UNIT V CYBER CRIMES AND CYBER SECURITY

Cyber Crime and Information Security – classifications of Cyber

Crimes –Tools and Methods –Password Cracking, Keyloggers,
Spywares, SQL Injection – Network Access Control – Cloud Security –
Web Security – Wireless Security

5.1.1 CYBERCRIME:
 Cyber crimes are crimes that involve criminal activities done through cyberspace
by devices connected to the internet.
 Cybercrime can be committed against an individual or a group;
 It can also be committed against government and private organizations.
 It may be intended to harm someone’s reputation, physical harm, or even mental
harm.
 Cybercrime can cause direct harm or indirect harm to whoever the victim is.
 However, the largest threat of cybercrime is on the financial security of an
individual as well as the government.
 Cybercrime causes loss of billions of USD every year.
Types of Cybercrime:
The major types of cybercrime :
Malware attacks
A malware attack is where a computer system or network is infected with a computer
virus or other type of malware. A computer compromised by malware could be used by
cybercriminals for several purposes. These include stealing confidential data, using the
computer to carry out other criminal acts, or causing damage to data.
Phishing
A phishing campaign is when spam emails, or other forms of communication, are sent
with the intention of tricking recipients into doing something that undermines their
security. Phishing campaign messages may contain infected attachments or links to
malicious sites, or they may ask the receiver to respond with confidential information.
Distributed DoS attacks
Distributed DoS attacks (DDoS) are a type of cybercrime attack that cybercriminals use
to bring down a system or network. Sometimes connected IoT (Internet of Things)
devices are used to launch DDoS attacks.
Hacking
It is an illegal practice by which a hacker breaches the computer’s security system of
someone for personal interest.
Phishing
Phishing attacks are the practice of sending fraudulent communications that appear to
come from a reputable source. It is usually done through email. The goal is to steal
sensitive data like credit card and login information, or to install malware on the
victim's machine.
Unwarranted mass-surveillance
Mass surveillance means surveillance of a substantial fraction of a group of people by
the authority especially for the security purpose, but if someone does it for personal
interest, it is considered as cybercrime.

Child pornography
It is one of the most heinous crimes that is brazenly practiced across the world. Children
are sexually abused and videos are being made and uploaded on the Internet.

Child grooming
It is the practice of establishing an emotional connection with a child especially for the
purpose of child-trafficking and child prostitution.
Copyright infringement
If someone infringes someone’s protected copyright without permission and publishes
that with his own name, is known as copyright infringement.
Money laundering
Illegal possession of money by an individual or an organization is known as money
laundering. It typically involves transfers of money through foreign banks and/or
legitimate business. In other words, it is the practice of transforming illegitimately
earned money into the legitimate financial system.
Cyber-extortion
When a hacker hacks someone’s email server, or computer system and demands money
to reinstate the system, it is known as cyber-extortion.
Cyber-terrorism
when someone hacks government’s security system or intimidates government or such
a big organization to advance his political or social objectives by invading the security
system through computer networks, it is known as cyber-terrorism.
5.1.2 INFORMATION SECURITY

 Information security (commonly known as InfoSec) refers to the procedures

and practices that corporations use to protect their data.
 This contains policy settings that prevent unauthorized people from
accessing company or personal data.
 Information security is a fast-evolving and dynamic discipline that includes
everything, from network and security design to testing and auditing.
 Information security protects sensitive data from unauthorized acts such as
scrutiny, modification, recording, disruption, or destruction. The goal is to
secure and preserve the privacy of important data like client account
information, financial information, or intellectual property.
 information security comprises:
Governance,
Confidentiality
Integrity.

Governance Framework:
The Information Security and Governance Framework (ISGF) is a set of guidelines and
best practices for managing information security in an organization. It provides a
structure for identifying, classifying, and protecting sensitive information, and
implementing security controls and procedures. The ISGF also includes guidance on
incident response and disaster recovery.

Confidentiality:
Confidentiality is the protection of information from unauthorized disclosure. When
information is confidential, it is not to be shared with anyone who does not need to
know. Confidentiality is crucial for both personal and business information. Personal
information, such as medical records or financial information, should only be shared
with those who have a legitimate need to know.
Information security and integrity are crtitical because they protect the confidentiality,
availability, and integrity of data.
Availability
Availability is the degree to which a system can be accessed and used. To ensure
information security and availability, organizations should have policies and procedures
in place to protect their data.
They should also have a plan for how to respond to security incidents. Additionally, they
should regularly test their systems and backup their data.
Organizations that don't take information security and availability seriously risk data
breaches, which can lead to loss of revenue, damage to reputation, and regulatory
penalties. Data breaches can also cause downtime, disrupting business operations and
leading to lost productivity.

5.2Classifications Of Cyber Crimes

 Cyber crimes are crimes that involve criminal activities done through cyberspace
by devices connected to the internet.
 At times, cyber crimes are also called ‘computer crimes’.
 Most cybercriminals commit cyber crimes with mainly three motives- monetary,
personal, or political.
Generally, almost all cyber crimes can be classified under three heads, depending on the
groups they are targetted at.
The classifications are:
 cyber crimes against individuals,
 cyber crimes against organizations, and
 cyber crimes against Government/society at large.
CYBER CRIMES AGAINST INDIVIDUALS
Generally, ordinary individuals are the most vulnerable targets of
cybercriminals. This is due to various reasons like lack of information, guidance,
and cyber-security. As per a recent report published by Norton, 44% of
individuals consider themselves as ‘worthwhile targets’ for hackers.

The following are some of the main cyber crimes committed targeting
individuals.

