Unit 1 Cyber Laws

Internet governance – challenges and constraints

- Internet governance refers to the rules, policies, standards and practices that
coordinate and shape global cyberspace.
- The term “Internet governance” first started to be used in connection with the
governance of Internet identifiers such as domain names and IP addresses, which led
to the formation of ICANN.
Challenges:
1. The pace and changing nature of the internet
2. The internet as part of digitalisation
3. The concentration of digital power
4. Digital geopolitics (and the environment)
5. Shaping the digital future
6. The future of regulation
7. Multilateralism and multistakeholderism
8. Participation in decision-making

Cyber threats: cyber warfare, cyber crime, cyber

terrorism, cyber espionage
 Cyber warfare
Uses cyber attacks to disrupt a nation-state's activities, or to cause harm similar to actual
warfare. Cyber warfare attacks can include viruses, phishing, malware, DDoS attacks, and
ransomware. The goal of cyber warfare can be espionage, sabotage, propaganda,
manipulation, or economic warfare. Cyber warfare can impact individuals in many ways,
including identity theft, financial loss, and physical harm.
 Cyber crime
Any criminal activity that involves a computer, network, or networked device. Cyber
criminals may use cyber crime to make a profit, or to damage or disable devices. Common
forms of cyber crime include phishing, identity theft, hacking, and spreading hate.
 Cyber terrorism
A premeditated, politically motivated attack against information systems, programs, and
data that threatens or results in violence. Cyber terrorists may use the same techniques as
traditional cyber attacks, such as DDoS attacks, malware, social engineering, and phishing.
 Cyber espionage
A type of cyber attack where a threat actor, or cyber spy, accesses, steals, or exposes
classified data or intellectual property to gain an advantage. The goal of cyber espionage is
to remain hidden for as long as possible to gather maximum intelligence. Cyber espionage
can compromise national security and stability.

State and private sector in cyberspace

Cyber security standards
The indian cyberspace
The indian penal code
- The Indian Penal Code (IPC) is a substantive law that deals with various criminal offenses
and their punishments in India. Over time, amendments and additions have been made to
address cyber crimes and related issues.
- Sections of the IPC have been updated to address cyber offenses such as hacking (Section
66), identity theft (Section 66C), cyber stalking (Section 354D), online defamation (Section
499), and other crimes related to data theft, fraud, and cyberbullying.
- Additionally, the Information Technology Act, 2000, along with its amendments, provides
a legal framework for addressing cyber crimes and regulating electronic commerce, digital
signatures, and cyber contraventions.

National cyber security policy 2017

**National Cyber Security Policy 2017:**
- The National Cyber Security Policy 2017 is a comprehensive policy framework formulated
by the Government of India to address the challenges and threats in cyberspace.
- Its primary objectives include:
- Protecting information and information infrastructure from cyber threats.
- Strengthening the regulatory framework for ensuring a secure cyberspace.
- Creating an ecosystem for the development of adequate solutions to address cyber
security challenges.
- Enhancing the resilience of critical information infrastructure against cyber-attacks.
- The policy focuses on various aspects such as capacity building, cooperation with other
nations and international bodies, creating a secure cyber ecosystem for citizens, promoting
research and development in cybersecurity, and establishing mechanisms for incident
response and crisis management.

Unit 2 Cyber security

Introduction to cyber security
Cybersecurity refers to the practice of protecting computer systems, networks, programs,
and data from digital attacks, unauthorized access, damage, or theft. With the increasing
reliance on digital technology in nearly all aspects of life, cybersecurity has become a critical
concern for individuals, businesses, governments, and organizations.

CIA Triad
Confidentiality
Confidentiality means that only authorized individuals/systems can view sensitive or
classified information. The data being sent over the network should not be accessed by
unauthorized individuals.
Integrity
Integrity involves making sure your data is trustworthy and free from tampering. The
integrity of your data is maintained only if the data is authentic, accurate, and
reliable. Corruption of data is a failure to maintain data integrity.
Availability
This means that the network should be readily available to its users. This applies to systems
and to data. To ensure availability, the network administrator should maintain hardware,
make regular upgrades, have a plan for fail-over, and prevent bottlenecks in a network.

Risk assessment and analysis

Risk assessment steps:
1. Characterize the system
The first step is to define the scope of the effort. The boundaries of the IT system are
identified, along with the resources and the information that constitute the sytem
2. Identify threats
3. Determine inherent risk and impact
High/medium/low risk
4. Analyze the control environment
5. Determine the likelihood rating
Risk analysis steps:
1. Conduct a risk assessment survey
2. Identify the risk
3. Implement the risk management plan
4. Monitor risk
Different types of risk analysis
1. Qualitative risk analysis
Assessing and evaluating the characteristics of individual process
2. Quantative risk analysis
Numerical estimate of overal effort of risk on project objectives

Hackers and types

Hackers are individuals with exceptional computer skills who possess the ability to explore,
manipulate, and exploit computer systems and networks.
1. White Hat Hackers (Ethical Hackers):
 White hat hackers are ethical and legal hackers who use their skills to identify
security vulnerabilities in systems, networks, and applications.
 Their primary goal is to improve security by proactively finding weaknesses
before malicious hackers exploit them. They often work as cybersecurity
professionals, consultants, or researchers.
 They conduct penetration testing, security assessments, and provide
recommendations to strengthen cybersecurity defenses.
2. Black Hat Hackers:
 Black hat hackers are malicious hackers who exploit vulnerabilities for personal
gain, financial profit, or to cause harm.
  They engage in illegal activities such as stealing data, launching cyber attacks,
spreading malware, conducting identity theft, or defrauding individuals and
organizations.
 Their actions are typically motivated by financial gain, ideological reasons, or
simply the desire to cause disruption or damage.
3. Grey Hat Hackers:
 Grey hat hackers operate between the ethical and unethical spectrum. They
may perform hacking activities without explicit permission but don't necessarily
have malicious intent.
 They may discover vulnerabilities and, instead of exploiting them illegally, may
inform the affected organization after the fact or publicize the vulnerabilities to
raise awareness.
 While their actions might breach ethical boundaries, their intent is not purely
malicious, as they may have a goal of improving security overall.

