Documente Academic
Documente Profesional
Documente Cultură
Cyber Security
Suggested Reading Books:
• Information System helps in decision making using past and present data.
HR Department Inventory
Human Resource Department
Information System Inventory
Information System
Information System
Characteristics of Management
•DSS allow users to generate and control the inputs and outputs.
2. Technically Feasibility
Hardware , Software and Network Capability, Reliability, and Availability
3. Economically Feasibility
Cost Saving
Increased Revenue
Decreased Investment Requirement
Increased Profits
System analysis includes the three main basic functions that are 1)
Organizational analysis 2) Analysis to present system and 3)
functional requirement analysis.
System Builders
It specifies how the system will accomplish the objective. System Designing
includes the designing the user interface, data and process.
Data Design: Data element structure, data design, relationship between data.
23
22. Trojan Horse: It is generally non self replicating type of malware program. It
does typically causing loss or theft of data, and possibly system harm .
23. Virus: A computer virus is a malware program that, when executed, replicates
by inserting copies of itself.
24. Worm: A worm self replicating virus that does not alter files but resides in
active memory and duplicates itself. Worm use part of an operating system that
are automatically and usually invisible to the user.
26. Virtual Private Network: A virtual private network (VPN) extends a private
network across a public network, such as Internet.
24
What is cyber security?
• Cyber security standards are security standards which
enable organizations to practice safe security
techniques to minimize the number of successful cyber
security attacks.
• Illegal access
• Illegal Interception
• System Interference
• Data Interference
• Misuse of devices
• Fraud
Why should we care?
• It is a criminal activity committed on the
internet.
35
Information Assurance
Information Assurance is defined as the set of measures applied to protect
information systems and the information of an organization. It ensures about the
followings:
1. Availability
2. Integrity
3. Authentication
4. Confidentiality
5. Non – repudiation: It refers to the ability to ensure that a party to a contract or
a communication cannot deny the authenticity of their signature of a message
that they originated.
36
Security Risk Analysis
Risk analysis process acts as a link between both risk assessment and risk
management processes.
The common terminology that comes out from the process of security risk analysis
is described as follows:
Assets: Assets for an organization means everything that has some value and
needs to be safeguarded.
38
Data Security
Database security deals with all various aspects of protecting the database contents,
its owners, and it users. It ranges from protection from international unauthorized
database uses to unintentional database accesses by unauthorized entities.
39
Threats in Networks
1. Employee Behavior
2. E-mail
3. Viruses
4. Hackers
40
A security threat is a circumstances, condition, or event to cause
economic hardship to data or network resources in the form of
destruction, disclosure, and modification of data, denial of services
fraud and waste.
In addition, organization must be concerned about the inherent
security threats that is associated with businesses over the web
such as: unauthorized user access, eavesdropping and tempering.
To overcome this strong network security, solution is necessary
which can transparently and automatically control the access of
corporate intranets or extranets. The solution must be given
identification and authentication of users, encryption of all traffic
from the application to the user, and access control to all
information.
E-Security can be divided into following parts:
•Client-server network security
•Data & transaction security
•Web Security 41
E-Security can be divided into following parts:
•Client-server network security
•Data & transaction security
•Web Security
43
•But its usefulness is minimal in the UNIX world. Where users are free to move
around the file system, have a great understanding of programming techniques.
•They can easily guess at the bits of knowledge considered confidential. These
bypass the whole basis of STO and make this method of security useless.
Denial of Services:
In this type of threats, a user can render the system unusable for
legitimate users by “hogging” a resources or destroying the resources so
that they cannot be used. The two most common types of these attacks
are:
1) Service Overloading 2) Messaging Overloading
46
Service Overloading: One can easily overload a www server by writing a
small loop that sends requests continually for a particular file for example: A
home page.
Message Overloading: Occurs when someone sends a very large file to a
message box every few minutes. The message box rapidly grows in size &
begins to occupy all space on the disk and increase the no. of receiving process
on the recipients’ machine and causing a disk crash.
