Cyber Security

This pdf is only designed for B.Tech students of all Engineering Colleges affiliated
with Dr APJ Abdul Kalam Technical University.
This pdf provides help in the exam time for a quick revision in sorting the time.

Compiled by

e
Sanjeev Yadav

ir
es
D

Edu Desire
u

Computer & Technology

Ed

The More You Practice, The Better You Get.

Follow me

2 Edu Desire
DETAILED SYLLABUS

Unit Topic

INTRODUCTION TO CYBER CRIME: Cybercrime- Definition and

Origins of the word Cybercrime and Information Security, Who are
Cybercriminals? Classifications of Cyber Crimes, A Global Perspective on
1 Cybercrimes, Cybercrime Era: Survival Mantra for the Netizens. Cyber
offences: How Criminals Plan the Attacks, Social Engineering, Cyber
stalking, Cybercafe and Cybercrimes, Botnets: The Fuel for Cybercrime,
Attack Vector.

CYBER CRIME: Mobile and Wireless Devices-Introduction, Proliferation

of Mobile and Wireless Devices, Trends in Mobility, Credit Card Frauds in

e
Mobile and Wireless Computing Era, Security Challenges Posed by Mobile
Devices, Registry Settings for Mobile Devices, Authentication Service

ir
2
Security, Attacks on Mobile/Cell Phones, Mobile Devices: Security
Implications for organisations, Organisational Measures for Handling
Mobile, Organisational Security Policies and Measures in Mobile
Computing Era.
es
TOOLS AND METHODS USED IN CYBERCRIME: Introduction,
Proxy Servers and Anonymizers, Phishing, Password Cracking, Keyloggers
D
and Spywares, Virus and Worms, Trojan-horses and Backdoors,
3
Steganography, DoS and DDoS At-tacks, SQL Injection, Buffer Overflow,
Attacks on Wireless Networks. Phishing and Identity Theft: Introduction to
Phishing, Identity Theft (ID Theft).
u

UNDERSTANDING COMPUTER FORENSICS: Introduction, Digital

Forensics Science, The Need for Computer Forensics, Cyber forensics and
Ed

Digital Evidence, Forensics Analysis of E-Mail, Digital Forensics Life Cycle,

4
Chain of Custody Concept, Network Forensics, Approaching a Computer
Forensics Investigation. Forensics and Social Networking Sites: The
Security/Privacy Threats, Challenges in Computer Forensics.

INTRODUCTION TO SECURITY POLICIES AND CYBER LAWS:

Need for An Information Security Policy, Introduction to Indian Cyber
5 Law, Objective and Scope of the Digital Personal Data Protection Act 2023,
Intellectual Property Issues, Overview of Intellectual Property Related
Legislation in India, Patent, Copyright, Trademarks.

3 Edu Desire
Unit-1
Introduction to Cyber Crime

Definition: Cybercrime means doing bad things using computers and the
internet. It's like breaking the rules in the digital world. Imagine someone
stealing information or causing trouble online—that's cybercrime.

Origins of the Term: The word “cybercrime" comes from combining

"cyber" (related to computers) and "crime" (doing bad things). Back in
the 1990s, when computers were becoming popular globally, people

e
needed a word for these new digital crimes. So, they created "cybercrime"
to describe illegal activities happening in the digital space.

ir
When we say "cybercrime," we're talking about crimes that happen
es
online. It's like a catch-all term for rule-breaking in the digital world.
From hacking to online fraud, it covers a lot of different ways people can
break the law using computers and the internet.
D
Information Security: Information Security is like a digital
superhero—it protects your personal information from digital bad guys.
It's the guardian that ensures only the right people can access and use
u

your digital secrets.

Ed

Importance: Imagine it as the lock on your digital diary. Information

Security keeps your personal details safe from online mischief-makers.
Without it, your digital secrets could be like an open book for anyone to
read.

Key Aspects:
1. Confidentiality: Keeping your secrets safe.
2. Integrity: Making sure your information is accurate and not
tampered with.
3. Availability: Ensuring you can access your information when you
need it.

4 Edu Desire
Who are Cybercriminals?
Cybercriminals are like digital bad guys. They're people who use
computers and the internet to do naughty stuff.
1. Anyone Can Be a Cybercriminal: It could be your neighbour,
someone across the world, or even someone you know. There's no
specific "look" for a cybercriminal.
2. Digital Rule-Breakers: They break the online rules by doing things
like stealing information, spreading viruses, or causing trouble in
the digital world.

Example: Think of cybercriminals as the troublemakers in the digital

e
neighbourhood. They use their tech skills for not-so-nice things, like the
bullies of the internet.

ir
Classifications of Cyber Crimes:
es
D
u

Classifications of Cybercrimes are like groups of online rule-breaking.

They help us understand the different ways people misbehave on the
Ed

internet.
1. Hacking: Sneaking into computers or networks without asking.
2. Phishing: Tricking people into sharing their secrets by pretending
to be a friend.
3. Identity Theft: Pretending to be someone else online to steal their
private information.
4. Online Fraud: Tricking people into giving money or private info by
lying.
5. Cyberbullying: Using the internet to hurt or bother others.

5 Edu Desire
A Global Perspective on Cybercrimes is like looking at naughty actions
happening all around the world using computers and the internet.

More Details:
1. No Borders: Cybercrimes don't follow country lines. They can
happen anywhere, and bad actors from different countries might
even work together.

2. Digital Challenges Everywhere: It's not just a problem in one

place. People worldwide face similar digital troubles, and everyone
needs to be careful online.

e
ir
Example: Think of A Global Perspective on Cyber Crimes as looking at
a world map and seeing where digital mischief is happening. It's like a big
digital puzzle affecting everyone, no matter where they are.
es
Importance: Understanding A Global Perspective on Cyber Crimes
helps us realise that being cautious online is not just for one country—it's
D
a worldwide effort to stay safe in the digital space.

The Cybercrime Era is like living in a time where digital mischief is a

u

common challenge. Survival Mantra for the Netizens means having a set
of rules or practices to stay safe in this digital age.
Ed

Survival Mantra:

6 Edu Desire
1. Be Cyber-Aware: Stay alert and aware of potential online threats.
2. Use Strong Passwords: Create and regularly update strong, unique
passwords.
3. Keep Software Updated: Ensure your computer and apps have the
latest security updates.
4. Be Sceptical of Emails: Don't trust every email; be cautious,
especially with links or attachments.
5. Use Trusted Websites: Stick to reputable websites to minimise
risks.
6. Secure Personal Information: Be cautious about sharing sensitive
info online.

e
7. Install Antivirus Software: Have reliable antivirus software to
protect against digital threats.

ir
Example: Living in the Cybercrime Era is like being in a digital jungle
es
where you need a Survival Mantra for Netizens. It's similar to having a
set of rules when exploring an unknown territory. Just as you'd wear a
helmet in a construction zone, in the cyber world, you follow these
D
mantras to keep yourself safe from digital dangers.
u

Cyber Offences: How Criminals Plan the Attacks:

Cyber Offences are like digital crimes, and understanding how criminals
Ed

plan their attacks is crucial. It involves the strategies and methods they
use to carry out illegal activities in the digital space.

Planning Strategies:
1. Identifying Weak Points: Criminals look for vulnerabilities in
computer systems or networks.

7 Edu Desire
2. Exploiting Vulnerabilities: They use weaknesses to gain
unauthorised access or control.
3. Social Engineering: Tricking individuals into divulging sensitive
information.
4. Malware Deployment: Spreading malicious software to
compromise systems.
5. Planning Attack Routes: Deciding the best way to execute their
digital mischief.

Example: Think of Cyber Offences like planning a heist. Criminals study

the target (identifying weak points), find ways to break in (exploiting

e
vulnerabilities), use deception (social engineering), deploy tools for the
job (malware), and plan their entry and exit routes (planning attack

ir
routes). Understanding these steps helps in building stronger digital
defences.
es
Social Engineering: Social Engineering is like a digital magic trick. It's
when cybercriminals use charm, manipulation, or deceit to trick people
into giving up their personal information or doing something they
D
shouldn't.
u
Ed

Techniques Used:
1. Phishing: Sending fake emails or messages to trick individuals into
revealing sensitive information.
2. Pretexting: Creating a made-up scenario to obtain personal
information.
3. Impersonation: Posing as someone trustworthy to gain access to
information or systems.
4. Quizzes and Surveys: Using seemingly harmless quizzes or surveys
to gather information.

8 Edu Desire
Example: Imagine someone pretending to be a friend and asking for your
password. That's Social Engineering in action. It's like a digital con artist
using charm or deception to get people to share their secrets. Always be
cautious, and never share sensitive information online, even if it seems
harmless.

Cyber Stalking: Cyber Stalking is like someone following you online. It

involves persistent and unwanted attention, harassment, or monitoring
through digital means.

e
ir
es
D
Characteristics:
1. Unwanted Attention: Receiving excessive, unsolicited online
communication.
u

2. Monitoring: Being observed without consent, often through social

media or other online platforms.
Ed

3. Harassment: Repeated and intrusive behaviour causing emotional

distress.
4. Threats: Expressing harmful intentions or making individuals feel
unsafe.

Example: Imagine someone constantly commenting on your social

media, sending numerous messages, or tracking your online activity.
That's Cyber Stalking. It's like an online shadow that won't go away,
causing discomfort and potentially putting your digital well-being at
risk. Always report such behaviour and take steps to protect your online
privacy.

9 Edu Desire
Cybercafe: A Cybercafe is like a digital hangout spot where people can
use computers and the internet. It's a place where individuals, often
without personal computers, can access online services, play games, or
work on projects.

Features:
1. Computer Access: Provides computers with internet connectivity
for public use.
2. Internet Browsing: Users can surf the web, check emails, and
engage in online activities.
3. Gaming: Some cybercafes offer gaming setups for multiplayer or

e
individual gaming sessions.

ir
Common Uses:
1. Study and Work: Students or professionals without personal
es
computers may use cybercafes for assignments or work.
2. Socialising: People may gather to play games, socialise, or
collaborate on projects.
D
Example: Imagine a place with rows of computers, people typing away,
and the hum of online activity—that's a Cybercafe. It's like a digital
u

community hub where individuals come together to explore the online

world, whether for work, study, or leisure.
Ed

Cybercrimes: Cybercrimes are like digital offences, where people use

computers and the internet to break the law or cause harm. These actions
can range from stealing personal information to disrupting digital
systems.

10 Edu Desire
Common Types:
1. Hacking: Unauthorised access to computer systems or networks.
2. Phishing: Tricking individuals into revealing sensitive information
through fake emails or messages.
3. Identity Theft: Pretending to be someone else online to steal
personal information.
4. Malware Attacks: Spreading harmful software to compromise
computer systems.
5. Online Fraud: Deceiving individuals to gain money or sensitive
information.

e
Impact:

ir
1. Financial Loss: Individuals or businesses may lose money.
2. Privacy Invasion: Personal information may be exposed.
3. Disruption: Digital systems may be interrupted or damaged.
es
Prevention:
1. Use Strong Passwords: Create complex and unique passwords.
D
2. Install Antivirus Software: Protect devices from malicious
software.
3. Be Cautious Online: Avoid clicking on suspicious links or sharing
u

sensitive information.
Ed

Example: Imagine someone stealing your online banking information or

spreading a virus to disrupt a website—that's a Cybercrime. It's like
digital rule-breaking that can have real-world consequences,
emphasising the need for cybersecurity measures and awareness.

Botnets are like digital zombie armies. They're networks of infected

computers controlled by a single entity, often a cybercriminal. These
infected computers, known as "bots," work together without their
owners' knowledge to perform malicious activities.

11 Edu Desire
How Botnets Work:
1. Infection: Cybercriminals infect computers with malicious
software.
2. Control: Once infected, these computers become part of the
botnet, and the attacker can control them remotely.
3. Coordination: Bots work together to perform tasks, like spreading
malware, stealing information, or launching cyberattacks.

Fuel for Cybercrime:

1. Distributed Power: Botnets provide attackers with a distributed
and powerful network, making it harder to trace and stop their

e
activities.

ir
2. Multipurpose Use: They can be used for various cybercrimes, from
launching massive DDoS attacks to sending spam emails.
es
Attack Vector: An Attack Vector is like finding a secret entry point. It's
the method or path that cybercriminals use to gain unauthorised access
to computer systems or networks.
D
u
Ed

Types of Attack Vectors:

1. Malware: Infecting systems with malicious software.
2. Phishing: Tricking individuals into revealing sensitive information.
3. Drive-By Downloads: Installing malware when a user visits a
compromised website.
4. Zero-Day Exploits: Taking advantage of undiscovered
vulnerabilities in software.

12 Edu Desire
Example: Imagine a cybercriminal controlling a group of infected
computers (a Botnet). It's like having a digital army of zombies ready to
follow commands—spreading viruses, stealing information, or disrupting
websites. The Attack Vector is how they sneak into digital systems, like
finding a hidden tunnel into a fortress. Understanding these concepts
helps in building stronger defences against cyber threats.

e
ir
es
D
u
Ed

13 Edu Desire
Unit-2
Cyber Crime

Mobile and wireless devices are like digital companions that don't need
a physical connection to work. They include smartphones, tablets, and
other gadgets that communicate wirelessly, allowing users to stay
connected and access information on the go.

Features:
1. Portability: These devices are small and easy to carry, allowing

e
users to stay connected wherever they go.

ir
2. Wireless Connectivity: They use technologies like Wi-Fi,
Bluetooth, and mobile networks to connect to the internet and
other devices.
es
3. Multifunctionality: Beyond calls and messages, they serve as
cameras, GPS devices, entertainment hubs, and more.
D
Common Examples:
1. Smartphones: Devices with touchscreens, internet access, and a
variety of apps.
u

2. Tablets: Larger than smartphones, often used for productivity and

entertainment.
Ed

3. Wearable Devices: Smartwatches and fitness trackers that connect

to smartphones.

Importance:
1. Communication: Keeping people connected through calls,
messages, and social media.
2. Information Access: Providing instant access to the internet for
information, news, and entertainment.
3. Productivity: Enabling work and productivity on the go through
various apps and functionalities.

14 Edu Desire
Example: Think of your smartphone as a pocket-sized computer. It's not
just for making calls; it's your camera, map, music player, and more.
Mobile and wireless devices have become essential in our daily lives,
offering convenience and connectivity beyond what traditional devices
can provide.

Proliferation of Mobile and Wireless Devices:

Proliferation of mobile and wireless devices is like the widespread
growth or spread of smartphones, tablets, and other wirelessly
connected gadgets. It reflects the increasing number of these devices in
our daily lives.

e
Key Factors:

ir
1. Technological Advancements: Continuous improvements in
technology make devices more affordable and accessible.
es
2. Increased Connectivity: The rise of high-speed internet and
wireless networks enables seamless communication.
3. Versatility: Mobile devices offer a variety of functions, from
D
communication to entertainment and productivity.
4. Consumer Demand: People increasingly rely on mobile and
wireless devices for convenience and on-the-go access.
u

Impact:
Ed

1. Global Connectivity: People worldwide can connect instantly,

transcending geographical boundaries.
2. Digital Transformation: The way we communicate, work, and
access information has undergone a significant shift.
3. Business and Innovation: The proliferation of devices has spurred
innovations in app development, services, and digital solutions.