Information classification
The initial step of data characterization is doling out worth to every data resource,
contingent upon the gamble of misfortune or damage in the event that the data gets
uncovered. In view of significant worth, data is arranged as:
1. Confidential Data – data that is safeguarded as secret by all substances included or
affected by the data. The most elevated level of safety efforts ought to be applied to
such information.
2. Classified Data – data that has limited access according to regulation or guideline.
3. Restricted Data – data that is accessible to the vast majority of representatives.
4. Internal Data – data that is available by all workers
5. Public Data – data that everybody inside and outside the association can get to

Policies, procedures and guidelines

policy:
- Policies are formal statements produced and supported by senior
management.
- Your organization’s policies should reflect your objectives for your
information security program
- Your policies should be like a building foundation; built to last and
resistant to change or erosion.
standards:
- mandatory courses of action or rules that give formal policies
support and direction.
- One of the most difficult parts of writing standards for an
information security program is getting a company-wide consensus
on what standards need to be in place. This can be a time-
 consuming process but is vital to the success of your information
security program.
procedure
- detailed step-by-step instructions to achieve a given goal or
mandate, detailed enough and yet not too difficult that only a small
group (or a single person) will understand.
- intended for internal departments and should adhere to strict
change control processes.
guidelines:
- recommendations to users when specific standards do not apply.
- designed to streamline certain processes according to what the best
practices are.
- Guidelines, by nature, should open to interpretation and do not
need to be followed to the letter.
Vulnerabilities and risk
Layers of cyber security

The Human Layer

Humans are the weakest link in any cyber security strategy, and they are alone responsible
for 90% of data breaches. Education and training, which include instructions on how to
recognize and deal with phishing attacks, strong password strategies, system hardening, and
cyber security awareness, are the best ways to keep the human layer secure。
Perimeter Security
The physical and digital security techniques that safeguard the entire company are included
in perimeter security controls. This includes firewalls, data encryption, antivirus software,
device management (which is crucial if your company has a bring-your-own-device and
setting up a secure demilitarized zone for further security.
Network Security
Network security measures to safeguard a company’s network and guard against unwanted
access. The key worry of the network layer is what users and devices can access once they
are within your system.
Endpoint Security
Endpoint encryption is required to make sure that the devices are operating in secure
environments.
Application Security
To make sure that application is as secure as possible and that any known security
vulnerabilities are addressed by keeping your programs up to date.
Data Security
Data security measures protect the storage and movement of data, which is the target of
cybercrime. The most care must be taken with this layer because it is the foundation of your
company.
Mission Critical Assets
This is the information you must safeguard.

Unit 3 Basics of cryptography

Symmetric and asymmetric cryptosystems
Symmetric cryptography relies on algorithms that use a single key to encrypt and
decrypt information. In other words, the sender uses a secret key to encrypt the message.
Then, the recipients use the same key to decrypt and read the data. So, the key needs to be
shared across all parties that are authorized to decrypt the message.
Let’s see how the process looks like:

The way of providing the key to other parties should be secure to avoid any
exposures.
Moreover, all recipients will be responsible for storing the key safely. Even if we provide
maximum efforts to protect the key, we can’t be certain that others will do the same.
Therefore, ensuring security while using symmetric cryptography is a serious concern.
Asymmetric cryptography relies on a pair of two separate but mathematically
connected keys. The first of them is called a public key. It’s used to encrypt the message
and it can be publicly shared.
The second one is the private key. Its job is to decrypt the data. The private key should be
securely stored and shouldn’t be transferred at all. Calculating the private key based on the
public one is theoretically possible but practically nearly unachievable.
Let’s see how asymmetric cryptography workflow looks like:

We can see that asymmetric cryptography eliminates two main weaknesses of the symmetric
one. First of all, the private key that decrypts the data isn’t transferred anywhere. Therefore,
only the recipient poses the private key and is the only person responsible for its security.
Those properties significantly reduce any possibilities of any exposures that could allow
unauthorized parties to read the confidential message. Besides data encryption and
decryption asymmetric cryptography is also widely used in digital signatures.
The asymmetric ciphers are very secure but much slower than the symmetric
ones. Therefore, sometimes hybrid approaches are used to protect the data. For the
message encryption itself a symmetric cipher is used and for the key, the asymmetric one.
Therefore, the slower, asymmetric method is used only for the key. So, faster symmetric data
encrypts and decrypts the data. Thus, the whole process is more efficient especially for large
amounts of data.

Classical encryption techniques – substitution

techniques, transposition techniques
Substitution : Caesar cipher, playfair
 Play Fair
1. Generate the key Square(5×5):

 The key square is a 5×5 grid of alphabets that acts as the key for encrypting the
plaintext. Each of the 25 alphabets must be unique and one letter of the
alphabet (usually J) is omitted from the table (as the table can hold only 25
alphabets). If the plaintext contains J, then it is replaced by I.

