E-Security System 1

UNIT – IV
CHAPTER

4 E-Security System
SYNOPSIS
4.1 Introduction
4.2 Threats to Computer Systems and Control measure
4.3 IT Risk
4.4 Information systems security
4.5 Security on the internet
4.6 E-Business Risk Management Issues
4.7 Understanding and defining Enterprise wide security framework
4.8 Information Security Environment in India with respect to real Time
Application in Business.
4.9 Security measures in International and Cross Border financial
transactions.
4.10 Threat Hunting Software
 Review Questions

E-Security is a branch of computer security also known as Information

Security as applied to computers and networks. The objective of E-Security includes
protection of information and intellectual property (in electronic form) from theft,
corruption, or natural disaster, while allowing the information and property to remain
accessible and productive to its intended users.
The term computer system security means the collective processes and
mechanisms by which sensitive and valuable information (in electronic form),
electronic/computer/network devices and IT services as well as resources are
protected from publication, tampering or collapse by unauthorized activities or
untrustworthy individuals and unplanned events respectively.
The strategies and methodologies of computer security often differ from most
other computer technologies because of its somewhat elusive objective of preventing
unwanted computer behaviour instead of enabling wanted computer behaviour.
In short, we need to secure:
2 Information Technology in Business Management - I (S.Y.B.M.S Sem – III)
 Computer/network resources & devices from external attacks such as
hacking, viruses etc.
 Our data and information (in electronic form)
 Our electronic transaction information
 Our user-ids, passwords and personal profiles
 Our network information (IP Address, Domain etc.)

With growth of E-Commerce business, the number of threats to the information

stored online has also increased manifold. Not only that, the threats are more
dangerous from the perspective that most of them come from invisible or faceless
entities. Hence the security of E-commerce/M-Commerce systems is extremely
critical and is of VERY HIGH IMPORTANCE.
The most common threats are:
1. Malicious Code (code containing viruses, bots, worms, Trojan-horse etc.)
A computer virus is a computer program that can replicate itself and spread from
one computer to another. The term "virus" is also commonly but erroneously used to
refer to other types of malware, including but not limited to adware and spyware
programs that do not have the reproductive ability.
2. Denial of Service / Botnet / Hacking (unauthorized access to computer
systems)
A botnet is a group of computers connected to the Internet that have been
compromised by a hacker using a computer virus or Trojan horse. An individual
computer in the group is known as a “zombie“ computer. The botnet is under the
command of a “bot herder” or a “bot master,” usually to perform nefarious activities.
This could include distributing spam to the email contact addresses on each zombie
computer, for example.
If the botnet is sufficiently big in number, it could be used to access a targeted
website simultaneously in what’s known as a denial-of-service (DoS) attack. The
denial-of-service prevents normal use of your computer or network by valid users.
After gaining access to your network, the attacker can do any of the following:
 Randomize the attention of your internal Systems staff so that they do not
see the intrusion immediately, which allows the attacker to make more
attacks during the diversion.
 Send invalid data to applications or network services, which causes
abnormal termination or behaviour of the applications or services.
 Flood a computer or the entire network with traffic until a shutdown
occurs because of the overload.
E-Security System 3
 Block traffic, which results in a loss of access to network resources by
authorized users.

3. Phishing (online attempt by a third party to obtain confidential information

for financial gain)
Phishing means way of attempting to acquire sensitive information such as
usernames, login-ids, passwords and personal details by masquerading as a
trustworthy entity in an electronic form. It is an e-mail fraud method in which the
perpetrator sends out legitimate-looking email in an attempt to gather personal and
financial information from recipients. Typically, the messages appear to come from
well-known and trustworthy Web sites.
4. Spyware/Malware
Malware means Malicious Software. It is designed to access the information
stored in the computer / network resources secretly without the knowledge of the
owner. This terms is generally used when the intent of stealing the information is
hostile, intrusive or annoying anyone deliberately.
5. Spoofing/Identity Theft
Spoofing, in general, is a fraudulent or malicious practice in which
communication is sent from an unknown source disguised as a source known to the
receiver. Spoofing is most prevalent in communication mechanisms that lack a high
level of security.
Identity theft is the unauthorized collection of personal information and its
subsequent use for criminal reasons such as to open credit cards and bank accounts,
redirect mail, set up cellphone service, rent vehicles and even get a job. These actions
can mean severe consequences for the victim, who will be left with bills, charges and
a damaged credit score.
There are many ways in which an individual's identity can be stolen, but people
may be particularly vulnerable to this crime online, where savvy criminals can gain
access to personal information through a number of avenues. This theft is
increasingly being perpetrated electronically.
6. Interception
In a networked environment, a passive interception might involve someone who routinely
monitors network traffic. Active interception might include putting a computer system
between sender and receiver to capture information as it is sent. From the perspective of
interception, this process is covert. The last thing a person on an intercept mission wants
is to be discovered. Intercept missions can occur for years without the knowledge of the
intercept parties.
7. Sniffing/Eavesdropping
Sniffing refers to listening to a conversation. For example, if you login to a
website that uses no encryption, your username and password can be sniffed off the
4 Information Technology in Business Management - I (S.Y.B.M.S Sem – III)
network by someone who can capture the network traffic between you and the web
site.
A sniffer is an application program or device that can read, monitor, and capture network
data exchanges and read network packets. If these packets are not encrypted, a sniffer can
provide a full view of the data inside the packet. Even encapsulated (tunnelled) packets
can be broken open and read unless they are encrypted and the attacker does not have
access to the key.
8. Credit Card / Internet frauds
Computer fraud is any dishonest misrepresentation of fact intended to let
another to do or refrain from doing something which causes loss. In this context, the
fraud will result in obtaining a benefit by:
 Altering computer input in an unauthorized way. This requires little
technical expertise and is not an uncommon form of theft by employees
altering the data before entry or entering false data, or by entering
unauthorized instructions or using unauthorized processes;
 Altering, destroying, suppressing, or stealing output, usually to conceal
unauthorized transactions: this is difficult to detect;
 Altering or deleting stored data;
 Altering or misusing existing system tools or software packages, or
altering or writing code for fraudulent purposes.
 Other forms of fraud may be facilitated using computer systems, including
bank fraud, identity theft, extortion, and theft of classified/confidential
information.
 A variety of Internet scams target consumers directly.
9. Physical Threats
Besides these, there are also physical threats which can be as follows:
1. Fire
2. Flood
3. Earthquake
4. Vandalism etc.
These threats can be countered by various means by applying multiple Policies,
Procedures, Hardware Equipments, various Softwares etc. These can possibly control,
prevent or mitigate attacks whereas less powerful methods can only inform us that
security has been compromised, by detecting a breach as it happens or after it occurs.