Cyberbullying
The term cyberbullying is not defined under any Indian law. However, in general
parlance, cyberbullying refers to bullying someone by threatening, harassing or
embarrassing the victim using technology digital device. Generally, cyberbullying
includes the following activities on the internet:

Humiliating/embarrassing content posted online about the victim of online

bullying,
Hacking social media accounts
Posting vulgar messages on social media
Threatening the victim to commit any violent activity
Child pornography or threatening someone with child pornography
In India, a whopping amount of almost 85% of children experiences
cyberbullying. There are no specific provisions that deal with cyberbullying.
Section 67 of the IT Act is the closest legal provision relating to cyberbullying. It
penalises anyone who transmits obscene materials in electronic form. The
punishment for such transmission is imprisonment for a term which may extend
to five years and a fine which may extend to ten lakh rupees.

Cyberstalking
Browsing anyone’s internet history or online activity, and sending obscene
content online with the help of any social media, software, application, etc. to
know about that particular person is called cyberstalking. Cyberstalkers take
advantage of the inconspicuousness provided by the internet. They are generally
not detectable by the victim, as it is very easy for cyberstalkers to open spam
accounts just to stalk any person; once the stalker deletes the account, his/ her
identity completely vanishes.

Cyber defamation
Cyber defamation means injuring the other person’s reputation via the internet
through social media, Emails etc. There are two types of Cyber defamation: libel
and slander.

Libel: It refers to any defamatory statement which is in written form. For

instance, writing defamatory comments on posts, forwarding defamatory
messages on social media groups, etc. are a part of cyber defamation in the form
of libel.
Slander: It refers to any defamatory statement published in oral form. For
instance, uploading videos defaming someone on YouTube is a part of cyber
defamation in the form of slander.
Phishing
Phishing refers to the fraudulent practice of sending emails under the pretext of
reputable companies to induce individuals to reveal personal information, such
as passwords, credit card numbers, etc., online. Phishing refers to the
impersonation of a legitimate person and fraudulently stealing someone’s data.
Through phishing attacks, cybercriminals not only exploit innocent individuals
but also spoil the reputation of well-known companies.

Cyber fraud
As the name suggests, cyber fraud refers to any act of fraud committed with the
use of a computer. Any person who dishonestly uses the internet to illegal
deceive people and gets personal data, communication, etc. with a motive to
make money is called a cyber fraud.

Examples of cyber fraud include sending emails containing fake invoices, sending
fake emails from email addresses similar to the official ones, etc.

Cyber theft
Cyber theft is a type of cybercrime which involves the unauthorized access of
personal or other information of people by using the internet. The main motive
of the cyber criminals who commit cyber theft is to gather confidential data like
passwords, images, phone numbers, etc. and use it as leverage to demand a
lumpsum amount of money. The unauthorized transmission of copyrighted
materials, trademarks, etc. over the internet is also a part of cyber theft. Cyber
thefts are committed through various means, like hacking, email/ SMS spoofing,
etc.

Spyware
Spyware is a type of malware or malicious software, when it is installed it starts
accessing and computing the other person’s device without the end user’s
knowledge. The primary goal of this software is to steal credit card numbers,
passwords, One-Time Passwords (OTPs), etc.

CYBER CRIMES AGAINST ORGANIZATIONS

The cyber crimes mainly targeting individuals may help cybercriminals get only
a meagre amount of ransom, depending on the financial status of the targeted
individuals. On the other hand, cyber-attacking large companies or organisations
can help them get their hands on extremely confidential data of both private and
public institutions or entities.
Cyber attacks on organizations are generally launched on a large scale to get a
lump sum amount of ransom. Since such attacks drastically damage the
companies’ daily operations, most companies try to resolve them as fast as
possible. The following are the kinds of cyber crimes launched targeting
organizations.
Attacks by virus
A computer virus is a kind of malware which connects itself to another computer
program and can replicate and expand when any person attempts to run it on
their computer system. For example, the opening of unknown attachments
received from malicious emails may lead to the automatic installation of the
virus on the system in which it is opened. These viruses are extremely
dangerous, as they can steal or destroy computer data, crash computer systems,
etc. The attackers program such malicious viruses to get hold of organisations’
official or confidential data. The illegally retrieved data is then used as leverage
to extort ransom from the organisations.

Salami attack
It is one of the tactics to steal money, which means the hacker steals the money
in small amounts. The damage done is so minor that it is unnoticed. Generally,
there are two types of Salami attacks- Salami slicing and Penny shaving. In
Salami slicing, the attacker uses an online database to obtain customer
information, such as bank/credit card details. Over time, the attacker deducts
insignificant amounts from each account. These sums naturally add up to large
sums of money taken from the joint accounts invisibly.

Web Jacking
Web Jacking refers to the illegal redirection of a user’s browser from a trusted
domain’s page to a fake domain without the user’s consent. By using the method
of Web Jacking, people visiting any well-known or reliable website can be easily
redirected to bogus websites, which in turn lead to the installation of malware,
leak of personal data, etc. Web jackers intend to illegally collect confidential
information of users by enticing them to click on any link which may seem
genuine at the first glance.

Denial of Service Attack

Denial of Service Attack or DoS, is a cyber attack on computer devices or systems,
preventing the legal users or accessors of the system from accessing them. The
attackers generally attack systems in such a manner by trafficking the targeted
system until it ultimately crashes. DoS attacks cost millions of dollars to the
corporate world, as it curbs them from using their own systems and carrying out
their activities. The attack may be also used to incorporate ransomware into
corporate systems.