 The initial alphabets in the key square are the unique alphabets of the key in
the order in which they appear followed by the remaining letters of the alphabet
in order.

2. Algorithm to encrypt the plain text: The plaintext is split into pairs of two letters
(digraphs). If there is an odd number of letters, a Z is added to the last letter.
  1. Pair cannot be made with same letter. Break the letter in single and add a
bogus letter to the previous letter.
1. Plain Text: “hello”
2. After Split: ‘he’ ‘lx’ ‘lo’
3. Here ‘x’ is the bogus letter.
 2. If the letter is standing alone in the process of pairing, then add an extra
bogus letter with the alone letter
1. Plain Text: “helloe”
2. AfterSplit: ‘he’ ‘lx’ ‘lo’ ‘ez’
3. Here ‘z’ is the bogus letter.
Rules for Encryption:
 If both the letters are in the same column: Take the letter below each one (going
back to the top if at the bottom).
 If both the letters are in the same row: Take the letter to the right of each one
(going back to the leftmost if at the rightmost position).
 If neither of the above rules is true: Form a rectangle with the two letters and take
the letters on the horizontal opposite corner of the rectangle.
Ex
Transposition: Railfence
The Rail Fence Cipher is a form of transposition cipher, where the letters of the plaintext are
written in a zigzag pattern (across multiple "rails" or rows) and then read row by row to
produce the ciphertext. It’s a simple cipher often used for basic encryption.
How the Rail Fence Cipher Works:
1. Encoding (Encryption):
To encode a message using the Rail Fence Cipher, follow these steps:
1. Choose the number of rails (rows). This is usually given or decided beforehand.
2. Write the plaintext in a zigzag pattern across the rails. Start from the top rail,
move downward one row at a time, and when you reach the bottom rail, move back up
one row at a time.
3. Read the message row by row to create the ciphertext.
2. Decoding (Decryption):
To decode the ciphertext:
1. Recreate the zigzag pattern using the number of rails and the length of the
ciphertext.
2. Fill in the ciphertext letters in the appropriate zigzag pattern.
3. Read the plaintext by following the zigzag path.
Example of Rail Fence Cipher Encryption:
Let’s encode the message “HELLO WORLD” using 3 rails.
Step 1: Write the message in a zigzag pattern across 3 rails:
 Remove spaces for simplicity: "HELLOWORLD"
 Fill the letters in the zigzag pattern:
Step 2: Read the letters row by row:
 Row 1: H O R
 Row 2: E L W L D
 Row 3: L O
So, the ciphertext is: "HOR ELWLD LO", or simply "HORELWLDLO".
Example of Rail Fence Cipher Decryption:
Let’s now decrypt the ciphertext "HORELWLDLO" with 3 rails.
Step 1: Recreate the zigzag pattern with the same number of rails:
First, mark out the positions of the letters in the zigzag pattern using placeholders:

Step 2: Fill in the ciphertext letters:

 Row 1: H O R
 Row 2: E L W L D
 Row 3: L O

Step 3: Read the message in the zigzag pattern: Following the zigzag pattern from the
first rail to the third and back up, we get the plaintext "HELLOWORLD", or "HELLO
WORLD".

Data encryption standard (DES)

Principles of public key cyptosystems: RSA algorithm, key
management, diffie hellman key exchange
Hashing
MD5 and SHA1 algorithms
What is MD5?
MD5 is a cryptographic hash function algorithm that takes the message as input of any
length and changes it into a fixed-length message of 16 bytes. MD5 algorithm stands for
the message-digest algorithm. MD5 was developed in 1991 by Ronald Rivest as an
improvement of MD4, with advanced security purposes. The output of MD5 (Digest size) is
always 128 bits.
Working of the MD5 Algorithm
MD5 algorithm follows the following steps
1. Append Padding Bits: In the first step, we add padding bits in the original message in
such a way that the total length of the message is 64 bits less than the exact multiple of 512.
2. Append Length Bits: In this step, we add the length bit in the output of the first step in
such a way that the total number of the bits is the perfect multiple of 512. Simply, here we
add the 64-bit as a length bit in the output of the first step.
3. Initialize MD buffer: Here, we use the 4 buffers i.e. A B, C, and D. The size of each
buffer is 32 bits.
4. Process Each 512-bit Block: This is the most important step of the MD5 algorithm.
Here, a total of 64 operations are performed in 4 rounds. In the 1st round, 16 operations will
be performed, 2nd round 16 operations will be performed, 3rd round 16 operations will be
performed, and in the 4th round, 16 operations will be performed. We apply a different
function on each round i.e. for the 1st round we apply the F function, for the 2nd G function,
3rd for the H function, and 4th for the I function.
After applying the function now we perform an operation on each block.
Now take input as initialize MD buffer i.e. A, B, C, D. Output of B will be fed in C, C will be
fed into D, and D will be fed into J. After doing this now we perform some operations to find
the output for A.
After all steps, the result of A will be fed into B. Now same steps will be used for all functions
G, H, and I. After performing all 64 operations we will get our message digest.
After all, rounds have been performed, the buffer A, B, C, and D contains the MD5 output
starting with the lower bit A and ending with Higher bits D.

