 What is cyber security and how it is different from information security?

Cyber security or information technology security are the techniques of protecting

computers, networks, programs and data from unauthorized access or attacks that are
aimed for exploitation.

Information Security and Cyber security are very closely related terms. Most of us use
them interchangeably and it hardly matters. But there is a definite difference between
them.

Cyber Security is defined as the ability to protect or defend the use of cyberspace from
cyber-attacks.

Whereas, Information Security is the protection of information and information

systems from unauthorized access, use, disclosure, disruption, modification, or
destruction in order to provide confidentiality, integrity, and availability (CIA).

Information Security is a broader field that is concerned with information and

theprotection of information whether be it physical or computerized.

Cyber Security on the other hand deals with protection of cyberspace and use of it
against any sort of crime (related/not related to information CIA).

 What do you mean by information system? What is the need of information

system?

An information system (IS) is an organized systemfor the collection, organization,

storage and communication of information. More specifically, it is the study of
complementary networks that people and organizations use to collect, filter, process,
create and distribute data.

To gain the maximum benefits from your company's information system, you have to
exploit all its capacities. Information systems gain their importance by processing the
data from company inputs to generate information that is useful for managing your
operations. To increase the information system's effectiveness, you can either add more
data to make the information more accurate or use the information in new ways.

What are the types of the information system?

A computer(-based) information system is essentially an IS using computer technology

to carry out some or all of its planned tasks. The basic components of computer-based
information systems are:

 Hardware- these are the devices like the monitor, processor, printer and keyboard,
all of which work together to accept, process, show data and information.
 Software- are the programs that allow the hardware to process the data.
 Databases- are the gathering of associated files or tables containing related data.
 Networks- are a connecting system that allows diverse computers to distribute
resources.
 Procedures- are the commands for combining the components above to process
information and produce the preferred output.

 Explain the terms: Criminal attacks, Publicity attacks, Legal attacks. What is
security?

Cybercrime, or computer oriented crime, is crime that involves a computer and

a network. Cybercrimes can be defined as: "Offences that are committed against
individuals or groups of individuals with a criminal motive to intentionally harm the
reputation of the victim or cause physical or mental harm, or loss, to the victim directly
or indirectly, using modern telecommunication networks such as Internet (networks
including but not limited to Chat rooms, emails, notice boards and groups) and mobile
phones

Criminal attacks are easy to understand: “How can I acquire the maximum financial
return by attacking the system?” Attackers vary, from lone criminals to sophisticated
organized crime syndicates, from insiders looking to make a fast buck to foreign
governments looking to wage war on a country's infrastructure.

Publicity attacks: such attacks occur basically because the attackers wish to see their
names on television news channels and news papers, i.e. gain publicity.

The attack on discrimination by use of legal machinery has only scratched the surface.
An understanding of the existing statutes protecting our civil rights is necessary if we
are to work towards enforcement of these statutes.

Security, in information technology (IT), is the defense of digital information and IT

assets against internal and external, malicious and accidental threats. This defense
includes detection, prevention and response to threats through the use
of security policies, software tools and IT services.

 How to protect yourself while using internet?

Use end-to-end encryption

Encrypt as much communications as you can

Encrypt your hard drive

Strong passwords

Use Tor

Turn on two-factor (or two-step) authentication

Keep software updated, and use anti-virus software

Keep extra secret information extra secure

 What is password?

A password is a string of characters used to verify the identity of a user during the
authentication process.

 Define: Frauds, Scams, Identity theft, Intellectual property theft, Brand theft.

In law, fraud is deliberate deception to secure unfair or unlawful gain, or to deprive a

victim of a legal right. A hoax is a distinct concept that involves deliberate deception
without the intention of gain or of materially damaging or depriving a victim.

A scam is a term used to describe any fraudulent business or scheme that takes
money or other goods from an unsuspecting person. With the world becoming more
connected thanks to the Internet, online scams have increased, and it's often up to you
to help stay cautious with people on the Internet.

Identity theft is the deliberate use of someone else's identity, usually as a method to
gain a financial advantage or obtain credit and other benefits in the other person's
name, and perhaps to the other person's disadvantage or loss.

