Sie sind auf Seite 1von 25

1

CHAPTER 1
INTRODUCTION OF CYBER CRIME

It is a combining form relating to information and technology, the internet, and virtual
reality. The term cyber security is used to refer to the security offered through on-line
services to protect your online information. It additionally refers to the technologies and
tactics designed to secure computer systems, computer networks and information from
unauthorized access, susceptibilities and attacks delivered though the internet. Cyber
security is an all-encompassing domain of information technology it comprises the entire
set of security-related technologies.

Cyber security is also body of technologies, processes and practices designed to protect and
secure networks, computer systems, various programs and data from cyber-attack, damage
all these things or unauthorized access these. In a computing context, security includes both
cyber security and physical security.

Security standards which are enable organizations to practice safe security techniques to
minimize the number of successful cyber security attacks and prevent their data or systems.
Though, cyber security is important for network security, data security, communication
security, operational security and application security [2][3].
Cyber security is the collection of tools, policies, security concepts, security safeguards,
guidelines, risk management approaches, actions, training, best practices, assurance and
technologies that can be used to protect the cyber environment and organization and user’s
assets. Organization and user’s assets include connected computing devices, personnel,
infrastructure, applications, services, telecommunications systems, and the totality of
transmitted and/or stored information in the cyber environment [5]. Cyber security strives
to ensure the attainment and maintenance of the security properties of the organization and
user’s assets against relevant security risks in the cyber environment. The general security
objectives comprise the following:
• Availability
• Integrity, which may include authenticity and non-repudiation
2

• Confidentiality
3

CHAPTER 2
LITERATURE REVIEW

1. Ganesan R. (2010)
The author, writes about what are the cyber trends for 2010-11. The author defines
“drive-by download” such as Malware, Worms, and Trojan horses - The author says
that Botnets and zombies - will continue to proliferate. The author introduces a term
“Scareware” - Scareware is fake/rogue security software. Be cautious about all
communications;. Do not open attachments from un-trusted sources.
2. Balasubramanian S. – Honeywell (2010)
The author says that one of the key inhibitors for organizations to adopt Cloud
Computing practices is the perceived risks around information security. As Cloud
Computing requires organizations to source their IT needs outside of their corporate
network, the traditional enterprise security practices are being challenged & it demands
alternate security models. This paper describes the security risks identified in the Cloud
Environment and the solution offered by Jericho security model to approach those risks.
3. Wipro Council for Industry Research (2010)
A group of authors from "wipro council for industry research" discussed about the
security in the information age: the rise of cyber attacks" the threat of a new age of
cyber threats, cyber wars, and cyber espionage are on the rise, and with this, a whole
new dimension arises in the realms of cyber security. A combination of technical
expertise, law and an effective security infrastructure are the need of the hour towards
achieving the objective of securing the information assets of the country.
4. Commodore (retd.) Sawhney A. (2010)
The author discussed the Dilemma and possible solutions. North Korean hackers may
have stolen secret defense plans, The author claims that The US is a leading source of
who use digital tools to attack government websites, computer systems and censoring
tools in Iran and China. According to the author A comprehensive approach involving
all sectors -- government, industry, business and academia - is essential.
4

5. Govardhan S. – Wipro (2010)


The author, discusses various issues like challenges of changing nature of cyber security
threats . In today's environment cyber criminal's motive is profit-driven. The new age cyber
criminals are extremely capable of thinking out-of-the-box and exploiting different attack
tactics to achieve their demented goals (ex. Operation Aurora). 1. Personal firewall, 2.
Intrusion Preventions 3. Network Access Control. and 4. Well managed and healthy IT
systems. Secure perimeter network, stringent employee background verification and
enhanced security education.
6. Mathew K. (2010)
The author puts forward his point that the weak link in cyber safety - the human angle. He
points out that the place of the crime, the criminal and the machinery used can be out of the
Indian jurisdiction. Today Internet is used by common people, making them easy targets
for cyber criminals. Data is a broad categorisation, from credit-card information to bank
and other financial records to personal information. The current resolution to this very
grave and farreaching issue lies in basic awareness, protection and care, by education.
7. Talera P. (2010)
The author, discusses Cyber Threats & Challenges in Real World. Cyber threats are not
limited to cyber world alone. The real threat in this networked world which is
increasingly becoming automated, where it is possible to take control of and manipulate
the process control systems critical infrastructure is a living nightmare. To derive real
advantage of these automation requires all these instruments and processes to be
networked. We need to create authorized secure environments for the entry of data and
analysis of the processes.
8. Mugil, Raja, Mathiyazhagan, Chandrasekar (2010)
The authors, emphasis the importance of Internet Security. Instant Messaging is popular
with businesses and individuals, a business email intercepted during its transmission may
let slip business confidentiality; file transfers via instant messengers may also be
intercepted, ID and password theft may lose us money when using Internet bank service.
Type the URL directly. (2) Online banking certifications are currently the most effective
security safeguard measure. (3) Do not trust e-mails that ask for your account number and
passwords.
5

