Search for notes by fellow students, in your own course and all over the country.
Browse our notes for titles which look like what you need, you can preview any of the notes via a sample of the contents. After you're happy these are the notes you're after simply pop them into your shopping cart.
Document Preview
Extracts from the notes are below, to see the PDF you'll receive please use the links above
DIGITAL
NOTES ON
CYBER
SECURITY
(2020-2021)
CYBER SECURITY
Page 1
•
•
•
•
To understand various types of cyber-attacks and cyber-crimes
To learn threats and risks within context of the cyber security
To have an overview of the cyber laws & concepts of cyber forensics
To study the defensive techniques against these attacks
UNIT -I
Introduction to Cyber Security: Basic Cyber Security Concepts, layers of security,
Vulnerability, threat, Harmful acts, Internet Governance – Challenges and Constraints,
Computer Criminals, CIA Triad, Assets and Threat, motive of attackers, active attacks,
passive attacks, Software attacks, hardware attacks, Cyber Threats-Cyber Warfare, Cyber
Crime, Cyber terrorism, Cyber Espionage, etc
...
UNIT - II
Cyberspace and the Law & Cyber Forensics: Introduction, Cyber Security Regulations,
Roles of International Law
...
Introduction, Historical background of Cyber forensics, Digital Forensics Science, The Need
for Computer Forensics, Cyber Forensics and Digital evidence, Forensics Analysis of Email,
Digital Forensics Lifecycle, Forensics Investigation, Challenges in Computer Forensics
UNIT - III
Cybercrime: Mobile and Wireless Devices: Introduction, Proliferation of Mobile and
Wireless Devices, Trends in Mobility, Credit card Frauds in Mobile and Wireless
Computing Era, Security Challenges Posed by Mobile Devices, Registry Settings for Mobile
Devices, Authentication service Security, Attacks on Mobile/Cell Phones, Organizational
security Policies and Measures in Mobile Computing Era, Laptops
...
CYBER SECURITY
Page 2
UNIT - V
Privacy Issues: Basic Data Privacy Concepts: Fundamental Concepts, Data Privacy Attacks,
Datalinking and profiling, privacy policies and their specifications, privacy policy languages,
privacy in different domains- medical, financial, etc
Cybercrime: Examples and Mini-Cases
Examples: Official Website of Maharashtra Government Hacked, Indian Banks Lose
Millions of Rupees, Parliament Attack, Pune City Police Bust Nigerian Racket, e-mail
spoofing instances
...
TEXT BOOKS:
1
...
B
...
Gupta,D
...
Agrawal,HaoxiangWang,ComputerandCyberSecurity:Principle
s, Algorithm, Applications, and Perspectives, CRC Press, ISBN
9780815371335,2018
...
Cyber Security Essentials, James Graham, Richard Howard and Ryan Otson,
CRCPress
...
Introduction to Cyber Security, Chwan-Hwa(john) Wu,J
...
Course Outcomes:
The students will be able to:
1
...
2
...
Apply policies and procedures to manage Privacy issues
4
...
No
1
2
3
4
5
6
7
8
9
10
11
12
13
CYBER SECURITY
Unit
I
I
I
I
II
II
II
III
III
IV
IV
V
V
Topic
Page no
Cyber security introduction -Basics
5
Layers of Security
9
Security vulnerabilities, threats and Attacks
11
Cyber Threats-Cyber-Warfare
16
Cyberspace and the Law & Cyber Forensics
19
National Cyber security Policy
22
Cyber Forensics
23
Cybercrime-Mobile and wireless devices
30
Security Challenges proposed by Mobile devices
34
Cyber security-Organizational Implications
Social Media Marketing
Privacy Issues-Data Privacy attacks
Privacy Policy Languages
Page 4
UNIT-I
Introduction to Cyber Security
Cyber Security Introduction - Cyber Security Basics:
Cyber security is the most concerned matter as cyber threats and attacks are overgrowing
...
Individuals,
small-scale businesses or large organization, are all being impacted
...
What is cyber security?
"Cyber security is primarily about people, processes, and technologies working together to
encompass the full range of threat reduction, vulnerability reduction, deterrence, international
engagement, incident response, resiliency, and recovery policies and activities, including
computer network operations, information assurance, law enforcement, etc
...
•
The term cyber security refers to techniques and practices designed to protect digital
data
...
OR
Cyber security is the protection of Internet-connected systems, including hardware, software,
and data from cyber attacks
...