Unit 4 Network and wireless attacks

Network sniffing
A network sniffer “sniffs” or monitors network traffic for information (e.g., where it’s coming
from, which device, the protocol used, etc). Network administrators can use this information
to help optimize their environment.
Types of network sniffing:
1. MAC Sniffing
2. Protocol sniffing
3. LAN sniffers
4. IP sniffers
5. ARP sniffers host
Network sniffing tools:
1. Wireshark
2. TCP dump
3. Ethercap

Packet analysis
Ettercap
- Ettercap is a free and open source network security tool for man-in-the-middle attacks
on a LAN.
- It can be used for computer network protocol analysis and security auditing
- It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and
Solaris, and on Microsoft Windows.
- It is capable of intercepting traffic on a network segment, capturing passwords, and
conducting active eavesdropping against a number of common protocols
Ettercap offers four modes of operation:

- IP-based: packets are filtered based on IP source and destination.

- MAC-based: packets are filtered based on MAC address, useful for sniffing connections
through a gateway.
- ARP-based: uses ARP poisoning to sniff on a switched LAN between two hosts (full-
duplex).
 - PublicARP-based: uses ARP poisoning to sniff on a switched LAN from a victim host to all
other hosts (half-duplex).

DNS poisoning
ARP poisoning
ARP protocol lets devices communicate with each other by translating the MAC address of
the device with its IP address and vice versa. There are two identifiers to identify devices on
a network.
1. IP addresses (logical addresses) are used to identify devices on a wide-area
network (Internet).
2. MAC addresses (Physical addresses) are used to identify devices on a local
area network.
ARP Spoofing: it is a type of malicious attack in which the attacker sends a fake ARP
message over a local network in order to link the attacker’s MAC address with the IP
address of another device on a local area network to achieve a malicious attack.

Denial of services
Vulnerability scanning
Setup network
Router attacks
MITM attack
MAC filtering
MAC filtering is a security method based on access control. In this, each address is assigned
a 48-bit address which is used to determine whether we can access a network or not. It helps
in listing a set of allowed devices that you need on your Wi-Fi and the list of denied devices
that you don’t want on your Wi-Fi
Steps for Mac filtering –
1. Set a list of allowed devices. Only those MAC addresses which are on the list will be
provided services by the DHCP.
 2. Set a list of denied devices. The MAC addresses which are on the denied list will not
be granted server by DHCP.
3. If the MAC address is on both the allowed and denied list then it will be denied the
service.

Packet encryption
Packet sniffing
Types of authentication
Attacks on WEP

 This protocol is one of the two most popular protocols used by wireless networks to
send data across the network. The Wired Equivalent Privacy (WEP) was designed by
the IEEE Security Task Group in late 1997 to provide wireless communications with
the same level of security as wired networks. It basically provides 64 bits of data at a
time to encrypt and/or decrypt your data. The algorithm used to encrypt and decrypt
data is RC4, which is a stream cipher that uses an initialization vector (IV).
There are many ways to break the WEP security, but only three are possible with the use of a
wireless card. The first one is Man in the Middle attack, ARP Cache Poisoning attack, and
Simple WEP Crack.
MITM : Man In The Middle Attack implies an active attack where the attacker/Hacker
creates a connection between the victims and sends messages between them or may capture
all the data packets from the victims.
ARP Cache poisoning : this attack exploits the weaknesses present in the ARP protocol to
corrupt the mappings that are present over the network
The simple WEP Crack method is a wireless encryption cracker that uses the hardware tools
to decode the data stream or tunnel them through your computer. The idea behind this
technique is that you are able to find out plain text information because of missing parts of
IV. then it guesses the WEP key provided by the manufacturer.

WPA encryption
In order to address the increasing vulnerabilities of its predecessor, WEP, WPA (Wi-Fi
Protected Access) was introduced as a wireless security protocol in 2003. Because the WPA
Wi-Fi protocol employs a 256-bit encryption key a significant improvement over the 64-bit
and 128-bit keys used by the WEP system it is more secure than the WEP protocol.

Unit 5 Network Security

Security protocols
1. SSL Protocol :
SSL Protocol stands for Secure Sockets Layer protocol, which is an encryption-based
Internet security protocol that protects confidentiality and integrity of data.
SSL is located between the application and transport layers.
At first, SSL contained security flaws and was quickly replaced by the first version of TLS
that’s why SSL is the predecessor of the modern TLS encryption.
TLS/SSL website has “HTTPS” in its URL rather than “HTTP”.
SSL is divided into three sub-protocols: the Handshake Protocol, the Record Protocol, and
the Alert Protocol.
2. TLS Protocol :
Same as SSL, TLS which stands for Transport Layer Security is widely used for the privacy
and security of data over the internet.
TLS uses a pseudo-random algorithm to generate the master secret which is a key used for
the encryption between the protocol client and protocol server.
TLS is basically used for encrypting communication between online servers like a web
browser loading a web page in the online server.
TLS also has three sub-protocols the same as SSL protocol – Handshake Protocol, Record
Protocol, and Alert Protocol.

Firewalls
network security device, either hardware or software-based, which monitors all incoming
and outgoing traffic and based on a defined set of security rules accepts, rejects, or drops
that specific traffic.
A firewall is a type of network security device that filters incoming and outgoing network
traffic with security policies that have previously been set up inside an organization. A
firewall is essentially the wall that separates a private internal network from the open
Internet at its very basic level.
types of firewalls:
1. Packet Filtering Firewall
Packet filtering firewall is used to control network access by monitoring outgoing and
incoming packets and allowing them to pass or stop based on source and destination IP
address, protocols, and ports. It analyses traffic at the transport protocol layer (but mainly
uses first 3 layers).