9. Prof. Venkateswaran (2010)


The author discusses basic issues of Data Protection System (DPS). He highlights the
“outsourcing menace”. The author emphasis on the need of updating of technology at
all levels. of their assets but also their psychological comfort and faith in the e-system.
Author suggests a few “acid-tests” for system management. OTP (One Time
Password), “multiband” authentication, Data Loss prevention are the key words.
10. Ms. Kesav S. (2010)
The author quotes Ethan Katsh- "... Where there are significant challenges to the legal
profession and to the traditional legal practices and concepts. To an unfamiliar and
rapidly changing information environment ..." To summarise the dilemma surrounding
the internet. All have witnessed cyber attacks that they are still coping with attempts to
counteract and to prevent continued assault. New techniques for monitoring, tracking,
and trapping criminals have been developed. The need is to formulate a rationalized,
global cybercrime law that can be understood across borders.
11. Talasila M. (2010)
The Author points out an technology is playing an important role not only in fraud
perpetration but also in fraud detection. While fraudsters take advantage of technology
to perpetrate crime, companies can use technology intelligently to mitigate fraud risks.
Data mining and data analysis are techniques that are fast playing a key role in fraud
detection and mitigation efforts. He discusses the pros and cons of this methodology.
Such as: Lack of skilled resources, ability to evaluate full transaction, continuous
evolving “known” fraud scenarios, “False-positives”.
12. Velayutham (2010)
The author, discusses how Data mining techniques and tools are useful in the process
Cyber investigation. The challenge lies in finding and preserving useful data and
presenting it in a manner acceptable in a court of law. Text data mining and Image
Video data mining technologies will provide solutions in future to help the intelligence
and Investigation experts by giving relevant, useful hidden knowledge from the huge
digital data of the cyber world.
6

13. Sharma A. (2010)


The author discusses the colossal change in the pattern in which conventional wars are
being conducted. The Author will also shatter the conventional wisdom on cyber
defence which relies on the notions of "layers of defences" and Legal instrument, by
providing a new approach to cyber defence The Author believes that this framework
will raise information warfare to the strategic level which it duly deserves.
14. Hemavathy M. (2010)
The author addresses the present day cyber threats; security solutions that are required
address them. It does not have any limitation of use and can achieve most of the goal
set. Hence, providing multi layer security protects information shared in a networked
environment of military communication. ICT drives the operations of communication
in commercial to achieve information security; migration to multi layer security is need
of the hour.
15. Ganesan P. (2010)
The author says that Cyberwarfare is not, as many people think, limited to government
attacking government; any part of the critical infrastructure may be subject to attack,
from banking and telephone companies to transport or the supply of essential goods
and commodities. A sound egovernance policy presupposes the existence of a sound
and secure e-governance base as well. The security and safety of various ICT platforms
and projects in India must be considered on a priority basis before any e-governance
base is made fully functional.
16. Gupta B. G. (2010)
The author, Information Technology Advisor, in his article, “security convergence -
physical and information” compares between Physical and Information Security.
Security convergence refers to the convergence of two physical security. Security
convergence is motivated by the recognition that corporate assets are increasingly
information-based. Technology has transformed traditional business and facilitated the
creation of entirely new ones by integrating technology into processes. With this, line
between information security & traditional physical security have blurred.
7