IT RISK MANAGEMENT
IT risk management is the application of the principles of risk management to an
IT organization in order to manage the risks associated with the field. IT risk
E-Security System 5
management aims to manage the risks that come with the ownership, involvement,
operation, influence, adoption and use of IT as part of a larger enterprise.
IT risk management is a component of a larger enterprise risk management
system. This encompasses not only the risks and negative effects of service and
operations that can degrade organizational value, but it also takes the potential
benefits of risky ventures into account.
As a general rule, risk is defined as the product of the likelihood of occurrence
and the impact an even could have. In IT, however, risk is defined as the product of
the asset value, the system's vulnerability to that risk and the threat it poses for the
organization.
IT risks are managed according to the following steps:
 Assessment: Each risk is discovered and assessed for severity
 Mitigation: Countermeasures are put in place to reduce the impact of
particular risks
 Evaluation and Re-Assessment: At the end of a project, the effectiveness
of any counter measures (along with their cost-effectiveness) is evaluated.
Based on the results, actions are taken to improve, change or keep up with
the existing or current plans.

Risk Assessment
Risk Management is a recurrent activity that deals with the analysis, planning,
implementation, control and monitoring of implemented measurements and the
enforced security policy. On the contrary, Risk Assessment is executed at discrete
time points (e.g. once a year, on demand, etc.) and – until the performance of the next
assessment - provides a temporary view of assessed risks and while parameterizing
the entire Risk Management process.
Risk assessment is often conducted in more than one iteration, the first being a
high-level assessment to identify high risks, while the other iterations detailed the
analysis of the major risks and other risks.
The parameters considered for assessment are normally as follows:
 assessment of the consequences through the valuation of assets
 assessment of the likelihood of the incident (through threat and
vulnerability valuation)
 assign values to the likelihood and consequence of the risks
This assessment mainly depends on following 3 primary principles:
The 3 primary principles are:
Confidentiality: Confidentiality of the information can be maintained by
implementing proper access controls through hardware and software to restrict access
6 Information Technology in Business Management - I (S.Y.B.M.S Sem – III)
to the information, by encrypting the same while storing and sending data over the
network etc.
Integrity: Integrity means that it should possible for the receiver of a message to
verify that the message has not been changed in any manner. Changes made in the
messages without according remarks must be impossible. It verifies that neither the
purchase amount nor the goods bought are changed or lost during transmission.
Integrity also means the message has not reached the recipient twice.
Availability: Ability to ensure that an e-commerce site continues to function as
intended and information or data is always available.

Principles of Information Security

The 3 secondary principles are:
Non-repudiation: Non-repudiation prevents either the sender or the receiver
from denying that the message was sent or received respectively. Because the sender
of the message is directly connected to the content of the message. It prevents sender
and vendor in the transaction and communication activity from the later falsely
denying that transaction occurred.
e.g. It means like sending a certified letter with a return receipt via the postal
system. Like a receipt accompanying the register letter, because a digital certificate
accompanies the transfer of data, the originator cannot deny having sent the message.
Authenticity: It is a process of verifying the identity of a person from whom the
data has been sent to eliminate the possibility of fraud. It identifies or verifies that the
senders of message are, in fact, who they claim to be.
Privacy (Authorization): The authentication process refers to the correct
identification of the user whereas authorization refers to the permission granted to the
correct person or a correct to do certain process.
E-Security System 7
It shields communication from unauthorized viewing or access. Privacy
protection implies confidentiality and anonymity. Confidentiality, or message content
security, means that during the transmission from sender to receiver, no third party
can access the content of the message or identify the sender and receiver. Anonymity
means outsider cannot trace, link or observe the contents of he message. An
anonymous record is one that cannot be associated with a particular individual, either
from the data itself or by combining the records with other records.

Risk Mitigation and Management

Risk mitigation, the second process, involves prioritizing, evaluating, and
implementing the appropriate risk-reducing controls recommended from the risk
assessment process. Because the elimination of all risk is usually impractical or close
to impossible, it is the responsibility of senior management, functional and business
managers to use the least-cost approach and implement the most appropriate controls
to decrease mission risk to an acceptable level, with minimal adverse impact on the
organization’s resources and mission.
As per ISO 27005 framework, the risk treatment process aims at selecting
security measures to:
 reduce
 retain
 avoid
 transfer
And produce a risk treatment plan that is the output of the process with the
residual risks subject to the acceptance of management.

Risk Evaluation and Re-Assessment

The risk evaluation process receives as input the output of risk analysis process.
It compares each risk level against the risk acceptance criteria and prioritises the risk
list with risk treatment indications.
Essentially, Risk management is an ongoing, never ending process. Within this
process implemented security measures are regularly monitored and reviewed to
ensure that they work as planned and that changes in the environment rendered them
ineffective. Business requirements, vulnerabilities and threats can change over the
time.

SECURITY ON THE INTERNET

Web developers and security professionals must implement and utilize effective
security techniques and policies. Security methods allow both users and security
8 Information Technology in Business Management - I (S.Y.B.M.S Sem – III)
administrators to trust the system that they are working with. If proper techniques are
used to secure and use a system, it is almost impossible for an unauthorized user to
gain access.
But unfortunately, computer crime is certain to continue for the foreseeable
future. For this reason, we must look carefully at controls for preserving
confidentiality, integrity, and availability.
Sometimes these controls can prevent or mitigate attacks; otherwise, less
powerful methods can only inform us that security has been compromised, by
detecting a breach as it happens or after it occurs.  This is not just for fighting off
viruses. Clearly, network security and Internet Explorer also need defence in depth.
When Internet Explorer was recently hacked in a public contest, Microsoft
responded that, “... defence in depth techniques aren't designed to prevent every
attack forever, but to instead make it significantly harder to exploit
vulnerability.”