2. Stateful Inspection Firewall

Stateful firewalls (performs Stateful Packet Inspection) are able to determine the connection
state of packet, unlike Packet filtering firewall, which makes it more efficient. It keeps track
the state of networks connection travelling across it, such as TCP streams.

3. Software Firewall
A software firewall is any firewall that is set up locally or on a cloud server. When it comes to
controlling the inflow and outflow of data packets and limiting the number of networks that
can be linked to a single device, they may be the most advantageous. But the problem with
software firewall is they are time-consuming.
4. Hardware Firewall
They also go by the name “firewalls based on physical appliances.” It guarantees that the
malicious data is halted before it reaches the network endpoint that is in danger.
5. Application Layer Firewall
Application layer firewall can inspect and filter the packets on any OSI layer, up to the
application layer. It has the ability to block specific content, also recognize when certain
application and protocols (like HTTP, FTP) are being misused.
6. Proxy Service Firewall
This kind of firewall filters communications at the application layer, and protects the
network. A proxy firewall acts as a gateway between two networks for a particular
application.
IDPS : types and technologies
An Intrusion Detection System (IDS) is a security tool that monitors a computer network or
systems for malicious activities or policy violations. It helps detect unauthorized access,
potential threats, and abnormal activities by analyzing traffic and alerting administrators to
take action. An IDS is crucial for maintaining network security and protecting sensitive data
from cyber-attacks.
Working of Intrusion Detection System(IDS)
 An IDS (Intrusion Detection System) monitors the traffic on a computer network to
detect any suspicious activity.
 It analyzes the data flowing through the network to look for patterns and signs of
abnormal behavior.
 The IDS compares the network activity to a set of predefined rules and patterns to
identify any activity that might indicate an attack or intrusion.
 If the IDS detects something that matches one of these rules or patterns, it sends an
alert to the system administrator.
 The system administrator can then investigate the alert and take action to prevent any
damage or further intrusion.

SET

Network security applications

Web security: SSL encryption, securing online payments
(OTP)

A (2 points)
1. Define cyber space. Mention any two advantages
Cyber space can be defined as an intricate environment that involves interactions
between people, software and services. It is maintained by the worldwide distribution
of information and communication technology devices and networks
Global Connectivity:
 Cyberspace allows individuals, businesses, and organizations to connect and
communicate globally. Through the internet and other digital networks, people
can share information, collaborate on projects, and engage in international
trade and transactions. This global connectivity has significantly expanded
opportunities for communication, collaboration, and business on a worldwide
scale.
Efficient Information Exchange:
 Cyberspace enables rapid and efficient exchange of information. Through
emails, instant messaging, file sharing, and other online communication tools,
users can transmit data almost instantly, regardless of geographical distances.
This speed of information exchange enhances productivity, facilitates real-time
collaboration, and supports faster decision-making processes for individuals and
organizations alike.
 2. Compute caesar cipher for plain text “COMPUTER and key = 3
3. What’s the difference between substitution and transposition cipher

Substitution Cipher Technique:

In Substitution Cipher Technique plain text characters are replaced
with other characters, numbers and symbols as well as in substitution
Cipher Technique, character’s identity is changed while its position
remains unchanged.
Transposition Cipher Technique:
Transposition Cipher Technique rearranges the position of the plain
text’s characters. In transposition Cipher Technique, The position of the
character is changed but character’s identity is not changed.

4. What’s packet analysis

Packet analysis, also known as packet sniffing or packet inspection, is the

process of capturing and examining the data packets flowing across a
computer network. In computer networking, data is often broken down into
smaller units called packets before being transmitted over the network. Each
packet contains both the actual data being transmitted and additional
information, such as source and destination addresses, error-checking codes,
and sequencing information.

Packet analysis involves capturing these individual packets and analyzing their
contents to gain insights into network behavior, troubleshoot issues, and
ensure proper network security.

5. Summarize the use of packet filtering in firewall

It works in the network layer of the OSI Model. It applies a set of rules
(based on the contents of IP and transport header fields) on each packet
and based on the outcome, decides to either forward or discard the
packet.
Packet filter firewall controls access to packets on the basis of packet
source and destination address or specific transport protocol type. It is
done at the OSI (Open Systems Interconnection) data link, network, and
transport layers.
Packet filters consider only the most basic attributes of each packet,
and they don’t need to remember anything about the traffic since each
packet is examined in isolation. For this reason, they can decide packet
flow very quickly.

B (4 points)
6. What’s cyber terrorism ? as a responsible citizen mention any three ways to eradicate
cyber terrorism
Cyber terrorism is the convergence of cyberspace and terrorism. It refers to unlawful
attack and threats against computers, networks and the information strored to
intimidate or coerce a government or its people in motive of political or social
objectives
1. International Cooperation and Legislation:
  Foster international collaboration and create effective legal frameworks to
address cyber terrorism. Encourage nations to work together to develop and
enforce laws that criminalize cyber terrorism, extradite offenders, and facilitate
information sharing. A united global effort is essential to combat cyber threats
that transcend national borders.
2. Investment in Cybersecurity Measures:
 Allocate resources to enhance cybersecurity infrastructure, both in the public
and private sectors. This includes investing in advanced technologies, threat
intelligence, and skilled personnel to detect, prevent, and respond to cyber
threats. Governments, businesses, and individuals should prioritize
cybersecurity measures to protect critical systems and data.
3. Public Awareness and Education:
 Increase public awareness and education on cyber threats and responsible
online behavior. Empower individuals with the knowledge and skills to
recognize and report suspicious activities. Promote a culture of cybersecurity,
where citizens understand the risks, practice good digital hygiene, and remain
vigilant against cyber threats. Education is a key component in building a
resilient society against cyber terrorism.

