic and interactive web content seamlessly.
1. Platform Independent:
One of the primary reasons for Java's popularity is its platform independence, and the same applies to
applets. Applets can run on any platform that supports Java, making them truly cross-platform solutions.
This characteristic allows developers to create interactive web content that can be accessed by users across
different operating systems without any modification.
2. Reduced Network Load:
Unlike traditional web applications, which require reloading the entire page to display new content, applets
provide a smoother user experience. Once the applet is downloaded and cached, subsequent interactions
with the applet require minimal data exchange between the server and the client, reducing the network load
and providing faster response times.
3. Interactive User Experience:
Applets enable developers to create interactive user interfaces that go beyond static web pages. By
leveraging the Java API's rich set of GUI components, developers can build visually appealing and highly
interactive web applications. From animated graphics to responsive forms, applets offer a dynamic
experience that captivates users.
4. Enhanced Security:
Applets operate within a "sandbox," a secure environment that restricts their access to the client's system
resources. This sandboxed approach ensures that applets cannot harm the user's computer or access
sensitive information without explicit permission. As a result, applets provide a safer alternative to native
applications when it comes to running untrusted code over the internet.
5. Reusability:
Java's object-oriented nature allows developers to create reusable code, and applets are no exception. By
developing applets that encapsulate specific functionality, developers can easily integrate them into various
web pages. This reusability leads to reduced development time and effort, promoting code maintainability
and modularity.
6. Real-time Data Processing:
Applets are excellent tools for processing real-time data, making them ideal for applications like live chat
support, online gaming, or financial market analysis. They can handle data streams and update the user
interface dynamically, providing an immersive experience.

Computer Network
 27

A network is a set of devices (often referred to as nodes) connected by communication links. A
node can be a computer, printer, or any other device capable of sending and/or receiving data generated by
other nodes on the network.
Software modules in one system are used to communicate with one or more software modules in the
distance System. Such interfaces across a distance are termed as ―peer-to-peer‖ interfaces; and the local
interfaces are termed as ―service‖ interfaces. The modules on each end are organized as a sequence of
functions called ―layers‖. The set of modules organized as layers is also commonly called a ―protocol
stack‖.
Over the years, some layered models have been standardized. The ISO Open Systems Interconnection
(ISO/OSI) layered model has seven layers and was developed by a set of committees under the auspices of
International Standards Organization (ISO).

Classification of Computer Networks
Based on Transmission Mode

Transmission mode defines the direction of signal flow between two linked devices. There are three types
of transmission modes.
Simplex

In simplex mode, the communication is unidirectional. Among the stations only one can transmit and the
other can only receive.
Half-Duplex

In half-Duplex mode, the communication is bidirectional. In this both station can sent and receive but not
at the same time.
Full-Duplex

In Full-Duplex mode, both stations can transmit and receive simultaneously.

Based on Time in Transmission Type
 Synchronous Transmission

In synchronous Transmission both the sender and the receiver use the same time cycle for the transmission.
We send bits one after another without start/stop bits or gaps. It is the responsibility of the receiver to
group the bits. Bit stream is delivered with a fixed delay and given error rate. Each bit reaches the
destination with the same time delay after leaving the source.
 Asynchronous Transmission

In Asynchronous Transmission we send one start bit at the beginning and one stop bit at the end of each
byte. There may be a gap between each byte. Bit stream is divided into packets. Packets are received with
 28

varying delays, so packets can arrive out of order. Some packets are not received correctly.
Based on Authentication
Peer to Peer Connection
In peer-to-peer networks, there are no dedicated servers. All the computers are equal and, therefore, are
termed as peers. Normally, each computer functions as both a client and a server. No one can control the
other computers.
Server Based Connection
Most networks have a dedicated server. A dedicated server is a computer on a network which functions as
a server, and cannot be used as a client or a workstation. A dedicated server is optimized to service requests
from network clients. A server can control the clients for its services.
Based on Geographical location
 Local Area Networks (LAN)
LAN is a small high speed network. In LAN few numbers of systems are interconnected with networking
device to create network. As the distance increases between the nodes or system it speed decreases. So it is
limed to few meters only. Networks which cover close geographical area. LAN used to link the devices in
a single office, building or campus. It provides high speeds over short distance. Systems are connecting
directly to Network. The LAN is owned by private people.
 Wide Area Network (WAN)
WAN is collection of network (or LAN). This network speed is less than the LAN network speed.WAN
network connect systems indirectly. WAN spread over the world may be spread over more than one city
country or continent. Systems in this network are connected indirectly. Generally WAN network are slower
speed than LAN’s. The WAN network are owned or operated by network providers. If it is owned by a
single owner then it is called Enterprise network. Often these types have combination of more than one
topology.