Challenges:
1. Security Concerns: With more devices in use, there's an increased
risk of cybersecurity threats and privacy issues.
2. Digital Divide: Disparities in access to mobile technology can
create inequalities in information and opportunities.

15 Edu Desire
3. Dependency: Over Reliance on mobile devices may impact
face-to-face interactions and physical activities.

Trends in Mobility:
1. 5G Revolution: The 5G Revolution is like the superhero of internet
speed. It's the fifth generation of mobile networks, bringing faster speeds
and more reliable connections to mobile and wireless devices.

Impact:
● High-Speed Connectivity: Faster internet speeds for quicker
downloads and smoother streaming.

e
● IoT Advancements: Enables better connections for the Internet of

ir
Things (IoT) devices.

2. Mobile App Ecosystem: The Mobile App Ecosystem is like a digital

es
marketplace. It encompasses the diverse range of applications available
for download on mobile devices.
D
Impact:
● Diverse Applications: Apps for communication, productivity,
entertainment, and more.
u

● App Integration: Seamless integration of apps for a smoother user

experience.
Ed

3. Mobile Security Measures: Mobile Security Measures are like digital

bodyguards for your devices. With the increasing use of mobile devices,
there's a growing focus on ensuring their security.

Impact:
● Biometric Authentication: Fingerprint and facial recognition for
enhanced device security.
● Mobile Device Management (MDM): Tools for businesses to secure
and manage mobile devices.

16 Edu Desire
4. Edge Computing: Edge Computing is like having a mini-brain in your
device. Instead of relying solely on a centralised server, computations
happen closer to the source of data.

Impact:
● Reduced Latency: Faster response times for applications and
services.
● Improved Privacy: Processing sensitive data locally without
sending it to a central server.

5. Augmented Reality (AR) and Virtual Reality (VR): Augmented Reality

e
(AR) and Virtual Reality (VR) are like digital realms overlaying or
immersing into the real world, enhancing user experiences.

Impact:

ir
es
● Enhanced User Engagement: AR adds digital elements to the real
world, while VR creates immersive environments.
● Applications in Various Industries: From gaming to healthcare
D
and education.

6. Remote Work and Collaboration: Remote Work and Collaboration are

u

like the new-age workspaces. With the advancement of mobile

technology, working from anywhere and collaborating seamlessly has
Ed

become a trend.

Impact:
● Flexibility: Allows professionals to work from different locations.
● Virtual Meetings: Increased reliance on mobile devices for virtual
collaboration.

7. Sustainable Mobility: Sustainable Mobility is like a green approach to

technology. It involves the development and use of mobile solutions that
minimise environmental impact.

17 Edu Desire
Impact:
Green Technologies: Focus on eco-friendly materials and
energy-efficient designs.
Reduced E-Waste: Efforts to extend the lifespan of devices and promote
recycling.

Credit Card Frauds in Mobile: Credit Card Frauds in Mobile are like
digital heists targeting your financial information on mobile devices. It
involves unauthorised access to credit card details, leading to financial
losses and potential identity theft.

e
ir
Common Techniques:
1. Phishing: Fraudsters use fake messages or emails to trick users
into revealing credit card information.
es
2. Mobile Malware: Malicious software on mobile devices can
capture credit card details.
3. Fake Apps: Fraudulent mobile applications mimic legitimate ones
D
to steal credit card information.
4. Unsecured Wi-Fi: Conducting transactions on unsecured Wi-Fi
networks makes it easier for hackers to intercept data.
u

Preventive Measures:
Ed

1. Use Trusted Apps: Only download apps from official app stores to
avoid fake applications.
2. Secure Wi-Fi: Avoid sensitive transactions on public Wi-Fi
networks; use secure connections.
3. Two-Factor Authentication: Enable additional layers of security
for mobile transactions.
4. Regular Monitoring: Keep a close eye on credit card statements for
any unauthorised transactions.

Impact:
1. Financial Loss: Unauthorised transactions can lead to direct
monetary losses.

18 Edu Desire
2. Identity Theft: Stolen credit card information may be used for
identity theft.
3. Credit Score Impact: Fraudulent activities can negatively impact
credit scores.

Example: Imagine receiving a message that looks like it's from your
bank, asking for your credit card details to resolve an issue. If you
provide this information, you've fallen victim to Credit Card Frauds in
Mobile. It's crucial to stay vigilant, verify messages, and adopt secure
practices to protect your financial information on mobile devices.

e
Wireless Computing Era: The Wireless Computing Era is like a

ir
technological revolution, marking a shift from traditional wired
connections to a world where computing devices communicate and
connect wirelessly.
es
Key Elements:
D
1. Wireless Networks: Use of technologies like Wi-Fi, Bluetooth, and
cellular networks for device connectivity.
2. Mobile Devices: Proliferation of smartphones, tablets, and
wearables, untethered from physical connections.
u

3. Cloud Computing: Storing and accessing data and applications

over the internet instead of on local devices.
Ed

Characteristics:
1. Mobility: Computing devices can be used and moved without the
constraints of physical cables.
2. Instant Connectivity: Devices can connect to the internet and
each other instantly, enhancing communication.
3. Ubiquitous Access: Information and applications are accessible
from almost anywhere, fostering a connected environment.

19 Edu Desire
Technological Enablers:
1. 5G Technology: High-speed, low-latency wireless networks
supporting advanced applications.
2. IoT Integration: Interconnected devices, from smart homes to
industrial sensors, communicating wirelessly.
3. Edge Computing: Processing data closer to the source, reducing
reliance on centralised servers.

Impact on Society:
1. Digital Transformation: Changing the way businesses operate,
communicate, and deliver services.

e
2. Remote Work Revolution: Allowing individuals to work from

ir
anywhere, transforming traditional workspaces.
3. Smart Living: Integration of wireless technologies in homes,
making them smart and connected.
es
Challenges and Considerations:
1. Security Concerns: The need for robust cybersecurity measures to
D
protect wireless communications.
2. Digital Inclusion: Ensuring equal access to wireless technologies
to bridge the digital divide.
u

3. Privacy Issues: Balancing the convenience of wireless computing

with individual privacy considerations.
Ed

Example: Imagine a world where you can seamlessly connect to the

internet, work, and communicate without any physical constraints.
That's the essence of the Wireless Computing Era, where the airwaves
carry the pulse of our digital lives, shaping the way we live, work, and
connect.

20 Edu Desire
Security Challenges Posed by Mobile Devices:

e
1. Lost or Stolen Devices:

ir
Challenge: Mobile devices are small and portable, making them easy
targets for theft or misplacement. If not secured, sensitive information
can be accessed.
es
Mitigation:
● Strong Passwords or Biometrics: Protect devices with secure
D
authentication methods.
● Remote Wipe: Enable features to remotely erase data in case of
loss.
u

2. Malicious Apps:
Ed

Challenge: Fake or malicious apps can compromise security by accessing

personal information or injecting malware into the device.

Mitigation:
● Official App Stores: Download apps only from trusted sources like
Google Play or the Apple App Store.
● App Permissions: Review and limit app permissions to the
essentials.

21 Edu Desire
3. Phishing Attacks:
Challenge: Mobile users may fall victim to phishing attempts through
fraudulent emails, messages, or websites seeking personal information.

Mitigation:
● User Education: Train users to identify and avoid phishing
attempts.
● Security Software: Use mobile security apps to detect and block
phishing threats.

4. Insecure Wi-Fi Networks:

e
Challenge: Connecting to unsecured Wi-Fi networks exposes mobile

ir
devices to potential eavesdropping and data interception.

Mitigation:
es
● Use VPNs: Employ Virtual Private Networks for secure data
transmission.
● Avoid Public Wi-Fi for Sensitive Transactions: Refrain from
D
conducting financial or sensitive transactions on unsecured
networks.
u

5. Outdated Software:
Challenge: Failure to update operating systems and apps leaves devices
Ed

vulnerable to known exploits and security flaws.

Mitigation:
● Regular Updates: Keep both the operating system and apps up to
date.
● Automatic Updates: Enable automatic updates for added
convenience.

22 Edu Desire
6. Jailbreaking or Rooting:
Challenge: Jailbreaking (iOS) or rooting (Android) devices to remove
restrictions can expose them to malicious software and compromise
security.

Mitigation:
● Avoid Jailbreaking or Rooting: Discourage users from bypassing
device security features.
● Mobile Device Management (MDM): Implement MDM solutions to
monitor and control device configurations.

e
7. Lack of Encryption:

ir
Challenge: Unencrypted data transmission and storage can lead to
unauthorised access and data breaches.
es
Mitigation:
● Enable Encryption: Encrypt both data at rest and during
transmission.
D
● Secure Communication Channels: Use secure protocols for data
transfer.
u

8. BYOD (Bring Your Own Device) Risks:

Challenge: Employees using personal devices for work may introduce
Ed

security risks if these devices are not adequately secured.

Mitigation:
● BYOD Policies: Implement and enforce clear BYOD security
policies.
● Containerization: Use containerization solutions to segregate work
and personal data on devices.

9. Social Engineering:
Challenge: Cybercriminals may exploit human psychology to manipulate
users into revealing sensitive information.

23 Edu Desire
Mitigation:
● User Education: Train users to recognize and resist social
engineering tactics.
● Multi-Factor Authentication: Implement additional
authentication layers for added security.

10. Insufficient User Awareness:

Challenge: Lack of awareness among users about mobile security best
practices can lead to risky behaviours.

e
Mitigation:

ir
● Training Programs: Conduct regular security awareness training
for users.
● Communication: Keep users informed about emerging threats and
best practices.
es
D
Registry Settings for Mobile Devices: Mobile devices, especially those
running iOS and Android, typically do not have a registry like Windows
operating systems. However, they do have settings and configurations
u

that can be managed to enhance security and control device behaviour.

Here are some important settings and configurations for mobile devices:
Ed

iOS (iPhone and iPad):

1. Device Passcode:
● Purpose: Protects the device from unauthorised access.
● Configuration: - Settings > Face ID & Passcode (or Touch ID &
Passcode) > Turn Passcode On

2. Biometric Authentication:
● Purpose: Enhances device security with fingerprint or face
recognition.

24 Edu Desire
● Configuration: - Settings > Face ID & Passcode (or Touch ID &
Passcode)

3. Find My iPhone:
● Purpose: Allows tracking and remote wiping of a lost or stolen
device.
● Configuration: - Settings > [Your Name] > Find My > Find My
iPhone

4. App Permissions:
● Purpose: Control which apps have access to sensitive data.

e
● Configuration: - Settings > Privacy > [App Name]

ir
5. Automatic Updates:
● Purpose: Ensures the device is running the latest security patches.
es
● Configuration: - Settings > General > Software Update
D
Android:
1. Screen Lock:
u

● Purpose: Provides an initial layer of security.

● Configuration: - Settings > Security > Screen lock
Ed

2. Biometric Authentication:
● Purpose: Enhances device security with fingerprint or facial
recognition.
● Configuration: - Settings > Security > Biometrics

3. Find My Device:
● Purpose: Allows tracking and remote wiping of a lost or stolen
device.
● Configuration: - Settings > Security > Find My Device

25 Edu Desire
4. App Permissions:
● Purpose: Control which apps have access to sensitive data.
● Configuration: - Settings > Apps & Notifications > [App Name] >
Permissions

5. Google Play Protect:

● Purpose: Scans apps for malware and provides additional security.
● Configuration: - Settings > Google > Security > Play Protect

6. Automatic Updates:

e
Purpose: Ensures the device is running the latest security patches.
Configuration: - Settings > System > Software Update

Note:

ir
es
● For enterprise environments, Mobile Device Management (MDM)
solutions can be used to enforce security policies and remotely
manage devices.
D
● Always keep the device's operating system and apps up to date to
patch security vulnerabilities.
● Regularly educate users about mobile security best practices to
minimise risks.
u

These settings may vary slightly based on the device model and
Ed

operating system version. It's crucial to stay updated on the latest

security features and recommendations provided by the device
manufacturers.

Authentication Service Security: Authentication service security is a

critical aspect of ensuring that user identities are properly verified and
protected. Here are key considerations and measures for enhancing the
security of authentication services:

26 Edu Desire
1. Multi-Factor Authentication (MFA):
Purpose: Adds an extra layer of security by requiring users to provide

e
multiple forms of identification.

ir
Implementation:
● Combine something the user knows (password) with something
es
they have (token, mobile device, fingerprint).

2. Secure Password Policies:

D
Purpose: Ensures that users create and maintain strong, unique
passwords.
u

Implementation:
● Enforce password complexity (length, special characters).
Ed

● Regularly prompt users to update passwords.

● Discourage password reuse.

3. Encryption:
Purpose: Protects sensitive data transmitted between users and
authentication servers.

Implementation:
● Use strong encryption protocols (e.g., TLS/SSL) for data in transit.
● Hash and salt passwords before storing them.

27 Edu Desire
4. Session Management:
Purpose: Prevents unauthorised access during an active session.

Implementation:
● Implement session timeout policies.
● Use secure session tokens.
● Provide users the ability to log out remotely.

5. Brute Force Protection:

Purpose: Mitigates the risk of attackers attempting to guess passwords.

e
Implementation:

ir
● Implement account lockout policies after a certain number of failed
login attempts.
es
● Use CAPTCHA or similar mechanisms to deter automated attacks.

6. Secure Credential Storage:

D
Purpose: Ensures that user credentials are stored securely.

Implementation:
u

● Hash and salt passwords using strong cryptographic algorithms.

● Regularly audit and update credential storage mechanisms.
Ed

7. User Authentication Logs:

Purpose: Monitors and logs authentication events for analysis and
auditing.

Implementation:
● Keep detailed logs of authentication attempts, including successful
and failed events.
● Regularly review and analyse authentication logs.

28 Edu Desire
8. Monitoring for Anomalies:
Purpose: Detects unusual or suspicious behaviour that may indicate
unauthorised access.

Implementation:
● Implement real-time monitoring for unusual login patterns.
● Set up alerts for multiple failed login attempts or other suspicious
activities.

9. API Security:
Purpose: Ensures that authentication APIs are secure and not vulnerable

e
to attacks.

ir
Implementation:
● Use secure API authentication methods (e.g., OAuth).
es
● Regularly test and update API security measures.
D
10. Regular Security Audits:
Purpose: Identifies vulnerabilities and ensures ongoing compliance with
security best practices.
u

Implementation:
Ed

● Conduct regular security audits and penetration testing.

● Address identified vulnerabilities promptly.

11. User Education:

Purpose: Empowers users to make informed security decisions and
recognize phishing attempts.

Implementation:
● Provide regular security awareness training.
● Communicate best practices for protecting personal information.