•
Cyber is related to the technology which contains systems, network and programs or
data
...
Why is cyber security important?
Listed below are the reasons why cyber security is so important in what’s become a
predominant digital world:
•
•
•
Cyber attacks can be extremely expensive for businesses to endure
...
Cyber-attacks these days are becoming progressively destructive
...
CYBER SECURITY
Page 5
•
Regulations such as GDPR are forcing organizations into taking better care of the
personal data they hold
...
But, an organization or an individual can develop a proper response plan only when he
has a good grip on cyber security fundamentals
...
It also means trying to keep the identity of authorized parties involved in sharing and holding
data private and anonymous
...
Standard measures to establish confidentiality include:
•
•
•
•
Data encryption
Two-factor authentication
Biometric verification
Security tokens
Integrity
Integrity refers to protecting information from being modified by unauthorized parties
...
Standard measures to guarantee availability include:
•
•
•
•
Backing up data to external drives
Implementing firewalls
Having backup power supplies
Data redundancy
CYBER SECURITY
Page 6
Types of Cyber Attacks
A cyber-attack is an exploitation of computer systems and networks
...
Cyber-attacks can be classified into the following categories:
1) Web-based attacks
2) System-based attacks
Web-based attacks
These are the attacks which occur on a website or web applications
...
Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information
...
2
...
Whereby a data is introduced into a DNS
resolver's cache causing the name server to return an incorrect IP address, diverting traffic to
the attackers computer or any other computer
...
3
...
Web applications create
cookies to store the state and user sessions
...
4
...
It occurs when an attacker is masquerading as a trustworthy
entity in electronic communication
...
Brute force
It is a type of attack which uses a trial and error method
...
This attack may be used by criminals to crack encrypted data, or by
security, analysts to test an organization's network security
...
Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users
...
It uses the single system and single internet connection to attack a server
...
Protocol attacks- It consumes actual server resources, and is measured in a packet
...
7
...
8
...
9
...
10
...
Due to this, an attacker will be able to read, insert
and modify the data in the intercepted connection
...
Some of the important system-based attacks are as follows1
...
It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed
...
CYBER SECURITY
Page 8
2
...
It works same as the computer virus
...
3
...
It misleads the user of its true intent
...
4
...
A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes
...
Bots
A bot (short for "robot") is an automated process that interacts with other network services
...
Common examples of bots program are the crawler, chatroom bots, and
malicious bots
...
1: Mission Critical Assets – This is the data you need to protect
2: Data Security – Data security controls protect the storage and transfer of data
...
4: Endpoint Security – Endpoint security controls protect the connection between devices and
the network
...
6: Perimeter Security – Perimeter security controls include both the physical and digital
security methodologies that protect the business overall
...
Human
security controls include phishing simulations and access management controls that protect
mission critical assets from a wide variety of human threats, including cyber criminals,
malicious insiders, and negligent users
...
Any
company that manages, transmits, stores, or otherwise handles data has to institute and enforce
mechanisms to monitor their cyber environment, identify vulnerabilities, and close up security
holes as quickly as possible
...
Cyber threats are security incidents or circumstances with the potential to have a negative
outcome for your network or other data management systems
...
Vulnerabilities are the gaps or weaknesses in a system that make threats possible and tempt
threat actors to exploit them
...
When threat probability is multiplied by the potential loss that may result, cyber security
experts, refer to this as a risk
...
In a sense, the purpose of computer security is to prevent these criminals from doing damage
...
Although
this definition is admittedly broad, it allows us to consider ways to protect ourselves, our
businesses, and our communities against those who use computers maliciously
...
Many studies have attempted to determine the characteristics of computer criminals
...
CIA Triad
The CIA Triad is actually a security model that has been developed to help people think about
various parts of IT security
...
Protecting confidentiality is dependent on being able to define and enforce certain access levels
for information
...
e
...
Some of the most common means used to manage confidentiality include access control lists,
volume and file encryption, and Unix file permissions
...
This is an essential component of the CIA Triad and designed to protect data from deletion or
modification from any unauthorized party, and it ensures that when an authorized person makes
a change that should not have been made the damage can be reversed
...
Authentication mechanisms, access channels and systems all have to work properly for the
information they protect and ensure it's available when it is needed
...
While this is considered the core factor of the majority
of IT security, it promotes a limited view of the security that ignores other important factors
...