7. Compare and contrast between vulnerability, risk and threat

1. Threat:
 A threat in cybersecurity refers to any potential danger that can exploit a
vulnerability in a system or network, potentially causing harm. Threats can
come in various forms, such as malware, hackers, insider threats, natural
disasters, or even human error.
 Examples of threats include phishing attacks, ransomware, denial-of-service
attacks, social engineering tactics, and unauthorized access attempts.
2. Vulnerability:
 A vulnerability is a weakness or flaw in a system's design, implementation, or
security procedures that could be exploited by a threat. These weaknesses can
exist in software, hardware, configurations, policies, or human behaviors.
 Examples of vulnerabilities include unpatched software, misconfigured security
settings, weak passwords, lack of encryption, or outdated systems that are no
longer supported by security updates.
3. Risk:
 Risk in cybersecurity refers to the likelihood that a threat will exploit a
vulnerability, resulting in an adverse impact on an organization's assets, such as
data, systems, or operations. Risk is the potential for loss, damage, or
disruption.
 Assessing risk involves evaluating the probability of a threat exploiting a
vulnerability and estimating the potential impact or consequences on the
organization.
 Risk can be quantified or qualified based on factors like the value of assets at
risk, the likelihood of a successful attack, and the potential damage or loss that
could occur.

8. Generate the public key and private key for the prime numbers p=3, q=11 using
RSA algorithm
 9. Compare and contrast between IDS and IPS

Both systems can:

 Monitor. After setup, these programs can look over traffic within parameters
you specify, and they will work until you turn them off.
 Alert. Both programs will send a notification to those you specify when a
problem has been spotted.
 Learn. Both can use machine learning to understand patterns and emerging
threats.
 Log. Both will keep records of attacks and responses, so you can adjust your
protections accordingly.

But they differ due to:

 Response. An IDS is passive, while an IPS is an active control system. You

must take action after an IDS alerts you, as your system is still under attack.
 Protection. Arguably, an IDS offers less help when you're under threat. You
must figure out what to do, when to do it, and how to clean up the mess. An IPS
does all of this for you.
 False positives. If an IDS gives you an alert about something that isn't
troublesome at all, you're the only one inconvenienced. If an IPS shuts down
traffic, many people could be impacted.
10.Write a note on SSL Encryption
Secure Socket Layer (SSL) provides security to the data that is transferred between
web browser and server. SSL encrypts the link between a web server and a browser
which ensures that all data passed between them remain private and free from
attack.

Secure Socket Layer Protocols:

1. SSL record protocol
 In the SSL Record Protocol application data is divided into fragments. The
fragment is compressed and then encrypted MAC (Message Authentication
Code) generated by algorithms like SHA (Secure Hash Protocol) and MD5
(Message Digest) is appended. After that encryption of the data is done and in
last SSL header is appended to the data.
2. Handshake protocol
Handshake Protocol is used to establish sessions. This protocol allows the client
and server to authenticate each other by sending a series of messages to each
other. Handshake protocol uses four phases to complete its cycle.
 Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In
this IP session, cipher suite and protocol version are exchanged for security
purposes.
 Phase-2: Server sends his certificate and Server-key-exchange. The server end
phase-2 by sending the Server-hello-end packet.
 Phase-3: In this phase, Client replies to the server by sending his certificate
and Client-exchange-key.
 Phase-4: In Phase-4 Change-cipher suite occurs and after this the Handshake
Protocol ends.

3. Change-cipher spec protocol

This protocol uses the SSL record protocol. Unless Handshake Protocol is
completed, the SSL record Output will be in a pending state. Change-cipher
protocol consists of a single message which is 1 byte in length and can have
only one value. This protocol’s purpose is to copy the pending state to the
current state.

4. Alert protocol
This protocol is used to convey SSL-related alerts to the peer entity. Each
message in this protocol contains 2 bytes.
 The level is further classified into two parts:

Warning (level = 1):

This Alert has no impact on the connection between sender and receiver.
Fatal Error (level = 2):
This Alert breaks the connection between sender and receiver.

SSL Certificate
SSL (Secure Sockets Layer) certificate is a digital certificate used to secure and verify the
identity of a website or an online service. The certificate is issued by a trusted third-party
called a Certificate Authority (CA), who verifies the identity of the website or service before
issuing the certificat

11.Explain the requirements and key features of SET protocol

SET (Secure Electronic Transaction) is a security protocol that enhances online

payment security and integrity, especially those involving debit and credit cards. SET
protects electronic payments by encrypting personal card details and authenticating
users through digital certificates. SET ensures that only authorised parties can access
sensitive information and that transactions are not tampered with.

SET uses four types of digital certificates:

 Cardholder certificates
 Merchant certificates
 Payment gateway certificates
 Authority certificates

Requirements in SET: The SET protocol has some requirements to meet, some of
the important requirements are:
 It has to provide mutual authentication i.e., customer (or cardholder) authentication
by confirming if the customer is an intended user or not, and merchant authentication.
 It has to keep the PI (Payment Information) and OI (Order Information) confidential by
appropriate encryptions.
 It has to be resistive against message modifications i.e., no changes should be allowed
in the content being transmitted.
 SET also needs to provide interoperability and make use of the best security
mechanisms.