17. Prof. Selvakani, Maheshwari V. & Karavanasundari (2010)


The Head and a group of students, say that the I.T. can be used for destructive as well
as constructive work. The authors believe that a computer can be secured even by a
person with simple technical knowledge the ascertainment and preservation of the
evidence is a tough task. There is need to secure the ICT infrastructures used for
meeting these social functions. We need a techno-legal "harmonized law". A good
combination of law and technology must be established.
18. Standard Chartered Bank (2010)
A group of officers from Standard Chartered Bank, point out that with a high
dependency on computers, neglecting the increase in Cyber crime is extremely
dangerous. Hackers can misuse your personal information entry of virus into your
system, altering your files. With every patch released for a particular weakness, being
followed by the next exploit at the very next moment, one can never be sure that our
systems are in safe hands. Business demands for new ways of technology WILL
CONTINUE. Cyber Attacks WILL CONTINUE and hence Cyber Security SHOULD
REMAIN A PRIORITY.
19. Ramamoorthy R. (2010)
The Chairman, Cyber Society of India, Chennai, in his article discusses “Various
Perceptive of Cyber Security”. Continuously evolving new threats against enterprise, IT
have made cyber security a 'must look-into' important issue. The Systems Administration
team should devise ways to Improve their cyber security with an automated, on-demand,
application security testing solution that makes comprehensive cyber security for
applications simpler and more costeffective. Cyber security knows no borders. The author
touches upon controlling server sprawl to increase operational efficiency and ease disaster
recovery, virtualization clearly delivers bottomline results.
20. US - China Economic & Security Review Commission (2010)
This paper presents a comprehensive open source assessment of China's capability to
conduct Computer Network Operations (CNO).The result will hopefully serve as useful
reference to policymakers, China specialists, and information operations professionals. The
research encompassed five broad categories to show how the People's Republic of China
(PRC) is pursuing Computer Network Operations (CNO) and the extent to which it is
8

implemented. The focus is providing the force for the development of an advanced Irregular
Warfare (IW) capability. chief strategies driving the process of informatization in the PLA
is the coordinated use of CNO, Electronic Warfare (EW).
21. Rajasekhar P., Shrikhande S. V., Biswas B., Patil R. (2012)
A group of authors say Nuclear Power Plants have a lot of critical data to be sent to the
operator workstations. A plant wide integrated communication network, with high
throughput, determinism and redundancy, is required between the workstations and the
field. Switched Ethernet network is a promising prospect for such an integrated
communication network. In Nuclear Power Plants, the plant data is crucial & data loss
cannot be tolerated, Switched Ethernet shall be an appropriate technology.
22. Arora R., Behal S. (2012)
A pair professors, states that Phishing scams pose a serious threat to end users. Email
continues to be the favorite vehicle to perpetrate such scams. Several approaches have
been proposed to address this problem. However, phishing techniques, growing in
ingenuity & sophistication, render these solutions weak. In this paper the author
propose a novel approach to detect phishing attacks using fake responses which mimic
real users, essentially, reversing the role of the victim and the adversary.
23. Khan S. R., Nirkhi S. M., Dharaskar R.V. (2012)
A group of faculty say that E-mail is being abused by criminal community for various
illegitimate purposes, such as E-mail spamming, drug-trafficking, cyber-bullying,
phishing, racial vilification, child pornography, and sexual harassment etc. E-mail
system security lacks adequate proactive mechanism, to defend against such
vulnerabilities. They also proposed the implementation of a framework employing data
mining and machine learning techniques for email forensic analysis.
24. Abhonkar P. D., Kamthe A. (2012)
Authors from have recently expressed the need to mediate access to valuable database.
This paper presents a forensic analysis algorithm which can help to determine when the
tampering done and what is the affected region of database and also this algorithm is
more efficient than prior algorithms as it introduces notion of candidate set. This
algorithm employs a logarithmic number of hash chains within each tile to narrow down
the when and what.
9

25. Yasmin N., Bajaj N. (2012)


The authors present “S-box Modification in DES”. DES is Data Encryption Standards
and S-box “substitution box” - a standard encryption device. Security is the main
concern for organizations participating in information exchange. One essential aspect
for secure communications is that of cryptography. As cyber crimes are causing serious
financial losses, existing system needs constant modifications in order not to
compromise with the security levels. It shows higher degree of resistance against attack
on relationship Li+1 = Ri . But a significant amount of mathematical knowledge and
understanding the complete cryptosystem is required.
26. Shukla R., Upadyaya A., (2011)
The authors, discuss that: accelerating customer demand, increased competition among
banks themselves. The Zi with value less than one will be identified category of low
awareness level of new internet banking users. If value is found greater than one then
of high awareness level and if value equals one then new user will be identified as
having medium level of awareness. Internet banking service providers can formulate
different mix of promotional strategies for wider and effective acceptability of their
products.
27. Bargadiya M., Sinhal A., Gupta N., Verma B., (2011)
PG research group, says Phishing attacks have been growing rapidly and social aspect
at the personal as well as industry altitude. Phishing has primary four different types of
impacts: economic loss, lack of confidence on Internet, difficulties in fraud
investigation. The paper discusses the effectiveness of various anti-Phishing toolbars
against phishing attack. The study showed that they are good in case of well known
phishing web site. Proposed approach "AntiPhishing design using mutual
authentication" is good in the case of financial organization
28. R. Chouhan, V. Singh Rathore (2011)
The authors, say banks are using the Internet as a new distribution channel.
Standardization, Regulatory and Legal Issues, Infrastructure, Heavy Investment Costs,
and Socio-Cultural Challenges amongst are the serious issues which had affected the
development and security of the services as expected. The future of e-banking will be
10