Data diddling
Data diddling is a cyber crime which involves the unauthorized alteration of data
entries on a computer. It may be done either before or during the entry of such
data. It is generally committed by way of computer virus attacks. At times, to
conceal the alteration, the altered data is changed to its original data after
retrieving the required information. Usually, the strategic or statistical data of
large companies.
In India, data diddling is an offence under Section 65 of the IT Act. The said
Section provides that knowingly or intentionally concealing, destroying, altering
or causing another to conceal, destroy, or alter any computer source code used
for a computer, computer programme, computer system or computer network is
punishable with imprisonment of up to three years or with fine of up to two
lakhs.

CYBER CRIMES AGAINST GOVERNMENT/SOCIETY AT LARGE

Apart from the cyber crimes committed targeting individuals in society, various
other cyber attacks are launched against the community at large. Such cyber
crimes may be aimed either against any particular section of society or the entire
country. The following are a few types of cyber crimes against the community at
large.

Cyber pornography
As per Merriam-Webster Dictionary, pornography is the depiction of erotic
behaviour (as in pictures or writing) intended to cause sexual excitement.
Accordingly, cyber pornography refers to using the internet to display,
distribute, import, or publish pornography or obscene materials.

Cyber terrorism
Cyber terrorism means using cyberspace to hurt the general public and damage
the integrity and sovereignty of any country. The IT Act defines cyber terrorism
under Section 66F as any acts done by a person with the intent to create a threat
to the unity, integrity, sovereignty and security of the nation or create terror in
minds of people or section of people by way of disrupting the authorised access
to a computer resource or getting access to a computer resource through
unauthorised means or causing damage to a computer network.

Cyber terrorism is generally carried out in the following ways:

Hacking government-owned systems of the target country and getting

confidential information.
Destructing and destroying government databases and backups by incorporating
viruses or malware into the systems.
Disrupting government networks of the target nation.
Distracting the government authorities and preventing them from focusing on
matters of priority.
The punishment for cyber terrorism as provided under Section 66F of the IT Act
is imprisonment of up to 3 years and/or up to Rs 2 lakh fine.

Cyber Espionage
According to Merriam-Webster Dictionary, espionage is “the practice of spying or
using spies to obtain information about the plans and activities especially of a
foreign government or a competing company.” Similarly, cyber espionage refers
to the unauthorized accessing of sensitive data or intellectual property for
economic, or political reasons. It is also called ‘cyber spying’.
 In most cases of cyber espionage, spies in the form of hackers are deliberately
recruited to launch cyber attacks on the government systems of enemy nations
to stealthily collect confidential information. The cross-border exposure of
sensitive data related to any country can continue as long as it stays undetected.
The information gathered through cyber espionage is then used by the gathering
country to either combat or launch military or political attacks on the enemy
country.

Generally, the following data are gathered through cyber espionage:

Military data
Academic research-related data
Intellectual property
Politically strategic data, etc.

5.3Tools and Methods

5.3.1 Password Cracking

• Password is like a key to get an entry into computerized systems like a lock.
• Password cracking is a process of recovering passwords from data that have
been stored in or transmitted by a computer system.
• Usually, an attacker follows a common approach – repeatedly making guesses for the
password.
The purpose of password cracking is as follows:
1. To recover a forgotten password.
2. As a preventive measure by system administrators to check for easily crackable
passwords.
3. To gain unauthorized access to a system.

Manual password cracking is to attempt to logon with different passwords. The attacker
follows the following steps:
1. Find a valid user account such as an Administrator or Guest;
2. create a list of possible passwords;
3. rank the passwords from high to low probability;
4. key-in each password;
5. try again until a successful password is found.

Passwords can be guessed sometimes with knowledge of the user’s personal

information. Examples of guessable passwords include:
1. Blank (none);
2. the words like <password,= <passcode= and <admin=;
3. series of letters from the <QWERTY= keyboard, for example, qwerty, asdf or
qwertyuiop;
4. user’s name or login name;
5. name of user’s friend/relative/pet;
6. user’s birthplace or date of birth, or a relative’s or a friend’s;
7. user’s vehicle number, office number, residence number or mobile number;
8. name of a celebrity who is considered to be an idol (e.g., actors, actress, spiritual
gurus) by the user;
• An attacker can also create a script file (i.e., automated program) which will be
executed to try
each password in a list.
• This is still considered manual cracking, is time-consuming and not usually effective.
• Passwords are stored in a database and password verification process is
established into the
system when a user attempts to login or access a restricted resource.
• To ensure confidentiality of passwords, the password verification data is usually not
stored in a
clear text format.
• For example, one-way function (which may be either an encryption function or a
cryptographic
hash) is applied to the password, possibly in combination with other data, and the
resulting value is stored.
• When a user attempts to login to the system by entering the password, the same
function is applied
to the entered value and the result is compared with the stored value. If they match,
user gains the
access; this process is called authentication.
The most commonly used hash functions can be computed rapidly and the attacker can
test these hashes
with the help of passwords cracking tools (see Table 4.3) to get the plain text password.
Password Cracking Tools: Default Password, Cain & Abel , John the Ripper, THC-Hydra ,
Aircrack-ng
LophtCrack, AirSnort , Solar Winds , Pwdump , RainbowCrack , Brutus

Password cracking attacks can be classified under three categories as follows:

1. Online attacks;
2. offline attacks;
3. non-electronic attacks (e.g., social engineering, shoulder surfing and dumpster
diving).
5.3.1.1 Online Attacks
• An attacker can create a script file that will be executed to try each password in a list
and when
matches, an attacker can gain the access to the system.
• The most popular online attack is man-in-the middle (MITM) attack, also termed
as <bucket-
brigade attack= or sometimes <Janus attack.=
• It is a form of active stealing in which the attacker establishes a connection between a
victim and
the server to which a victim is connected.
• When a victim client connects to the fraudulent server, the MITM server intercepts the
call, hashes
the password and passes the connection to the victim server (e.g., an attacker
within reception
range of an unencrypted Wi-Fi wireless access point can insert himself as a man-in- the-
middle).
• This type of attack is used to obtain the passwords for E-Mail accounts on public
websites such as
Yahoo, Hotmail and Gmail and can also used to get the passwords for financial
websites that
would like to gain the access to banking websites.
5.3.1.2 Offline Attacks
• Mostly offline attacks are performed from a location other than the target (i.e., either a
computer
system or while on the network) where these passwords reside or are used.
• Offline attacks usually require physical access to the computer and copying the
password file from
the system onto removable media.
5.3.1.3 Strong , Weak and Random Passwords
Weak passwords:
A weak password is one,which could be easily guessed,short,common and a system
default password
that could be easily found by executing a brite force attack and by using a subset
of all possible passwords.
• The password contains less than eight characters
• The password is a word found in a dictionary (English or foreign)
• The password is a common usage word such as:
• Names of family, pets, friends, co-workers, fantasy characters, etc.
• Computer terms and names, commands, sites, companies, hardware, software.
• The words "<Company Name>", "sanjose", "sanfran" or any derivation.

• Birthdays and other personal information such as addresses and phone numbers.
• Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.
• Any of the above spelled backwards.
• Any of the above preceded or followed by a digit (e.g., secret1,1secret )
Strong Passwords:
A strong password is long enough, random or otherwise difficult to guess-producible
only by the user who chooses it
• Contain both upper and lower case characters (e.g., a-z, A-Z)
• Have digits and punctuation characters as well as letters e.g., 0-9,
@#$%^&*()_+|~-
=\`{}[]:";'<>?,./)
• Are at least eight alphanumeric characters long.
• Are not a word in any language, slang, dialect, jargon, etc.
• Are not based on personal information, names of family, etc.
• Passwords should never be written down or stored on-line.
• Try to create passwords that can be easily remembered.
• One way to do this is create a password based on a song title, affirmation, or other
phrase.
• For example, the phrase might be: "This May Be One Way To Remember" and the
password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation.
Random passwords :
Secure Password Generator
Password Length, Include Symbols ( e.g. @#$% ) , Include Numbers: ( e.g.
123456 ) , Include Lowercase Characters: ( e.g. abcdefgh ) ,Include Uppercase
Characters: ( e.g. ABCDEFGH ), Exclude Similar Characters: ( e.g. i, l, 1, L, o, 0, O )
,Exclude Ambiguous Characters: ( { } [ ] ( ) / \ ' " ` ~ , ; : . < > ) , Generate On The Client
Side: ( do NOT send across the Internet ) , Auto-Select: ( select the password
automatically ) , Save My Preference: ( save all the settings above for later use ) , Load
My Settings Anywhere: URL to load my settings on other computers quickly ,
Your New Password: Remember your password: Remember your password with the
first letters of each word in this sentence.
To prevent your passwords from being hacked by social engineering, brute force or
dictionary attack method, you should notice that:
1. Do not use the same password for multiple important accounts.
2. Use a password that has at least 16 characters, use at least one number, one
uppercase letter, one lowercase letter and one special symbol.
3. Do not use the names of your families, friends or pets in your passwords.
4. Do not use postcodes, house numbers, phone numbers, birthdates, ID card numbers,
social security numbers, and so on in your passwords.
5. Do not use any dictionary word in your passwords.
6. Do not use something that can be cloned( but you can't change ) as your passwords,
such as your fingerprints.
7. Do not let your Web browsers( FireFox, Chrome, Safari, Opera, IE ) store your
passwords, since all passwords saved in Web browsers can be revealed easily.
8. Do not log in to important accounts on the computers of others, or when connected to
a public Wi-Fi hotspot, Tor, free VPN or web proxy.
9. Do not send sensitive information online via HTTP or FTP connections, because
messages in these connections can be sniffed with very little effort. You should use
encrypted connections such as HTTPS and SFTP whenever possible.
10. It's recommended to change your passwords every 10 weeks.
11. Be careful when using online paste tools and screen capture tools, do not let them to
upload your passwords to the cloud.
12. If there are important files on your computer, and it can be accessed by others,
check if there are hardware keyloggers( e.g. wireless keyboard sniffer ), software
keyloggers and hidden cameras when you feel it's necessary.
Password guidelines:
1. Passwords used for business E-Mail accounts, personal E-Mail accounts and
banking/financial user accounts should be kept separate.
2. Passwords should be of minimum eight alphanumeric characters (common names or
phrases should be phrased).
3. Passwords should be changed every 30/45 days.
4. Passwords should not be shared with relatives and/or friends.
5. Password used previously should not be used while renewing the password.
6. Passwords of personal E-Mail accounts and banking/financial user accounts
should be changed from a secured system, within couple of days, if these E-Mail
accounts has been accessed from public Internet facilities such as
cybercafes/hotels/libraries.
7. Passwords should not be stored under mobile phones/PDAs, as these devices
are also prone to cyberattacks.
8. In case E-Mail accounts/user accounts have been hacked, respective
agencies/institutes should be contacted immediately.
5.3.2 Keyloggers and Spywares

• Keystroke logging, often called keylogging, is the practice of noting (or logging) the
keys struck on a keyboard, typically in a covert manner so that the person using the
keyboard is unaware that such actions are being monitored.
• Keystroke logger or keylogger is quicker and easier way of capturing the
passwords and monitoring the victims’ IT savvy behavior. It can be classified as
software keylogger and hardware keylogger.