Intellectual property (IP) theft is defined as theft of material that is copyrighted,

the theft of trade secrets, and trademark violations.

Brand theft is when someone takes your corporate name as his/her own. The name
may then be used as is, e.g. Accountkeeper.net or modified slightly such as “Account
Keeper” as a means of justifying in the cyber criminal's mind that it is after all not exactly
the same name.

 Explain the types of attacks with examples.

Malware: Attackers will use a variety of methods to get malware into your computer,
but at some stage it often requires the user to take an action to install the malware.
This can include clicking a link to download a file, or opening an attachment that
may look harmless (like a Word document or PDF attachment), but actually has a
malware installer hidden within.

Phishing: In a phishing attack, an attacker may send you an email that appears to
be from someone you trust, like your boss or a company you do business with. The
email will seem legitimate, and it will have some urgency to it (e.g. fraudulent
activity has been detected on your account). In the email, there will be an
attachment to open or a link to click. Upon opening the malicious attachment, you’ll
thereby install malware in your computer. If you click the link, it may send you to a
legitimate-looking website that asks for you to log in to access an important file —
except the website is actually a trap used to capture your credentials when you try
to log in.

Cross site scripting: Cross-site scripting attacks can significantly damage a

website’s reputation by placing the users' information at risk without any indication
that anything malicious even occurred. Any sensitive information a user sends to the
site—such as their credentials, credit card information, or other private data —can
be hijacked via cross-site scripting without the website owners realizing there was
even a problem in the first place.

Denial of service: That's essentially what happens to a website during a denial-of-

service (DoS) attack. If you flood a website with more traffic than it was built to
handle, you'll overload the website's server and it'll be nigh-impossible for the
website to serve up its content to visitors who are trying to access it.

Credential reuse: Once attackers have a collection of usernames and passwords

from a breached website or service (easily acquired on any number of black market
websites on the internet), they know that if they use these same credentials on
other websites there’s a chance they’ll be able to log in. No matter how tempting it
may be to reuse credentials for your email, bank account, and your favorite sports
forum, it’s possible that one day the forum will get hacked, giving an attacker easy
access to your email and bank account.

 What are the key principles of security?

Confidentiality

Integrity

Availability
  Discuss the reason behind the significance of authentication.

1. Frequency of security breaches (i.e. Twitter, Evernote, LinkedIn) have IT

departments paying closer attention to authentication.
2. Ubiquity of mobile devices is not only increasing the number of online apps that
users need to log in to, but also increasingly becoming the device of choice for
assisting in authentication. According to Allan, in the past few years, the
popularity of phone-as-a-token solutions has overtaken one-time password
hardware tokens in terms of new and refreshed deployments.
3. Enhanced methods of authentication have “morphed from traditional tokens to
USB devices to smart cards to fingerprint readers, soft tokens and scanning
devices.” Contextual authentication, based on analytics of behavior patterns and
device patterns, is growing in importance and more vendors are offering it with
their core user authentication products. Additionally, there is an increased
interest in using biometrics for a higher level of assurance with improved user
experience, including form factors like typing rhythm, voice recognition, face
topography and iris structure.
4. Move to cloud-delivered user authentication services is becoming more widely
adopted and having the most traction among small and mid-sized businesses
and industries where TCO is a more significant consideration. Gartner predicts
that by 2017, more than 50% of enterprises will choose cloud-based services –
up from less than 10% today.

 What is worm? What is the significant difference between virus and worm?

A computer worm is self-replicating malware that duplicates itself to spread to

uninfected computers. Worms often use parts of an operating system that are automatic
and invisible to the user. It is common for worms to be noticed only when their
uncontrolled replication consumes system resources, slowing or halting other tasks.

Virus Worm

How does it It inserts itself into a file or executable It exploits a weakness in an

infect a program. application or operating
computer system by replicating itself.
system?

How can it It has to rely on users transferring It can use a network to

spread? infected files/programs to other replicate itself to other
computer systems. computer systems without
user intervention.