Website Hacking and Issues

In 2015, the total number of websites on the internet reached 1 billion. Today
it’s hovering somewhere in the neighborhood of 944 million due to websites going
inactive, and it is expected to normalize again at 1 billion sometime in 2017-18. Let’s
take a minute to absorb that number for a moment – 1 billion.
Another surprising statistic is that Google, one of the most popular search
engines in the world, quarantines approximately 10,000 websites a day via its Safe
Browsing technology. From our own research, out of the millions of websites that
push through our scanning technology, roughly 2 – 5% of them have some
Indicator of Compromise (IoC) that signifies a website attack. Granted, this might
be a bit high, as the websites being scanned are often suspected of having an issue, so
to be conservative we would extrapolate that to suggest about 1% of the total
websites online are hacked or infected. To put that into perspective, we are talking
somewhere in the neighborhood of 9 million websites that are currently hacked or
infected. With this sort of impact, it’s only natural that people are curious how
websites keep getting hacked. The challenge is that the answer has been the same for
quite some time.
One wonders or is curious about 3 questions related to Website Hacking as
follows:

1. Why, in why do Websites get Hacked and the motivations behind them?

What the implications of a hack were to website owners of all calibers in the
impacts of a Hacked Website.
And most importantly, How.
E-Security System 9
It is the one question that almost every website security professional gets at
some point in their career, and in some cases, repeatedly. As pros, we take for granted
the knowledge we have gained over the years and forget what it is like not to know.
Websites get hacked because of three things:
a. Access Control
b. Software Vulnerabilities
c. Third-Party Integrations

The Website Environment

We cannot have a conversation about how websites get hacked without having
an open dialog about everything that makes up a website.
There are various elements that make a website function and work in unison.
Components like, the Domain Name System (DNS) – the thing that tells requests
where to go. The web server houses various website files and the infrastructure
houses various web servers. These websites live in a complex ecosystem of
interconnected nodes around the internet, but likely something you’ve never given
much thought.
Many of these features are provided by a number of service providers that make
it very easy for one to create an online presence. They sell the things like domain
names, hosting space, and other services designed to make operating the website
easy.
While we won’t dive into too many details about the threats that these elements
introduce, please understand that every one of the components described above has an
impact on your overall security posture and can potentially contribute to how your
website gets hacked.

Hacking
What is fascinating about website hacking is that they always come down to the
same elements regardless of the organization’s size. It does not matter if you are a
Fortune 500 or a small business selling cupcakes. The only difference is the why.
In large organizations, it is often because they dropped the ball. They knew
exactly what the threat was, but they never thought it would extend to their websites,
with the common response being – “I thought someone else was handling it”. When
it comes to small businesses, it is often – “Why would anyone want to hack me? I
never knew it’d be an issue for me, I’m not Target, I don’t have credit card
information”.

Access Control
Access control speaks specifically to the process of authentication and
authorization; simply put how you log in. When we say log in, we mean more than
just the website. Here are a few areas to think about when assessing access control:
10 Information Technology in Business Management - I (S.Y.B.M.S Sem – III)
 How do you log into your hosting panel?
 How do you log into your server? (i.e., FTP, SFTP, SSH)
 How do you log into your website? (i.e., WordPress, Dreamweaver,
Joomla!)
 How do you log into your computer?
 How do you log into your social media forums?
The reality is that access control is much more important than most give credit.
It is like the person that locks their front door but leaves every window unlatched and
the alarm system turned off. This begs the question, why did you even lock the door?
Exploitation of access control often comes in the form of a brute force attack, in
which the attacker attempts to guess the possible username and password
combinations in an effort to log in as the user. You can also see various social
engineering attempts of phishing pages designed to capture a user’s ID/username and
password combination, or some form of Cross-Site Scripting (XSS) or Cross-Site
Request Forgery (CSRF) attack in which the attacker tries to intercept the user
credentials via their own browser. There is also the obvious Man in the Middle
(MITM) attack, where the attacker intercepts your username and password while
working via insecure networks and your credentials are transferred between one point
to another via plain text.

Software Vulnerabilities
Software vulnerabilities are not for the faint of heart. We would argue that 95%
of website owners are unable to address today’s software vulnerabilities; even
everyday developers are unable to account for the threats their own code introduces.
The problem, as we can see it, is in the way we think. It takes a special person to want
to break things. Most of us use things as they are designed.
These software vulnerabilities extend beyond the website itself and easily bleed
into the various technologies we discussed above (i.e., web server, infrastructure,
etc.). Anywhere there is a system, there’s a potential software vulnerability waiting to
be exploited. This can also extend to your browser (i.e., Chrome, Internet Explorer,
Firefox, etc.).
Exploitation of software vulnerabilities can be done in various forms, but for the
sake of sanity, we will target a website’s and not the various supporting elements.
When it comes to websites, exploitation of software vulnerability is achieved
through a cleverly malformed Uniform Resource Locator (URL) or POST
Headers. Via these two methods, an attacker is able to enact a number of attacks;
things like Remote Code Execution (RCE), Remote / Local File Inclusion (R/LFI),
Cross Site Scripting (XSS) and SQL Injection (SQLi) attacks. There are a number of
other attacks, but these are some of the more common attacks we’re seeing affecting
today’s websites.
E-Security System 11
Third-Party Integrations / Services
Third-party integrations/services are increasingly becoming a problem. The
most prominent form is advertisements via ad networks leading to malvertising
attacks. It extends beyond that to services you might use, including things like a
Content Distribution Network (CDN) – as in the recent Washington Post hack last
week.
Third-party integrations and services have become commonplace in today’s
website ecosystem, and are especially popular in the highly extensible Content
Management Systems (CMS) like WordPress, Drupal and Joomla!
The problem with the exploitation of third-party integrations and services is that
it is beyond the website owner’s ability to control. We assume when we integrate
third-party providers that they are ensuring the service you consume is safe, but like
everything else there is always the chance of compromise.

ENTERPRISEWIDE SECURITY FRAMEWORK

When it comes to an Organization or an Enterprise, the security infrastructure
has to be implemented in multiple ways. There are various ways and means through
which the same can be and is implemented. No two Organizations would implement
the Information Security in exact same way in spite of using the same equipments or
techniques, simply because the policies, standards and business requirements of each
Organization are different. And hence, these factors drive the implementation of
Information Security within each Organization. However, the guidelines, principles
and techniques followed during the implementation are similar in nature. The
Organizations across the Globe, implement multiple levels of security framework that
comprises of:
 Network Security
 Application Security
 And
 Data Security
They can be discussed as follows:

NETWORK Security
a. Firewall
It is recommended that we must use some type of firewall for Internet/Network
security. Intruders are constantly scanning home user systems for known
vulnerabilities. Network firewalls (whether software or hardware-based) can provide
some degree of protection against these attacks.
The term firewall originally meant as “still means” a fire proof wall intended to
prevent the spread of fire from one room to another area therefore “firewall is an
excellent tool for network security”.
12 Information Technology in Business Management - I (S.Y.B.M.S Sem – III)
Definition
A firewall is a system of hardware and software components designed to restrict
access between or among networks, most often between the Internet and a private
Intranet. It is part of an overall security policy that creates a perimeter defense
designed to protect the information resources of the organization.