It's important to understand what the CIA Triad is, how it is used to plan and also to implement
a quality security policy while understanding the various principles behind it
...
When you are informed, you can utilize the CIA Triad
for what it has to offer and avoid the consequences that may come along by not understanding
it
...
For example: An employee’s desktop computer, laptop or company phone would be considered
an asset, as would applications on those devices
...
An organization’s most common assets are information
assets
...
e
...
Threats can be categorized as circumstances that compromise the confidentiality, integrity or
availability of an asset, and can either be intentional or accidental
...
Motive of Attackers
The categories of cyber-attackers enable us to better understand the attackers' motivationsand
the actions they take
...
1
...
2
...
g
...
3
...
Socio-cultural motivations also include fun,
curiosity, and a desire for publicity or ego gratification
...
Types of Active attacks:
Masquerade: in this attack, the intruder pretends to be a particular user of a system to gain
access or to gain greater privileges than they are authorized for
...
Session replay: In this type of attack, a hacker steals an authorized user’s log in information
by stealing the session ID
...
Message modification: In this attack, an intruder alters packet header addresses to direct a
message to a different destination or modify the data on a target machine
...
This is generally accomplished by overwhelming the target with more traffic than it can handle
...
Passive Attacks:Passive attacks are relatively scarce from a classification perspective, but can
be carried out with relative ease, particularly if the traffic is not encrypted
...
For the attack to be useful, the traffic must not be encrypted
...
Traffic analysis: the attacker looks at the metadata transmitted in traffic in order to deduce
information relating to the exchange and the participating entities, e
...
the form of the
exchanged traffic (rate, duration, etc
...
Software Attacks: Malicious code (sometimes called malware) is a type of software
designed to take over or damage a computer user's operating system, without the user's
knowledge or approval
...
Common
malware examples are listed in the following table:
CYBER SECURITY
Page 14
Attack
Virus
Characteristics
A virus is a program that attempts to damage a computer system and replicate itself
to other computer systems
...
A worm can negatively
impact network traffic just in the process of replicating itself
...
Is usually introduced into the system through a vulnerability
...
Example: Code Red
...
Discretionary environments are often more vulnerable and susceptible to Trojan
horse attacks because security is user focused and user directed
...
A Trojan horse:
•
•
•
•
Logic
Bomb
Requires a host to replicate and usually attaches itself to a host file or a
hard drive sector
...
Often focuses on destruction or corruption of data
...
doc,
...
bat extensions
...
Many viruses can e-mail themselves to
everyone in your address book
...
Cannot replicate itself
...
Often is hidden in useful software such as screen savers or games
...
A Logic Bomb is malware that lies dormant until triggered
...
•
•
CYBER SECURITY
A trigger activity may be a specific date and time, the launching of a
specific program, or the processing of a specific type of activity
...
Page 15
Hardware Attacks:
Common hardware attacks include:
• Manufacturing backdoors, for malware or other penetrative purposes; backdoors
aren’t limited to software and hardware, but they also affect embedded radiofrequency identification (RFID) chips and memory
• Eavesdropping by gaining access to protected memory without opening other
hardware
• Inducing faults, causing the interruption of normal behaviour
•
Hardware modification tampering with invasive operations
•
Backdoor creation; the presence of hidden methods for bypassing normal computer
authentication systems
•
Counterfeiting product assets that can produce extraordinary operations and those
made to gain malicious access to systems
...
Future wars will see
hackers using computer code to attack an enemy's infrastructure, fighting alongside troops
using conventional weapons like guns and missiles
...
Cyber Crime:
Cybercrime is criminal activity that either targets or uses a computer, a computer network
or a networked device
...
Cybercrime is carried out by individuals or organizations
...
Others are novice hackers
...
It refers to unlawful
attacks and threats of attacks against computers, networks and the information stored
therein when done to intimidate or coerce a government or its people in furtherance of
political or social objectives
...
Cyber Espionage:
Cyber spying, or cyber espionage, is the act or practice of obtaining secrets and
information without the permission and knowledge of the holder of the information from
CYBER SECURITY
Page 16
individuals, competitors, rivals, groups, governments and enemies for personal,
economic, political or military advantage using methods on the Internet
...
A security policy also considered to be a "living document" which means that the document
is never finished, but it is continuously updated as requirements of the technology and
employee changes
...
Most types of security policies are
automatically created during the installation
...
Need of Security policies1) It increases efficiency
...
Removes, and repairs the side effects of viruses and security risks by using signatures
...