Does it infect Yes, it deletes or modifies files. Usually not. Worms usually
 files? Sometimes a virus also changes the only monopolize the CPU and
location of files. memory.

whose speed is virus is slower than worm. worm is faster than virus.
more? E.g.The code red worm
affected 3 lack PCs in just 14
Hrs.

Definition The virus is the program code that The worm is code that
attaches itself to application program replicate itself in order to
and when application program run it consume resources to bring it
runs along with it. down.

 Explain concept of phishing and pharming.

Phishing and pharming are two different ways hackers attempt to manipulate users via
the Internet. Phishing involves getting a user to enter personal information via a fake
website. Pharming involves modifying DNS entries, which causes users to be directed
to the wrong website when they visit a certain Web address.

Phishing is similar to fishing in a lake, but instead of trying to capture fish, phishers
attempt to steal your personal information. They send out e-mails that appear to come
from legitimate websites such as eBay, PayPal, or other banking institutions. The e-
mails state that your information needs to be updated or validated and ask that you
enter your username and password, after clicking a link included in the e-mail. Some e-
mails will ask that you enter even more information, such as your full name, address,
phone number, social security number, and credit card number. However, even if you
visit the false website and just enter your username and password, the phisher may be
able to gain access to more information by just logging in to you account.

Pharming is yet another way hackers attempt to manipulate users on the Internet.
While phishingattempts to capture personal information by getting users to visit a fake
website, pharming redirects users to false websites without them even knowing it.
While a typical website uses a domain name for its address, its actual location is
determined by an IP address. When a user types a domain name into his or her Web
browser's address field and hits enter, the domain name is translated into an IP address
via a DNS server. The Web browser then connects to the server at this IP address and
loads the Web page data. After a user visits a certain website, the DNS entry for that
site is often stored on the user's computer in a DNS cache. This way, the computer
does not have to keep accessing a DNS server whenever the user visits the website.
  Explain different cetegories of cyber crime.

Hacking: This is a type of crime wherein a person’s computer is broken into so that his
personal or sensitive information can be accessed. In the United States, hacking is
classified as a felony and punishable as such. This is different from ethical hacking,
which many organizations use to check their Internet security protection. In hacking, the
criminal uses a variety of software to enter a person’s computer and the person may not
be aware that his computer is being accessed from a remote location.

Theft: This crime occurs when a person violates copyrights and downloads music,
movies, games and software. There are even peer sharing websites which encourage
software piracy and many of these websites are now being targeted by the FBI. Today,
the justice system is addressing this cyber crime and there are laws that prevent people
from illegal downloading.

Cyber Stalking: This is a kind of online harassment wherein the victim is subjected to a
barrage of online messages and emails. Typically, these stalkers know their victims and
instead of resorting to offline stalking, they use the Internet to stalk. However, if they
notice that cyber stalking is not having the desired effect, they begin offline stalking
along with cyber stalking to make the victims’ lives more miserable.

Identity Theft: This has become a major problem with people using the Internet for cash
transactions and banking services. In this cyber crime, a criminal accesses data about a
person’s bank account, credit cards, Social Security, debit card and other sensitive
information to siphon money or to buy things online in the victim’s name. It can result in
major financial losses for the victim and even spoil the victim’s credit history.

Malicious Software: These are Internet-based software or programs that are used to
disrupt a network. The software is used to gain access to a system to steal sensitive
information or data or causing damage to software present in the system.

Child soliciting and Abuse: This is also a type of cyber crime wherein criminals solicit
minors via chat rooms for the purpose of child pornography. The FBI has been spending
a lot of time monitoring chat rooms frequented by children with the hopes of reducing
and preventing child abuse and soliciting.

 Explain firewall and working of a firewall.