29 Edu Desire
12. Regulatory Compliance:
Purpose: Ensures adherence to relevant data protection and privacy
regulations.

Implementation:
● Stay informed about and compliant with regulations such as GDPR,
HIPAA, or others applicable to your region or industry.

By implementing these measures, authentication services can

significantly enhance their security posture and protect user identities
from unauthorised access and misuse. It's crucial to adopt a holistic

e
approach and stay proactive in addressing emerging security threats.

ir
Attacks on Mobile/Cell Phones: Mobile phones are susceptible to
es
various types of attacks, ranging from traditional malware to more
sophisticated social engineering tactics. Here are some common attacks
on mobile or cell phones:
D
u
Ed

1. Malware and Mobile Viruses: Malicious software designed to infect

mobile devices and compromise their functionality.

How to Protect:
● Install reputable antivirus and anti-malware apps.
● Download apps only from official app stores.
● Keep the device's operating system and apps updated.

30 Edu Desire
2. Phishing Attacks: Attempts to trick users into revealing sensitive
information by posing as a trustworthy entity.

How to Protect:
● Be cautious of unsolicited emails, messages, or calls asking for
personal information.
● Verify the legitimacy of websites before entering credentials.

3. Man-in-the-Middle (MitM) Attacks: Intercepting and possibly

altering communication between two parties without their knowledge.

e
How to Protect:

ir
● Use secure Wi-Fi connections or VPNs.
● Be cautious when connecting to public Wi-Fi networks.
es
4. Ransomware: Malware that encrypts data on the device, demanding a
ransom for its release.
D
How to Protect:
● Regularly backup important data.
● Avoid clicking on suspicious links or downloading unknown
u

attachments.
Ed

5. SIM Card Swapping: Unauthorised individuals attempt to take control

of a user's phone number by swapping the SIM card.

How to Protect:
● Set up a PIN or password for SIM card changes.
● Contact your mobile carrier immediately if you experience
unexpected loss of service.

6. Bluejacking and Bluesnarfing: Exploiting Bluetooth connections to

send unsolicited messages or gain unauthorised access to a device.

31 Edu Desire
How to Protect:
● Turn off Bluetooth when not in use.
● Set devices to non-discoverable mode in public places.

7. Spyware: Software installed on a device without the user's knowledge

to collect information.

How to Protect:
● Regularly review installed apps and permissions.
● Use security software that scans for spyware.

e
8. Wi-Fi Eavesdropping: Unauthorised individuals intercepting

ir
unencrypted Wi-Fi traffic to capture sensitive information.

How to Protect:
es
● Use secure, encrypted Wi-Fi connections.
● Avoid transmitting sensitive information on public networks.
D
9. Social Engineering Attacks: Manipulating individuals to divulge
confidential information or perform actions that may compromise
security.
u
Ed

How to Protect:
● Be sceptical of unsolicited communication asking for sensitive
information.
● Educate yourself and others about common social engineering
tactics.

10. App Permissions Abuse: Malicious apps exploiting excessive

permissions to access and misuse personal data.

How to Protect:
● Review and limit app permissions.
● Only install apps from reputable sources.

32 Edu Desire
11. USB Charging Port Attacks: Malicious USB charging stations or
cables that can install malware when connected to a device.

How to Protect:
● Avoid using public charging stations.
● Use only trusted charging cables and adapters.

12. Browsing and Downloading Risks: Visiting malicious websites or

downloading apps from untrusted sources.

How to Protect:

e
● Use secure and updated browsers.

ir
● Download apps only from official app stores.
es
Ensuring mobile security requires a combination of user awareness,
adopting best practices, and utilising security features and tools
provided by the mobile operating system. Regularly updating devices
and staying informed about new threats is essential for maintaining a
D
secure mobile environment.
u

Security Implications for Organisations:

Security is a crucial aspect of any organisation, as it protects sensitive
Ed

information, systems, and reputation from harm. However,

organisations face various security threats that can lead to serious
consequences.

33 Edu Desire
Common Security Threats
1. Data Breaches: Unauthorised access to confidential data like
customer records or financial information can be costly and
damaging.

2. Malware Infections: Malicious software like viruses or

ransomware can steal data, disrupt operations, or hold systems
hostage.

3. Phishing Attacks: Deceptive attempts to trick users into

revealing sensitive information like passwords or credit card
details.

e
ir
4. Denial-of-Service (DoS) Attacks: Overwhelming a system with
traffic to make it unavailable to legitimate users.
es
5. Supply Chain Attacks: Compromising vendors or suppliers to
gain access to an organisation's systems and data.
D
Mitigating Security Risks: Organisations can take proactive
measures to reduce security risks:
1. Strong Security Policies: Establish clear guidelines for IT usage
u

and incident response procedures.

Ed

2. Robust Authentication: Enforce strong passwords and

multi-factor authentication (MFA) for secure account access.

3. Cybersecurity Awareness Training: Educate employees on

identifying cyber threats and best practices.

4. Regular Software Updates: Apply software patches promptly

to address vulnerabilities.

5. Network Segmentation: Separate networks to limit the spread

of malware and other threats.

34 Edu Desire
6. Firewalls and Intrusion Detection Systems (IDS): Implement
firewalls to block unauthorised traffic and IDS to monitor for
suspicious activity.

Organisational Measures for Handling Mobile Devices: Enhancing

Security and Productivity
● Mobile devices have become ubiquitous in today's workplace,
transforming how organisations operate and communicate.
● However, the increasing reliance on mobile devices also
introduces new security challenges and potential distractions.
● To effectively manage mobile devices within the organisation, a
comprehensive set of measures is essential.

e
ir
1. Implement a Mobile Device Management (MDM) Solution: MDM
software provides centralised control over mobile devices, enabling IT
administrators to configure settings, enforce security policies, and
remotely manage devices.
es
Key features of MDM include:
D
● Device enrollment and provisioning: Streamline device setup
and ensure consistent configurations.
u

● Application management: Deploy, update, and restrict

applications based on organisational needs.
Ed

● Remote access and control: Remotely wipe or lock devices in

case of loss or theft.

● Security enforcement: Enforce password policies, data

encryption, and other security measures.

2. Establish a Mobile Device Policy: A clear and comprehensive

mobile device policy outlines acceptable usage guidelines, security
requirements, and employee responsibilities.

35 Edu Desire
The policy should address:
● Device usage: Define permitted and prohibited activities on
mobile devices.

● Data security: Specify data protection measures and

encryption protocols.

● App installation: Establish guidelines for installing and using

applications.

● BYOD (Bring Your Own Device) Guidelines: Set rules for

e
personal devices used for work purposes.

ir
● Employee training and awareness: Educate employees on the
policy and its implications.
es
3. Implement Mobile Threat Defense (MTD) Solutions: MTD
software provides real-time protection against mobile threats, such as
malware, phishing attacks, and malicious websites.
D
Key features of MTD include:
● Threat detection and prevention: Block malicious
u

applications, websites, and phishing attempts.

Ed

● Vulnerability assessment: Identify and remediate

vulnerabilities in mobile devices and applications.

● Threat intelligence: Leverage real-time threat intelligence to

stay ahead of emerging threats.

● Data loss prevention (DLP): Prevent sensitive data from leaving

the organisation through mobile devices.

36 Edu Desire
4. Secure Mobile Network Connectivity: Organisations should
implement secure network access methods for mobile devices, such
as:
● Virtual Private Networks (VPNs): Encrypt data transmission
over public Wi-Fi networks.

● Mobile Device Management (MDM) integrated VPNs: Integrate

VPN capabilities into MDM solutions for centralised control.

● Zero Trust Network Access (ZTNA): Continuously authenticate

and verify user identities before granting access to network

e
resources.

ir
5. Promote Mobile Device Security Awareness: Educating employees
about mobile security risks and best practices is crucial for preventing
human error.
es
Regular training sessions should cover topics such as:
D
● Identifying and avoiding phishing attacks
● Strong password practices
● Secure app installation and usage
● Reporting suspicious activity
u
Ed

6. Address Mobile Device Productivity Issues: Organisations should

address mobile device productivity issues to ensure optimal employee
performance:
● Provide adequate data plans and Wi-Fi access
● Optimise applications for mobile usage
● Encourage breaks and digital detox
● Promote mobile-friendly work practices

37 Edu Desire
Organisational Security Policies and Measures in Mobile
Computing Era: As mobile devices have become indispensable tools
for businesses, organisations need to implement comprehensive
security policies and measures to protect their valuable data and
maintain operational integrity.

Here's an overview of the crucial aspects of organisational security

in the mobile computing era:

e
ir
es
1. Mobile Device Management (MDM) Solutions: MDM software
D
provides centralised control over mobile devices, enabling IT
administrators to manage and secure devices effectively. Key features
of MDM include:
u

● Device enrollment and provisioning: Streamline device setup

and ensure consistent configurations.
Ed

● Application management: Deploy, update, and restrict

applications based on organisational needs.
● Remote access and control: Remotely wipe or lock devices in
case of loss or theft.
● Security enforcement: Enforce password policies, data
encryption, and other security measures.

2. Mobile Device Policy: A clear and comprehensive mobile device

policy outlines acceptable usage guidelines, security requirements,
and employee responsibilities. The policy should address:

38 Edu Desire
● Device usage: Define permitted and prohibited activities on
mobile devices.
● Data security: Specify data protection measures and
encryption protocols.
● App installation: Establish guidelines for installing and using
applications.
● BYOD (Bring Your Own Device) Guidelines: Set rules for
personal devices used for work purposes.
● Employee training and awareness: Educate employees on the
policy and its implications.

e
3. Mobile Threat Defense (MTD) Solutions: MTD software provides
real-time protection against mobile threats, such as malware, phishing

ir
attacks, and malicious websites. Key features of MTD include:
● Threat detection and prevention: Block malicious
es
applications, websites, and phishing attempts.
● Vulnerability assessment: Identify and remediate
vulnerabilities in mobile devices and applications.
D
● Threat intelligence: Leverage real-time threat intelligence to
stay ahead of emerging threats.
● Data loss prevention (DLP): Prevent sensitive data from leaving
the organisation through mobile devices.
u
Ed

4. Secure Mobile Network Connectivity: Organisations should

implement secure network access methods for mobile devices, such
as:
● Virtual Private Networks (VPNs): Encrypt data transmission
over public Wi-Fi networks.
● Mobile Device Management (MDM) integrated VPNs: Integrate
VPN capabilities into MDM solutions for centralised control.
● Zero Trust Network Access (ZTNA): Continuously authenticate
and verify user identities before granting access to network
resources.

39 Edu Desire
5. Mobile Device Security Awareness: Educating employees about
mobile security risks and best practices is crucial for preventing
human error. Regular training sessions should cover topics such as:
● Identifying and avoiding phishing attacks
● Strong password practices
● Secure app installation and usage
● Reporting suspicious activity

6. Mobile Device Productivity Optimization: Organisations should

address mobile device productivity issues to ensure optimal employee
performance:

e
● Provide adequate data plans and Wi-Fi access

ir
● Optimise applications for mobile usage
● Encourage breaks and digital detox
● Promote mobile-friendly work practices
es
D
u
Ed

40 Edu Desire
Unit-3
TOOLS AND METHODS USED IN CYBERCRIME

Introduction: Cybercrime involves the use of digital tools and

techniques to conduct illicit activities with the intent to exploit,
compromise, or gain unauthorised access to computer systems,
networks, and sensitive information. In this section, we explore various
tools and methods employed by cybercriminals, starting with the use of
proxy servers and anonymizers.

What are Proxy Servers?

e
● A proxy server is an intermediate server that sits between a user's

ir
device and the internet.
● When a user makes a request to access a website, the request first
goes to the proxy server, which then forwards the request to the
website.
es
● The website's response is sent back to the proxy server, which then
sends it back to the user's device.
D
u
Ed

The primary function of a proxy server is to act as an intermediary

between the user's device and the internet. This can provide a number of
benefits, including:

41 Edu Desire
● Anonymity: Because the website only sees the proxy server's IP
address, not the user's device IP address, the user's identity is
concealed.
● Security: Proxy servers can act as a buffer between the user's
device and the internet, helping to protect against malware,
viruses, and other types of attacks.
● Access control: Proxy servers can be configured to block or allow
certain types of traffic, such as social media or streaming websites,
providing organisations with control over what their employees
can access.

Types of Proxy Servers: There are several different types of proxy

e
servers, including:

ir
● Open or Forward Proxy: A forward proxy is a server that sits
between a client and the internet. The client sends a request to the
forward proxy, which then sends the request to the internet on
es
behalf of the client.
● Reverse Proxy: A reverse proxy is a server that sits between the
internet and a server. The reverse proxy receives requests from the
D
internet and then forwards those requests to the appropriate
server.
● Transparent Proxy: A transparent proxy is a proxy that does not
modify the request or response, but simply passes the traffic along.
u

Transparent proxies are often used in corporate environments to

monitor and control access to the internet.
Ed

● Anonymous Proxy: An anonymous proxy is a proxy that conceals

the user's IP address, providing an additional layer of privacy.

What are Anonymizers?

● An anonymizer is a tool that is used to conceal a user's identity
when accessing the internet.
● Anonymizers work by hiding the user's IP address, making it
difficult for websites to track the user's online activity.

42 Edu Desire
There are several different types of anonymizers, including:
● VPN: A Virtual Private Network (VPN) is a type of anonymizer that

e
creates an encrypted connection between the user's device and the
internet. All traffic between the device and the internet is routed

ir
through the VPN, which conceals the user's IP address and provides
an additional layer of security.
● TOR: The Onion Router (TOR) is a free software program that is
es
used to conceal a user's online activity by routing their traffic
through a network of servers. TOR is designed to be extremely
difficult to trace, making it a popular choice for users who need to
D
conceal their identity.
● Web-based anonymizers: Web-based anonymizers are online tools
that allow users to browse the internet without revealing their IP
u

address. These tools work by routing traffic through a third-party

server, making it difficult for websites to track the user's online
Ed

activity.

What is Phishing:
Phishing is one type of cyber attack. Phishing got its name from “phish”
meaning fish. It’s a common phenomenon to put bait for the fish to get
trapped. Similarly, phishing works. It is an unethical way to dupe the
user or victim to click on harmful sites. The attacker crafts the harmful
site in such a way that the victim feels it to be an authentic site, thus
falling prey to it. The most common mode of phishing is by sending spam
emails that appear to be authentic and thus, taking away all credentials
from the victim. The main motive of the attacker behind phishing is to
gain confidential information like.

43 Edu Desire
● Password
● Credit card details
● Social security numbers
● Date of birth

The attacker uses this information to further target the user and
impersonate the user and cause data theft. The most common type of
phishing attack happens through email. Phishing victims are tricked into
revealing information that they think should be kept private. The original
logo of the email is used to make the user believe that it is indeed the
original email. But if we carefully look into the details, we will find that

e
the URL or web address is not authentic.

ir
How Does Phishing Occur?
● Clicking on an unknown file or Attachment: Here, the attacker
es
deliberately sends a mysterious file to the victim, as the victim
opens the file, either malware is injected into his system or it
prompts the user to enter confidential data.
D
● Using an open or free wifi hotspot: This is a very simple way to
get confidential information from the user by luring him by giving
him free wifi. The wifi owner can control the user’s data without
the user knowing it.
u

● Responding to social media requests: This commonly includes

Ed

social engineering. Accepting unknown friend requests and then,

by mistake, leaking secret data are the most common mistakes
made by naive users.
● Clicking on unauthenticated links or ads: Unauthenticated links
have been deliberately crafted that lead to a phished website that
tricks the user into typing confidential data.