Packet Replay: Refer to the recording & retransmission of message packets in
the network. Hacker could replay legitimate authentication sequences message to
gain access to a secure system. When a security association has been established
between sender and a receiver then initially their counters are initialized at zero.
The first message packet sent, will have a sequence number of 1, 2 as so on. Each
time a message packet is sent and the receiver verifies that the number is not that
of a previously sent packet. When detection of a replayed message packet occurs,
the program sends an error message, discards the replayed packet and logs the
event – including in the log entry identifiers such as the date or time when this
error has received, source address, destination address, and the sequence number.
Packet Modification: It is an integrity threats that involve modifying a message
packet or destroyed the message packet. In many cases, packet information not
only be modified, but its contents may be destroyed before legitimate users can47see
them.
IP Spoofing: IP spoofing is a technique where an attacker tries to gain unauthorized
access through a false source address to make it appear as though communication have
originated in a part of the network with high privileges. IP spoofing is the most
common forms of on-line camouflage. Message is coming from a trusted machine or
party, by ‘spoofing’ the Internet Protocol (IP) address of that machine. Now we will
examine the concepts of IP spoofing such as how it is possible, how it works, what it is
used for, and how to protect from it.
48
Encryption is the important technique for data and messaging security:
Encryption is a cryptography technology to scramble (encrypted) the data with a key so that
no one can make sense of it while it’s being transmitted. When data reaches its destination,
the information is unscramble (decrypted) using same or different key. Let consider
following term that is use to understand the concept of encryption.
Cryptography: The terms used commonly in a cryptography system are as follows:
Intruder: Intruder is a person who is not authorized to access the information or the
network.
Plain Text: Intelligible message that is to be converted into unintelligible message
(Encrypted message).
Cipher Text: Message in an encrypted form.
Example:
(Encrypt Form) (Decrypt
Form)
Plain Text Algorithm Cipher Text Algorithm Plain Text
Goods Next Two Word Iqqfu Previous Two word Goods
Sales Previous One Word rzkdr Next One word
Sales
Encryption: Technique of converting plain text into cipher text.
Decryption: Technique of converting cipher text to plain text.
Algorithm: A cryptography algorithm is a mathematical function.
Key: String of digits.
49
There are two types of cryptography or methods of encryption
•Secret Key or Private Key or Symmetric key Cryptography
•Public Key or Asymmetric key Cryptography
Secret Key Cryptography: In this scheme, both the sender and recipient
possess the same key to encrypt and decrypt the data.
Original Encrypted
Message Message
Internet
Encrypted Original
Message Message
50
Public Key Cryptography
This scheme operates on double key called pair key one of which is used to
encrypt the message and only the other one in the pair is used decrypt. This can
viewed as two parts, one part of the key pair, called private key known only by the
designated by the owner, the other part, called the public key, is published widely
but still associated with owner. The public key is use to decrypt information at the
receiver and is not kept secret. The private key is use to encrypt information by the
user and hence it is kept secret. One advantage of public key cryptography is that
no one can detect out the private key from the corresponding public key. The need
for sender and receiver to share secret information over public channels is
completely eliminated. All transaction involves only public keys, and no private
key is ever transmitted or shared over network. Public cryptography can be used
for sender authentication, known as digital signatures.
Example of Public key cryptography is RSA.
51
Original Encrypted
Message Message
Encrypt
with Public
(Plain Text) Key of (Cipher Text)
receiver
Internet
Encrypted Original
Message Message
Decrypt
with Private
(Cipher Text) Key of (Plain Text)
receiver
52
Encryption and Decryption
•Data encrypted with public key can only be decrypted with private
key.
•Data encrypted with private key can only be decrypted with public
key.
Strong points of this scheme
The key can be used in two different ways:
1. Message confidentiality can be proved: The sender uses the
recipients public key to encrypt a message, so that only the private
key holder can decrypt the message, non other.