 MAN (Metropolitan Area Network)
Metropolitan area network is an extension of local area network to spread over the city. It may be a
single network or a network in which more than one local area network can share their resources.

Based on Reliability
Reliability is maintained by authentication.
 Connection-oriented
This type of communication establishes a session connection before data can be sent. This method is often
called a "reliable" network service. It can guarantee that data will arrive inthe same order.
 Connection less
This type of communication does not require a session connection between sender and receiver for data
transfer. The sender simply starts sending packets to the destination. A connectionless network provides
minimal services.
 29

Topology
Topology refers to physical layout including computers, cables, and other resources; it determines how
components communicate with each other.

Today’s network designs are based on three topologies:
 Bus consists of series of computers connected along a single cable segment
 Star connects computers via central connection point or hub
 Ring connects computers to form a loop
All computers, regardless of topology, communicate by addressing data to one or more computers and
transmitting it across cable as electronic signals. Data is broken into packets and sent as electronic signals
that travel on the cable. Only the computer to which the data is addressed accepts it.

Protocol
Protocols mean set of rules. It is a formal description of message formats and the rules two or more
machines has follow to exchange messages. The key elements of a protocol are syntax, semantics and
timing.
 Syntax
Syntax refers to the structure or format of the data, meaning the order in which they are presented.
 Semantics
Semantics refers to the meaning of each section of bits.
 Timing

Timing refers to when data should be sent and how fast it can be sent.

Internet working Technologies
Internet working Technologies tell how the Internet accommodating multiple underlying
hardware technologies and how they are interconnected and formed the network, and set of
communication standard which the network used to inter-operate.

The lowercase internet means multiple networks connected together, using a common protocol
suite. The uppercase Internet refers to the collection of hosts around the world that can
communicate with each other using TCP/IP. While the Internet is an internet, the reverse is not
true.

Network Infrastructure or Transmission Infrastructure:
Network infrastructure is divided into two parts.
 30

1. Access Networks
An access network is the part of a telecommunications network which connects end system to
the firstrouter or subscribers to their immediate service provider as shown in figure 1.

Figure 1 Network Infrastructure
It is different from core network which connects all the routers to each other and ISP(Internet
service provider). An access network may be a so-called local area network within a company or
university, a dial telephone line with a modem, or a high-speed cable-based or phone-based
access network.

Access networks can be loosely divided into three categories:

 Residential access networks, connecting a home end system into the network.

 Institutional access networks, connecting an end system in a business or educational
institution into the network.
 Mobile access networks, connecting a mobile end system into the network

Core Networks:
Core network connects all the routers to each other and ISP (Internet service provider). It is a
main back bone for internet. Core network uses circuit switching and packet switching for data
transmission.

ISPs: (Internet Service Provider)
In internet bottom-to-top the hierarchy consists of end systems (PCs, workstations,
 31

etc.)connected to local Internet Service Providers (ISPs). The local ISPs are in turn connected to
regional ISPs, which are in turn connected to national and international ISPs. The national and
international ISPs are connected together at the highest tier in the hierarchy.

Let's begin at the top of the hierarchy and work our way down. Residing at the very top of the
hierarchy are the national ISPs, which are called National Backbone Provider (NBPs). The
NBPs form independent backbone networks that span North America (and typically abroad as
well). Just as there are multiple long-distance telephone companies in the USA, there are
multiple NBPs that compete with each other for traffic and customers. The existing NBPs
include internet MCI, Sprint Link, PSINet, UUNet Technologies, and AGIS. The NBPs typically
have high-bandwidth transmission links, with bandwidths ranging from 1.5 Mbps to 622 Mbps
and higher. Each NBP also has numerous hubs which interconnect its links and at which regional
ISPs can tap into the NBP.