a system where users are able to interact with their banks "worry-free" and banks are
operated under one common standard.
29. Bansal A., Jhawas S., Sharma D., Tiwari R., Tripathi R. (2011)
Faculty have made an exploratory study. Internet offers both informative as well as
transactional mediums. Substantial number of peoples is using Internet not only for
updating their knowledge with the latest information, but also for making purchase
online. The study is based on the primary data collected from the sample of 164
respondents drawn from service class Internet users located in Indore city. The outcome
of the study would be helpful to the marketers in the development of strategies for
increasing online sales.
30. Choudhary P., Pathak R., Joshi N. (2011)
Faculty members talk about the study of Obstacles in Cloud Computing. Cloud
Computing is becoming a well-known buzzword nowadays. Many organizations are
accelerating their paces in developing Cloud Computing systems and enhancing their
services. The obstacles presented in terms of availability of service, Data Lock-In, Data
Confidentiality and Auditability, Data Transfers and Bottlenecks, Performance
Unpredictability, Reputation Fate Sharing. This paper provides the information to
evaluate and improve the existing and new cloud system by removing the Obstacles
and Opportunities.
31. Neha D Mistri (2011)
Assistant Professor, discusses IPSec an Edge over Security Protocol. Weaknesses or
gaps in a security program that can be exploited by threats to gain unauthorized access
to an asset is vulnerability. Internet security relies upon a few classes of protocols, the
most employed among those in the SSL/TLS family for web security for network layer
security. Section 1 of the paper is about different types of security protocols. Section 4
shows how to secure sensitive information and it shows how maximum performance
can be achieved in communication. Section 5 provides explanation about security in
virtual network.
32. Desai M., Padia D. (2011)
The authors say that Cloud computing is a method of sharing computer resources
instead of using software or storage on a local computer. The key strengths of cloud
11

computing are reliability, easy maintenance, measurable usage, resource sharing,


device and location independence and no extra need of special hardware. The public
cloud has an issue of Side Channel Attacks. This paper presents the study of security
problems and thereby their solutions to make the data more sheltered and thereby
increase the usage cloud computing technology in India.
33. Karheek D. N., Kumar M. A., Kumar M. R. P. (2012)
A group of faculty state that: Two of the most important problems in cryptography are
concerned with the security. Most cryptographic mechanisms such as symmetric and
asymmetric cryptography. However, all cryptographic techniques will be ineffective if
the key distribution mechanism is weak. In quantum cryptography, quantum key
distribution protocols (QKDPs) employ quantum mechanics to distribute session keys
and public discussions to check for eavesdroppers and verify the correctness of a
session key. By using Quantum Channel we can eliminate passive attacks like
eavesdropping and therefore replay attacks.
34. Chandra N. & Madhuri T.M. (2012)
Faculty claim that Honeypots are an exciting new technology with enormous potential
for the security community. Honeypots fall under two main categories, Detection and
Respond. Honeypots collect as much information as possible on the attack. The
honeypot should operate in stealth mode so that the attacker would not know of its
presence. Honeypots can be used for production purposes by preventing, detecting, or
responding to attacks. Honeypots can also be used for research, gathering information
on threats.
35. Venkateswaramma P. V. (2012)
The author, presents a new highly automated approach for protecting Web applications
against SQL injection that has both conceptual and practical advantages over most
existing techniques. By using auditing to analyze the transactions to prevent malicious
access and on the other hand Signature based approach is used to reduce the time taken
to detect attacks. Moreover empirical evaluation is performed on wide range of web
applications & WASP which automates the task very easily.
12