Firewall (schematic representation)

Functions of Firewall
It controls access to the internet by private users, preventing outside parties from
gaining access to system and confidential data on the private network.
All information entering or leaving the intranet or internet pass through the
firewall. Firewall is a specialized form of router focusing on specific types of network
security function.
A basic purpose of firewall is to disallow unauthorized access while everything
passing through firewall every time. New program installed in window so the
windows firewalls especially if the new program will be involved with the internet.
For example online games and buy them at cheap prices these transactions are held
online if the firewall sees any actions going on to be hazardous, it will not allow it to
happen.
Firewall detect the network at the point of enter so that it can receive and
transmit authorized data without significant delay.

Types of firewalls
There are mainly 2 types of firewalls:
a. Hardware Firewalls
These firewalls are most popular as they can control the network in better
manner. Also, the replacement in case of any failures as well as the maintenance is
comparatively easy. These firewalls need specialized personnel for configuring the
same. Hardware firewalls are best suited to businesses and large networks. Some of
the popular hardware firewalls are Nokia (CheckPoint), Cisco (Pix), Juniper
(NetScreen), WatchGuard (Firebox), Fortinet (FortiGate), SonicWall (Pro Series),
Symantec (SGS), SecureComputing (Sidewinder) etc.
b. Software Firewalls
These are software based firewalls which work on the top of the Operating
System of the computer. These types of firewalls are mainly used for Personal
E-Security System 13
Computer or Home PC network, as they are affordable in terms of price and easy to
configure. Some of the software firewalls are Microsoft, Kasparsky, Norton,
TrendMicro, eScan, McAfee etc.

Limitations of Firewall
 It does not solve all the practical security problems.
 Insider intrusion (inside user attacks the internal network in same way) cannot
be prevented by firewall.
 Firewall needs to be configured very carefully as to have only one entry and exit
point; otherwise a user can bypass the firewall.
 Internal network cannot be prevented by Virus attacks. 
In short,

Firewalls

Do Do Not

 Implement security policies at a single  Protect against attacks that bypass

point the firewall
 Monitor security-related events (audit,  Protect against internal threats
log)  Protect against the transfer of virus-
 Provide strong authentication infected programs or files
 Allow virtual private networks
 Have a specially hardened/secured
operating system

b. Intrusion Detection System

Intrusion means, ‘any set of actions which attempt to compromise the
confidentiality, integrity and availability of information of a computer or a network
resource’. It can also be defined as, ‘a deliberate or unauthorized attempt to access or
manipulate any information with malafied intent’.

Definition
A component of computer and network infrastructure which is aimed at
detecting an intrusion or attack against computer systems and networks, or
application is called as ‘Intrusion Detection System (IDS)’.
Intrusion Detection Systems are designed to catch the information what might
have not been prevented or even detected by the firewall. Intrusion detection system
is early use to detect an unauthorized access or manipulate information so at least we
have early awareness of a problem.
c. Virtual Private Network (VPN)
A virtual private network (VPN) is a network that uses a public
telecommunication infrastructure, such as the Internet, remote offices or individual
14 Information Technology in Business Management - I (S.Y.B.M.S Sem – III)
users with secure access to their organization's network. A virtual private network can
be contrasted with an expensive system of owned or leased lines that can only be used
by one organization. The goal of a VPN is to provide the organization with the same
capabilities, but at a much lower cost. A typical VPN can be represented as shown in
figure below:

A typical VPN Architecture

A VPN works by using the shared public infrastructure while maintaining

privacy through security procedures and tunneling protocols such as the Layer Two
Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data at the sending
end and decrypting it at the receiving end, send the data through a "tunnel" that
cannot be "entered" by data that is not properly encrypted. An additional level of
security involves encrypting not only the data, but also the originating and receiving
network addresses.
VPN capabilities are being bundled as part of comprehensive security devices.
VPNs may use passwords, biometrics, two-factor authentication or other
cryptographic methods.

Application Security
Vendors usually release patches for their software when vulnerability has been
discovered. Most product documentation offers a method to get updates and patches.
You should be able to obtain updates from the vendor's web site. Read the manuals or
browse the vendor's web site for more information.
Some applications will automatically check for available updates, and many
vendors offer automatic notification of updates via a mailing list. Look on your
vendor's web site for information about automatic notification. If no mailing list or
other automated notification mechanism is offered you may need to check
periodically for updates.
E-Security System 15
Data Security
Security of data information is to protect the information from unauthorized
access. Data security is critical for most business and house computer. Banks account
details, customer personal information, payment related issues, other confidential
details etc. so this type of information can be hard to replace and very dangerous if it
is captured by wrong person. Data can be lost due to environmental disasters such as
flood, fire or earthquake, but data losing it to hacker or virus infection can have
greater consequences. Data security can be done by using different procedures and
policies that protect Data from accidents, Equipment frailer and natural disasters.
Most commonly used data protection technique is Encryption & Decryption.
This is known as ‘Cryptography’.

Cryptography
Cryptography is used for securing by encoding message to make them
unreadable form. When more and more sensitive data is stored on computers and
transmitted over the internet, we used to ensure information security and safety
Encryption and decryption technique is use for securing data. Nowadays, 128-bit
encryption is most commonly used to encrypt the data.

Encryption
Encryption is converting original text into an unreadable form at the sender’s
end which is then transmitted to the receiver. In encryption original text is not as
plain text and after conversion unreadable text is not as cipher-text. So, In other
words encryption is converting over the networking. Its purpose is to ensure privacy
by keeping information hidden for unauthorized access.

Decryption
Decryption is the reverse process of encryption. At the receiver end decryption
is performed it converts the cipher text back into the plain text to get the original
message back. So in other word reverting cipher text to its original plaintext is called
decryption. Encryption and decryption is especially important in internet or wireless
communication.
There are mainly 2 encryption techniques that are widely used.

Symmetric Key Encryption

Symmetric Encryption is an Encryption algorithm where the same key is used
for both Encryption and Decryption. The key must be kept secret, and is shared by the
message sender and recipient. It can be represented as displayed in the figure below.
16 Information Technology in Business Management - I (S.Y.B.M.S Sem – III)

A pictorial representation of Symmetric Key Encryption

Symmetric encryption is the oldest and best-known technique. A secret key,
which can be a number, a word, or just a string of random letters, is applied to the text
of a message to change the content in a particular way. This might be as simple as
shifting each letter by a number of places in the alphabet. As long as both sender and
recipient know the secret key, they can encrypt and decrypt all messages that use this
key.