•
It detects the attacks by cybercriminals and removes the unwanted sources of network
traffic
...
It also protects applications from vulnerabilities and checks the contents of one or
more data packages and detects malware which is coming through legal ways
...
The device control policy applies to both Windows and Mac computers whereas
application control policy can be applied only to Windows clients
...
It is maintained by the worldwide distribution of information
and communication technology devices and networks
...
The cyberspace is anticipated to become even more complex in the upcoming years,
with the increase in networks and devices connected to it
...
The principal impetus of this Act is to offer
reliable legal inclusiveness to eCommerce, facilitating registration of real-time records with the
Government
...
The ITA, enacted by the Parliament of India, highlights the grievous punishments and penalties
safeguarding the e-governance, e-banking, and e-commerce sectors
...
The IT Act is the salient one, guiding the entire Indian legislation to govern cybercrimes
rigorously:
Section 43 - Applicable to people who damage the computer systems without permission from
the owner
...
Section 66 - Applicable in case a person is found to dishonestly or fraudulently committing
any act referred to in section 43
...
5 lakh
...
This term can also
be topped by Rs
...
Section 66C - This section scrutinizes the identity thefts related to imposter digital signatures,
hacking passwords, or other distinctive identification features
...
1 lakh fine
...
Indian Penal Code (IPC) 1980
Identity thefts and associated cyber frauds are embodied in the Indian Penal Code (IPC), 1860
- invoked along with the Information Technology Act of 2000
...
The directives of this Act cements all the required
techno-legal compliances, putting the less compliant companies in a legal fix
...
Also, post the notification of the
Companies Inspection, Investment, and Inquiry Rules, 2014, SFIOs has become even more
proactive and stern in this regard
...
The Companies (Management and
Administration) Rules, 2014 prescribes strict guidelines confirming the cybersecurity
obligations and responsibilities upon the company directors and leaders
...
NIST Cybersecurity Framework encompasses all required guidelines, standards, and best
practices to manage the cyber-related risks responsibly
...
It promotes the resilience and protection of critical infrastructure by: Allowing better
interpretation, management, and reduction of cybersecurity risks – to mitigate data loss, data
misuse, and the subsequent restoration costs Determining the most important activities and
critical operations - to focus on securing them Demonstrates the trust-worthiness of
organizations who secure critical assets Helps to prioritize investments to maximize the
cybersecurity ROI Addresses regulatory and contractual obligations Supports the wider
information security program By combining the NIST CSF framework with ISO/IEC 27001 cybersecurity risk management becomes simplified
...
Final Thoughts As human dependence on technology intensifies, cyber laws in India and across
the globe need constant up-gradation and refinements
...
Lawmakers
have to go the extra mile to stay ahead of the impostors, in order to block them at their advent
...
Only the prudent efforts of these stakeholders, ensuring their confinement to the law
of the cyberland - can bring about online safety and resilience
...
INTERNATIONAL LAW FOR CYBER CRIME
Cybercrime is "international" that there are ‘no cyber-borders between countries’ The
complexity in types and forms of cybercrime increases the difficulty to fight back fighting
cybercrime calls for international cooperation Various organizations and governments have
already made joint efforts in establishing global standards of legislation and law enforcement
both on a regional and on an international scale
THE INDIAN CYBERSPACE
Indian cyberspace was born in 1975 with the establishment of National Informatics Centre
(NIC) with an aim to provide govt with IT solutions
...
These NWs were, INDONET
which connected the IBM mainframe installations that made up India’s computer infrastructure,
NICNET (the NIC NW) a nationwide very small aperture terminal (VSAT) NW for public
sector organisations as well as to connect the central govt with the state govts and district
administrations, the third NW setup was ERNET (the Education and Research Network), to
serve the academic and research communities
...
4 million in 1999 to over
150 million by Dec 2012
...
Govt is making a determined push to increase
broadband penetration from its present level of about 6%1
...
NATIONAL CYBER SECURITY POLICY
National Cyber Security Policy is a policy framework by Department of Electronics and
Information Technology
...
The policy also intends to safeguard "information, such as personal information
(of web users), financial and banking information and sovereign data"
...
Ministry of Communications and Information Technology (India)
defines Cyberspace as a complex environment consisting of interactions between people,
software services supported by worldwide distribution of information and communication
technology
...