5.3.2.1 Software Keyloggers

• Software keyloggers are software programs installed on the computer systems which
usually are located between the OS and the keyboard hardware, and every keystroke is
recorded.
• Software keyloggers are installed on a computer system by Trojans or viruses
without the knowledge of the user.
• Cybercriminals always install such tools on the insecure computer systems
available in public places (i.e., cybercafés, etc) and can obtain the required information
about the victim very easily.
• A keylogger usually consists of two files that get installed in the same directory: a
dynamic link library (DLL) file and an EXEcutable (EXE) file that installs the DLL file and
triggers it to work. DLL does all the recording of keystrokes

LL does all the recording of keystrokes.

Some Important Keyloggers are as follows

 All In One Keylogger
 Stealth Keylogger
 Perfect Keylogger
 KGB Spy
 Spy Buddy
 Elite Keylogger
 CyberSpy
 Powered Keylogger

5.3.2.2 Hardware Keyloggers

• Hardware keyloggers are small hardware devices.

• These are connected to the PC and/or to the keyboard and save every keystroke into a file or
in
the memory of the hardware device.
• Cybercriminals install such devices on ATM machines to capture ATM Cards’ PINs.
• Each keypress on the keyboard of the ATM gets registered by these keyloggers.
• These keyloggers look like an integrated part of such systems; hence, bank customers
are
unaware of their presence.

5.3.2.3 Antikeylogger
 Antikeylogger is a tool that can detect the keylogger installed on the computer system and also
can
remove the tool. (Visit http://www.anti-keyloggers.com for more information)
Advantages of using antikeylogger are as follows:
1. Firewalls cannot detect the installations of keyloggers on the systems; hence,
antikeyloggers
can detect installations of keylogger.
2. This software does not require regular updates of signature bases to work effectively such
as
other antivirus and antispy programs; if not updated, it does not serve the purpose, which
makes
the users at risk.
3. Prevents Internet banking frauds. Passwords can be easily gained with the help of
installing
keyloggers.
4. It prevents ID theft (we will discuss it more in Chapter 5).
5. It secures E-Mail and instant messaging/chatting.

5.4.3 Spywares
• Spyware is a type of malware (i.e., malicious software) that is installed on computers which
collects information about users without their knowledge.
• The presence of Spyware is typically hidden from the user; it is secretly installed on the user’s
personal computer.
• Sometimes, however, Spywares such as keyloggers are installed by the owner of a shared,
corporate or public computer on purpose to secretly monitor other users.

Some Important Spywares are as follows

Spy.
Spector Pro.
Spector Pro.
eBlaster.
Remotespy .
Stealth Recorder Pro.
Stealth Website Logger.
Flexispy.
Wiretap Professional.
PC PhoneHome.
SpyArsenal Print Monitor Pro.

Malwares:
Malware, short for malicious software, is a software designed to infiltrate a computer system
without the owner’s informed consent. The expression is a general term used by
computer
professionals to mean a variety of forms of hostile, intrusive or annoying software or program
code.
Malware can be classified as follows:
1. Viruses and worms: These are known as infectious malware. They spread from one
computer system to another with a particular behavior.
2. Trojan Horses: A Trojan Horse,[14] Trojan for short, is a term used to describe malware
that appears,to the user, to perform a desirable function but, in fact, facilitates
unauthorized access to the user’s computer system
3. Rootkits: Rootkits is a software system that consists of one or more programs designed to
obscurethe fact that a system has been compromised.
4. Backdoors: Backdoor[16] in a computer system (or cryptosystem or algorithm) is a method
of bypassing normal authentication, securing remote access to a computer, obtaining access to
plain text and so on while attempting to remain undetected.
5. Spyware:
6. Botnets:
7. Keystroke loggers:

5.3.4 SQL Injection

• Structured Query Language (SQL) is a database computer language designed for managing
data in
relational database management systems (RDBMS).
• SQL injection is a code injection technique that exploits a security vulnerability occurring in
the
atabase layer of an application.
• SQL injection attacks are also known as SQL insertion attacks.
• Attackers target the SQL servers – common database servers used by many organizations to
store
confidential data.
• The prime objective behind SQL injection attack is to obtain the information while
accessing a
database table that may contain personal information such as credit card numbers, social
security
numbers or passwords.
• During an SQL injection attack, Malicious Code is inserted into a web form field or the
website’s
code.
• For example, when a user logs in with username and password, an SQL query is sent
to the
database to check if a user has valid name and password.
• With SQL injection, it is possible for an attacker to send crafted username and/or password
field
that will change the SQL query.

5.3.4.1 Steps for SQL Injection Attack

Following are some steps for SQL injection attack:
1. The attacker looks for the webpages that allow submitting data, that is, login page,
search page, feedback, etc. The attacker also looks for the webpages that display the HTML
commands such as POST or GET by checking the site’s source code.
2. To check the source code of any website, right click on the webpage and click on <view
source= –
source code is displayed in the notepad. The attacker checks the source code of the HTML, and
look
for <FORM= tag in the HTML code.
Everything between the <FORM> and </FORM> have potential parameters that might be useful
to
find the vulnerabilities.
<FORM action=Search/search.asp method=post>
<input type=hidden name=A value=C>
</FORM>
3. The attacker inputs a single quote under the text box provided on the webpage to
accept the username and password. This checks whether the user-input variable is
interpreted literally by the server. If the response is an error message such as use <a= = <a=
then the website is found to be susceptible to an SQL injection attack.
4. The attacker uses SQL commands such as SELECT statement command to retrieve data from
the
database or INSERT statement to add information to the database.