36. Mayuri A.V. R. (2012)


Professor claim that satisfactory results in terms of false positives and false negatives. The
goal is to determine whether the two pages are suspiciously similar. She considered three
page features that play a key role in making a phishing page look similar to a legitimate
one. The proposed approach is inspired by open source anti-phishing solutions: the
AntiPhish browser plug-in. Victims are typically convinced that they are visiting a
legitimate page by judging the look-and-feel of a web site. Their approach was Signature
Extraction and Signature verification.
37. Balamuralikrishna I. T., Raghavendrasai, Sukumar S. (2012)
A group of faculty in their article "Mitigating Online Fraud by Antiphishing Model
With URL & Image based Webpage Matching" . paper represents new anti phishing
technique based on URL domain identity and image matching mechanism. It first
identifies the related authorized URL. The image matching mechanism uses key point's
detection and feature extraction methods. Two techniques i.e. URL domain identity and
image webpage matching are combined, so this proposed work performs better than
other existing tools.
38. Kumar Ch. V., Santhi G. (2012)
A couple of faculty claims to detect, near duplicates and duplicate spam mails in
Cosdes (Collaborative Mail Detection System), fast by a new approach "SimHash".
formed by users feedback, to block the subsequent near-duplicate spam's. This
mitigates the effect of extremely common set members on data clusters. SimHash based
approach is Fast, Flexible, Customizable (HtmlSimhash), Scalable and is patented:
Uses an innovative tree structure, SpTrees, to store large amounts of e-mail.
39. Kakumanu N. & BharathiDevi P. (2012)
Authors expresses their opinion that they believe, enterprise should analyse the companies
/ organization's security risks, threats, and available countermeasures before adopting
Cloud technology. They have also point out some new emerging security problems
Security, Standardization, Legal Aspects. The author suggests new directions: 1.
Information-centric security (Data Loss Prevention vendors), 2. High Assurance Remote
Server Attestation and 3. Privacy Enhanced Business Intelligence. Cloud fears largely stem
13

from the perceived loss of control of sensitive data. The authors use trusted computing and
applied cryptographic techniques to ensure security.
40. Veeramani R. & Rai N. (2012)
A pair of authors write in their article "Windows API based Malware Detection and
Framework Analysis", propose the malware detection method based on extracting
relevant application programming interface (API) calls from sub categories of malware.
In this research project, the relevant APIs were extracted from each malware category
and further refined using DCFS (Document Class-wise Frequency feature Selection)
measure to classify the executable as malicious or benign. They focused on the
Windows API calls, hence it will be limited to the detection of Windows PE malware.
14

CHAPTER 3
ELEMENTS OF CYBER SECURITY

Elements of cyber security include:


Application security is the use of software, hardware, and procedural methods to protect
application from external threats, viruses, malwares or attacks. At the time of software
design, security is becoming a very important concern during development of applications
[1].

It would become more and more accessible over networks, and as a result, there are
possibilities to a wide variety of threats entered to harm software or application and its data.
Security measures at the time of building applications and application security routines
which minimize the unauthorized code will be able to manipulate applications to access,
steal, modify, or delete sensitive data. Actions to be taken to secure applications are called
counter measures. The most basic software for countermeasure is application firewall that
secures files or the handling of data by specific installed programs. The most common
hardware countermeasure is a router that can secure the IP addresses of an individual
computer system to being directly visible on the internet. Other countermeasures include
conventional firewalls, programs or algorithms for encryption or decryption processes,
antivirus programs, spyware detection or removal programs and biometric authentication
systems.
1. Communication Security: Communication security is also known as COMSEC.
COMSEC is the process to secure or prevent unauthorized access to traffic will be
generated from telecommunication systems, or it will also help for any written
information that is transmitted or transferred to another device via any other medium.
There are several COMSEC disciplines, including:
• Cryptographic security: It encrypts data of sender side and makes it unreadable until
the data is decrypted by receiver side.
• Emission security: It is used to prevent the release or capture of equipment emanations
to prevent information from unauthorized interception.
15

• Physical security: It ensures by giving prevention of unauthorized access to a


network’s cryptographic information, documents and equipment.
• Transmission security: It is used to protect unauthorized access when data is
physically transferred from one side to other side or one medium to other medium to
prevent issues such as service interruption, steal data by malicious person.
• Information security: It is used to protect information or data and its critical elements,
including the systems software and hardware that use to store or transmit that
information. Information security is also known as Infosec. Infosec is a set of strategies
for managing the processes, tools which are used in software and policies of software
that are mainly for security purpose and necessary to prevent, detect and counter threats
to digital and non-digital information [4]. Infosec responsibilities include a set of
business processes that will protect information assets of how the information is
formatted or whether it is transit or not, is being processed or is at rest in storage.
Infosec programs are follow the core objectives of the CIA (confidentiality, integrity
and availability): it maintaining the confidentiality ensure that sensitive information is
only disclosed to authorized parties, integrity stands for prevention of unauthorized
modification of data and availability that guarantees the data can be accessed by
authorized parties when requested of IT systems and business data.
2. Network Security: Network security is used to protect the networking components,
connection of networks and con- tent related to network. A network security system
typically relies on layers of security and it consists of more than one component that
including in to the network for monitoring network and security software and hardware,
and it appliances. All components work together to increase the overall security and
performance of the computer network.
3. Operational Security: Operational security is an analytical process that classifies
information assets and determines the controls required to secure these assets.
Operational security is also known as
OPSEC. Operational security typically consists of a five-step iterative process:
• Identify critical information: The first step is to find out which data would be
particularly affect to an organization or harmful for organization if it was obtained by
16