MISSION
To protect information and information infrastructure in cyberspace, build capabilities to
prevent and respond to cyber threat, reduce vulnerabilities and minimize damage from cyber
incidents through a combination of institutional structures, people, processes, technology, and
cooperation
...
To create an assurance framework for the design of security policies and promotion and
enabling actions for compliance to global security standards and best practices by way
of conformity assessment (Product, process, technology & people)
...
To enhance and create National and Sectoral level 24X7 mechanism for obtaining
strategic information regarding threats to ICT infrastructure, creating scenarios for
response, resolution and crisis management through effective predictive, preventive,
protective response and recovery actions
...
Forensic examiners typically analyze data from personal computers, laptops, personal digital
assistants, cell phones, servers, tapes, and any other type of media
...
The forensic examination of computers, and data storage media, is a complicated and highly
specialized process
...
In many cases, examiners testify to their findings, where their skills and abilities are put to
ultimate scrutiny
...
It is a science of
finding evidence from digital media like a computer, mobile phone, server, or network
...
Digital Forensics helps the forensic team to analyzes, inspect, identifies, and preserve the
digital evidence residing on various types of electronic devices
...
THE NEED FOR COMPUTER FORENSICS
Computer forensics is also important because it can save your organization money From a
technical standpoint, the main goal of computer forensics is to identify, collect, preserve, and
analyze data in a way that preserves the integrity of the evidence collected so it can be used
effectively in a legal case
...
It can be found on a computer hard drive, a mobile phone, among other places
...
However, digital evidence is now used to prosecute all types of crimes,
not just e-crime
...
In 2005, for example, a floppy disk led investigators to the BTK serial
killer who had eluded police capture since 1974 and claimed the lives of at least 10 victims
...
Law enforcement agencies are
challenged by the need to train officers to collect digital evidence and keep up with rapidly
evolving technologies such as computer operating systems
...
This study involves investigation of metadata, keyword
searching, port scanning, etc
...
Various approaches that are used for e-mail forensic are:
•
Header Analysis – Meta data in the e-mail message in the form of control information
i
...
envelope and headers including headers in the message body contain information
about the sender and/or the path along which the message has traversed
...
A detailed analysis of these
headers and their correlation is performed in header analysis
...
When the e-mail is
opened, a log entry containing the IP address of the recipient (sender of the e-mail under
investigation) is recorded on the http server hosting the image and thus sender is
tracked
...
The log on proxy server
can be used to track the sender of the e-mail under investigation
...
Both aiming to extract IP address of the receiver’s computer and
e-mail it to the investigators
...
E-mails purged from theclients
(senders or receivers) whose recovery is impossible may be requested from servers
(Proxy or ISP) as most of them store a copy of all e-mails after their deliveries
...
However, servers store the copies of email and server logs only for some limited periods and some may not co-operate with
the investigators
...
•
Network Device Investigation – In this form of e-mail investigation, logs maintained
by the network devices such as routers, firewalls and switches are used to investigate
CYBER SECURITY
Page 24
the source of an e-mail message
...
g
...
•
Software Embedded Identifiers – Some information about the creator of e-mail,
attached files or documents may be included with the message by the e-mail software
used by the sender for composing e-mail
...
Investigating the e-mail for these details may reveal some vital
information about the senders e-mail preferences and options that could help client side
evidence gathering
...
of the client computer used to send e- mail message
...
These headers describe applications and their versions used at the clients to
send e-mail
...
EMAIL FORENSICS TOOLS
Erasing or deleting an email doesn’t necessarily mean that it is gone forever
...
Forensic tracing of e-mail is similar to traditional
detective work
...
•
MiTec Mail Viewer – This is a viewer for Outlook Express, Windows Mail/Windows
Live Mail, Mozilla Thunderbird message databases, and single EML files
...
Messages can be viewed in detailed view, including attachments and an HTML
preview
...
Selected messages
can be saved to eml files with or without their attachments
...
•
OST and PST Viewer – Nucleus Technologies’ OST and PST viewer tools help you
view OST and PST files easily without connecting to an MS Exchange server
...
, in a proper folder structure
...
It can trace multiple e-mails at the same time and easily keep track of them
...
CYBER SECURITY
Page 25
•
EmailTracer – EmailTracer is an Indian effort in cyber forensics by the Resource
Centre for Cyber Forensics (RCCF) which is a premier centre for cyber forensics in
India
...
DIGITAL FORENSICS LIFECYCLE:
Collection: The first step in the forensic process is to identify potential sources of data and
acquire data from them
...