The NBPs themselves must be interconnected to each other. To see this, suppose one regional
ISP, say MidWestnet, is connected to the MCI NBP and another regional ISP, say EastCoastnet,
is connected to Sprint's NBP. How can traffic be sent from MidWestnet to EastCoastnet? The
solution is to introduce switching centers, called Network Access Points (NAPs), which
interconnect the NBPs, thereby allowing each regional ISP to pass traffic to any other regional
ISP. To keep us all confused, some of the NAPs are not referred to as NAPs but instead as
MAEs (Metropolitan Area Exchanges).

Component of Internet:
A network (or internet) is formed using Hardware (or network device) and network software or
Application and protocols.

Hardware or Network device:

Hub:
 It is uses to connect systems or nodes or networks.
 It has direct connection to a node (point to point connection).
 It suffers from high collision of data, results to data loss.
 A hub takes data from input port and retransmits the input data on output port.

Repeater:
 A repeater is a device which regenerates or amplifies the data or signal so
that it can betravel to the other segment of cable.
 It is use to connect two networks that uses same technology and protocol.
 It does not filter or translate any data.
 32

 Work in physical layer.

Bridge:
 It is used to connect two networks.
 It divides the collision domain based on number of ports or interface present in a bridge.
 It uses the packet switches that forward and filter the frames using LAN destination
address.
 Bridge examines the destination address of frame and forwards it to the
interface or portwhich leads to the destination.
 It uses the routing table for routing frame from one node to other using MAC address.
 It works in Data Link Layer.

Switch :
 It is similar to bridge. It has more number of interfaces as compared to bridge.
 It allows direct communication between the nodes.
 It works in Data Link Layer.
 It uses MAC address for data transmission and communication.
Router:
 It is used to connect different types of network (types- architecture/ Protocol).
 It work similar to bridge but it uses IP address for routing data.
 Router can't be used for connecting Systems.
 It works in Network Layer.
Gateways:
Gateways make communication possible between systems that use different
communication protocols, data formatting structures, languages and architectures.
Gateways repackage data going from one system to another. Gateways are usually
dedicated servers on a network and are task-specific.

Windows operating system security
Security and privacy depend on an operating system that guards your system and information
from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the
most secure Windows yet with extensive security measures designed to help keep you safe. These
measures include built-in advanced encryption and data protection, robust network and system
 33

security, and intelligent safeguards against ever-evolving threats.

System security
Secure Boot and Trusted Boot:
Secure Boot and Trusted Boot help to prevent malware and corrupted components from loading
when a device starts.
Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process.
Together, Secure Boot and Trusted Boot help to ensure the system boots up safely and securely.
Measured Boot:
Measured Boot measures all important code and configuration settings during the boot of
Windows. This includes: the firmware, boot manager, hypervisor, kernel, secure kernel and
operating system. Measured Boot stores the measurements in the TPM on the machine, and
makes them available in a log that can be tested remotely to verify the boot state of the client.

The Measured Boot feature provides anti-malware software with a trusted (resistant to spoofing
and tampering) log of all boot components that started before it. The anti-malware software can
use the log to determine whether components that ran before it are trustworthy, or if they're
infected with malware. The anti-malware software on the local machine can send the log to a
remote server for evaluation. The remote server may initiate remediation actions, either by
interacting with software on the client, or through out-of-band mechanisms, as appropriate.
Network security
Transport Layer Security (TLS):
Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications
security over a network. TLS 1.3 is the latest version of the protocol and is enabled by default in
Windows 11. This version eliminates obsolete cryptographic algorithms, enhances security over
older versions, and aims to encrypt as much of the TLS handshake as possible. The handshake is
more performant with one fewer round trip per connection on average, and supports only five
strong cipher suites which provide perfect forward secrecy and less operational risk.
Domain Name System (DNS) security:
Starting in Windows 11, the Windows DNS client supports DNS over HTTPS (DoH), an
encrypted DNS protocol. This allows administrators to ensure their devices protect DNS queries
from on-path attackers, whether they're passive observers logging browsing behavior or active
attackers trying to redirect clients to malicious sites.
In a zero-trust model where there is no trust placed in a network boundary, having a secure
connection to a trusted name resolver is required.
Bluetooth pairing and connection protection:
The number of Bluetooth devices connected to Windows continues to increase. Windows
supports all standard Bluetooth pairing protocols, including classic and LE Secure connections,
 34