an adversary. This includes intellectual property, employees’ and/or customers’


personally information and financial statements.
• Determine threats: The next step is to determine which code or program represents a
threat to the organization’s private or sensitive information. There may be numerous
adversaries that target different pieces of information, and companies must consider
any competitors or hackers that may target the data.
• Analyze vulnerabilities: In the vulnerability analysis stage, the organization examines
potential weaknesses among the safeguards in place to protect the private information
that leave it vulnerable to potential adversaries [6]. This step includes identifying any
potential lapses in physical/electronic processes designed to protect against the
predetermined threats, or areas where lack of security awareness training leaves
information open to attack.
• Assess risks: After vulnerabilities have been determined, the next step is to find the
threat level associated with each of them. Companies rank the risks according to factors
such as the chances a specific attack will occur and how damaging such an attack would
be to operations. The higher the risk, the more pressing it will be for the organization
to implement risk management controls.
• Apply appropriate countermeasures: The final step consists of implementing a plan
to mitigate the risks beginning with those that pose the biggest threat to operations.
Potential security improvements stemming from the risk mitigation plan include
implementing additional hardware and training or developing new information
governance policies.
17

CHAPTER 4
PROBLEMATIC ELEMENTS OF CYBER
SECURITY

One of the most problematic elements of cyber security is the security risks. The traditional
approach has been focus most resources on the most crucial system components and protect
against the threats, which necessitated leaving some less important system components
undefended and some less dangerous risks, i.e., not protected. Such an approach is
insufficient in the current environment.
1. Major Security Problems:
• Virus: A Virus is a program that is loaded onto your computer without your knowledge
and runs against your wishes.
• These are computer programs that attach themselves to or infect a system or files, and
have a tendency to circulate to other computers on a network by clicking on it, through
mail, through external devices, etc. They disrupt the computer operation and affect the
data stored either by modifying it or by removing it altogether.
• Example of viruses: (1) Melissa, (2) Sasser, (3) Zeus, (4) Conficker, (5) Stuxnet, (6)
Mydoom, (7) Code Red.
• Warms: Worms unlike viruses do not need a host to cling on to. They merely replicate
until they eat up all available memory in the system. The term worm is sometimes used
to mean self-replicating malware (MALicious softWARE). It occupies some free
memory of drives or external devices.
• Example of warms: (1) Badtrans, (2)
Bagle, (3) Blaster, (4) ExploreZip, (5) Kak worm, (6) Netsky, (7) SQL Slammer, (8)
Supernova Worm
• Hacker: In common a hacker is a person who breaks into computers, usually by gaining
access to administrative controls. Types of hackers:
a. White Hat Hacker: A white hat hacker is a computer security specialist who breaks into
protected systems and networks to test and asses their security. White hat hacker’s use
18

their skills to improve security by exposing vulnerabilities before malicious hackers


(known as black hat hackers) can detect and exploit them. Although the methods used
are similar, if not identical, to those employed by malicious hackers, white hat hackers
have permission to employ them against the organization that has hired them.
b. Grey Hat Hacker: The term ”grey hat” or
”gray hat” refers to a computer hacker or computer security expert who may sometimes
violate laws or typical ethical standards, but does not have the malicious intent typical
of a black hat hacker.
c. Black Hat Hacker: A black hat hacker is an individual with extensive computer
knowledge whose purpose is to breach or bypass internet security. Black hat hackers
are also known as crackers or dark-side hackers. The general view is that, while hackers
build things, crackers break things.
• Malware: The word “malware” comes from the term “MALicious softWARE.”
Malware is any software that infects and damages a computer system without the
owner’s knowledge or permission. (1) Viruses, (2) Warms, (3) Root kits, (4) Trojans,
(5) Spyware, (6) Crime ware, (7) Adware
• Trojan horses: Trojan horses are email viruses that can duplicate themselves, steal
information, or harm the computer system. These viruses are the most serious threats
to computers.
• Password Cracking: Password attacks are attacks by hackers that are able to determine
passwords or find passwords to different protected electronic areas and social network
sites.