Asymmetric Key Encryption

Asymmetric Encryption is a form of Encryption where keys come in pairs. What
one key encrypts, only the other can decrypt.
Frequently (but not necessarily), the keys are interchangeable, in the sense that if
key A encrypts a message, then B can decrypt it, and if key B encrypts a message,
then key A can decrypt it. While common, this property is not essential to asymmetric
encryption. Asymmetric Encryption is also known as Public Key Cryptography, since
users typically create a matching key pair, and make one public while keeping the
other secret.

A pictorial representation of Asymmetric Key Encryption

The problem with secret keys is exchanging them over the Internet or a large
network while preventing them from falling into the wrong hands. Anyone who
E-Security System 17
knows the secret key can decrypt the message. One answer is asymmetric encryption,
in which there are two related keys--a key pair. A public key is made freely available
to anyone who might want to send you a message. A second, private key is kept
secret, so that only you know it.
Any message (text, binary files, or documents) that are encrypted by using the
public key can only be decrypted by applying the same algorithm, but by using the
matching private key. Any message that is encrypted by using the private key can
only be decrypted by using the matching public key.
This means that you do not have to worry about passing public keys over the
Internet (the keys are supposed to be public). A problem with asymmetric encryption,
however, is that it is slower than symmetric encryption. It requires far more
processing power to both encrypt and decrypt the content of the message.

Public Key Infrastructure (PKI)

In cryptography, a public key infrastructure (PKI) is an arrangement that
binds public keys with respective user identities by means of a certificate authority
(CA). The user identity must be unique for each CA. The binding is established
through the registration and issuance process, which, depending on the level of
assurance the binding has, may be carried out by software at a CA, or under human
supervision. The PKI role that assures this binding is called the Registration
Authority (RA). For each user, the user identity, the public key, their binding, validity
conditions and other attributes are made unforgivable in public key certificates issued
by the CA. The term trusted third party (TTP) may also be used for certificate
authority (CA). The term PKI is sometimes erroneously used to denote public key
algorithms, which do not require the use of a CA.
PKI arrangements enable computer users without prior contact to be
authenticated to each other, and to use the public key information in their public key
certificates to encrypt messages to each other. In general, a PKI consists of client
software, server software, hardware (e.g., smart cards), legal contracts and
assurances, and operational procedures. A signer's public key certificate may also be
used by a third-party to verify the digital signature of a message, which was made
using the signer's private key and enterprise single sign-on. In general, a PKI enables
the parties in a dialogue to establish confidentiality, message integrity and user
authentication without having to exchange any secret information in advance, or even
any prior contact. The validity of a PKI between the communicating parties is,
however, limited by practical problems such as uncertain certificate revocation, CA
conditions for certificate issuance and reliance, variability of regulations and
evidentiary laws by jurisdiction, and trust. These problems, which are significant for
the initial contact, tend to be less important as the communication progresses in time
(including the use of other communication channels) and the parties have
opportunities to develop trust on their identities and keys.
18 Information Technology in Business Management - I (S.Y.B.M.S Sem – III)
Digital Signature

Definition
Digital Signature is a unique combination of alphanumeric digits having a
specific length which is issued by a Certifying Authority to Individual, Corporate or
any other entity. A Digital Signature is a tool by which the authenticity of an
electronic document or information can be verified.

Function
One way to implement public key authentication on a per-message basis is to
send a digital signature with each message. A digital signature is added at the end of
each message which is send. 5 Companies in India (NIC, IDRBT, SAFESCRYPT CA
Services, nCode Solutions and E-Mudhra) can issue digital signatures/certificates
using “in-person proofing” as part of the process. A digital signature, first proposed in
1976 by Whitfield Defined of Stanford University, transforms the message that is
signed so that anyone who reads it can be sure of the real sender. It is a block of data
or a sample of the message content (called a message digest) that represents the
private key. Encrypting a message digest with a private key creates a digital
signature. A public key can be used to verify that the signature was, in fact, generated
using the corresponding private key.
A Digital signature’s main function is to verify that a message or a document, in
fact, comes from the claimed sender. This is called authentication. It can be used also
to time-stamp documents when a trusted party signs the document and its time stamp
with his or her secret key. This process attests that the document was present at the
stated time.
When making a digital signature, cryptographic hash functions are generally
used to construct the message digest. A hash function is a formula that converts a
message of a given length into a string of digits, called a message digest. Once the
message digest is encrypted with the sender’s private key, it becomes a digital
signature.

Working of Digital Signature

E-Security System 19

A pictorial representation of Working of ‘Digital Signature’

 The sender encrypts the message or data or contents using the private key;
 The receiver upon receiving the same, requests the public key from the
Certifying Authority (CA);
 This public key received from the CA is compared and verified with the Public
Key of the sender;
 It is then utilized to decrypt the data received.
 This process is done ONLY at that particular instance. The process is initiated
and completed everytime the encrypted document or information is opened by
the user/receiver.

Usage
 Digital signatures are commonly used for software distribution, financial
transactions, and in other cases where it is important to maintain confidentiality
and detect forgery or tampering.
 Digital signatures are equivalent to traditional handwritten signatures in many
aspects and if properly implemented digital signatures are more difficult to forge
than the handwritten type.
 Digital Signature ensures that no alterations are made to the information or data
once the document has been digitally signed.

Legal Sanctity of Digital Signature

 The IT Act, 2000, has given legal recognition to digital signature meaning, that
legally it has the same value as handwritten or signed signatures affixed to a
document for its verification.
 The digital signatures & certificates are now accepted at par with handwritten
signatures.
20 Information Technology in Business Management - I (S.Y.B.M.S Sem – III)
 The electronic documents that have been digitally signed are treated at par with
paper documents.

Information Security Environment in India

Before we review the Security Environment in India Industry, let’s first
understand where we need to implement Information Security. What we have seen so
far is that we need to be careful and alert as well as follow strict Security Protocols in
protecting the information and information exchange happening online i.e. through
any electronic media and Real-Time systems.

Definition of Real-Time System

Real time systems are those which must produce the correct response within the
specified or defined time limit. If it exceeds these time bonds it results in performance
degradation and/or malfunction of system.
For example in aircraft engine control system, the real time control system
should perform its task within a specified time as the operator/pilot intended and
failure of this can cause the loss of control and possibly the loss of many lives.
Another example is online ticketing system, where it should perform exactly as
per the task expected or intended and failure to do so may need to a financial loss and
possibly a chaos in general terms.

Definition of Batch Processing System

Batch processing is the execution of a series of jobs in a program on
a computer without manual intervention (non-interactive). Strictly speaking, it is
a processing mode: the execution of a series of programs each on a set or "batch" of
inputs, rather than a single input (which would instead be a custom job). However,
this distinction has largely been lost, and the series of steps in a batch process are
often called a "job" or "batch job".