This phase may also involve bypassing or mitigating OS or application features that obscure
data and code, such as data compression, encryption, and access control mechanisms
...
The foundation of forensics is using a methodical
approach to reach appropriate conclusions based on the available data or determine that no
conclusion can yet be drawn
...
Many factors affect reporting, including the following:
a
...
When an
event has two or more plausible explanations, each should be given due consideration
in the reporting process
...
b
...
Knowing the audience to which the data or information will
be shown is important
...
Actionable Information
...
Forensic investigation is the
gathering and analysis of all crime-related physical evidence in order to come to a conclusion
about a suspect
...
This is a general definition,
though, since there are a number of different types of forensics
...
But these digital forensics investigation methods face some
major challenges at the time of practical implementation
...
Digital forensic
experts use forensic tools for collecting shreds of evidence against criminals and criminals use
such tools for hiding, altering or removing the traces of their crime, in digital forensic this
process is called Anti- forensics technique which is considered as a major challenge in digital
forensics world
...
No
...
Unfortunately, it can also
be used by criminals to hide their crimes
Criminals usually hide chunks of data inside the
storage medium in invisible form by using system
commands, and programs
...
The attacker used it for hiding the connection
between him and the compromised system
...
The State and Ors case Hon’ble High Court of
Delhi held that “while dealing with the admissibility of an intercepted telephone call in a CD
and CDR which was without a certificate under Sec
...
65B ofIndian
Evidence Act, 1872 is not admissible and cannot be looked into by the court for any purpose
whatsoever
...
Besides, most
of the time electronic evidence is challenged in the court due to its integrity
...
Legal Challenges
S
...
1
Type
Absence of guidelines and
standards
2
Limitation of the
Evidence Act, 1872
CYBER SECURITY
Description
In India, there are no proper guidelines for the
collection and acquisition of digital evidence
...
Due to this,
the potential of digital evidence has been destroyed
...
the Act is silent on the
method of collection of e-evidence it only focuses on
the presentation of electronic evidence in the court by
accompanying a certificate
as per subsection 4 of Sec
...
This means no
Page 28
matter what procedure is followed it must be proved
with the help of a certificate
...
For making the investigation process
fast and useful forensic experts use various tools to check the authenticity of the data but
dealing with these tools is also a challenge in itself
...
•
Volume and replication
The confidentiality, availability, and integrity of electronic documents are easily get
manipulated
...
Such easiness of communication and
availability of electronic document increases the volume of data which also create difficulty in
the identification of original and relevant data
...
Why should mobile devices be protected? Every day, mobile devices are
lost, stolen, and infected
...
⚫ They play games, download email, go shopping or check their bank balances on the
go
...
The trend is for smaller devices
and more processing power
...
Now the buyers have a choice between high-end PDAs with integrated wireless
modems and small phones with wireless Web-browsing capabilities
...
A simple hand-held mobile device provides enough computing
power to run small applications, play games and music, and make voice calls
...
As the term "mobile device" includes many products
...
Figure
below helps us understand how these terms are related
...
Mobile computing is "taking a computer and all necessary files and software out into the field
...
They are as follows:
1
...
CYBER SECURITY
Page 30
2
...
Tablets may not be best
suited for applications requiring a physical keyboard for typing, but are otherwise capable of
carrying out most tasks that an ordinary laptop would be able to perform
...
Internet tablet: It is the Internet appliance in tablet form
...
Also it cannot
replace a general-purpose computer
...
4
...
It is intended to supplement and synchronize with a desktop computer, giving
access to contacts, address book, notes, E-Mail and other features
...
Ultramobile (PC): It is a full-featured, PDA-sized computer running a general-purpose
operating system (OS)
...
Smartphone: It is a PDA with an integrated cell phone functionality
...
7
...
It operates as a wireless
computer, sound system, global positioning system (GPS) and DVD player
...
8
...
It
functions as a writing utensil, MP3 player, language translator, digital storage device and
calculator
...
"iPhone" from Apple and Google-led "Android" phones are the best examples of this trend and
there are plenty of other developments that point in this direction
...
It is worth noting the trends in mobile computing; this will help readers to readers to realize
the seriousness of cybersecurity issues in the mobile computing domain
...
CYBER SECURITY
Page 31
The new technology 3G networks are not entirely built with IP data security
...
There are
numerous attacks that can be committed against mobile networks and they can originate from
two primary vectors
...