MANAGEMENT OF CYBER SECURITY RISKS

The risk associated with any attack depend on three factors: threats (who is attacking),
vulnerabilities (the weaknesses they are attacking), and impacts (what the attack does). The
management of risk to information systems is considered fundamental to effective cyber
security [7].
19

What Are the Threats? People who actually perform cyber- attacks are widely cited as
falling into one or more of five categories: criminals intent on monetary gain from crimes
such as theft or extortion or spoil the system spies, intent on stealing classified or
proprietary information used by government or private entities; nation-state warriors who
develop capabilities and undertake cyberattacks in support of a countries strategic
objectives; activists who perform cyberattacks for nonmonetary reasons; and terrorists who
engage in cyber-attacks as a form of nonstate or state-sponsored warfare.

What Are the Vulnerabilities? Cyber security is in many ways an arms race between
attackers and defenders. ICT systems are very complex, and attackers are constantly
probing for weaknesses, which can occur at many points. Defenders can often protect
against weaknesses, but three are particularly challenging: inadvertent or intentional acts
by insiders with access to a system; supply chain vulnerabilities, which can permit the
insertion of malicious software or hardware during the acquisition process; and previously
unknown, or zero-day vulnerabilities with no established fix. Even for vulnerabilities
where remedies are known, they may not be implemented in many cases because of
budgetary or operational constraints. Network administrator will use these types of
software by trying that if any attacker can easily attack on database or not? Are there any
weaknesses which harm the software security or database security? Whereas hacker will
use these types of vulnerable software for hacking the details of user [6].

What Are the Impacts? A successful attack can compromise the confidentiality, integrity,
and availability of an ICT system and the information it handles. Cyber theft or cyber
espionage can result in ex-filtration of financial, proprietary, or personal information from
which the attacker can benefit, often without the knowledge of the victim [2]. Denial-of-
service attacks can slow or prevent legitimate users from accessing a system. Botnet
malware can give an attacker command of a system for use in cyber-attacks on other
systems.

Advantages of Cyber Security


1. Improved security of cyberspace
20

2. Increase in cyber defense


3. Increase in cyber speed
4. Protecting company data and information
5. Protects systems and computers against virus, worms, malware and spyware, etc.
6. Protects individual private information
7. Protects networks and resources
8. Fight against computer hackers and identity theft
9. Minimizes computer freezing and crashes.
10. Gives privacy to users

Disadvantages of Cyber Security


1. It will be costly for average users
2. Firewalls can be difficult to configure correctly
3. Need to keep updating the new software in order to keep security up to date.
4. Make system slower than before.
5. Incorrectly configured firewalls may block users from performing certain actions on
the Internet, until the firewall configured correctly.

Safety Tips for Cyber Security


1. Use antivirus software
2. Insert firewalls, pop up blocker
3. Uninstall unnecessary software
4. Maintain backup
5. Check security settings
6. Use secure connection
7. Open attachments carefully
8. Use strong passwords, (keep combination of uppercase, lowercase, special characters
etc.) do not give personal
information unless required
21

CHAPTER 5
ISSUES IN CYBER SECURITY

1. Better end user education it’s sort of expressing the self-evident, however most
frameworks are just as secure as the propensities for the general population utilizing
them. Terrible on-screen characters abuse this to exploiting powerless passwords and
un patched programming and utilizing complex phishing strategies [8].
2. Security mindful programming advancement: They are sufficiently not individuals
centered on security. With an expanding measure of individuals getting associated with
Internet, the security dangers that reason more hazards to hurt information,
programming and gadget too.

Cybercrime
Cyber security is needed when crime will be performed: The former descriptions were
“computer crime”, “computer related crime” or “crime by computer”. With the pervasion
of digital technology, some new terms like “high-technology” or “information age” crime
were added to the definition. [6] Also,
Internet brought other new terms, like
“cybercrime” and “net” crime. Other forms include “digital”, “electronic”, “virtual”, “IT”,
“high-tech” and technology enabled” crime. It will do by that people who are mostly
connected to internet, online activities, social activities, etc.

History of Cybercrime
1. The first recorded cybercrime was recorded in the year 1820.
2. The first spam email took place in 1978 when it was sent over the Arpanet.
3. The first Virus was installed on an Apple Computer in 1982.