Difference between Real Time and Batch Processing Systems

Batch data processing is an efficient way of processing high volumes of data is
where a group of transactions is collected over a period of time. Data is collected,
entered, processed and then the batch results are produced. Batch processing requires
separate programs for input, process and output. Batch processing involves the
execution of jobs at the same time. An example is payroll and billing systems.
In contrast, real time data processing involves a continual input, process and
output of data. Data must be processed in a small time period (or near real time).
Radar systems, customer services and bank ATMs are examples. In Real-time
processing, data processing as the user enters in the data or a command. For
example, ticket booking system, stock-trading systems.
The main difference is that administrators can postpone batch processes, while
real-time processes must occur as soon as possible.
E-Security System 21
In India, most of the companies, both Government and Private organizations
essentially present in Finance, Consumer, Retail or Service sector has implemented
Real-time systems for the business in one way or the other to boost their business.
They have adopted E-Commerce and M-Commerce business models in an effective
manner in last decade. Not only that, in recent past, the Government pushed the
initiative of DIGITISATION in a big way which has helped Government companies
to compete with Private Organization on par in providing the services to the
consumers.
Some examples of Real-Time systems that have been implemented in India are:
 Real Time Gross Settlement System (RTGS)
 IRCTC Ticketing System
 National Electronics Funds Transfer System (NEFT)
 E-Filing System (Online Income Tax Filing)
 Online Stock-Trading System
 Net-Banking systems by various Banks
 Online Service Booking Systems viz. MakeMyTrip.Com, Yatra.Com,
BookMyShow.Com etc.
And many more…

Internet / Electronic Payment Systems

Definition:
Electronic Payment is a financial exchange that takes place online between
buyers and sellers. The content of this exchange is usually some form of digital
financial instrument (such as encrypted credit card numbers, electronic cheques or
digital cash) that is backed by a bank or an intermediary, or by a legal tender. The
various factors that have lead the financial institutions to make use of electronic
payments are:

Decreasing technology cost:

The technology used in the networks is decreasing day by day, which is evident
from the fact that computers are now dirt-cheap and Internet is becoming free almost
everywhere in the world.

Reduced operational and processing cost:

Due to reduced technology cost the processing cost of various commerce
activities becomes very less. A very simple reason to prove this is the fact that in
electronic transactions we save both paper and time.
22 Information Technology in Business Management - I (S.Y.B.M.S Sem – III)
The above two factors have lead many institutions to go online and many others
are following them.
Many new technologies, innovations have led the Organizations to use E-
Commerce for the common man also. We will now briefly enumerate these
innovations based on whom they affect:
1. Affecting the consumers:
Credit cards, Debit Cards, ATMs (Automated Teller Machines), stored
value cards, E-Banking.
2. Enabling online commerce:
Digital Cash, E-Cash, Smart cards (or Electronic Purse) and encrypted
Credit cards.
3. Affecting Companies:
The payment mechanisms that a bank provides to a company have
changed drastically. The Company can now directly deposit money into
its employee’s bank account. These transfers are done through Automated
Transfer Houses.

There are also many problems with the traditional payment systems  that are
leading to its fade out. Some of them are enumerated below:
1. Lack of Convenience:
Traditional payment systems require the consumer to either send paper
cheques by snail-mail or require him/her to physically come over and sign
papers before performing a transaction. This may lead to annoying
circumstances sometimes.
2. Lack of Security:
This is because the consumer has to send all confidential data on a paper,
which is not encrypted, that too by post where it may be read by anyone.
3. Lack of Coverage:
When we talk in terms of current businesses, they span many countries or
states. These business houses need faster transactions everywhere. This is
not possible without the bank having branch near all of the company’s
offices. This statement is self-explanatory.
4. Lack of Eligibility:
Not all potential buyers may have a bank account.
5. Lack of support for micro-transactions:
E-Security System 23
Many transactions done on the Internet are of very low cost though they
involve data flow between two entities in two countries. The same if done
on paper may not be feasible at all.

We will now focus attention on the various  ways available to pay

online these methods of payment are still new even when seen as a
technology. Each has its own benefits and shortcomings:

Electronic Tokens:
An electronic token is a digital analog of various forms of payment backed by a
bank or financial institution. There are two types of tokens:
a. Real Time: (or Pre-paid tokens) - These are exchanged between buyer
and seller, their users pre-pay for tokens that serve as currency.
Transactions are settled with the exchange of these tokens. Examples of
these are DigiCash, Debit Cards, Electronic purse etc.
b. Post Paid Tokens : are used with fund transfer instructions between the
buyer and seller. Examples – Electronic cheques, Credit card data etc.

Electronic or Digital Cash:

This combines computerized convenience with security and privacy that
improve upon paper cash. Cash is still the dominant form of payment as: The
consumer still mistrusts the banks. The non-cash transactions are inefficiently
cleared. In addition, due to negative real interests rates on bank deposits. Now we will
enumerate some qualities of cash:
a. Cash is a legal tender i.e. payee is obligatory to take it.
b. It is negotiable i.e. can be given or traded to someone else.
c. It is a bearer instrument i.e. possession is proof of ownership.
d. It can be held & used by anyone, even those without a bank certificate.
e. It places no risk on part of acceptor.
The following are the limitations of Debit and Credit Cards:
a. They are identification cards owned by the issuer & restricted to one user
i.e. cannot be given away.
b. They are not legal tender.
c. Their usage requires an account relationship and authorization system.

Properties of Digital Cash

 Must have a monetary value: It must be backed by cash (currency), bank
authorized credit or a bank certified cashier’s check.
24 Information Technology in Business Management - I (S.Y.B.M.S Sem – III)
 Ease of Operation: Must be interoperable or exchangeable as payment
for other digital cash, paper cash, goods or services, lines of credit, bank
notes or obligations, electronic benefit transfers and the like.
 Must be storable and retrievable: Cash could be stored on a remote
computer’s memory, in smart cards, or on other easily transported
standard or special purpose devices. Remote storage or retrieval would
allow users to exchange digital cash from home or office or while
traveling.
 Secure: Should not be easy to copy or tamper with while it is being
exchanged.

Electronic Cheques:
The electronic cheques are modeled on paper checks, except that they are
initiated electronically. They use digital signatures for signing and endorsing and
require the use of digital certificates to authenticate the payer, the payer’s bank and
bank account. They are delivered either by direct transmission using telephone lines
or by public networks such as the Internet.