Here are few examples of variable field text the attacker uses on a webpage to test for
SQL
vulnerabilities:

1. Blah’ or 1=1--
2. Login:blah’ or 1=1--
3. Password::blah’ or 1=1--
4. http://search/index.asp?id=blah’ or 1=1--
Similar SQL commands may allow bypassing of a login and may return many rows in a table or
even
an entire database table because the SQL server is interpreting the terms literally. The double
dashes
near the end of the command tell SQL to ignore the rest of the command as a comment.

Blind SQL Injection

• Blind SQL injection is used when a web application is vulnerable to an SQL injection
but the results of the injection are not visible to the attacker.

The page with the vulnerability may not be the one that displays data; however, it will
display
differently depending on the results of a logical statement injected into the legitimate SQL
statement called for that page.
• This type of attack can become time-intensive because a new statement must be crafted for
each bit
recovered.
• There are several tools that can automate these attacks once the location of the vulnerability
and
the target information have been established.

5.3.4.2 How to Prevent SQL Injection Attacks

SQL injection attacks occur due to poor website administration and coding. The following steps
can be taken to prevent SQL injection.
1. Input validation
• Replace all single quotes to two single quotes.
• Sanitize the input: User input needs to be checked and cleaned of any characters or
strings that could possibly be used maliciously. For example, character sequences such as ; , --,
select, insert and xp_ can be used to perform an SQL injection attack.
• Numeric values should be checked while accepting a query string value. Function –
IsNumeric() for
Active Server Pages (ASP) should be used to check these numeric values.
• Keep all text boxes and form fields as short as possible to limit the length of user input.
2. Modify error reports: SQL errors should not be displayed to outside users
3. Other preventions
• The default system accounts for SQL server 2000 should never be used.
• Isolate database server and web server.

5.4 Network Access Control (Nac)

Network access control, also called network admission control, is a method to bolster
the security, visibility and access management of a proprietary network. It restricts the
availability of network resources to endpoint devices and users that comply with a
defined security policy.

The NAC can also provide endpoint security protection such as antivirus
software, firewall, and vulnerability assessment with security enforcement
policies and system authentication methods.

Importance of network access control

NAC is critical for modern businesses because it allows organizations to monitor the
devices and users -- authorized and unauthorized -- trying to access the network.

Unauthorized users include cybercriminals, hackers and data thieves, and other bad
actors that an organization must keep out.
But businesses must also be gatekeepers for authorized users.
This particularly applies to organizations that allow remote access to the enterprise
network from non-corporate devices like mobile phones, laptops and tablets, or
companies that allow employees working in the office to use personal devices.
Both scenarios create security risks demanding organizations to address network
security.

 NAC is one aspect of network security.

 It provides visibility into the devices and users trying to access the enterprise
network. And it controls who can access the network, including denying access
to those users and devices that don’t comply with security policies.
 NAC solutions and tools help companies control network access, ensure
compliance and strengthen their IT infrastructure.
types of network access control?
There are two types of NAC, including the following:

Pre-admission: evaluates access attempts and only allows entry to authorized devices
and users.
Post-admission: re-authenticates users trying to enter a different part of the network;
also restricts lateral movement to limit the damage from cyber attacks.

Network access server

Many NAC functions are performed by a network access server. A traditional network
access server is a server that performs authentication and authorization functions by
verifying user logon information. Also known as a media access gateway or remote
access server, a network access server handles remote logins, establishes point-to-point
protocol connections and ensures that authorized users can access the resources they
need.

A network access server can function in several ways, such as the following:

Internet service provider: enables authorized customers to access the internet.

Virtual private network (VPN): gives remote users access to a private enterprise
network and resources.
Voice over Internet Protocol: allows users to access communication applications over
the internet.

A network access server can also support the following:

Network load balancing to distribute traffic and improve reliability and performance;
Network resource management to manage and allocate resources for networking
processes; and
Network user sessions to track users, store their data and persist their specific state.
common use cases for network access control?
NAC tools are proactive and designed to stop unauthorized access before it happens.
They protect an organization’s network perimeter including the physical infrastructure,
devices, software, applications and cloud-based assets.

There are many use cases for NAC:

Bring Your Own Device: Protects from vulnerabilities created when employees use
their own devices or use company devices from remote locations.
Network access for non-employees (vendors or partners): NAC with VPN allows
external users to access the corporate network (or specific parts of it) through a secure
self-service portal.
Internet of things (IoT): Prevents cybercriminals from exploiting IoT devices
connected to the enterprise network but often overlooked in terms of security and
monitoring.
Incident response: Identifies compromised devices and automatically disables access
to prevent an attack from spreading across the network.
NAC tools are also useful for security and authentication in specific industrial use cases,
such as medical devices and healthcare systems.

capabilities and goals of network access control

 NAC devices enforce security policies across all users and devices on a network
through multiple capabilities, such as the following:
 Limit network access to users and specific network areas;
 Prevent data access by unauthorized employees and cybercriminals;
 Block access from endpoint devices (e.g., mobile phones) that don’t comply with
enterprise security policies;
 Manage policy lifecycle for multiple operating scenarios;
 Recognize and profile users and devices to protect them from malicious code;
and
 Integrate with other security solutions through application program interfaces.
 How to choose a network access control product

NAC offerings cover a broad range of capabilities and use cases. To find the right
one, consider these factors:

 Security strategy maturity

 Budget, price and upfront investment
 Native integration with existing software
 Type of proactive tools provided
 Nac may not work for every organization. In some cases, it may not -- for
example -- be compatible with existing security controls. However, it is ideal for
businesses where the user environment can be controlled, as it provides strong
protection for valuable or sensitive network assets.