Popular types of attacks against 3G mobile networks are as follows:
1
...
5G2G,2
...
Here are
few examples of malware(s) specific to mobile devices:
• Skull Trojan: I targets Series 60 phones equipped with the Symbian mobile OS
...
The worst thing about
this worm is that the source code for the Cabir-H and Cabir-I viruses isavailable online
...
• Brador Trojan: It affects the Windows CE OS by creating a svchost
...
This executable file
is conductive to traditional worm propagation vector such as E-Mail file attachments
...
Lasco is based on Cabir's source code and replicates over Bluetooth
connection
...
Denial-of-service (DoS): The main objective behind this attack is to make the system
unavailable to the intended users
...
Presently, one of the most common cyber security threats to wired Internet
service providers (iSPs) is a distributed denial-of-service (DDos) attack
...
3
...
e
...
In either case, the legitimate user is charged for the activity
which the user did not conduct or authorize to conduct
...
Spoofed policy development process (PDP): These of attacks exploit the vulnerabilities in
the GTP [General Packet Radio Service (GPRS) Tunneling Protocol]
...
Signaling-level attacks: The Session Initiation Protocol (SIP) is a signaling protocol used
in IP multimedia subsystem (IMS) networks to provide Voice Over Internet Protocol (VoIP)
services
...
Credit Card Frauds in Mobile and Wireless Computing Era:
These are new trends in cybercrime that are coming up with mobile computing - mobile
commerce (M-Commerce) and mobile banking (M-Banking)
...
Today belongs to "mobile compüting," that is, anywhere anytime computing
...
This is true for credit card processing too; wireless credit card processing is a
relatively new service that will allow a person to process credit cards electronically, virtually
anywhere
...
It is most often used by businesses that operate mainly in a mobile environment
There is a system available from an Australian company "Alacrity" called closed-loop
environment for for wireless (CLEW)
...
As shown in Figure, the basic flow is as follows:
1
...
The bank transmits the request to the authorized cardholder
3
...
The bank/merchant is notified
5
...
Security Challenges Posed by Mobile Devices:
Mobility brings two main challenges to cybersecurity: first, on the hand-held devices,
information is being taken outside the physically controlled environment and second remote
access back to the protected environment is being granted
...
When people are asked about important in managing a diverse range of mobile
devices, they seem to be thinking of the ones shown in below figure
...
"
Some well-known technical challenges in mobile security are: managing the registry settings
and configurations, authentication service security, cryptography security, Lightweight
Directory Access Protocol (LDAP) security, remote access server (RAS) security, media player
control security, networking application program interface (API), security etc
...
ActiveSync acts as the "gateway between Windowspowered PC and Windows mobile-powered device, enabling the transfer of applications such
as Outlook information, Microsoft Office documents, pictures, music, videos and applications
from a user's desktop to his/her device
...
In this context, registry setting becomes an
important issue given the ease with which various applications allow a free flow of information
...
A secure network access involves authentication between the device and the base
stations or Web servers
...
No Malicious Code can
impersonate the service provider to trick the device into doing something it does not mean to
...
Some eminent kinds of attacks to which mobile devices are subjected to are: push attacks, pull
attacks and crash attacks
...
Security measures in this scenario come from Wireless
Application Protocols (WAPs), use of VPNs, media access control (MAC) address filtering
and development in 802
...
Attacks on Mobile-Cell Phones:
• Mobile Phone Theft:
Mobile phones have become an integral part of everbody's life and the mobile phone has
transformed from being a luxury to a bare necessity
...
Theft of mobile phones has risen dramatically over the past few years
...
The following factors contribute for outbreaks on mobile devices:
1
...
The first instance of a mobile virus was observed during
June 2004 when it was discovered that an organization "Ojam" had engineered an
antipiracy Trojan virus in older versions of their mobile phone game known as Mosquito
...
2
...
The expanded functionality also increases the probability of
malware
...
Enough connectivity: Smartphones offer multiple communication options, such as
SMS, MMS, synchronization, Bluetooth, infrared (IR) and WLAN connections
...
•
•
•
•
•
Mobile - Viruses
Concept of Mishing
Concept of Vishing
Concept of Smishing
Hacking - Bluetooth
Organizational security Policies and Measures in Mobile Computing Era:
Proliferation of hand-held devices used makes the cybersecurity issue graver than what we
would tend to think
...