Benefits of electronic Cheques:

 Well suited for clearing micro payments. Conventional cryptography of e-
cheques makes them easier to process than systems based on public key
cryptography (like digital cash).
 They can serve corporate markets. Firms can use them in more cost-
effective manner.
 They create float and the availability of float is an important requirement
of Commerce.

SECURITY IN INTERNATIONAL OR CROSS BORDER FINANCIAL

TRANSACTIONS
With the advent of Computers as a basic tool of Communication, Information
Processing, Information Storage, Physical Devices Control, etc., a whole new Cyber
Society has come into existence. This Cyber society operates on a virtual world
created by Technology and it is the “Cyber Space Engineering” that drives this
world. In maintaining harmony and co-existence of people in this Cyber Space, there
is a need for a legal regime which is what we recognize as “Cyber laws”. Cyber Laws
are the basic laws of a Society and hence have implications on every aspect of the
Cyber Society such as Governance, Business, Crimes, Entertainment, Information
Delivery, Education etc.
Until the use of internet, there existed a network of laws in each country where
the crimes were tackled according to the laws of that particular country. However,
with the widespread use of Internet, the crimes were being committed across the
E-Security System 25
country borders and it became difficult to get the criminal due to the jurisdiction of
country laws.
To tackle such crimes, United Nations adopted a resolution and Model Law
on 12th June 1996 which was intended to facilitate the use of modern means of
communications and storage of information. It is based on the establishment of a
functional equivalent in electronic media for paper-based concepts such as "writing",
"signature" and "original". By providing standards by which the legal value of
electronic messages can be assessed, the Model Law should play a significant role in
enhancing the use of paperless communication. The Model Law also contains rules
for electronic commerce in specific areas.

International Cyber Laws

Electronic commerce has led to specific legal problems, for example with regard
to evidence, liability, consumer protection or payment. The convergence between
broadcasting, telecommunications and digital information technology has created a
new platform for public information with all the related legal issues.
The introduction of new digital information and communications technologies
has given birth to a new legal domain, commonly called Information and
Communication Technology Law or more fashionably - Cyber Law. IT Law is a set
of legal enactments, currently in existence in several countries, which governs
the digital dissemination of both (digitalized) information and  software itself
(see History of free and open-source software). IT Law normally covers mainly
the digital information (including information security and electronic commerce)
aspects and it has been described as "paper laws" for a "paperless environment".
Practically every country in the world has issued specific legislation or
developed case law in this area. The domain has acquired sufficient stability to fit into
a common structure.
There is intellectual property in general, including copyright, rules on fair use,
and special rules on copy protection for digital media, and circumvention of such
schemes. The area of software patents is controversial and still evolving in Europe
and elsewhere. The related topics of  software licenses, end user license
agreements, free software licenses and open-source licenses can involve discussion of
product liability, professional liability of individual developers, warranties, contract
law, trade secrets and intellectual property.
In various countries, areas of the computing and communication industries are
regulated – often strictly – by government bodies.
There are rules on the uses to which computers and computer networks may be
put, in particular there are rules on  access, data and spamming. There are also limits
on the use of encryption and of equipment which may be used to defeat copy
protection schemes. The export of Hardware and Software between certain states is
also controlled.
26 Information Technology in Business Management - I (S.Y.B.M.S Sem – III)
There are laws governing trade on the Internet, taxation, consumer protection,
and advertising. There are laws on  censorship versus freedom of expression, rules on
public access to government information, and individual access to information held
on them by private bodies. There are laws on what data must be retained for law
enforcement, and what may not be gathered or retained, for privacy reasons. In
certain circumstances and jurisdictions, computer communications may be used in
evidence, and to establish contracts. New methods of tapping and surveillance made
possible by computers have wildly differing rules on how they may be used by law
enforcement bodies and as evidence in court.

Indian Cyber Law

The Information Technology Act, 2000 commonly known as IT Act, 2000, is
majorly based on UNCITRAL (United Nations Commission on International
TRAde Law). This act was established in the year 2000, hence the name says so. The
IT Act, 2000 is an act introduced to provide legal recognition for transactions carried
out by means of Electronic Data Interchange (EDI) and to tackle crimes or offenses
committed using electronic media.
The objectives of it act, 2000 are:
 To provide legal recognition for transactions carried out by means of
electronic data interchange, and other means of electronic
communication, commonly referred to as "electronic commerce",
involving the use of alternatives to paper-based methods of
communication and storage of information.
 To facilitate electronic filing of documents with the Government agencies.
 To amend the Indian Penal Code, the Indian Evidence Act, 1872, the
Banker's Book Evidence Act, 1891 and the Reserve Bank of India Act,
1934
 It aims to provide for the legal framework so that legal sanctity is
accorded to all electronic records and other activities carried out by
electronic means. 
The IT Act, 2000 has 13 chapters, 94 Sections & 4 Schedules, which are as
follows:
Sec. 01-14 Legal aspects related to Digital Signatures
Sec. 15-42 Certifying Authorities and License as well as Digital Certificate
related issues
Sec. 43-47 Provision of penalties & compensation
Sec. 48-64 Appeals to Tribunals & Higher Courts
Sec. 65-79 Offences
Sec. 80-94 Miscellaneous Provisions
E-Security System 27
It should be noted that, the Civil Court does not have the jurisdiction in the cases
filed under IT Act, 2000.

Amendments under IT Amendment Act, 2008

 Has modified certain definitions.
 Has added new definitions.
 Notified system of Service Delivery.
 Provided guidelines for creating and maintaining the repository of
documents signed in Electronic Format.
 Provided guidelines for using special stationary for Electronic Service
Delivery.
 Provided guidelines for auditing the Information System & Account of
Service Provider.