Types of Phishing Attacks

● Email Phishing: The most common type where users are tricked
into clicking unverified spam emails and leaking secret data.
Hackers impersonate a legitimate identity and send emails to mass
victims. Generally, the goal of the attacker is to get personal details

44 Edu Desire
like bank details, credit card numbers, user IDs, and passwords of
any online shopping website, installing malware, etc. After getting
the personal information, they use this information to steal money
from the user’s account or harm the target system, etc.
● Spear Phishing: In spear phishing or phishing attack, a particular
user(organisation or individual) is targeted. In this method, the
attacker first gets the full information of the target and then sends
malicious emails to his/her inbox to trap him into typing
confidential data. For example, the attacker targets someone(let’s
assume an employee from the finance department of some
organisation). Then the attacker pretends to be like the manager of
that employee and then requests personal information or transfers

e
a large sum of money. It is the most successful attack.

ir
● Whaling: Whaling is just like spear-phishing but the main target is
the head of the company, like the CEO, CFO, etc. a pressurized
email is sent to such executives so that they don’t have much time
es
to think, therefore falling prey to phishing.
● Smishing: In this type of phishing attack, the medium of phishing
attack is SMS. Smishing works similarly to email phishing. SMS
D
texts are sent to victims containing links to phished websites or
invite the victims to call a phone number or to contact the sender
using the given email. The victim is then invited to enter their
personal information like bank details, credit card information,
u

user id/ password, etc. Then using this information the attacker
harms the victim.
Ed

● Vishing: Vishing is also known as voice phishing. In this method,

the attacker calls the victim using modern caller id spoofing to
convince the victim that the call is from a trusted source. Attackers
also use IVR to make it difficult for legal authorities to trace the
attacker. It is generally used to steal credit card numbers or
confidential data from the victim.
● Clone Phishing: Clone Phishing this type of phishing attack, the
attacker copies the email messages that were sent from a trusted
source and then alters the information by adding a link that
redirects the victim to a malicious or fake website. Now the
attacker sends this mail to a larger number of users and then waits
to watch who clicks on the attachment that was sent in the email. It

45 Edu Desire
spreads through the contacts of the user who has clicked on the
attachment.

Signs of Phishing Attacks:

It is very much important to be able to identify the signs of a phishing
attack in order to protect against its harmful effects. These signs help the
user to protect user data and information from hackers. Here are some
signs to look out for include:
● Suspicious email addresses: Phishing emails often use fake email
addresses that appear to be from a trusted source, but are actually
controlled by the attacker. Check the email address carefully and

e
look for slight variations or misspellings that may indicate a fake
address.

ir
● Urgent requests for personal information: Phishing attacks often
try to create a sense of urgency in order to trick victims into
providing personal information quickly. Be cautious of emails or
es
messages that ask for personal information and make sure to verify
the authenticity of the request before providing any information.
● Poor grammar and spelling: Phishing attacks are often created
D
quickly and carelessly, and may contain poor grammar and spelling
errors. These mistakes can indicate that the email or message is not
legitimate.
● Requests for sensitive information: Phishing attacks often try to
u

steal sensitive information, such as login credentials and financial

information. Be cautious of emails or messages that ask for
Ed

sensitive information and verify the authenticity of the request

before providing any information.
● Unusual links or attachments: Phishing attacks often use links or
attachments to deliver malware or redirect victims to fake
websites. Be cautious of links or attachments in emails or messages,
especially from unknown or untrusted sources.
● Strange URLs: Phishing attacks often use fake websites that look
similar to the real ones, but have slightly different URLs. Look for
strange URLs or slight variations in the URL that may indicate a
fake website.

46 Edu Desire
How To Stay Protected Against Phishing?
● Authorised Source: Download software from authorised sources
only where you have trust.
● Confidentiality: Never share your private details with unknown
links and keep your data safe from hackers.
● Check URL: Always check the URL of websites to prevent any such
attack. it will help you not get trapped in Phishing Attacks.
● Avoid replying to suspicious things: If you receive an email from
a known source but that email looks suspicious, then contact the
source with a new email rather than using the reply option.
● Phishing Detection Tool: Use phishing-detecting tools to monitor
the websites that are crafted and contain unauthentic content.

e
● Try to avoid free wifi: Avoid using free Wifi, it will lead to threats

ir
and Phishing.
● Keep your system updated: It’s better to keep your system always
updated to protect from different types of Phishing Attacks.
es
● Keep the firewall of the system ON: Keeping ON the firewalls
helps you in filtering ambiguous and suspicious data and only
authenticated data will reach you.
D
Password Cracking: It is a cyber attack technique where unauthorised
individuals attempt to gain access to user accounts or systems by
decrypting or bypassing passwords. This activity is often performed
u

using various methods and tools to exploit weaknesses in password

security.
Ed

Methods of Password Cracking:

47 Edu Desire
1. Brute Force Attacks: The attacker systematically tries all possible
combinations of passwords until the correct one is found.
● Countermeasure: Implement account lockout policies and use
strong, complex passwords.

2. Dictionary Attacks: Attackers use precompiled lists of common

passwords (dictionaries) to attempt login.
● Countermeasure: Enforce strong password policies, including the
avoidance of easily guessable passwords.

3. Rainbow Table Attacks: Attackers use precomputed tables (rainbow

e
tables) of hashed passwords to quickly crack password hashes.

ir
● Countermeasure: Use salting and strong, unique hashing
algorithms to protect password hashes.
es
4. Credential Stuffing: Attackers use known username and password
pairs obtained from previous data breaches to gain unauthorised access
to other accounts where users have reused passwords.
D
● Countermeasure: Encourage users to use unique passwords for
different accounts and implement multi-factor authentication.
u

5. Keylogging: Malicious software records keystrokes to capture

usernames and passwords as users type.
Ed

● Countermeasure: Use updated antivirus software, employ

intrusion detection systems, and educate users about the risks of
downloading unknown software.

6. Phishing: Attackers trick individuals into revealing their passwords

through deceptive emails or fake websites.
● Countermeasure: Educate users about phishing risks and
implement email filtering solutions.

48 Edu Desire
Countermeasures:

1. Strong Password Policies: Enforce the use of complex passwords

containing a mix of uppercase and lowercase letters, numbers, and
special characters.

2. Password Hashing and Salting: Use strong, one-way hashing

algorithms and employ unique salts for each user to protect
password hashes.

3. Multi-Factor Authentication (MFA): Implement MFA to add an

e
extra layer of security even if passwords are compromised.

ir
4. Account Lockout Policies: Set account lockout policies to prevent
brute force attacks by locking an account after a certain number of
es
failed login attempts.

5. Regular Security Audits: Conduct regular security audits to

D
identify and address vulnerabilities in password security.

6. Education and Awareness: Train users to recognize phishing

u

attempts and understand the importance of strong password

practices.
Ed

7. Monitoring and Detection: Implement intrusion detection

systems to monitor and detect unusual login patterns or activities.

Password cracking is a constant threat, and organisations must adopt a

multi-layered approach to safeguard against various methods used by
attackers. Combining strong technical measures with user education and
awareness is essential to maintaining robust password security.

49 Edu Desire
What is a Keylogger?
● Keylogger is a malicious program that is specifically designed to
monitor and log the keystrokes made by the user on their
keyboards.
● It is a form of spyware program used by cybercriminals to fetch
sensitive information like banking details, login credentials of
social media accounts, credit card number, etc.
● A keylogger can monitor and log such information and send those
to the cybercriminal behind it.
● A keylogger can not only monitor the keystrokes, but it can also
take note of every click and touch on your system.

e
● First key-logger was invented in 1970’s and was a hardware

ir
keylogger and first software key-logger was developed in 1983.

Types of Keyloggers:
es
1. Software keyloggers: Software key-loggers are computer programs
which are developed to steal passwords from the victim's computer.
However key loggers are used in IT organisations to troubleshoot
D
technical problems with computers and business networks. Microsoft
Windows 10 also has a key-logger installed in it.
● JavaScript based keylogger: It is a malicious script which is
u

installed into a web page, and listens for keys to press such as
oneKeyUp(). These scripts can be sent by various methods, like
Ed

sharing through social media, sending as a mail file, or RAT file.

● Form Based Keyloggers: These are key-loggers which activate
when a person fills a form online and when clicking the button
submit all the data or the words written are sent via file on a
computer. Some key-loggers work as an API in a running
application. It looks like a simple application and whenever a key is
pressed it records it.

2. Hardware Key-loggers: These are not dependent on any software as

these are hardware key-loggers. keyboard hardware is a circuit which is
attached in a keyboard itself that whenever the key of that keyboard is
pressed it gets recorded.

50 Edu Desire
● USB keylogger: There are USB connector key-loggers which have
to be connected to a computer and steal the data. Also some
circuits are built into a keyboard so no external wire is used or
shows on the keyboard.
● Smartphone sensors: Some cool android tricks are also used as
keyloggers such as android accelerometer sensor which when
placed near to the keyboard can sense the vibrations and the graph
then used to convert it to sentences, this technique accuracy is
about 80%. Nowadays crackers are using keystroke logging Trojan,
a malware which is sent to a victim's computer to steal the data and
login details.

e
Prevention from keyloggers: These are following below-

ir
● Anti-Key-logger: As the name suggests these are the software
which are anti / against keyloggers and main task is to detect
es
key-loggers from a computer system.
● Anti-Virus: Many anti-virus software also detect keyloggers and
delete them from the computer system. These are software
anti-software so these can not get rid from the hardware
D
key-loggers.
● Automatic form filler: This technique can be used by the user to
not fill forms on regular bases instead use automatic form filler
u

which will give a shield against key-loggers as keys will not be

pressed .
Ed

● One-Time-Passwords: Using OTP’s as password may be safe as

every time we login we have to use a new password.
● Patterns or mouse-recognition: On android devices use pattern as
a password of applications and on PC use mouse recognition,
mouse program uses mouse gestures instead of stylus.
● Voice to Text Converter: This software helps to prevent
Keylogging which targets a specific part of our keyboard.

51 Edu Desire
What is Spyware?
● Spyware is malicious software that enters a user’s computer,
gathers data from the device and user, and sends it to third parties
without their consent.
● Spyware collects personal and sensitive information that it sends
to advertisers, data collection firms, or malicious actors for a profit.
● Attackers use it to track, steal, and sell user data, such as internet
usage, credit card, and bank account details, or steal user
credentials to spoof their identities.
● Spyware is one of the most commonly used cyberattack methods
that can be difficult for users and businesses to identify and can do
serious harm to networks. It also leaves businesses vulnerable to

e
data breaches and data misuse, often affects device and network

ir
performance, and slows down user activity.

Different types of Spyware:

es
● Adware: It is a type of Spyware that keeps track of the user’s
activity and gives advertisements based on the tracked activity of
the user.
D
● Tracking Cookies: It is a type of Spyware that tracks a user’s
activity and supplies the same to third parties.
● Trojans: It is a type of Spyware that is the most dangerous. It aims
to steal confidential user information such as bank details,
u

passwords and transfers it to a third party to perform illegal

transactions or frauds.
Ed

● Keyloggers: It is a type of Spyware that keeps a track of all the

keystrokes that the user enters through the keyboard. It is
dangerous as it contributes to cyber fraud where sensitive
passwords can be stolen by keeping an eye on the user who entered
the information.
● Stalkerware: It is a type of Spyware that is installed on mobile
phones to stalk the user. It tracks the movement of the user and
sends the same to the third party.
● System Monitor: It is a type of Spyware that monitors and keep a
track of the entire system including users activity, sensitive
information, keystrokes, calls, and chats. It is extremely dangerous
to user privacy.

52 Edu Desire
How to Prevent Spyware?
● Installing Antivirus/ Antispyware: The best way to protect your
system from spyware is to install a good quality Anti-spyware or
Antivirus such as MalwareBytes, Adaware, AVG Antivirus,
SpywareBlaster, etc. This will help in protecting the computer
system in case spyware tries to attach to our system. Installing
Antivirus/ Antispyware also protects the system from harmful
threats by blocking sites that try to steal data or leak the data to
third-party users.
● Beware of Cookie Settings: There are some websites that transfer
confidential information alongside cookies. It is always advisable

e
to keep a check on the cookie settings and set the settings to high
security.

ir
● Beware of the Pop-ups on Websites: Don’t click on the pop-ups
that appear on your website without reading them. Never accept
their terms and conditions as it is highly dangerous. Always close
es
the pop-up windows without clicking on ‘ok’.
● Never Install Free Software: Always be very cautious when you
install free software on your systems. Free software mostly has
D
spyware attached to them and it can directly leak confidential user
information.
● Always read Terms & Conditions: Always read Terms and
u

Conditions before installing apps on your system. Never accept

policies that breach privacy. Download only trusted and verified
Ed

apps from Google PlayStore or Apple PlayStore for mobile phones

to protect them from Spyware.

Viruses and Worms:

While discussing the virus and worm, it is important to first understand
the larger category of malicious programs, called "Malware". Malware can
be defined as a special kind of code or application specifically developed
to harm electronic devices or the people using those devices. Viruses and
worms are both types of malware; however, there are significant
differences between them.

53 Edu Desire
What is a Virus?
● A Virus is a program developed using malicious code with a nature
that links itself to the executable files and propagates device to
device.
● Viruses are often transferred through the downloaded files and the
shared files.
● They can also be attached with a scripting program and
non-executable files like images, documents, etc.
● After the user executes the infected program, the virus gets
activated and starts replicating further on its own.

e
Viruses can harm the system by the following means:
● Filling up the disk space unnecessarily

ir
● Formatting the hard disk drive automatically
● Making the system slow
es
● Modify, or delete personal data or system files
● Stealing sensitive data
D
How does a virus spread?
The virus does not have the capability of spreading itself. It requires the
host and human support to spread. The virus is developed in such a way
u

that it attaches itself to the executable files. It further spreads when the
infected executable file or software is transferred from one device to
Ed

another. As soon as a human launches the infected file or a program, the

virus starts replicating itself.

What is a Worm?
● Worms are the type of virus that can self-replicate and travel from
device to device using a computer network. That means worms
don't need any host to spread.
● They are standalone computer malware that doesn't even require
human support to execute.
● Usually, worms use computer networks by exploiting
vulnerabilities, and that makes them spread more quickly.