5.5 Cloud security

 Cloud security is a collection of procedures and technology designed to address
external and internal threats to business security.
 Organizations need cloud security as they move toward their digital
transformation strategy and incorporate cloud-based tools and services as part
of their infrastructure.

Importance of cloud security :

 For the organizations making their transition to cloud, cloud security is an
essential factor while choosing a cloud provider.
 The attacks are getting stronger day by day and so the security needs to keep up
with it. For this purpose it is essential to pick a cloud provider who offers the
best security and is customized with the organization’s infrastructure.
Cloud security has a lot of benefits :
Centralized security : Centralized security results in centralizing protection. As
managing all the devices and endpoints is not an easy task cloud security helps in doing
so. This results in enhancing traffic analysis and web filtering which means less policy
and software updates.
Reduced costs : Investing in cloud computing and cloud security results in less
expenditure in hardware and also less manpower in administration
Reduced Administration : It makes it easier to administer the organization and does
not have manual security configuration and constant security updates.
Reliability : These are very reliable and the cloud can be accessed from anywhere with
any device with proper authorization.
When we are thinking about cloud security it includes various types of security like
access control for authorized access, network segmentation for maintaining isolated
data, encryption for encoded data transfer, vulnerability check for patching vulnerable
areas, security monitoring for keeping eye on various security attacks and disaster
recovery for backup and recovery during data loss.
Different Types Of Security Techniques
 SSL (Secure Socket Layer) Encryption,
 Multi Tenancy based Access Control,
 Intrusion detection system,
 Firewalls,
 Penetration testing,
 Tokenization,
 VPN(virtual private networks), and
 Avoiding public internet connections and many more techniques.

Challenges cloud security:

Lack of visibility
It's easy to lose track of how your data is being accessed and by whom, since many cloud
services are accessed outside of corporate networks and through third parties.

Multitenancy
Public cloud environments house multiple client infrastructures under the same umbrella, so
it's possible your hosted services can get compromised by malicious attackers as collateral
damage when targeting other businesses.

Access management and shadow IT

While enterprises may be able to successfully manage and restrict access points across on-
premises systems, administering these same levels of restrictions can be challenging in cloud
environments. This can be dangerous for organizations that don't deploy bring-your-own
device (BYOD) policies and allow unfiltered access to cloud services from any device or
geolocation.

Compliance
Regulatory compliance management is oftentimes a source of confusion for enterprises using
public or hybrid cloud deployments. Overall accountability for data privacy and security still
rests with the enterprise, and heavy reliance on third-party solutions to manage this
component can lead to costly compliance issues.

Misconfigurations
Misconfigured assets accounted for 86% of breached records in 2019, making the inadvertent
insider a key issue for cloud computing environments. Misconfigurations can include leaving
default administrative passwords in place, or not creating appropriate privacy settings.
Types of cloud security solution:

Identity and access management (IAM)

Identity and access management (IAM) tools and services allow enterprises to deploy policy-
driven enforcement protocols for all users attempting to access both on-premises and cloud-
based services. The core functionality of IAM is to create digital identities for all users so
they can be actively monitored and restricted when necessary during all data interactions

Data loss prevention (DLP)

Data loss prevention (DLP) services offer a set of tools and services designed to ensure the
security of regulated cloud data. DLP solutions use a combination of remediation alerts, data
encryption, and other preventative measures to protect all stored data, whether at rest or in
motion.

Security information and event management (SIEM)

Security information and event management (SIEM) provides a comprehensive security
orchestration solution that automates threat monitoring, detection, and response in cloud-
based environments. Using artificial intelligence (AI)-driven technologies to correlate log
data across multiple platforms and digital assets, SIEM technology gives IT teams the ability
to successfully apply their network security protocols while being able to quickly react to any
potential threats.

Business continuity and disaster recovery

Regardless of the preventative measures organizations have in place for their on-premise and
cloud-based infrastructures, data breaches and disruptive outages can still occur. Enterprises
must be able to quickly react to newly discovered vulnerabilities or significant system
outages as soon as possible. Disaster recovery solutions are a staple in cloud security and
provide organizations with the tools, services, and protocols necessary to expedite the
recovery of lost data and resume normal business operations.

5.6 Web Security

 Web security is a broad category of security solutions that protect your users,
devices, and wider network against internet-based cyberattacks malware,
phishing, and more that can lead to breaches and data loss.
 It reduces the security risk to your organization when your users accidentally
access malicious files and websites through some combination of firewall
inspection, intrusion prevention system (IPS) scanning, sandboxing, URL
filtering, and various other security and access controls.
Purpose of Web Security
The massive importance of the internet for modern enterprises—and the accompanying
growth in the sophistication, frequency, and impact of cyberattacks—has made web
security critical to business continuity. It’s your first line of defense against threats that
can lead to the exposure of sensitive data, costly ransoms, reputational harm,
compliance violations, and a host of other consequences.
Benefits of Web Security
 Protect your business and stay compliant by preventing loss of sensitive data
 Protect customers and employees by securing their private information
 Avoid costly service interruptions by preventing infections and exploits
 Offer a better user experience by helping your users stay safe and productive
 Maintain customer loyalty and trust by staying secure and out of the news
Top Web Security Threats :
Web security threats are constantly emerging and evolving, but many threats
consistently appear at the top of the list of web security threats. These include:

 Cross-site scripting (XSS)