THREAT HUNTING SOFTWARE

Introduction
Threat hunting or essentially Cyber Threat Hunting is "the process of
proactively and iteratively searching through networks to detect and isolate advanced
threats that evade existing security solutions.” This is in contrast to traditional threat
management measures, such as firewalls, intrusion detection systems (IDS),
and Security information & Event Management (SIEM) Systems, which typically
involve an investigation after there has been a warning of a potential threat or an
incident has occurred.
Threat hunting can be a manual process, in which a security analyst sifts through
various data information using their own knowledge and familiarity with the network
to create hypotheses about potential threats, such as, but not limited to, Lateral
Movement by Threat Actors. To be even more effective and efficient, however, threat
hunting can be partially automated, or machine-assisted, as well. In this case, the
analyst utilizes software that leverages machine learning and User & Entity
Behavior Analytics (UEBA) to inform the analyst of potential risks. The analyst
then investigates these potential risks, tracking suspicious behavior in the network. 
Ideally, threat hunting is a continuous and repetitive process. More importantly,
it is carried out in a loop and on hypothetical basis. The hypothesis is of following
types:
Analytics-Driven: "Machine-learning and UEBA, used to develop aggregated
risk scores that can also serve as hunting hypotheses”.
Situational-Awareness Driven: "Crown Jewel analysis, enterprise risk
assessments, company- or employee-level trends”.
28 Information Technology in Business Management - I (S.Y.B.M.S Sem – III)
Intelligence-Driven: "Threat intelligence reports, threat intelligence feeds,
malware analysis, vulnerability scans”.
The analyst researches their hypothesis by going through vast amount of data
about the network. The results are then stored so that they can be used to improve the
automated portion of the detection system and to serve as a foundation for future
hypotheses. The Detection Maturity Level (DML) model expresses threat indicators
can be detected at different semantic levels. High semantic indicators such as goal
and strategy, or Tactics, Techniques and Procedure (TTP) are more valuable to
identify than low semantic indicators such as network artifacts and atomic indicators
such as IP addresses. SIEM tools typically only provide indicators at relatively low
semantic levels. There is therefore a need to develop SIEM tools that can provide
threat indicators at higher semantic levels.

Things to Consider With a Threat Hunting Program/Software

a. Change the Mindset

Threat hunting is less about new technologies and techniques than it is about a
fundamental change in mindset. The emphasis is on using human smarts to ferret out
malicious activity rather than relying solely on security alerting tools. Hunches and
"gut-feel" play as much a part in threat hunting as indicators of compromise and other
technology metrics and alerts.

b. Think like a Hacker

To be good at threat hunting you absolutely need to think like a malicious
hacker would. For example, if your organization is the kind that measures success by
how many trouble tickets you can close in an hour and how quickly you can
remediate issues, there’s a good chance that attackers know that as well. It is vital for
organizations to realize that the initial intrusion is usually the easiest first step of a
complex attack. Once you understand that, a lot of other things fall into place.

c. Stop focusing solely on Malware/Virus

The malware that attackers use on your network is just a means to an end. So
merely finding and eradicating malware samples is not enough. Threat hunting is not
just searching hosts for indicators of compromise, but in reality, that is nothing but
host-based intrusion detection using a fancy name for signatures. Threat hunting
requires a combination of active threat monitoring and directed probing. By focusing
too much on finding malware, you also run the risk of overlooking malicious
activities that are being carried out by attackers using legitimate tools and access
credentials on your network.

d. Make the Right Data available

Good data and intelligence are keys to an effective cyber-hunting capability.
Data gathered by security systems, SIEM, and analytics platforms and network
monitoring tools could provide a wealth of information on the health of a network.
E-Security System 29
When properly vetted through the right filters, such data can play a vital role in
helping threat hunters arrive at a more contextual understanding of what they might
be seeing or chasing down on the network.
Threat hunting is all about piecing together disparate data to build a picture of an
attack underway. It could be unusual behavior reported by a User and Entity Behavior
Analytics (UEBA) solution. It could be a traffic spike or unusual connection
identified by your net-flow monitoring solution or it could be on a piece of threat
intelligence against your SIEM or endpoint monitoring.

f. Think Out-of-Box / Unconventional Methods

Doing something unexpected or something different is a good way to ferret out
hidden intruders on your network. One example would be the digital equivalent of a
Cold War era tactic called “Crazy Ivan” that was used by submarine commanders to
detect if another submarine was hiding behind them in their wake. The tactic involved
abrupt hard turns and other maneuvers so a submarine following behind another
would be exposed.
One way to do the same thing in the digital world is to unexpectedly change
passwords to see if someone is making password-cracking attempts. Another tactic is
to clear DNS caches to make it easier to see if any compromised endpoints that are
trying to resolve to botnets and malicious servers.
Some Threat Hunting softwares are listed below;
1. Carbon Black
Capturing every endpoint event across your enterprise is not just for incident response;
use that same data to proactively “hunt for threats”. The deep level of information we
collect can empower the security team to take matters into their own hands, augmenting
the automated defenses in real time to disrupt attacks and close security gaps.
Every organization has a different set of security skills and objectives, whether protecting
workstations, locking down servers, or integrating with your security stack. Only Carbon
Black provides the next-generation endpoint security, so we can cover risks no matter
what the situation is.
2. Sqrrl
Sqrrl Enterprise is built to streamline the hunting experience as a powerful
Threat Hunting Platform. Security analysts may have the domain knowledge to hunt,
but not the advanced data science skill sets to directly manipulate and filter Big Data.
As such, automated algorithms and prioritization are needed to make sense of the
power big data affords. As an optimal hunting platform, Sqrrl Enterprise enables a
hunter to filter and prioritize Big Data while iteratively asking the data questions and
explore the relationships in the data. Sqrrl provides the scalability, visualization, and
analytics that help analysts track down advanced threats via more advanced hunting
techniques, turning data gatherers into data hunters.
3. Infocyte Hunt
30 Information Technology in Business Management - I (S.Y.B.M.S Sem – III)
It enables the internal IT and security teams to proactively discover the presence
of malware and persistent threats, active or dormant that have successfully evaded
existing defenses and established a beachhead within our endpoints, including user
devices and servers.
Infocyte HUNT is agentless and designed to rapidly assess network endpoints
for evidence of compromise – without the burden of complicated equipment or
endpoint software installations –to help us quickly and confidently answer the
question, “Whether I have been breached?”

Q.1. Answer the following.

1. What is encryption & what are the benefits of E-commerce?
2. Explain symmetric key encryption & How does E-commerce provide better
customer service?
3. Write a short note on data encryption standards & List & explain categories of E-
Commerce?
4. How does public key infrastructure (PKI) works & what is the need of EDI
5. Write a short note on Key Length and Encryption Strength
6. Write a short note on Secure Socket Layer (SSL) & Write a note on business
models in E-commerce?
7. Write a short note on privacy & why security is needed in E-commerce?
8. Write a short note on integrity & List common threats to the security of E-
commerce
9. Write a short note on Cryptography.
10. What is digital signature & explain its use.
11. Write a note on following payment systems?
a. Digital Cash.
b. Digital Credit Cards.
c. Digital Cheques.
12. Explain use of credit cards & Explain how an online credit card transaction is
carried out?
13. Explain steps involved in credit card processing?
14. Enlist limitations of online credit card payment systems?
15. What are the motives of Implementation of IT Act, 2000?
16. Discuss the important cases filed under IT Act, 2000.