secure simple pairing, and classic and LE legacy pairing. Windows also implements host based
LE privacy. Windows updates help users stay current with OS and driver security features in
accordance with the Bluetooth Special Interest Group (SIG), Standard Vulnerability Reports, and
issues beyond those required by the Bluetooth core industry standards. Microsoft strongly
recommends that users ensure their firmware and/ or software of their Bluetooth accessories are
kept up to date.
WiFi Security:
Wi-Fi Protected Access (WPA) is a security certification program designed to secure wireless
networks. WPA3 is the latest version of the certification and provides a more secure and reliable
connection method as compared to WPA2 and older security protocols. Windows supports three
WPA3 modes: WPA3 personal with the Hash-to-Element (H2E) protocol, WPA3 Enterprise, and
WPA3 Enterprise 192-bit Suite B.

Windows 11 also supports WFA defined WPA3 Enterprise that includes enhanced Server Cert
validation and TLS 1.3 for authentication using EAP-TLS Authentication.
Opportunistic Wireless Encryption (OWE):
Opportunistic Wireless Encryption (OWE) is a technology that allows wireless devices to
establish encrypted connections to public Wi-Fi hotspots.
Windows Firewall:
Windows Firewall provides host-based, two-way network traffic filtering, blocking unauthorized
traffic flowing into or out of the local device based on the types of networks to which the device
is connected. Windows Firewall reduces the attack surface of a device with rules to restrict or
allow traffic by many properties such as IP addresses, ports, or program paths. Reducing the
attack surface of a device increases manageability and decreases the likelihood of a successful
attack.

With its integration with Internet Protocol Security (IPsec), Windows Firewall provides a simple
way to enforce authenticated, end-to-end network communications. It provides scalable, tiered
access to trusted network resources, helping to enforce integrity of the data, and optionally
helping to protect the confidentiality of the data. Windows Firewall is a host-based firewall that is
included with the operating system, there's no additional hardware or software required. Windows
Firewall is also designed to complement existing non-Microsoft network security solutions
through a documented application programming interface (API).
Virtual private network (VPN):
The Windows VPN client platform includes built in VPN protocols, configuration support, a
common VPN user interface, and programming support for custom VPN protocols. VPN apps are
available in the Microsoft Store for both enterprise and consumer VPNs, including apps for the
most popular enterprise VPN gateways.

In Windows 11, the most commonly used VPN controls are integrated right into the Quick
 35

Actions pane. From the Quick Actions pane, users can see the status of their VPN, start and stop
the VPN tunnels, and access the Settings app for more controls.
Always On VPN (device tunnel):
With Always On VPN, you can create a dedicated VPN profile for the device. Unlike User
Tunnel, which only connects after a user logs on to the device, Device Tunnel allows the VPN to
establish connectivity before a user sign-in. Both Device Tunnel and User Tunnel operate
independently with their VPN profiles, can be connected at the same time, and can use different
authentication methods and other VPN configuration settings as appropriate.
Direct Access:
Direct Access allows connectivity for remote users to organization network resources without the
need for traditional Virtual Private Network (VPN) connections.
With Direct Access connections, remote devices are always connected to the organization and
there's no need for remote users to start and stop connections.
Server Message Block (SMB) file service:
SMB Encryption provides end-to-end encryption of SMB data and protects data from
eavesdropping occurrences on internal networks. In Windows 11, the SMB protocol has
significant security updates, including AES-256 bits encryption, accelerated SMB signing,
Remote Directory Memory Access (RDMA) network encryption, and SMB over QUIC for
untrusted networks. Windows 11 introduces AES-256-GCM and AES-256-CCM cryptographic
suites for SMB 3.1.1 encryption. Windows administrators can mandate the use of more advanced
security or continue to use the more compatible, and still-safe, AES-128 encryption.
Server Message Block Direct (SMB Direct):
SMB Direct (SMB over remote direct memory access) is a storage protocol that enables direct
memory-to-memory data transfers between device and storage, with minimal CPU usage, while
using standard RDMA-capable network adapters.
SMB Direct supports encryption, and now you can operate with the same safety as traditional
TCP and the performance of RDMA. Previously, enabling SMB encryption disabled direct data
placement, making RDMA as slow as TCP. Now data is encrypted before placement, leading to
relatively minor performance degradation while adding AES-128 and AES-256 protected packet
privacy.
Encryption and data protection
BitLocker management:
The BitLocker CSP allows an MDM solution, like Microsoft Intune, to manage the BitLocker
encryption features on Windows devices. This includes OS volumes, fixed drives and removeable
storage, and recovery key management into Microsoft Entra ID.
BitLocker enablement:
BitLocker Drive Encryption is a data protection feature that integrates with the operating system
and addresses the threats of data theft or exposure from lost, stolen, or inappropriately
 36