 SQL Injection
 Phishing
 Ransomware
 Spyware
 Denial of Service
 Ransomware: These attacks encrypt data, and then demand a ransom payment
in exchange for a decryption key. In a double-extortion attack, your data is also
exfiltrated.
 General malware: Countless variants of malware exist that can lead to anything
from data leaks, spying, and unauthorized access to lockouts, errors, and system
crashes.
 Phishing: Often carried out through email, text messages, or malicious websites,
these attacks trick users into things like divulging login credentials or
downloading spyware.
 SQL injection: These attacks exploit an input vulnerability in a database server,
allowing an attacker to execute commands that let them retrieve, manipulate, or
delete data.
 Denial of service (DoS): These attacks slow or even shut down a network
device such as a server by sending it more data than it can process. In distributed
DoS—that is, a DDoS attack—this is carried out by many hijacked devices
at once.
 Cross-site scripting (XSS): In this type of injection attack, an attacker
introduces malicious code to a trusted website by entering it in an unprotected
user input field.

Web security includes the following technologies:

 Secure web gateway (SWG) provides threat protection and policy enforcement for
users accessing the web to prevent infections and block unwanted traffic.
 Firewall/IPS provides network security, app control, and visibility. Cloud firewalls
stay up to date and scale to handle demand or encryption, making them a more
practical option.
 URL filtering screens and blocks inappropriate access or content, also offering
protection from web-borne malware.
  Sandboxing isolates software in an environment where it can be scanned and
executed without the risk of infecting a system or other applications.
 Browser isolation loads webpages or apps in a remote browser and only sends the
user pixels, preventing the downloading, copying, pasting, and printing of data
or documents.
 DNS controls define rules that control requests and responses related to DNS traffic,
allowing you to detect and prevent DNS abuses such as tunneling.
 Antivirus detects and neutralizes trojans, spyware, ransomware, and more. Many
offerings also protect against threats such as malicious URLs, phishing, and DDoS.
 TLS/SSL decryption breaks open inbound and outbound encrypted traffic to inspect
its contents, and then re-encrypts it to continue to its destination.
Wireless Security
Wireless Network provides various comfort to end users but actually they are very
complex in their working. There are many protocols and technologies working behind
to provide a stable connection to users. Data packets traveling through wire provide a
sense of security to users as data traveling through wire probably not heard by
eavesdroppers.
To secure the wireless connection, we should focus on the following areas
 Identify endpoint of wireless network and end-users i.e., Authentication.
 Protecting wireless data packets from middleman i.e., Privacy.
 Keeping the wireless data packets intact i.e., Integrity.

Wireless security is ensured by following methods-

 Authentication
 Privacy and Integrity
Types of Wireless Security Encryption
 Wireless networks and security in today’s world have become a major
necessity for human education, entertainment, and survival.
 Authorization and authentication are major factors that need to be ensured to
maintain privacy.
 Wireless networks have Wireless security encryption to secure the
authentication.
 This security is ensured by establishing a secure connection for authenticated
and authorized users by providing the connection with a strong password or
security key.
 Wireless security encryption finds its importance in protecting any malicious
activity carried on on information that may result in breaching the privacy of
individuals or organizations.
 The encryption types are supported based on the specification of networking
devices such as routers.
 The default encryption key may be provided by the router manufacturer and
displayed at the bottom of the router.
 Wireless devices are prevented from unauthorized access by wireless security
encryption.
 Wireless security encryption plays the role of providing safety, ensuring
privacy, and allowing only authorized and authenticated access to networks.
 The different types of security encryption types of them hold their individual
importance depending on their time of creation.
Types of Wireless Security:
Wireless security encryption is mainly divided into four main types:

Wired Equivalent Privacy Protocol (WEP)

Wi-Fi Protected Access Protocol (WPA)
Wi-Fi Protected Access 2 Protocol (WPA2)
Wi-Fi Protected Access 3 Protocol (WPA3)

1. WEP Protocol : Wired Equivalent Privacy Protocol abbreviated as WEP, was initially
originated in the 1999 and is considered the standard for wireless security encryption.
It is less found in today’s modern world because of the risk of security it is associated
with directly/ indirectly. WEP is not considered stable and Wi-Fi discontinued its use in
2004 because it is easy to exploit this level of security.

Example: Security added in the LAN connections to protect from unauthenticated users
trying to breach privacy.

2. WPA Protocol: WEP was succeeded by Wi-Fi Protected Access Protocol abbreviated
as WAP which offers more security and safety. WPA has a 128-bit dynamic key called
Temporary Key Integrity Protocol (TKIP) that’s hard to break and makes it unique. One
noticeable disadvantage of WPA was that since it was made for WEP-enabled devices, so
the core components were majorly the same for WPA and WEP.

3. WPA 2 Protocol : Wi-Fi Protected Access 2 Protocol abbreviated as WPA2 came next
and was better than the previous encryption types. Here, Temporary Key Integrity
Protocol (TKIP) was replaced by Counter Mode Cipher Block Chaining Message (CCMP).
It is one of the most used security encryption types. In 2006, WPA2 was declared to be
used in all wi-fi devices for wireless security encryption. WPA2 offers Advanced
Encryption Standards (AES). However, the major disadvantage of WPA2 is that if the
security key reached the hands of the hacker then the entire network is vulnerable to
attack.

4. WPA3 Protocol: WPA3 or Wi-Fi Protected Access 3 (WPA3) Protocol is the newest
security encryption that’s gaining popularity. WPA3 offers high protection and prevents
unauthorized access. Unauthenticated and unauthorized individuals can’t breach this
level of security. WPA3 is the most desired for public networks as it performs automatic
encryption.