SET functionalities:
 Provide Authentication
 By using Standard X.509V3 certificates
 Provide Message Confidentiality:
 SET implements confidentiality by using encryption techniques. Traditionally
DES is used for encryption purposes.
 Provide Message Integrity: SET doesn’t allow message modification with the help of
signatures. Messages are protected against unauthorized modification using RSA
digital signatures with SHA-1 and some using HMAC with SHA-1
 12.Illustrate in detail about DNS poisoning
DNS Spoofing means getting a wrong entry or IP address of the requested site from
the DNS server. Attackers find out the flaws in the DNS system and take control and
will redirect to a malicious website.

In above image –
1. Request to Real Website: User hits a request for a particular website it goes to the
DNS server to resolve the IP address of that website.
2. Inject Fake DNS entry: Hackers already take control over the DNS server by detecting
the flaws and now they add false entries to the DNS server.
3. Resolve to Fake Website: Since the fake entry in the DNS server redirect the user to
the wrong website.

C
13.a. explain DES with a neat diagram
Data Encryption Standard (DES) is a block cipher with a 56-bit key length that has
played a significant role in data security. Data encryption standard (DES) has been
found vulnerable to very powerful attacks therefore, the popularity of DES has been
found slightly on the decline. DES is a block cipher and encrypts data in blocks of size
of 64 bits each, which means 64 bits of plain text go as the input to DES, which
produces 64 bits of ciphertext.

DES is based on the two fundamental attributes of cryptography: substitution (also

called confusion) and transposition (also called diffusion). DES consists of 16 steps,
each of which is called a round. Each round performs the steps of substitution and
transposition. Let us now discuss the broad-level steps in DES.
 In the first step, the 64-bit plain text block is handed over to an initial Permutation (IP)
function.
 The initial permutation is performed on plain text
 Next, the initial permutation (IP) produces two halves of the permuted block; saying
Left Plain Text (LPT) and Right Plain Text (RPT).
 Now each LPT and RPT go through 16 rounds of the encryption process.
 In the end, LPT and RPT are rejoined and a Final Permutation (FP) is performed on the
combined block
 The result of this process produces 64-bit ciphertext.
b. mention any three sections of indian penal code according to ITACT 2000
1. Section 43: This section deals with unauthorized access to computer systems and
data. It includes penalties for unauthorized access, downloading, or extracting data
from computer systems without permission.
2. Section 65: This section deals with tampering with computer source documents. It
makes unauthorized modification or alteration of any information present in a
computer resource an offense.
3. Section 66: This section covers computer-related offenses such as hacking. It
includes provisions for punishment for unauthorized access to a computer system,
data alteration, and introducing contaminants with the intent to damage the system.

14.Disscuss in detail about

a. MITM attack

A man-in-the-middle (MiTM) attack is a type of cyber attack in which the

attacker secretly intercepts and relays messages between two parties who
believe they are communicating directly with each other. The attack is a type
of eavesdropping in which the attacker intercepts and then controls the entire
conversation.

The following steps are involved in a common data interception technique:

1. An attacker installs a packet sniffer to gauge any network traffic that might be
insecure, such as a user accessing a Hypertext Transfer Protocol (HTTP)-based
website or using a non-secure public hotspot.
2. Once the user logs into the insecure website, the attacker retrieves the user's
information and redirects them to a fake website.
3. The fake website mimics the original website and gathers all the pertinent user data,
which the attacker can then use to access all the user resources on the original
website.

What are the types of man-in-the-middle attacks?

To gain access to devices and sensitive information, cybercriminals use the
following ways to conduct MiTM attacks:
1. Internet Protocol spoofing. Like identity theft, IP spoofing takes place when
cybercriminals alter the source IP address of a website, email address or device for
the purpose of masking it. This dupes the users into believing that they are interacting
 with a legit source and the sensitive information they share during the transaction
gets transferred to the cybercriminals instead.
2. Domain Name System spoofing. This is a type of man-in-the-middle attack where
cybercriminals alter domain names to redirect traffic to fake websites. Users might
think that they are reaching a secure and trusted website, but instead, they land on a
website operated by cybercriminals. The main aim behind DNS spoofing is to reroute
traffic to a fake website or to capture user login credentials.
3. HTTP spoofing. The HTTP protocol is the embodiment of secure internet
communications. HTTPS indicates a safe and trusted website. During an HTTPS
spoofing attack, a browser session is redirected to an unsecured or HTTP-based
website without the user's knowledge or consent. Cybercriminals can monitor user
interactions and steal shared personal information through this redirection.
4. Secure Sockets Layer hijacking. SSL is a protocol that establishes an encrypted
connection between a browser and the web server. During SSL hijacking, a
cybercriminal might use another computer and a secure server to intercept all
information traveling between the server and the end user's computer.
5. Email hijacking. This is a type of MiTM attack where cybercriminals gain control of
email accounts of banks and other financial institutions to monitor any transactions
that users conduct. Cybercriminals may even spoof the bank's email address and send
instructions to customers that lead them to unknowingly transfer their money to the
cybercriminals.
6. Wi-Fi eavesdropping. This MiTM attack is one of the many risk factors posed by
public Wi-Fi. During this attack, public Wi-Fi users get tricked into connecting to
malicious Wi-Fi networks and hotspots. Cybercriminals accomplish this by setting up
Wi-Fi connections with names that resemble nearby businesses.
7. Session hijacking. Also known as stealing browser cookies, this malicious practice
takes place when cybercriminals steal personal data and passwords stored inside the
cookies of a user's browsing session. Sometimes, cybercriminals can gain endless
access to users' saved resources. For example, they might steal users' confidential
data and identities, purchase items or steal money from their bank accounts.
8. Cache poisoning. Also known as Address Resolution Protocol, or ARP cache
poisoning, this popular modern-day MiTM attack enables cybercriminals who are on
the same subnet as the victims to eavesdrop on all traffic being routed between them.