decommissioned computers. BitLocker uses AES algorithm in XTS or CBC mode of operation
with 128-bit or 256-bit key length to encrypt data on the volume. Cloud storage on Microsoft
OneDrive or Azure can be used to save recovery key content. BitLocker can be managed by any
MDM solution such as Microsoft Intune, using a configuration service provider (CSP).

BitLocker provides encryption for the OS, fixed data, and removable data drives leveraging
technologies like hardware security test interface (HSTI), Modern Standby, UEFI Secure Boot
and TPM.
Encrypted hard drive:
Encrypted hard drives are a class of hard drives that are self-encrypted at the hardware level and
allow for full disk hardware encryption while being transparent to the device user. These drives
combine the security and management benefits provided by BitLocker Drive Encryption with the
power of self-encrypting drives.
By offloading the cryptographic operations to hardware, encrypted hard drives increase
BitLocker performance and reduce CPU usage and power consumption. Because encrypted hard
drives encrypt data quickly, BitLocker deployment can be expanded across enterprise devices
with little to no impact on productivity.
Personal data encryption (PDE):
Personal data encryption (PDE) works with BitLocker and Windows Hello for Business to further
protect user documents and other files, including when the device is turned on and locked. Files
are encrypted automatically and seamlessly to give users more security without interrupting their
workflow.
Windows Hello for Business is used to protect the container, which houses the encryption keys
used by PDE. When the user signs in, the container gets authenticated to release the keys in the
container to decrypt user content.
Email Encryption (S/MIME):
Email encryption enables users to encrypt outgoing email messages and attachments, so only
intended recipients with a digital ID (certificate) can read them. Users can digitally sign a
message, which verifies the identity of the sender and confirms the message hasn't been tampered
with. The encrypted messages can be sent by a user to other users within their organization or
external contacts if they have proper encryption certificates.
Block Diagram of mobile
Typically Mobile phone will have display (LCD, touch screen), keypad, microphone, speaker,
SIM card, battery, USB port, antenna, memory unit(RAM,ROM), camera, CODEC, RF part,
DAC/ADC, baseband part (L1/Layer1/physical layer) running on DSP, Application/protocol
layers running on CPU, ON/OFF switch and Bluetooth/GPS features. All these features are based
on specific standard specifications designed, like it may be based on GSM, WCDMA or LTE etc.
RF Part:
As shown in figure above, every phone has RF part which consists of RF frequency up converter
 37