54 Edu Desire
How does a worm spread?
Unlike viruses, worms don't require host files to spread. This means that
worms do not attach themselves with executable files or programs.
Instead, worms find a weak spot in the system and enter through a
vulnerability in the network. Before we detect and remove worms from
our system, they replicate and spread automatically and consume all the
network bandwidth. This can result in the failure of the entire network
and web servers. Because worms can spread automatically, their
spreading speed is comparatively faster than other malware.

e
Difference between Worms and Virus :

ir
Basis of WORMS VIRUS
Comparison

Definition
es
A Worm is a form of malware A Virus is a malicious
that replicates itself and can executable code attached to
spread to different computers another executable file which
via Network. can be harmless or can
D
modify or delete data.

Objective The main objective of worms The main objective of viruses

is to eat the system resources. is to modify the information.
u

It consumes system resources

such as memory and
bandwidth and makes the
Ed

system slow in speed to such

an extent that it stops
responding.

Host It doesn’t need a host to It requires a host to spread.

replicate from one computer
to another.

Harmful It is less harmful as It is more harmful.

compared.

Detection Worms can be detected and Antivirus software is used for

and removed by the Antivirus and protection against viruses.
Protection firewall.

Controlled by Worms can be controlled by Viruses can’t be controlled

55 Edu Desire
remote. remotely.

Execution Worms are executed via Viruses are executed via

weaknesses in the system. executable files.

Comes from Worms generally come from Viruses generally come from
the downloaded files or the shared or downloaded
through a network files.
connection.

Prevention ● Keep your operating ● Installation of Antivirus

system and system in software
updated state ● Never open email
● Avoid clicking on links attachments
from untrusted or ● Avoid usage of pirated

e
unknown websites software
● Avoid opening emails ● Keep your operating

ir
from unknown sources system updated
● Use antivirus software ● Keep your browser
and a firewall updated as old versions
es are vulnerable to
linking to malicious
websites

Types Internet worms, Instant Boot sector virus, Direct

D
messaging worms, Email Action virus, Polymorphic
worms, File sharing worms, virus, Macro virus, Overwrite
Internet relay chat (IRC) virus, File Infector virus are
worms are different types of different types of viruses
u

worms.

Examples Examples of worms include Examples of viruses include

Ed

Morris worm, storm worm, Creeper, Blaster, Slammer,

etc. etc.

Interface It does not need human It needs human action to

action to replicate. replicate.

Speed Its spreading speed is faster. Its spreading speed is slower

as compared to worms.

56 Edu Desire
What is a Trojan Horse?
● The name of the Trojan Horse is taken from a classical story of the
Trojan War.
● It is a code that is malicious in nature and has the capacity to take
control of the computer.
● It is designed to steal, damage, or do some harmful actions on the
computer.
● It tries to deceive the user to load and execute the files on the
device. After it executes, this allows cybercriminals to perform
many actions on the user’s computer like deleting data from files,
modifying data from files, and more.

e
● Now like many viruses or worms, Trojan Horse does not have the

ir
ability to replicate itself.

Types of Trojan Horse: Now there are many Trojans which are designed
es
to perform specific functions. Some of them are: –
● Backdoor trojan: A trojan horse of this kind gives the attacker
remote access to the compromised machine.
D
● Ransom trojan: This kind of trojan horse is intended to encrypt
the data on the compromised system and then demand payment in
exchange for its decryption.
u

● Trojan Banker: It is designed to steal the account data for online

banking, credit and debit cards, etc.
Ed

● Trojan Downloader: It is designed to download many malicious

files like the new versions of Trojan and Adware into the computer
of the victims.
● Trojan Dropper: It is designed to prevent the detection of
malicious files in the system. It can be used by hackers for
installing Trojans or viruses on the victim’s computers.
● Trojan GameThief: It is designed to steal data from Online Gamers.

57 Edu Desire
Uses of Trojan Horse: There are many ways that it can be used :
● Spy: Some Trojans act as spyware. It is designed to take the data
from the victim like social networking(username and passwords),
credit card details, and more.
● Creating backdoors: The Trojan makes some changes in the
system or the device of the victim, So this is done to let other
malware or any cyber criminals get into your device or the system.
● Zombie: There are many times that the hacker is not at all
interested in the victim’s computer, but they want to use it under
their control.

e
Prevention from Trojan Horse: The most basic prevention method: –
● Do not download anything like the images, and audios from an

ir
unsecured website.
● Do not click on the ads that pop up on the page with
es
advertisements for online games.
● Do not open any attachment that has been sent from an unknown
use.
D
● The user has to install the antivirus program. This anti-virus
program has the capacity to detect those files which are affected by
a virus.
u
Ed

What are Backdoors?

● A backdoor is an undocumented way to bypass existing
cybersecurity measures and gain access to the computer system or
device. Software and hardware developers sometimes install
backdoors into their own products to retain access for
troubleshooting purposes.
● Backdoor installation helps software developers solve various
problems, for example, retrieve data from a device to aid a criminal
investigation or restore users’ lost passwords. But the backdoors
might also be exploited by hackers, but how?

58 Edu Desire
How does a backdoor attack work: Backdoor attacks work in two ways.

● In the first scenario, hackers use a backdoor to circumvent normal

security measures and gain unauthorised access to a computer
system and its data.
● In the second one, they exploit system vulnerabilities to gain
access into it and implant backdoor software. Once the backdoor is
in, attackers can easily re-enter the system whenever they like,
even if the vulnerabilities are fixed.

Types of Backdoor Attack Backdoor attacks vary depending on the

types of backdoors they use. We’ll explore those different options now.

e
1. Administrative backdoors:

ir
Lots of software developers include backdoors in their programs to give
them easy administrative access to various areas of their own systems.
Doing so can help them to troubleshoot user problems and fix
es
vulnerabilities quickly. However, if these backdoors are discovered by
cybercriminals, they can be used to launch cyberattacks.
2. Malicious backdoors:
D
A malicious backdoor is one created for a malicious purpose. This process
may involve hackers installing backdoor malware through a targeted
phishing email. If the hacker can eventually gain access to the code of an
u

operating system, they can add backdoors to allow for easy access in the
future.
Ed

3. Accidental backdoors:
Many backdoors are just the result of human error. When a developer
leaves a weak point in their internet security systems, it can go
undetected for a long time. If bad actors find the flaw first, they can use it
as a backdoor to the operating system or application.
4. Hardware backdoors:
While most backdoor attacks involve hackers gaining remote access to
networks and devices through software flaws, it’s also possible to include
hardware backdoors in the physical structure of a device. A good
example is the Clipper chip that the NSA proposed. However, this
approach is high risk for a cybercriminal because it requires physical
access to a targeted device.

59 Edu Desire
How to protect yourself from backdoor attacks: Here are some steps
you can take to protect yourself.

● Don’t use your work device for personal internet activity: Even
if you don’t visit high-risk websites, it’s easy to accidentally click
on a malicious ad or a phishing link, triggering a malware
download. A work device, like a personal computer or phone, could
be a hacker’s access point to the entire company, so it’s your
responsibility to protect it.
● Report any unusual or suspicious incidents: If your device is
acting strangely or you’ve received a suspicious email, report these
potential red flags to superiors within your organisation. If the

e
company has a security team or specialist, contact them directly.

ir
● Use a VPN, especially while travelling: Remote work is
increasingly common, but connecting to public Wi-Fi in a local
cafe, on a train, or in a hotel could be risky. These hotspots are
es
often the hunting grounds of hackers, so use a VPN on your work
device to keep your online activity private.
● Use strong passwords: Create strong and unique passwords for all
D
your accounts, and change the passwords regularly. You can use a
password manager to store your credentials so you don’t have to
memorise them.
u

● Enable firewalls: Use both hardware and software firewalls to

protect your network from unauthorised access.
Ed

● Monitor network traffic: Keep an eye on your network traffic for

unusual activity, which might indicate a backdoor being used.

Steganography:
● Steganography is like hiding a secret message in plain sight.
● Instead of encrypting the message, you hide it within another
seemingly innocent file, like an image, audio file, or even a text
document.
● The goal is to conceal the existence of the message, making it
difficult for others to detect.

60 Edu Desire
e
Techniques:

ir
1. Image Steganography:
● Embedding data within images by subtly altering pixel values. This
can be achieved through the least significant bit (LSB) method,
es
where the least significant bits of pixel values are replaced with
hidden data.
D
2. Audio Steganography:
● Concealing information within audio files by modifying certain
components, such as the amplitude or frequency. This can be done
u

without significantly altering the perceived quality of the audio.

Ed

3. Text Steganography:
● Hiding information within text by using techniques like whitespace
manipulation, word or letter arrangement, or embedding messages
within seemingly innocent text.

4. Video Steganography:
● Embedding data within video files, often by modifying specific
frames or components of the video stream. Similar to image
steganography, this can involve altering pixel values.

61 Edu Desire
5. File Steganography:
● Hiding data within seemingly innocuous files, such as documents
or executable files, by manipulating certain aspects without
affecting the overall functionality.

Denial of Service (DoS) Attack:

DOS Attack is a denial of service attack, in this attack a computer sends a
massive amount of traffic to a victim’s computer and shuts it down. Dos
attack is an online attack that is used to make the website unavailable for
its users when done on a website. This attack makes the server of a

e
website that is connected to the internet by sending a large amount of
traffic to it.

ir
es
D
u

Detection and Mitigation:

● Traffic Monitoring: Use network monitoring tools to detect
Ed

unusual patterns or spikes in traffic.

● Firewalls and Intrusion Prevention Systems (IPS): Employ
firewalls and IPS to filter and block malicious traffic.
● Load Balancers: Distribute incoming traffic to prevent
overwhelming a single server.

Distributed Denial of Service (DDoS) Attack:

A DDoS attack involves multiple compromised computers, known as
botnets, working together to flood a target system with a massive volume
of traffic. The distributed nature makes DDoS attacks more challenging
to mitigate compared to traditional DoS attacks.

62 Edu Desire
e
Detection and Mitigation:
● Traffic Analysis: Use anomaly detection and traffic analysis tools

ir
to identify unusual patterns.
● Rate Limiting: Implement rate limiting to restrict the number of
requests from a single source.
es
● Content Delivery Networks (CDNs): Distribute content across
multiple servers to absorb and mitigate DDoS traffic.
D
Difference between DOS and DDOS attacks:

DOS DDOS
u

DOS Stands for Denial of service DDOS Stands for Distributed

attack. Denial of service attack.
Ed

In Dos attacks, a single system In DDoS multiple systems attack

targets the victim system. the victim's system.

Victim PC is loaded from the Victim PC is loaded from the

packet of data sent from a single packet of data sent from Multiple
location. locations.

Dos attack is slower as compared DDoS attack is faster than Dos

to DDoS. Attack.

Can be blocked easily as only one It is difficult to block this attack as

system is used. multiple devices are sending
packets and attacking from
multiple locations.

63 Edu Desire
In DOS Attack only a single device In DDoS attacks,The volumeBots
is used with DOS Attack tools. are used to attack at the same
time.

DOS Attacks are Easy to trace. DDOS Attacks are Difficult to

trace.

Volume of traffic in the Dos attack DDoS attacks allow the attacker to
is less as compared to DDos. send massive volumes of traffic to
the victim network.

Types of DOS Attacks are: Types of DDOS Attacks are:

1. Buffer overflow attacks 1. Volumetric Attacks
2. Ping of Death or ICMP flood 2. Fragmentation Attacks

e
3. Teardrop Attack 3. Application Layer Attacks
4. Flooding Attack 4. Protocol Attack.

What Is SQL Injection?

ir
es
● SQL Injection is a code-based vulnerability that allows an attacker
to read and access sensitive data from the database.
● Attackers can bypass security measures of applications and use
D
SQL queries to modify, add, update, or delete records in a database.
● A successful SQL injection attack can badly affect websites or web
applications using relational databases such as MySQL, Oracle, or
SQL Server.
u
Ed

Types of SQL Injection

1. In-band SQLi: The attackers use the same communication channel to
launch their attacks and collect results. The two common types of
in-band SQL injections are:
● Error-based SQL injection: Here, the attacker performs certain
actions that cause the database to generate error messages. Using
the error message, you can identify what database it utilises, the
version of the server where the handlers are located, etc.
● Union-based SQL injection: Here, the UNION SQL operator is used
in combining the results of two or more select statements
generated by the database, to get a single HTTP response. You can
craft your queries within the URL or combine multiple statements
within the input fields and try to generate a response.

64 Edu Desire
2. Blind SQLi: Here, it does not transfer the data via the web application.
The attacker can not see the result of an attack in-band.
● Boolean-based SQL Injection: Here, the attacker will send an SQL
query to the database asking the application to return a different
result depending on whether the query returns True or False.
● Time-based SQL Injection: In this attack, the attacker sends an
SQL query to the database, which makes the database wait for a
particular amount of time before sharing the result. The response
time helps the attacker to decide whether a query is True or False.

3. Out-of-bound SQL Injection: Out-of-bound is not so popular, as it

e
depends on the features that are enabled on the database server being
used by the web applications. It can be like a misconfiguration error by

ir
the database administrator.

Methods used to prevent SQL Injection are:

es
● Password hashing
● Third-party authentication
● Web application firewall
D
● Purchase better software
● Always update and use patches
● Continuously monitor SQL statements and database
u
Ed

Impact:
1. Unauthorised Data Access: Attackers can gain access to sensitive data
stored in the database, such as usernames, passwords, or financial
information.

2. Data Manipulation: Malicious users can modify or delete data within

the database, leading to data integrity issues.

3. Server Compromise: In severe cases, successful SQL injection attacks

can lead to the compromise of the entire server hosting the database.

65 Edu Desire
What is Buffer Overflow
Buffers are memory storage regions that temporarily hold data while it is
being transferred from one location to another. A buffer overflow (or
buffer overrun) occurs when the volume of data exceeds the storage
capacity of the memory buffer. As a result, the program attempting to
write the data to the buffer overwrites adjacent memory locations.

e
ir
For example, a buffer for log-in credentials may be designed to expect
username and password inputs of 8 bytes, so if a transaction involves an
es
input of 10 bytes (that is, 2 bytes more than expected), the program may
write the excess data past the buffer boundary.
D
Buffer Overflow Attacks:
A buffer overflow attack is a type of cybersecurity threat that occurs
when a program or application tries to store more data in a buffer
u

(temporary storage) than it can actually hold. This excess data can
overflow into adjacent memory locations, potentially overwriting
Ed

important information or causing the program to crash. In some cases,

attackers can exploit this vulnerability to execute malicious code and
gain unauthorised access to a system or application.

Types of Buffer Overflow Attacks

● Stack-based buffer overflows are more common, and leverage
stack memory that only exists during the execution time of a
function.
● Heap-based attacks are harder to carry out and involve flooding
the memory space allocated for a program beyond memory used
for current runtime operations.

66 Edu Desire
What Programming Languages are More Vulnerable?
● C and C++ are two languages that are highly susceptible to buffer
overflow attacks, as they don’t have built-in safeguards against
overwriting or accessing data in their memory. Mac OSX, Windows,
and Linux all use code written in C and C++.
● Languages such as PERL, Java, JavaScript, and C# use built-in
safety mechanisms that minimise the likelihood of buffer overflow.

What are Wireless Network Attacks?