Types of Cybercrime
There are 12 types of cybercrimes
• Hacking
22

In simple words, hacking is an act committed by an intruder by accessing your


computer system without your permission. Hackers (the people doing the hacking) are
basically computer programmers, who have an advanced understanding of computers
and commonly misuse this knowledge for devious reasons.
a. SQL injections
b. Theft of FTP passwords
c. Cross site scripting
• Virus dissemination Viruses are computer programs that attach themselves to or
infect a system or files, and have a tendency to circulate to other computers on a
network. They disrupt the computer operation and affect the data stored either by
modifying it or by deleting it altogether.
• Logic bombs
A logic bomb, also known as slag code, is a malicious piece of code which is
intentionally inserted into software to execute a malicious task when triggered by a
specific event.
• Denial-of-Service attack
A Denial-of-Service (DoS) attack is an explicit attempt by attackers to deny
service to intended users of that service. It involves flooding a computer resource
with more requests than it can handle consuming its available bandwidth which
results in server overload.

• Phishing
This is a technique of extracting confidential information such as credit card numbers
and username password combos by masquerading as a legitimate enterprise.
• Bombing and spamming
Email bombing is characterized by an abuser sending huge volumes of email to a
target address resulting in victims email account or mail servers crashing.
• Jacking
23

Web jacking derives its name from hijacking. Here, the hacker takes control of a web site
fraudulently. He may change the content of the original site or even redirect
The user to another fake similar looking page controlled by him.

• Cyber stalking
Cyber stalking is a new form of internet crime in our society when a person is
pursued or followed online
a. Internet stalking, b. Computer stalking.
• Data diddling
Data Diddling is unauthorized altering of data before or during entry into a
computer system, and then changing it back after processing is done.
• Theft and Credit Card Fraud
Identity theft occurs when someone steals your identity and pretends to be you to
access resources such as credit cards, bank accounts and other benefits in your
name.
• Slicing attack
A salami slicing attack or salami fraud is a technique by which cyber criminals
steal money or resources a bit at a time so that there no noticeable difference in
overall size.
• Software Piracy
Internet piracy is an integral part of our lives which knowingly or unknowingly we
all contribute to.

Cybercrime includes
• Illegal access
• Illegal interception system
• Interference data
• Interference misuse of devices fraud.
24

CONCLUSIONS

Any intelligent device that can pass data to one or more other devices (either through
a network or not) is encompassed within the scope of Cyber Security that includes
pretty much the entire foundation of modern society. All need to be aware of cyber
security as well as cybercrimes and its causes. There is little seriousness about security
regarding online, social and other activities through which probability of risk will be
higher. It causes loss of data, modifying data, removing useful information as personal
details, passwords of mail accounts, social accounts or bank accounts. People may
also know about laws against cybercrimes or cyber laws and actions which will be
taken and how to fight against crime.
25

REFERENCES

 Sergey, Melnik, Smirnov Nikolay, Erokhin Sergey. Cyber security concept for
Internet of Everything (IoE). Systems of Signal Synchronization, Generating and
Processing in Telecommunications. 2017. IEEE, 2017.
 Martin, Nigel, John Rice. Cybercrime: Understanding and addressing the concerns
of stakeholders. Computers and Security. 2011; 30(8): 803–814.
 Shang H, Jiang R, Li A. A Framework to Construct Knowledge Base for Cyber
Security. 2017 IEEE Second International Conference on Data Science in
Cyberspace (DSC). IEEE, 2017.
 Manmohan Chaturvedi, Aynur Unal,
 Shilpa Bahl. International cooperation in cyber space to combat cyber crime and
terrorism. 2014 IEEE Conference on Norbert Wiener in the 21st Century (21CW).
IEEE, 2014.
 Rayne Reid, Johan Van Niekerk. From information security to cyber security
cultures. Information Security for South Africa (ISSA). 2014. IEEE, 2014.
 R. Hewett, S. Rudrapattana, P.
 Kijsanayoth. Cyber-security analysis of smart SCADA systems with game
models. Proceedings of the 9th annual cyber and information security research
conference, ACM, 2014, pp. 109–112.
 Von Solms, Rossouw, Johan Van Niekerk. From information security to cyber
security. Computers and Security. 2013; 38: 97–102.

 Eric A. Fischer. (2106). Cybersecurity Issues and Challenges: In Brief. [Online].


Available from https://fas.org/sgp/crs/mi sc/R43831.pdf [Accessed on October
2017].