and frequency down converter, many analog filters, digital attenuator, driver amplifiers etc. For
system, up converter converts modulated baseband signal (I and Q) either at zero IF (Intermediate
frequency) or some IF to RF frequency. RF down converter converts RF signal to baseband
signal (I and Q). The basic component used for frequency conversion is RF mixer. Analog filters
pass only desired band of signals. Amplifiers boost up the signal to the required transmit power
level.
Baseband Part:
Baseband part in a mobile is comprised of a digital signal processor (DSP) to process forward
voice/data signals for transmission and to process reverse voice/data signals received. This is the
core processing part which changes for various air interface standards like GSM, HSPA, LTE and
more. It is often named as physical layer or Layer 1 or L1. For Speech/audio, codec is used to
compress and decompress the signal to match the data rate to the frame it has to fit in. The
baseband or physical layer will add redundant bits to enable error detection as well as error
correction.
ADC and DAC:
ADC (Analog to Digital Converter) and DAC (Digital to Analog Converter) is used to convert
analog speech signal to digital signal and vice versa in the mobile handset.
RF Switch / Duplexer:
RF switch is used for TDD (Time Division Duplex) configuration, which switches the RF path
between transmit chain and receive chain and on the other side, Duplexer is used for FDD
(Frequency Division Duplex) configuration which passes the transmitted signal and received
signal at the same time through it.
Application layer:
It consists of protocols that focus on process-to-process communication across an IP network and
provides a firm communication interface and end-user services. It also runs on CPU. It include
audio, video and image/graphics applications. The application layer provides many services,
including: Simple Mail Transfer, Protocol File transfer, graphics etc.
Camera:
Now-a-days with almost all the mobile phone camera feature is available for one to click pictures
at various occasions. It is the major specifications in increasing cost of mobile phone. There are
various mega pixel cameras such as 13 MP, 23 MP, 48 MP or even 64 MP available in smart
phones. This has become evident because of advancement in sensor technology.
Display:
There are lot of display types used in mobile phones. They can be either colour or monochrome.
The colour displays usually are CSTN, TFT, TFD or OLED with a predominant use of TFT
displays in current mobile lineups. There are also two types of touch screen displays – capacitive
and resistive, which are both based on TFT technology. Capacitive touch screens work by sensing
the electrical properties of the human body, while Resistive ones operate by sensing direct
 38

pressure applied by the user. The Resistive type can be activated by pressing not only with human
skin but also with a stylus and thus allow handwriting recognition input.
Microphone:
Microphone or mic converts air pressure variations (result of our speech) to electrical signal to
couple on the PCB for further processing. Usually in mobile phone mic of types condenser,
dynamic, carbon or ribbon is used.
Speaker:
It converts electrical signal to audible signal(pressure vibrations) for human being to hear. This is
often coupled with audio amplifier to get required amplification of audio signal. It also tied with
volume control circuit to change (increase or decrease) the amplitude of the audio signal.
Antenna:
An antenna converts electromagnetic radiation into electric signal and vice versa. In mobile
phone, antenna is embedded inside, which is not visible to us. A metal strip pattern is served as an
antenna.
Connectivity (Wi-Fi, Bluetooth, USB, GPS):
To make data transfer fast enough between mobile phone and other computing devices (laptop,
desktop, tablet) or between mobile and mobile various technologies are evolved which include
Wi-Fi, Bluetooth, USB. GPS (global positioning system) is used for location assistance and will
enable google map to work efficiently.
Sensors:
A sensor is a transducer whose purpose is to sense (that is, to detect) some characteristic of its
environs. It detects events or changes in quantities and provides a corresponding output, generally
as an electrical or optical signal. In mobile phone, there are various kind of sensors are used like
accelerometer, magnetometer, proximity sensor, light sensor, barometer, pedometer, thermometer
etc. Various mobile phones have different concepts and design on every aspects, but the methods
and operational flow are all exactly the same. It differs on how and what certain IC chips and
parts they are being used and installed to a certain mobile phone circuitry.
 39

1. HTTP:
Full form : Hypertext Transfer Protocol
HTTP (Hypertext Transfer Protocol) is the set of rules for transferring files -- such as text, images, sound,
video and other multimedia files -- over the web.
As soon as a user opens their web browser, they are indirectly using HTTP
2. HTTPS:
Full form: Hypertext Transfer Protocol Secure
Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary protocol
used to send data between a web browser and a website. HTTPS is encrypted in order to increase security
of data transfer.
3. E-Commerce
Definition:
E-commerce (electronic commerce) is the exchange of goods and services and the transmission of funds
and data over the internet. E-commerce relies on technology and digital platforms, including website