Wireless network attacks are deliberate and malicious actions aimed at

e
exploiting vulnerabilities in wireless communication systems to gain
unauthorised access, intercept sensitive data, disrupt network

ir
operations, or compromise the security of devices and users connected
to the network. These attacks target weaknesses in the protocols,
configurations, or encryption mechanisms of wireless networks, taking
es
advantage of their inherent nature of broadcasting signals over the
airwaves.
D
Types of Wireless Network Attacks: Here are some of the common
types of wireless network attacks:
● Wireless Eavesdropping (Passive Attacks): Attackers use tools
u

like packet sniffers to intercept and monitor wireless

communications between devices. By capturing data packets
Ed

transmitted over the air, they can potentially obtain sensitive

information, such as login credentials, financial data, or personal
information.
● Wireless Spoofing (Man-in-the-Middle Attacks): In these attacks,
the attacker positions themselves between the wireless client and
the legitimate access point, intercepting and manipulating data
transmissions. The attacker may then relay the information back
and forth, making it appear as if they are the legitimate access
point. This enables them to snoop on data or perform other
malicious actions unnoticed.
● Wireless Jamming (Denial-of-Service Attacks): Attackers flood
the wireless frequency spectrum with interference signals,

67 Edu Desire
disrupting legitimate communications between devices and access
points. By creating excessive noise, they can render the wireless
network unusable for legitimate users.
● Rogue Access Points: Attackers set up unauthorised access points,
mimicking legitimate ones, to deceive users into connecting to
them. Once connected, the attacker can eavesdrop, capture data, or
launch further attacks on the unsuspecting users.
● Brute-Force Attacks: Attackers try various combinations of
passwords or encryption keys in rapid succession until they find
the correct one to gain unauthorised access to the wireless
network.

e
● WEP/WPA Cracking: Attackers exploit vulnerabilities in older
wireless security protocols like Wired Equivalent Privacy (WEP)

ir
and Wi-Fi Protected Access (WPA) to gain unauthorised access to
encrypted wireless networks.
es
● Evil Twin Attacks: Attackers create fake access points with names
similar to legitimate ones, tricking users into connecting to the
malicious network. Once connected, the attacker can intercept
sensitive data or execute further attacks.
D
● Deauthentication/Disassociation Attacks: Attackers send forged
deauthentication or disassociation frames to wireless devices,
forcing them to disconnect from the network, leading to service
u

disruptions or potential vulnerabilities when devices automatically

reconnect.
Ed

Preventing Wireless Network Attacks: Follow these essential tips to

fortify your wireless network against attacks:
● Update your computer often: Regularly update your operating
system and applications to ensure you have the latest security
patches and fixes.
● Use MAC filtering: Enable MAC filtering on your wireless router to
control access to your network. By specifying which devices are
allowed to connect based on their unique MAC addresses, you can
prevent unauthorised access and enhance your network’s security.
● Disable SSID broadcasting: Turn off SSID broadcasting to make
your wireless network invisible to casual observers. This prevents

68 Edu Desire
your network from being easily discoverable and adds an extra
layer of obscurity for potential attackers.
● Use WPA2 encryption: Utilise WPA2 encryption, the latest and
most secure protocol, to safeguard your data as it travels between
devices and access points. Encryption ensures that even if
intercepted, your data remains unintelligible to unauthorised
entities.
● Disable file sharing: Turn off file sharing on your network to
prevent unauthorised users from accessing your sensitive files. If
file sharing is necessary, ensure you set up secure passwords to
limit access to approved users only.

e
ir
What is Identity Theft?
● Identity Theft also called Identity Fraud is a crime that is being
es
committed by a huge number nowadays.
● Identity theft happens when someone steals your personal
information to commit fraud.
● This theft is committed in many ways by gathering personal
D
information such as transactional information of another person to
make transactions.
u

Types of Identity Thefts: There are various amount of threats but some
common ones are :
Ed

● Criminal Identity Theft: This is a type of theft in which the victim

is charged guilty and has to bear the loss when the criminal or the
thief backs up his position with the false documents of the victim
such as ID or other verification documents and his bluff is
successful.
● Senior Identity Theft: Seniors with age over 60 are often targets of
identity thieves. They are sent information that looks to be actual
and then their personal information is gathered for such use.
Seniors must be aware of not being the victim.
● Driver’s licence ID Identity Theft: Driver’s licence identity theft is
the most common form of ID theft. All the information on one’s
driver’s licence provides the name, address, and date of birth, as

69 Edu Desire
well as a State driver’s identity number. The thieves use this
information to apply for loans or credit cards or try to open bank
accounts to obtain checking accounts or buy cars, houses, vehicles,
electronic equipment, jewellery, anything valuable and all are
charged to the owner’s name.
● Medical Identity Theft: In this theft, the victim’s health-related
information is gathered and then a fraud medical service need is
created with fraud bills, which then results in the victim’s account
for such services.
● Tax Identity Theft: In this type of attack the attacker is interested
in knowing your Employer Identification Number to appeal to get a
tax refund. This is noticeable when you attempt to file your tax

e
return or the Income Tax return department sends you a notice for
this.

ir
● Social Security Identity Theft: In this type of attack the thief
intends to know your Social Security Number (SSN). With this
es
number, they are also aware of all your personal information which
is the biggest threat to an individual.
● Financial Identity Theft: This type of attack is the most common
type of attack. In this, the stolen credentials are used to attain a
D
financial benefit. The victim is identified only when he checks his
balances carefully as this is practised in a very slow manner.
u

Techniques of Identity Thefts: Some common identity theft techniques

are:
Ed

● Pretext Calling: Thieves pretending to be an employee of a

company over phone asking for financial information are an
example of this theft. Pretending as legitimate employees they ask
for personal data with some buttery returns.
● Mail Theft: This is a technique in which credit card information
with transactional data is extracted from the public mailbox.
● Phishing: This is a technique in which emails pertaining to be from
banks are sent to a victim with malware in it. When the victim
responds to mail their information is mapped by the thieves.
● Internet: Internet is widely used by the world as attackers are
aware of many techniques of making users get connected with

70 Edu Desire
public networks over the Internet which is controlled by them and
they add spyware with downloads.
● Card Verification Value (CVV) Code Requests: The Card
Verification Value number is located at the back of your debit cards.
This number is used to enhance transaction security but several
attackers ask for this number while pretending as a bank official.

Steps Of Prevention From Identity Theft: Following are some methods

by which you can enhance your security for identity thefts :
● Use Strong Passwords and do not share your PIN with anyone on or
off the phone.

e
● Use two-factor notification for emails.
● Secure all your devices with a password.

ir
● Don’t install random software from the internet.
● Don’t post sensitive information over social media.
● While entering passwords at payment gateway ensure its
authenticity.
es
● Keep a practice of changing your PIN and password regularly.
● Do not disclose your information over the phone.
D
● While travelling do not disclose personal information with
strangers.
● Never share your Aadhaar/PAN number (In India) with anyone
whom you do not know/trust.
u

● Please never share an Aadhaar OTP received on your phone with

someone over a call.
Ed

● Do not fill personal data on the website that claims to offer benefits
in return.
● Last, be a keeper of personal knowledge.

71 Edu Desire
Unit-4
UNDERSTANDING COMPUTER FORENSICS

Computer Forensics: It is a scientific method of investigation and

analysis in order to gather evidence from digital devices or computer
networks and components which is suitable for presentation in a court of
law or legal body. It involves performing a structured investigation while
maintaining a documented chain of evidence to find out exactly what
happened on a computer and who was responsible for it.

Types of Computer Forensics:

e
1. Disk Forensics: It deals with extracting raw data from the primary

ir
or secondary storage of the device by searching active, modified, or
deleted files.
2. Network Forensics: It is a sub-branch of Computer Forensics that
es
involves monitoring and analysing the computer network traffic.
3. Database Forensics: It deals with the study and examination of
databases and their related metadata.
D
4. Malware Forensics: It deals with the identification of suspicious
code and studying viruses, worms, etc.
5. Email Forensics: It deals with emails and their recovery and
u

analysis, including deleted emails, calendars, and contacts.

6. Memory Forensics: Deals with collecting data from system
Ed

memory (system registers, cache, RAM) in raw form and then

analysing it for further investigation.
7. Mobile Phone Forensics: It mainly deals with the examination and
analysis of phones and smartphones and helps to retrieve contacts,
call logs, incoming, and outgoing SMS, etc., and other data present
in it.

Characteristics:
1. Identification: Identifying what evidence is present, where it is
stored, and how it is stored (in which format). Electronic devices
can be personal computers, Mobile phones, PDAs, etc.

72 Edu Desire
2. Preservation: Data is isolated, secured, and preserved. It includes
prohibiting unauthorised personnel from using the digital device
so that digital evidence, mistakenly or purposely, is not tampered
with and making a copy of the original evidence.
3. Analysis: Forensic lab personnel reconstruct fragments of data and
draw conclusions based on evidence.
4. Documentation: A record of all the visible data is created. It helps
in recreating and reviewing the crime scene. All the findings from
the investigations are documented.
5. Presentation: All the documented findings are produced in a court
of law for further investigations.

e
Application:

ir
● Intellectual Property theft
● Industrial espionage
es
● Employment disputes
● Fraud investigations
● Misuse of the Internet and email in the workplace
D
● Forgeries related matters
● Bankruptcy investigations
● Issues concerned the regulatory compliance
u

Advantages of Computer Forensics :

Ed

● To produce evidence in the court, which can lead to the

punishment of the culprit.
● It helps the companies gather important information on their
computer systems or networks potentially being compromised.
● Efficiently tracks down cyber criminals from anywhere in the
world.
● Helps to protect the organisation’s money and valuable time.
● Allows to extract, process, and interpret the factual evidence, so
it proves the cybercriminal action’s in the court.

73 Edu Desire
Disadvantages of Computer Forensics :
● Before the digital evidence is accepted into court it must be
proved that it is not tampered with.
● Producing and keeping electronic records safe is expensive.
● Legal practitioners must have extensive computer knowledge.
● Need to produce authentic and convincing evidence.
● If the tool used for digital forensics is not according to specified
standards, then in a court of law, the evidence can be
disapproved by justice.
● A lack of technical knowledge by the investigating officer might
not offer the desired result.

e
ir
Digital Forensic Science:
● Digital Forensics is a branch of forensic science which includes the
identification, collection, analysis and reporting of any valuable
es
digital information in the digital devices related to computer
crimes, as a part of the investigation.
● In simple words, Digital Forensics is the process of identifying,
D
preserving, analysing and presenting digital evidence.
● The first computer crimes were recognized in the 1978 Florida
computers act and after this, the field of digital forensics grew
u

pretty fast in the late 1980-90’s.

● It includes the area of analysis like storage media, hardware,
Ed

operating system, network and applications.

It consists of 5 steps at high level:

1. Identification of evidence: It includes

identifying evidence related to the digital crime
in storage media, hardware, operating system,
network and/or applications. It is the most
important and basic step.
2. Collection: It includes preserving the digital
evidence identified in the first step so that they

74 Edu Desire
don't degrade to vanish with time. Preserving the digital evidence
is very important and crucial.
3. Analysis: It includes analysing the collected digital evidence of the
committed computer crime in order to trace the criminal and
possible path used to breach into the system.
4. Documentation: It includes the proper documentation of the
whole digital investigation, digital evidence, loopholes of the
attacked system etc. so that the case can be studied and analysed
in future also and can be presented in the court in a proper format.
5. Presentation: It includes the presentation of all the digital
evidence and documentation in the court in order to prove the

e
digital crime committed and identify the criminal.

ir
Branches of Digital Forensics:
● Media forensics: It is the branch of digital forensics which
es
includes identification, collection, analysis and presentation of
audio, video and image evidence during the investigation process.
● Cyber forensics: It is the branch of digital forensics which
includes identification, collection, analysis and presentation of
D
digital evidence during the investigation of a cyber crime.
● Mobile forensics: It is the branch of digital forensics which
includes identification, collection, analysis and presentation of
u

digital evidence during the investigation of a crime committed

through a mobile device like mobile phones, GPS device, tablet,
Ed

laptop.
● Software forensics: It is the branch of digital forensics which
includes identification, collection, analysis and presentation of
digital evidence during the investigation of a crime related to
softwares only.

The Need for Computer Forensics:

1. Rising Cyber Crime Rates: With the increasing prevalence of
cybercrimes, including hacking, data breaches, and online fraud,
there is a growing need for computer forensics to investigate and
respond to digital incidents.

75 Edu Desire
2. Digital Evidence in Legal Proceedings: As digital evidence
becomes integral to legal proceedings, computer forensics plays a
crucial role in collecting, analysing, and presenting this evidence in
a forensically sound and legally admissible manner.

3. Protection of Sensitive Information: Organizations and

individuals need computer forensics to safeguard sensitive
information from unauthorised access, ensuring the confidentiality
and integrity of digital data.

e
4. Corporate Security: In the corporate world, computer forensics is
essential for responding to incidents such as data breaches, insider

ir
threats, and intellectual property theft, helping organisations
maintain a secure digital environment.
es
5. Incident Response and Mitigation: Computer forensics aids in
incident response by providing methodologies and tools to quickly
identify and mitigate cybersecurity incidents, minimising potential
D
damage.

6. Legal Compliance: Compliance with legal standards and

u

regulations requires organisations to conduct thorough

investigations using computer forensics when dealing with digital
Ed

incidents or potential data breaches.

7. Recovery of Lost or Deleted Data: Computer forensics helps in the

recovery of lost or deleted data, which can be critical in both
criminal investigations and corporate settings.

8. Prevention and Deterrence: The knowledge that computer

forensics can uncover and trace digital activities serves as a
deterrent, discouraging potential cybercriminals and contributing
to overall cybersecurity awareness.

76 Edu Desire
9. Employee Misconduct Investigations: In cases of employee
misconduct or policy violations, computer forensics assists
organisations in investigating and documenting digital evidence
related to such incidents.

10.Identification of Security Weaknesses: Computer forensics helps

identify security weaknesses and vulnerabilities in digital systems,
enabling organisations to implement effective security measures
and protocols.

11.International Collaboration: With the global nature of cyber

e
crimes, computer forensics facilitates international collaboration
among law enforcement agencies and cybersecurity professionals

ir
to combat digital threats.
es
12.Criminal Investigations: In criminal investigations, computer
forensics is indispensable for examining electronic evidence,
reconstructing digital timelines, and identifying individuals
involved in cybercrimes.
D
13.Support for Law Enforcement: Law enforcement agencies rely on
computer forensics to gather evidence in cybercrime cases, track
u

digital footprints, and prosecute individuals engaged in illegal

online activities.
Ed

14.Continuous Technological Advancements: The ever-evolving

landscape of technology and cyber threats necessitates ongoing
advancements in computer forensics tools and techniques to stay
ahead of sophisticated cybercriminal tactics.