2. Authenticity of the message originator can be proved: The
receiver uses his private key to encrypt a message, to which only the
sender has access
3. Easy to distribute public key: Public key of the pair can be
easily distributed.
53
Firewalls:
54
55
Firewall Policy: There are two basic design policies of firewall.
•Premises Approach
•Restrictive Approach
Permissive Approach: Allows all the services to pass the site by default, with
the exception of those services that the network services access policy has
designated as disallowed.
56
Nature of Firewall: Two types of firewalls
•Static Firewall
•Dynamic Firewall
Static Firewall: Static firewalls are generally pre-configured and they allow or deny
the access from the outside world by default. Default allows the inbound traffic, in
such a mechanism only the specified user will be denied access to the network of the
enterprises. In the default deny policy, only the specific users who display their
authentication are permitted to access the network.
Dynamic Firewall: The dynamic firewall uses allow and denial of services policy at
the network on the time basis.
•Some service on the network may be allowed and other may be denied for a specific
time interval.
•The configuration of such firewall is slightly more complex.
57
Limitation of Firewall:
•Firewall can not protect against attacks that do not go through it.
•Firewalls do not protect against threats emanating from internal users i.e., those who are
part of the trusted network.
•Firewall is concerned with monitoring the traffic and permitting only authenticated and
legitimate traffic flow. It does not concern itself with integrity issues related to application
and data.
•Firewall are concerned with the controlled flow of data traffic and do not provide
confident of data. However application proxies at the firewall machine can provide
encryption and decryption of all the data passing through as it becomes a single access
point to the application.
•Firewall can not protect very well against viruses. In general, a firewall can not protect
against a data driven attack-attacks in which something is mailed or copied to an internal
host, where it is then executed.
Importance of Firewall:
•You can monitor incoming and outgoing security alerts and the firewall company will
record and track down an intrusion attempt depending on the severity.
•Some firewalls can be tested for effectiveness by using products that test for leaks or probe
for open ports.
•Some firewalls but not all can delete Viruses, Worms, Trojan horses, or data collectors.
•Firewall can also be used to prevent employee from accessing games, newsgroup or audit
sites on the WWW.
58
E-Commerce business transactions for authentication the digital
signature are used. The authentications refer the legal, financial &
other document related issues.
•Digital Signature is just like hand written signature which
determined presence & absence of authentications.
1. Penalty and compensation for damage computer, computer system etc: If any person,
without permission of the owner or any other person who is in charge of a computer, computer
system or computer network-
a. Accesses or secures access to such computer . Computer system or computer
network or computer resource;
b. Downloads, copies or extracts any data ,computer database or information from such
computer, computer system or computer network including information data held or
stored in any removable storage medium.
c. Introduces or causes to be introduced any computer contaminant or computer virus
into any computer , computer system or computer network.
d. Damages or cause to be damage to any computer , computer system or computer
network , data, computer database or any other programmes residing in such
computer , computer system or computer network .
e. Disrupts or cause of disruption of any computer , computer system or computer
network .
Continue….
f. denies or causes the denial of access to any person authorized to access any
computer , computer system or computer network by any means;
g. provides any assistance to any computer to facilitate access to a computer ,
computer system or computer network in contravention of the provision of
the Act , rules or regulations made there under;
h. Charges the service availed of by a person to the account of any other
person by tampering or manipulating with or manipulating any computer ,
computer system or computer network ;
i. destroy, delete or alters any information residing in a computer resource or
diminishes its value or utility or affects it injuriously by nay means;
j. steals , conceals , destroys or alters or cause any person to steel , conceal,
destroy or alter any computer source code used for computer resource with
an intention to cause damage,
he shall be liable to pay damage by way of compensation to the person so
affected.