b. Denial of Service
Denial of Service (DoS) is a cyber-attack on an individual Computer or Website
with the intent to deny services to intended users. Their purpose is to disrupt an
organization’s network operations by denying access to its users. Denial of service
is typically accomplished by flooding the targeted machine or resource with
surplus requests in an attempt to overload systems and prevent some or all
legitimate requests from being fulfilled.
Other basic types of DoS attacks involve.
 Flooding a network with useless activity so that genuine traffic cannot get through.
The TCP/IP SYN and Smurf attacks are two common examples.
 Remotely overloading a system’s CPU so that valid requests cannot be processed.
 Changing permissions or breaking authorization logic to prevent users from logging
into a system. One common example involves triggering a rapid series of false login
attempts that lockout accounts from being able to log in.
 Deleting or interfering with specific critical services to prevent their normal operation
(even if the system and network overall are functional).
DoS attacks can cause the following problems:
 Ineffective services
 Inaccessible services
 Interruption of network traffic
 Connection interference
15.A. explain IP Sec architecture with a neat diagram
IPSec (IP Security) architecture uses two protocols to secure the traffic or data
flow. These protocols are ESP (Encapsulation Security Payload) and AH
(Authentication Header). IPSec Architecture includes protocols, algorithms, DOI, and
Key Management.

1. Architecture: Architecture or IP Security Architecture covers the general

concepts, definitions, protocols, algorithms, and security requirements of IP Security
technology.
2. ESP Protocol: ESP(Encapsulation Security Payload) provides a confidentiality
service.

Encapsulation Security Payload is implemented in either two ways:

 ESP with optional Authentication.
 ESP with Authentication.
PACKET FORMAT
 Security Parameter Index(SPI): It is used to give a unique number to the
connection built between the Client and Server.
 Sequence Number: Unique Sequence numbers are allotted to every packet so that
can be arranged properly on the receiver
 Payload Data: Payload data means the actual data or the actual message. The
Payload data is in an encrypted format to achieve confidentiality.
 Padding: Extra bits of space are added to the original message in order to ensure
confidentiality. Padding length is the size of the added bits of space in the original
message.
 Next Header: Next header means the next payload or next actual data.
 Authentication Data This field is optional in ESP protocol packet format.
3. Encryption algorithm: The encryption algorithm is the document that describes
various encryption algorithms used for Encapsulation Security Payload.
4. AH Protocol: AH (Authentication Header) Protocol provides both Authentication and
Integrity service. Authentication Header is implemented in one way only: Authentication
along with Integrity.

Authentication Header covers the packet format and general issues related to the use
of AH for packet authentication and integrity.
5. Authentication Algorithm: The authentication Algorithm contains the set of
documents that describe the authentication algorithm used for AH and for the
authentication option of ESP.
6. DOI (Domain of Interpretation): DOI is the identifier that supports both AH and
ESP protocols. It contains values needed for documentation related to AH and ESP.
7. Key Management: Key Management contains the document that describes how
the keys are exchanged between sender and receiver.

B. what is digital signature? Mention any two applications

A digital signature is a cryptographic technique that verifies the authenticity and
integrity of a digital message or document. It ensures that the content has not been
altered and confirms the identity of the sender. A digital signature works similarly to a
handwritten signature but with more security features, including encryption and
hashing.
Two Applications of Digital Signatures:
1. Electronic Contracts and Legal Documents: Digital signatures are widely used in
signing contracts, agreements, and other legal documents electronically. They provide
a secure and legally recognized way of ensuring that the document has been signed by
the correct parties and that the content has not been tampered with.
2. Email Security: Digital signatures are also used to sign emails, ensuring the
authenticity of the sender and the integrity of the email content. This helps in
preventing phishing attacks and ensures that the email has not been altered in transit.

16.A. Generate Hill Cipher text for the plain text “pay” and key :
17 17 15
21 18 21

2 2 19

B. Mention any three best cyber security practices

Implementing effective cybersecurity practices is crucial to safeguarding digital assets

and sensitive information. Here are three essential cybersecurity best practices:
1. Regular Software Updates and Patch Management:
 Regularly updating software, operating systems, and applications is critical for
addressing vulnerabilities and weaknesses that could be exploited by attackers.
 Enable automatic updates whenever possible to ensure that security patches
are applied promptly.
 Patch management is essential for addressing known vulnerabilities and
reducing the risk of exploitation.
2. Strong Authentication and Access Controls:
 Implement strong authentication mechanisms, such as two-factor authentication
(2FA) or multi-factor authentication (MFA), to add an extra layer of security
beyond passwords.
 Enforce the principle of least privilege, ensuring that users have the minimum
level of access required to perform their tasks.
 Regularly review and update user access permissions, especially when
employees change roles or leave the organization.
3. Regular Security Training and Awareness:
 Provide cybersecurity training to employees, educating them on security best
practices, recognizing phishing attempts, and understanding the importance of
protecting sensitive information.
 Conduct regular security awareness programs to keep employees informed
about current threats and vulnerabilities.
 Foster a culture of cybersecurity awareness and responsibility throughout the
organization.