Cyber Forensics: Cyber forensics is a process of extracting data as proof

for a crime (that involves electronic devices) while following proper
investigation rules to nab the culprit by presenting the evidence to the
court. Cyber forensics is also known as computer forensics. The main
aim of cyber forensics is to maintain the thread of evidence and

77 Edu Desire
documentation to find out who did the crime digitally. Cyber forensics
can do the following:
● It can recover deleted files, chat logs, emails, etc
● It can also get deleted SMS, Phone calls.
● It can get recorded audio of phone conversations.
● It can determine which user used which system and for how
much time.
● It can identify which user ran which program.

What is Digital Evidence?

● The term “ Digital Evidence” means the information that is

e
transmitted and stored in binary form that can be found in hard

ir
disks, mobile phones etc.
● It can be used for prosecution of various crimes but it is generally
associated with E-Crimes.
es
● Digital evidence is described as information and data kept on,
received from, or transferred by an electronic device that is useful
to an investigation.
D
● When electronic devices are taken into custody and secured for
inspection, this evidence can be obtained.
Digital proof −
1. Similar to fingerprints or DNA evidence, it is latent (hidden).
u

2. Swift and simple jurisdictional border crossing.

3. Can be easily changed, damaged, or destroyed.
Ed

4. Potentially time-sensitive.

Process involved in Digital Evidence Collection: The main processes

involved in digital evidence collection are given below:

● Data collection: In this process data is identified and collected for

investigation.
● Examination: In the second step the collected data is examined
carefully.

78 Edu Desire
● Analysis: In this process, different tools and techniques are used
and the collected evidence is analysed to reach some conclusion.
● Reporting: In this final step all the documentation, reports are
compiled so that they can be submitted in court.

e
ir
Forensic Analysis of E-Mail:
● Email forensics involves the systematic examination and analysis
es
of email data to gather evidence for investigative or legal purposes.
● It plays a crucial role in cybercrime investigations, corporate
incidents, and legal proceedings.
D
1. Collection of Email Evidence:
● Metadata Extraction: Collect metadata, including sender and
u

recipient details, timestamps, and email server information.

● Email Headers: Examine email headers for routing information and
Ed

details about the email's journey.

● Attachments and Content: Extract and analyse email attachments
and content for potential evidence.

2. Preservation of Email Evidence:

● Original Email Preservation: Preserve original email content,
headers, and metadata to maintain authenticity.
● Chain of Custody: Document and maintain a secure chain of
custody to track the handling of email evidence.

79 Edu Desire
3. Email Analysis Techniques:
● Keyword Search: Conduct keyword searches to identify relevant
information within email content.
● Link Analysis: Analyse relationships between email senders,
recipients, and other entities to uncover patterns or connections.
● Timeline Reconstruction: Reconstruct timelines of email
exchanges to understand the sequence of events.
● Content Analysis: Analyse the content of emails for contextual
clues, threats, or indications of malicious activity.

4. Authentication and Verification:

e
● Email Source Verification: Verify the authenticity of emails by

ir
examining the source, SPF/DKIM signatures, and sender
information.
● Sender Authentication: Validate the identity of the sender
es
through forensic analysis to prevent email spoofing.

5. Investigation of Email Attachments:

D
● Malware Analysis: Conduct analysis on email attachments to
identify and characterise potential malware.
● File Metadata Examination: Examine metadata of attached files
u

for additional insights into their origin and history.

Ed

6. Email Header Examination:

● IP Address Analysis: Analyse IP addresses in email headers to trace
the geographic location or identify potential malicious activities.
● Email Routing Analysis: Examine email routing paths to
understand the journey of the email through different servers.

7. Recovering Deleted Emails: Employ forensic techniques to recover

deleted emails, including examining email server logs and backup
systems.

8. Legal Admissibility: Ensure that the methods used in email forensics

adhere to legal standards, making the evidence admissible in court.

80 Edu Desire
9. Reporting: Generate comprehensive reports documenting the findings
of the email forensics analysis, including key evidence, methodologies
used, and conclusions drawn.

Digital Forensics Life Cycle:

● The digital forensics life cycle consists of a series of systematic
steps and processes aimed at identifying, collecting, analysing, and
preserving digital evidence in a forensically sound manner.
● This life cycle is followed in the investigation of cybercrimes,

e
incidents, or any digital-related legal matters.

ir
Here are the key stages of the digital forensics life cycle:
es
1. Identification of evidence: It includes identifying evidence
related to the digital crime in storage media, hardware, operating
system, network and/or applications. It is the most important and
D
basic step.
2. Collection: It includes preserving the digital evidence identified in
the first step so that they don't degrade to vanish with time.
u

Preserving the digital evidence is very important and crucial.

3. Analysis: It includes analysing the collected digital evidence of the
Ed

committed computer crime in order to trace the criminal and

possible path used to breach into the system.
4. Documentation: It includes the proper documentation of the
whole digital investigation, digital evidence, loopholes of the
attacked system etc. so that the case can be studied and analysed
in future also and can be presented in the court in a proper format.
5. Presentation: It includes the presentation of all the digital
evidence and documentation in the court in order to prove the
digital crime committed and identify the criminal.

81 Edu Desire
Chain of Custody Concept in Digital Forensics:
The chain of custody in digital cyber forensics is also known as the paper
trail or forensic link, chronological documentation of the evidence.
● Chain of custody indicates the collection, sequence of control,
transfer and analysis.
● It also documents details of each person who handled the
evidence, date and time it was collected or transferred, and the
purpose of the transfer.
● It demonstrates trust to the courts and to the client that the
evidence has not been tampered.

e
Chain of Custody Process:

ir
In order to preserve digital evidence, the chain of custody should span
from the first step of data collection to examination, analysis, reporting,
and the time of presentation to the Courts. This is very important to
es
avoid the possibility of any suggestion that the evidence has been
compromised in any way.
D
u
Ed

● Data Collection: This is where the chain of custody process is

initiated. It involves identification, labelling, recording, and the
acquisition of data from all the possible relevant sources that
preserve the integrity of the data and evidence collected.
● Examination: During this process, the chain of custody
information is documented outlining the forensic process
undertaken. It is important to capture screenshots throughout the
process to show the tasks that are completed and the evidence
uncovered.

82 Edu Desire
● Analysis: This stage is the result of the examination stage. In the
Analysis stage, legally justifiable methods and techniques are used
to derive useful information to address questions posed in the
particular case.
● Reporting: This is the documentation phase of the Examination
and Analysis stage. Reporting includes the following:
a. Statement regarding Chain of Custody.
b. Explanation of the various tools used.
c. A description of the analysis of various data sources.
d. Issues identified.
e. Vulnerabilities identified.

e
f. Recommendation for additional forensics measures that can

ir
be taken.

Network Forensics:
es
● Network forensics is a subcategory of digital forensics that
essentially deals with the examination of the network and its traffic
D
going across a network that is suspected to be involved in
malicious activities, and its investigation for example a network
that is spreading malware for stealing credentials or for the
u

purpose analysing the cyber-attacks.

● As the internet grew cybercrimes also grew along with it and so did
Ed

the significance of network forensics, with the development and

acceptance of network-based services such as the World Wide Web,
e-mails, and others.
● With the help of network forensics, the entire data can be retrieved
including messages, file transfers, e-mails, and web browsing
history, and reconstructed to expose the original transaction.
● It is also possible that the payload in the uppermost layer packet
might wind up on the disc, but the envelopes used for delivering it
are only captured in network traffic.

83 Edu Desire
Processes Involved in Network Forensics:
● Identification: In this process, investigators identify and evaluate
the incident based on the network pointers.
● Safeguarding: In this process, the investigators preserve and
secure the data so that the tempering can be prevented.
● Accumulation: In this step, a detailed report of the crime scene is
documented and all the collected digital shreds of evidence are
duplicated.
● Observation: In this process, all the visible data is tracked along
with the metadata.
● Investigation: In this process, a final conclusion is drawn from the

e
collected shreds of evidence.
● Documentation: In this process, all the shreds of evidence,

ir
reports, conclusions are documented and presented in court.
es
Challenges in Network Forensics:
● The biggest challenge is to manage the data generated during
the process.
D
● Intrinsic anonymity of the IP.
● Address Spoofing.
u
Ed

Advantages:
● Network forensics helps in identifying security threats and
vulnerabilities.
● It analyses and monitors network performance demands.

84 Edu Desire
● Network forensics helps in reducing downtime.
● Network resources can be used in a better way by reporting and
better planning.
● It helps in a detailed network search for any trace of evidence
left on the network.

Disadvantage:
● The only disadvantage of network forensics is that It is difficult
to implement.

e
Approaching a computer forensics investigation: The phases in a

ir
computer forensics investigation are:
● Secure the subject system
● Take a copy of hard drive/disk
es
● Identify and recover all files
● Access/view/copy hidden, protected, and temp files
D
● Study special areas on the drive
● Investigate the settings and any data from programs on the system
● Consider the system from various perspectives
● Create detailed report containing an assessment of the data and
u

information collected
Ed

Things to be avoided during forensics investigation:

● Changing date/timestamps of the files
● Overwriting unallocated space

Things that should not be avoided during forensics investigation:

● Engagement contract
● Non-Disclosure Agreement (NDA)

85 Edu Desire
Elements addressed before drawing up a forensics investigation
engagement contract:
● Authorization
● Confidentiality
● Payment
● Consent and acknowledgement
● Limitation of liability

General steps in solving a computer forensics case are:

● Prepare for the forensic examination

e
● Talk to key people about the case and what you are looking for
● Start assembling tools to collect the data and identify the target

ir
media
● Collect the data from the target media
es
● Use a write blocking tool while performing imaging of the disk
● Check emails records too while collecting evidence
● Examine the collected evidence on the image that is created
D
● Analyse the evidence
● Report your finding to your client
u

The Security/Privacy Threats:

Ed

● Security and privacy threats in the digital landscape are diverse

and evolving.
● Understanding these threats is crucial for individuals,
organisations, and policymakers to implement effective measures
for protection.
Here are some key security and privacy threats:
1. Malware: Malicious software designed to harm or exploit computer
systems.
● Threat Impact: Data theft, system damage, unauthorised access,
and financial losses.
● Examples: Viruses, Trojans, ransomware, spyware.

86 Edu Desire
2. Phishing: Deceptive attempts to obtain sensitive information, often
through fraudulent emails or websites.
● Threat Impact: Identity theft, unauthorised access to accounts,
financial fraud.
● Examples: Email phishing, spear phishing, vishing (voice phishing).

3. Data Breaches: Unauthorised access to and exposure of sensitive data.

● Threat Impact: Compromised personal information, financial
losses, reputational damage.
● Examples: Hacking incidents, insider threats, accidental data leaks.

e
ir
4. Social Engineering: Manipulating individuals to divulge confidential
information or perform actions.
● Threat Impact: Unauthorised access, data breaches, identity theft.
es
● Examples: Impersonation, pretexting, baiting.
D
5. IoT Vulnerabilities: Security weaknesses in Internet of Things (IoT)
devices.
● Threat Impact: Unauthorised access, device manipulation, data
exposure.
u

● Examples: Insecure smart devices, lack of encryption in IoT

communication.
Ed

6. Insider Threats: Threats originating from individuals within an

organisation with access to sensitive information.
● Threat Impact: Data breaches, intellectual property theft, sabotage.
● Examples: Malicious employees, negligent behaviour, unintentional
mistakes.

7. Ransomware: Malware that encrypts data, demanding payment for its

release.
● Threat Impact: Data loss, financial losses, operational disruptions.
● Examples: WannaCry, NotPetya, Ryuk.

87 Edu Desire
8. Identity Theft: Unauthorised use of someone's personal information
for fraudulent purposes.
● Threat Impact: Financial fraud, damage to personal reputation.
● Examples: Stolen credentials, synthetic identity theft.

9. Artificial Intelligence (AI) Threats: Misuse of AI for malicious

purposes or exploitation of AI vulnerabilities.
● Threat Impact: Deepfake creation, AI-powered cyberattacks.
● Examples: AI-driven phishing, adversarial attacks on machine
learning models.

e
ir
10. Eavesdropping: Unauthorised interception of communications.
● Threat Impact: Privacy invasion, data leakage, industrial espionage.
● Examples: Wiretapping, packet sniffing.
es
11. Cloud Security Concerns: Risks associated with storing and
D
accessing data in cloud environments.
● Threat Impact: Data breaches, unauthorised access.
● Examples: Insecure APIs, misconfigured cloud settings.
u

12. Lack of Encryption: Failure to secure data with encryption, making it

Ed

vulnerable to unauthorised access.

● Threat Impact: Data exposure, privacy violations.
● Examples: Unencrypted communication channels, unsecured
storage.

13. Data Mining and Profiling: Unauthorised collection and analysis of

personal data for profiling purposes.
● Threat Impact: Invasion of privacy, targeted advertising.
● Examples: Unethical data harvesting, profiling without consent.

88 Edu Desire
14. Legislative and Regulatory Compliance: Failure to comply with data
protection and privacy regulations.
● Threat Impact: Legal consequences, fines, reputational damage.
● Examples: GDPR violations, non-compliance with local privacy
laws.

Challenges in Digital Forensics

1. Data Encryption: Encryption can make it difficult to access the
data on a device or network, making it harder for forensic
investigators to collect evidence. This can require specialised
decryption tools and techniques.

e
2. Data Destruction: Criminals may attempt to destroy digital
evidence by wiping or destroying devices. This can require

ir
specialised data recovery techniques.
3. Data Storage: The sheer amount of data that can be stored on
modern digital devices can make it difficult for forensic
es
investigators to locate relevant information. This can require
specialised data carving techniques to extract relevant
information.
D
u
Ed

89 Edu Desire
Unit-5
INTRODUCTION TO SECURITY POLICIES AND CYBER LAWS

In the digital world, security policies are like rulebooks that

organisations follow to keep information safe. On the legal side, cyber
laws are the rules that everyone, from individuals to big companies, must
follow online. Think of security policies as your personal safety
guidelines, and cyber laws as the rules that help keep the internet a
secure place for everyone. Understanding these rules is essential in
today's digital age for protecting information, ensuring legal compliance,
and making the online world a safer space.

e
ir
Why Does Your Organization Need an Information Security Policy?
Information security policies play a critical role in an organisation's
overall security posture. They serve as a foundation for establishing a
es
secure environment and mitigating potential risks. The value of
information security policies can be outlined as follows:
● Risk management: Information security policies provide a
D
systematic approach to identifying, assessing, and managing risks
associated with information assets. By addressing vulnerabilities
and implementing appropriate controls, organisations can
minimise the potential damage caused by security incidents.
u

● Security culture and awareness: Information security policies

promote a culture of security awareness within an organisation. By
Ed

providing training and resources, organisations can educate

employees on security best practices and encourage them to play
an active role in protecting information assets.
● Trust and reputation: By implementing and maintaining a robust
information security policy, organisations can demonstrate their
commitment to protecting customer, employee, and partner data.
This fosters trust and confidence, which is crucial for maintaining a
positive reputation and building strong business relationships.
● Competitive advantage: As data breaches and cyberattacks
become more common, organisations with effective information
security policies can differentiate themselves from competitors.
Demonstrating strong security practices can provide a competitive

90 Edu Desire
advantage, particularly when dealing with clients or partners who
prioritise data protection.
● Cost savings: By proactively addressing security risks,
organisations can reduce the financial impact of security incidents,
including costs associated with data breaches, system downtime,
and regulatory fines.
● Continuous improvement: Information security policies include
processes for regular monitoring, auditing, and reviewing security
practices. This allows organisations to identify areas for
improvement, adapt to evolving threats, and ensure that their
security measures remain effective over time.

e
Introduction to Indian Cyber Law:

ir
Cyber Law also called IT Law is the law regarding
Information-technology including computers and the internet. It is
es
related to legal informatics and supervises the digital circulation of
information, software, information security, and e-commerce.
D
Importance of Cyber Law:
1. It covers all transactions over the internet.
2. It keeps an eye on all activities over the internet.
u

3. It touches every action and every reaction in cyberspace.

Ed

Area of Cyber Law: Cyber laws contain different types of purposes.