Continued…
2. Compensation for failure to protect data[Sec. 43-A] : where a body corporate ,
possessing, dealing or handling any sensitive personal data or information in
a computer resource which it owns , control or operates , is negligent in
implementing and maintaining reasonable security practices and produces and
thereby causes wrongful loss and wrongful gain to any person , such body
corporate shall be liable to pay damage s by way of compensation to the
person so affected.
3. Penalty to failure to furnish information , return etc.[Sec. 44] :If any person is
required to
a. furnish any document , return or report to the controller or the
Certifying Authority, fails to furnish the same , he shall be liable to penalty
not exceeding rupees one lakh and fifty thousand for each such failure.
b. maintain books of account or records , fails to maintain the
same, he shall be a liable to a penalty not exceeding rupees ten
thousand for every day during which the failure continues;
Continue..
4. Penalty for securing access to a protected system[Sec 70]: The appropriate
government may declare that any computer resource which directly or
indirectly affects the facility of critical Information Infrastructure to be
protected system and may , by in order in writing , authorize the person who
are to access protected notified system. Any person who secure access or
attempts to secure to such a protected system unauthorisely shall be
punished with imprisonment
of a term which may extend to 10 years and shall also be liable to fine. The
central Government has prescribed the Information Technology (Security
Procedure) Rules, 2004.
5 Tampering with computer source documents [sec.65] :Whoever knowingly or
intentionally conceal , destroy or alters any computer source code used for
computer , computer programmed , computer system is required to be
maintained by law, shall be punishable with imprisonment up to three years
or with fine which may extend up to rupees two lacs or with both .
Continued….
6. Punishment for sending offensive message through communication service
, etc[Sec.66-A] : Any person who sends . by means of a computer resource
or a communication device –
a. any information that is grossly offensive or have menacing character
; or
b. any information which he knows to be false , but for the purpose
of annoyance , inconvenience, danger, obstruction , insult, injury ,
criminal intimidation, hatred, persistently by making use of such
computer resource or a communication device;
c. any electronic mail or electronic mail message for the purpose
of causing annoyance or inconvenience or to device or to mislead
the address or recipient about the origin of such message, shall be
punishable with imprisonment for a term which may extend to three
years with fine.
PUNISHMENT FOR VIOLATION OF PRIVACY
(a) With intent to threaten the unity, integrity, security or sovereignty of India
or to strike terror in the people by –
(1) Denying or cause the denial of access to any person authorised to access
computer resource; or
On 24-3-2004 Charge Sheet was filed u/s 67 of IT Act 2000, 469 and 509
IPC before The Hon’ble Addl. CMM Egmore by citing 18 witnesses and 34
documents and material objects. The same was taken on file in
C.C.NO.4680/2004. On the prosecution side 12 witnesses were examined
and entire documents were marked as Exhibits. The Defence argued that
the offending mails would have been given either by ex-husband of the
complainant or the complainant her self to implicate the accused as accused
alleged to have turned down the request of the complainant to marry her.
Further the Defence counsel argued that some of the documentary evidence
was not sustainable under Section 65 B of the Indian Evidence Act.
However, the court relied upon the expert witnesses and other evidence
produced before it, including the witnesses of the Cyber Cafe owners and
came to the conclusion that the crime was conclusively proved.
Continue…
Ld. Additional Chief Metropolitan Magistrate, Egmore, delivered the
judgement on 5-11-04 as follows:
" The accused is found guilty of offences under section 469, 509 IPC
and 67 of IT Act 2000 and the accused is convicted and is sentenced
for the offence to undergo RI for 2 years under 469 IPC and to pay
fine of Rs.500/-and for the offence u/s 509 IPC sentenced to undergo 1
year Simple imprisonment and to pay fine of Rs.500/- and for the
offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine
of Rs.4000/- All sentences to run concurrently."
The accused paid fine amount and he was lodged at Central Prison,
Chennai. This is considered as the first case convicted under section 67 of
Information Technology Act 2000 in India
Bazee.com case