One should think about not to keep credit card and bank
CYBER SECURITY
Page 35
account numbers, passwords, confidential E-Mails and strategic information about
organization, merger or takeover plans and also other valuable information that could impact
stock values in the mobile devices
...
Operating Guidelines for Implementing Mobile Device Security Policies
In situations such as those described above, the ideal solution would be to prohibit all
confidential data from being stored on mobile devices, but this may not always be practical
...
Determine whether the employees in the organization need to use mobile computing
devices at all, based on their risks and benefits within the organization, industry and
regulatory environment
...
Implement additional security technologies, as appropriate to fit both the organization
and the types of devices used
...
Biometrics techniques can be used for
authentication and encryption and have great potential to eliminate the challenges
associated with passwords
...
Standardize the mobile computing devices and the associated security tools being used
with them
...
4
...
5
...
Maintain an inventory so
that you know who is using what kinds of devices
...
Establish patching procedures for software on mobile devices
...
Provide education and awareness training to personnel using mobile devices
...
Organizational Policies for the Use of Mobile Hand-Held Devices
There are many ways to handle the matter of creating policy for mobile devices
...
Another way is including such devices existing
policy
...
In the hybrid approach, a new policy is created to address the specific
needs of the mobile devices but more general usage issues fall under general IT policies
...
Companies new to mobile devices may adopt an umbrella mobile policy but they find over time
the the they will need to modify their policies to match the challenges posed by different kinds
of mobile hand-held devices
...
It may happen that over time, companies may
need to create separate policies for the mobile devices on the basis of whether they connect
wirelessly and with distinctions for devices that connect to WANs and LANs
...
Although laptops, like other mobile devices, enhance the
business functions owing to their mobile access to information anytime and anywhere, they
also pose a large threat as they are portable Wireless capability in these devices has also raised
cyber security concerns owing to the information being transmitted over other, which makes it
hard to detect
...
Cybercriminals are targeting laptops that are expensive, to
enable them to fetch a quick profit in the black market
...
thieves
...
Most laptops contain personal and
corporate information that could be sensitive
...
However, this mobility is putting organizations at risk of having a
data breach if a laptop containing sensitive information is lost or stolen
...
1
...
Kensington
cables are one of the most popular brands in laptop security cable
...
One end of the security cable is fit into the universal security
slot of the laptop and the other end is locked around any fixed furniture or item, thus making a
loop
...
2
...
The advantage of safes over security cables is that they protect the whole laptop and
its devices such as CD-ROM bays, PCMCIA cards and HDD bays which can be easily removed
in the case of laptops protected by security cables
...
Motion sensors and alarms: Even though alarms and motion sensors are annoying owing
to their false alarms and loud sound level, these devices are very efficient in securing laptops
...
Also owing to their loud nature, they help in deterring thieves
...
4
...
These labels cannot
be removed easily and are a low-cost solution to a laptop theft
...
Such labels are highly recommended for the
laptops issued to top executives and/or key employees of the organizations
...
Other measures for protecting laptops are as follows:
• Engraving the laptop with personal details
• Keeping the laptop close to oneself wherever possible
CYBER SECURITY
Page 37
•
Carrying the laptop in a different and unobvious bag making it unobvious to potential
thieves
• Creating the awareness among the employees to understand the responsibility of
carrying a laptop and also about the sensitivity of the information contained in the
laptop
• Making a copy of the purchase receipt, laptop serial number and the description of the
laptop
• Installing encryption software to protect information stored on the laptop
• Using personal firewall software to block unwanted access and intrusion
• Updating the antivirus software regularly
• Tight office security using security guards and securing the laptop by locking it down
in lockers when not in use
• Never leaving the laptop unattended in public places such as the car, parking lot,
conventions, conferences and the airport until it is fitted with an anti theft device;
• Disabling IR ports and wireless cards and removing PCMCIA cards when not in use
...
This is because,
information, be it corporate or private, needs high security as it is the most important asset of
an organization or an individual
...
Protecting from malicious programs/attackers/social engineering
...
Avoiding weak passwords/ access
...
Monitoring application security and scanning for vulnerabilities
...
Ensuring that unencrypted data/unprotected file systems do not pose threats
...
Proper handing of removable drives/storage mediums /unnecessary ports
...
Password protection through appropriate passwords rules and use of strong
passwords
...
Locking down unwanted ports/devices
...
Regularly installing security patches and updates
...
Installing antivirus software/firewalls / intrusion detection system (IDSs)
...
Encrypting critical file systems