Some laws create rules for how individuals and companies may use
computers and the internet while some laws protect people from
becoming the victims of crime through unscrupulous activities on the
internet.
The major areas of cyber law include:
1. Fraud:
Consumers depend on cyber laws to protect them from online
fraud. Laws are made to prevent identity theft, credit card theft,
and other financial crimes that happen online. A person who
commits identity theft may face confederate or state criminal
charges. They might also encounter a civil action brought by a

91 Edu Desire
victim. Cyber lawyers work to both defend and prosecute against
allegations of fraud using the internet.

2. Copyright:
The internet has made copyright violations easier. In the early days
of online communication, copyright violations were too easy. Both
companies and individuals need lawyers to bring an action to
impose copyright protections. Copyright violation is an area of
cyber law that protects the rights of individuals and companies to
profit from their creative works.

3. Defamation:

e
Several personnel use the internet to speak their mind. When

ir
people use the internet to say things that are not true, it can cross
the line into defamation. Defamation laws are civil laws that save
individuals from fake public statements that can harm a business
es
or someone’s reputation. When people use the internet to make
statements that violate civil laws, that is called Defamation law.
D
4. Harassment and Stalking:
Sometimes online statements can violate criminal laws that forbid
harassment and stalking. When a person makes threatening
statements again and again about someone else online, there is a
u

violation of both civil and criminal laws. Cyber lawyers both

prosecute and defend people when stalking occurs using the
Ed

internet and other forms of electronic communication.

5. Freedom of Speech:
Freedom of speech is an important area of cyber law. Even though
cyber laws forbid certain behaviours online, freedom of speech
laws also allows people to speak their minds. Cyber lawyers must
advise their clients on the limits of free speech including laws that
prohibit obscenity. Cyber lawyers may also defend their clients
when there is a debate about whether their actions consist of
permissible free speech.

92 Edu Desire
6. Trade Secrets:
Companies doing business online often depend on cyber laws to
protect their trade secrets. For example, Google and other online
search engines spend lots of time developing the algorithms that
produce search results. They also spend a great deal of time
developing other features like maps, intelligent assistance, and
flight search services to name a few. Cyber laws help these
companies to take legal action as necessary to protect their trade
secrets.

7. Contracts and Employment Law:

Every time you click a button that says you agree to the terms and

e
conditions of using a website, you have used cyber law. There are

ir
terms and conditions for every website that are somehow related to
privacy concerns. es
Advantages of Cyber Law:
● Organisations are now able to carry out e-commerce using the legal
infrastructure provided by the Act.
D
● Digital signatures have been given legal validity and sanction in the
Act.
● It has opened the doors for the entry of corporate companies for
u

issuing Digital Signatures Certificates in the business of being

Certifying Authorities.
Ed

● It allows the Government to issue notifications on the web thus

heralding e-governance.
● It gives authority to the companies or organisations to file any
form, application, or any other document with any office,
authority, body, or agency owned or controlled by the suitable
Government in e-form using such e-form as may be prescribed by
the suitable Government.
● The IT Act also addresses the important issues of security, which
are so critical to the success of electronic transactions.
● Cyber Law provides both hardware and software security.

93 Edu Desire
Objective and Scope of the Digital Personal Data Protection Act 2023:
The Digital Personal Data Protection Bill, 2023, which was introduced in
Lok Sabha on August 3, 2023, by the Minister of Electronics & Information
Technology has been passed by the Parliament i.e., by Lok Sabha on
August 7, 2023, and unanimously by Rajya Sabha on August 9, 2023; and
has further received Presidential assent on August 11, 2023.

The act's objectives are to:

The objective of the Digital Personal Data Protection Act, 2023 is to
establish a comprehensive framework for the protection and processing
of personal data in India. The Act aims to balance the rights of

e
individuals to protect their personal data with the need to process such
data for lawful purposes. It seeks to provide a legal framework that

ir
ensures the protection of personal data while enabling the use of data for
legitimate purposes.
es
● Protect personal data
● Process data lawfully
● Recognize the need to process data for lawful purposes
D
● Increase data sovereignty

The act's scope includes:

u

The scope of the Act extends to the processing of personal data in India,
including both online and digitised offline data. It also applies to the
Ed

processing of personal data outside India if such processing is related to

offering goods or services to individuals in India. The Act covers various
aspects of data processing, including collection, storage, indexing,
sharing, use, disclosure, dissemination, and erasure of personal data.
● Online and offline data processing
● Cross-border data transfer
● Rights and duties for individuals and data fiduciaries
● Establishing the Data Protection Board of India

94 Edu Desire
Intellectual Property Issues: Intellectual property (IP) issues
encompass a wide range of legal concerns related to the protection of
creations of the mind, including inventions, literary and artistic works,
designs, symbols, names, and images used in commerce.

There are four main types of IP:

1. Patents: Patents protect inventions, which are new and useful
products or processes. A patent gives the owner the exclusive right
to make, use, and sell the invention for a period of 20 years.
2. Trademarks: Trademarks protect words, symbols, or designs that
identify and distinguish the source of goods or services. A

e
trademark gives the owner the exclusive right to use the mark on
their goods or services, and to prevent others from using a

ir
confusingly similar mark.
3. Copyrights: Copyrights protect original works of authorship, such
as books, music, movies, and software. A copyright gives the owner
es
the exclusive right to reproduce, distribute, perform, display, and
create derivative works from the copyrighted work.
4. Trade secrets: Trade secrets are confidential information that
D
gives a business a competitive advantage. A trade secret can be
anything from a customer list to a manufacturing process.
u

IP issues can arise in a variety of contexts, including:

1. Infringement: Infringement occurs when someone uses an IP
Ed

without the permission of the owner. Infringement can be direct

(e.g., copying a copyrighted work) or indirect (e.g., using a
trademark to confuse consumers).
2. Misappropriation: Misappropriation occurs when someone takes
advantage of an IP without the owner's permission, but does not
technically infringe the IP. For example, misappropriation can
occur when someone uses an IP to trade on the goodwill of the
owner.
3. Licensing: Licensing is an agreement between an IP owner and
another party that allows the other party to use the IP in exchange
for a fee. Licences can be exclusive or non-exclusive, and can be
limited to certain fields of use or geographic areas.

95 Edu Desire
4. Enforcement: Enforcement is the process of taking legal action to
protect an IP from infringement or misappropriation. Enforcement
can be a complex and expensive process, and there is no guarantee
that it will be successful.

Businesses can take steps to protect their IP by:

1. Identifying their IP: Businesses should identify all of their IP
assets, including patents, trademarks, copyrights, and trade
secrets.
2. Registering their IP: Businesses should register their trademarks
and copyrights with the appropriate government agencies. Patents

e
can also be registered, but registration is not required to obtain
patent protection.

ir
3. Keeping their IP confidential: Businesses should keep their trade
secrets confidential by taking steps to prevent unauthorised
disclosure.
es
4. Monitoring for infringement: Businesses should monitor the
market for unauthorised use of their IP.
5. Taking action against infringement: Businesses should take
D
action against infringement, such as sending cease-and-desist
letters or filing lawsuits.
u

Protecting IP is an important part of business success. By taking

steps to protect their IP, businesses can:
Ed

● Minimise the risk of infringement and misappropriation

● Maximise the value of their IP assets
● Gain a competitive advantage
● Protect their reputation
● Avoid costly lawsuits

IP Legislation in India: Imagine intellectual property (IP) as a special

kind of property, like a house or a car, but instead of being physical,
it's for creations of the mind. In India, we have laws to protect these
creations, just like we protect physical property.

96 Edu Desire
The main IP laws in India are like rulebooks for different types of
creations:
1. Patents Act, 1970: This rulebook protects new and useful
inventions, like a new type of medicine or a special machine.

2. Copyright Act, 1957: This rulebook protects original works of

creativity, like books, music, movies, or paintings.

3. Trade Marks Act, 1999: This rulebook protects special symbols

or words that businesses use to identify their products, like a
company logo or brand name.

e
4. Designs Act, 2000: This rulebook protects the unique

ir
appearance of products, like the shape of a bottle or the design
of a chair.
es
5. Geographical Indications of Goods (Registration and
Protection) Act, 1999: This rulebook protects special names or
symbols that identify products from a particular place, like
D
Darjeeling tea or Banarasi silk.

6. Semiconductor Integrated Circuit Layout-Designs Act, 2000:

u

This rulebook protects the specific arrangement of electronic

components on a computer chip.
Ed

IP Enforcement in India: Imagine a special court called the

Intellectual Property Appellate Board (IPAB) as the IP police. They
handle appeals from the Patent Office, Trade Marks Registry, and
Copyright Office, making sure IP rights are protected.

Regular courts also play a role in IP disputes, like the High Courts and
Supreme Court, granting injunctions and other remedies to protect IP
rights.

97 Edu Desire
IP Litigation Costs in India
Protecting IP rights can be costly, like hiring lawyers, experts, and
preparing for trials. Courts can also award significant damages for IP
infringement.

IP Protection for Foreign Investors

Foreign investors can enjoy the same IP protection as Indians.
However, they may face challenges due to language barriers or
cultural differences.

Seeking legal advice from an experienced IP attorney is crucial for

e
foreign investors to navigate IP protection in India.

Patent:

ir
es
● A patent is a legal right that gives the inventor the exclusive
right to make, use, sell, and import an invention for a limited
period of time.
D
● In exchange for this exclusive right, the inventor must disclose
the invention to the public in a detailed patent application.
u

There are three main types of patents:

● Utility patents: Utility patents protect inventions that are new,
Ed

useful, and non-obvious. This means that the invention must be

something that has not been invented before, that it must be
useful in some way, and that it must not be simply an obvious
variation of something that already exists.

● Design patents: Design patents protect the ornamental design

of manufactured products. This means that the patent protects
the way the product looks, but not its function.

● Plant patents: Plant patents protect new and distinct varieties

of plants.

98 Edu Desire
Patent Application Process: The process of obtaining a patent is as
follows:
1. Invent: The inventor must come up with an invention that is
new, useful, and non-obvious.

2. File a patent application: The inventor must file a patent

application with the appropriate government agency. The
application must include a detailed description of the invention,
drawings of the invention, and a claim that defines the
invention.

e
3. Examination: The patent application will be examined by a
patent examiner to see if it meets the requirements for a patent.

ir
4. Publication: If the patent application is allowed, it will be
published in the patent office's patent journal.
es
5. Grant: If no objections are raised to the patent application, the
patent will be granted.
D
Benefits of Patents: Patents have several benefits for inventors.
Protect the inventor's invention from being copied by others.
u

● Increase the value of the invention.

● Make it easier to attract investors.
Ed

● Help to establish the inventor as an expert in their field.

Copyright: Copyright is a legal right that gives the owner the

exclusive right to reproduce, distribute, perform, display, and create
derivative works from a work of authorship for a limited period of
time.

Copyright covers a wide range of works of authorship, including:

1. Literary works: This includes books, articles, poems, scripts,
musical compositions, and software.

99 Edu Desire
2. Musical works: This includes songs, operas, and instrumental
pieces.
3. Dramatic works: This includes plays, movies, and television
shows.
4. Artistic works: This includes paintings, sculptures,
photographs, and graphic designs.
5. Audiovisual works: This includes movies, television shows, and
video games.

Duration of Copyright Protection:

Copyright protection for works created after January 1, 1978,

e
generally lasts for the life of the author plus 70 years. For works
created by multiple authors, the copyright protection lasts for 70

ir
years after the death of the last surviving author.
es
There are two main types of copyright protection:
● Original works of authorship: These works are protected from
the moment of creation.
D
● Works made for hire: These works are created by an employee
within the scope of their employment and are owned by the
employer.
u

Copyright Registration
Copyright registration is not required to obtain copyright protection,
Ed

but it is highly recommended. Registration provides several benefits,

including:
● A presumption of validity: If a work is registered, the copyright
owner is presumed to be the owner of the copyright.

● A right to statutory damages: If a copyright is registered and

an infringer is found liable, the copyright owner may be able to
recover statutory damages, which are a set amount of money
that does not depend on the actual damages suffered by the
copyright owner.

100 Edu Desire

Trademarks:
A trademark is a legal right that gives the trademark owner the
exclusive right to use a word, symbol, or design to identify and
distinguish the source of goods or services. Trademarks are granted to
businesses in order to protect their brands from unauthorised use or
exploitation.

There are two main types of trademarks:

1. Word marks: Word marks are trademarks that consist of a single
word or phrase. Examples of word marks include "Coca-Cola,"
"McDonald's," and "Google."

e
2. Design marks: Design marks are trademarks that consist of a

ir
symbol, logo, or other design. Examples of design marks include
the Nike swoosh, the Apple logo, and the Starbucks siren.
es
Trademark Registration
● Trademarks are not registered by default.
D
● In order to obtain trademark registration, a business must file a
trademark application with the appropriate government agency.
● The trademark application must include the trademark, the
goods or services that the trademark is used for, and the name
u

and address of the trademark owner.

Ed

There are several benefits to trademark registration:

1. National registration: A registered trademark is protected
throughout the country.

2. Presumption of validity: A registered trademark is presumed to

be valid, which can make it easier for the trademark owner to
win a lawsuit against an infringer.

3. Constructive notice: A registered trademark gives constructive

notice to the public that the trademark is owned by the
trademark owner. This means that anyone who uses the
trademark without the permission of the trademark owner is

101 Edu Desire

liable for infringement.

4. Enhanced damages: If a trademark owner registers a trademark

and the infringer is found liable for trademark infringement, the
trademark owner may be awarded enhanced damages.

5. The ability to file a lawsuit for trademark infringement in

federal court: Trademark owners with registered trademarks
can file a lawsuit for trademark infringement in federal court.

Conclusion

e
Trademarks are a valuable tool for businesses. They can help to
protect a business's brand from unauthorised use, increase the value

ir
of the brand, and make it easier to attract customers. If you are a
business owner, I encourage you to learn more about trademarks and
how they can help you protect your brand.
es
D
u
Ed

Edu Desire
Computer And Technology

The More You Practice, The Better You Get.

Thank You!
Follow me

102 Edu Desire