Broadly speaking, a computer firewall is a software program that prevents unauthorized

access to or from a private network. Firewalls are tools that can be used to enhance the
security of computers connected to a network, such as LAN or the Internet. They are an
integral part of a comprehensive security framework for your network.
A firewall absolutely isolates your computer from the Internet using a "wall of code" that
inspects each individual "packet" of data as it arrives at either side of the firewall —
inbound to or outbound from your computer — to determine whether it should be
allowed to pass or be blocked.
Firewalls have the ability to further enhance security by enabling granular control over
what types of system functions and processes have access to networking resources.
These firewalls can use various types of signatures and host conditions to allow or deny
traffic. Although they sound complex, firewalls are relatively easy to install, setup and
operate.
Most people think that a firewall is a of device that is installed on the network, and it
controls the traffic that passes through the network segment.
However, you can have a host-based firewalls. This can be executed on the systems
themselves, such as with ICF (Internet Connection Firewall). Basically, the work of both
the firewalls is the same: to stop intrusion and provide a strong method of access
control policy. In simple definition, firewalls are nothing but a system that safeguards
your computer; access control policy enforcement points.

 Explain working of a virtual private network.

For as ubiquitous as connectivity has become and how reliant we've grown on it, the
Internet is still a digital jungle where hackers easily steal sensitive information from the
ill-equipped and where the iron-fisted tactics of totalitarian regimes bent on controlling
what their subjects can access are common. So instead of mucking around in public
networks, just avoid them. Use a VPN instead. Between Wi-Fi spoofing, Honeypot
attacks, and Firesheep, public networks really are cesspools. But if you're working
remotely and need to access sensitive data on your company's private servers, doing so
from an unsecured public network like a coffee shop Wi-Fi hotspot could put that data,
your company's business, and your job at stake. VPNs, or Virtual Private Networks,
allow users to securely access a private network and share data remotely through
public networks. Much like a firewall protects your data on your computer, VPNs protect
it online. And while a VPN is technically a WAN (Wide Area Network), the front end
retains the same functionality, security, and appearance as it would on the private
network.
  What E-Cash?

Digital cash is a system of purchasing cash credits in relatively small amounts, storing
the credits in your computer, and then spending them when making electronic
purchases over the Internet.

 What are the types of hackers?

1. Script Kiddie – Script Kiddies normally don’t care about hacking (if they did, they’d
be Green Hats. See below.). They copy code and use it for a virus or an SQLi or
something else. Script Kiddies will never hack for themselves; they’ll just download
overused software (LOIC or Metasploit, for example) and watch a YouTube video
on how to use it. A common Script Kiddie attack is DoSing or DDoSing (Denial of
Service and Distributed Denial of Service), in which they flood an IP with so much
information it collapses under the strain. This attack is frequently used by the
“hacker” group Anonymous, which doesn’t help anyone’s reputation.
2. White Hat – Also known as ethical hackers, White Hat hackers are the good guys of
the hacker world. They’ll help you remove a virus or PenTest a company. Most
White Hat hackers hold a college degree in IT security or computer science and
must be certified to pursue a career in hacking. The most popular certification is the
CEH (Certified Ethical Hacker) from the EC-Council.
3. Black Hat – Also known as crackers, these are the men and women you hear about
in the news. They find banks or other companies with weak security and steal
money or credit card information. The surprising truth about their methods of attack
is that they often use common hacking practices they learned early on.

 State advantages and disadvantages of hacking.

Pros:
 Hiring hackers to find holes in software.
 Hire hackers to improve products.
 Hackers can uncover or expose criminal activity
 Using hacking as a political statement.
Cons:
 Causes glitches and viruses
 Can access private documents and information
o Can lead to identity theft
 Can send spam emails, download programs, and slow computer
 What is S-MIME protocol for secure Email.

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public

key encryption and signing of MIME data. S/MIME is on an IETF standards track and
defined in a number of documents, most importantly RFC 3369, 3370, 3850 and 3851. It
was originally developed by RSA Data Security Inc. and the original specification used
the IETF MIME specification
  What is digital signature?

The digital equivalent of a handwritten signature or stamped seal, but offering far more
inherent security, a digital signature is intended to solve the problem of tampering and
impersonation in digital communications. Digital signatures can provide the added
assurances of evidence to origin, identity and status of an electronic document,
transaction or message, as well as acknowledging informed consent by the signer.