CYBER SECURITY

CHAPTER 1

INTRODUCTION

In recent years, networks have evolved from a mere means of communication to a

ubiquitous computational infrastructure. Networks have become larger, faster, and highly
dynamic. The pervasive use of computer and network technologies in all walks of life has
turned cyber security issues into national security issues.

The latest Internet worm, called the Sapphire/Slammer SQL worm, is another
example of how vulnerable systems on the Internet are and of how fast these worms can
spread. According to preliminary analysis of the Sapphire worm performed by Silicon
Defense and researchers at UC Berkeley [27] this was the fastest worm to date. It was able to
spread worldwide in approximately 10 minutes, doubling in size every 8.5 seconds.
According to their report, at its peak, which it reached just 3 minutes after its release, it
“scanned the net at over 55 million IP addresses per second. It infected at least 75,000 victims
and probably considerably more.”

Computers are everywhere. Almost everything that we do in our daily lives depends on
computers and computer networks. The Internet has become a mission-critical infrastructure
for governments, companies, and financial institutions. Computers and networks are used for
controlling and managing manufacturing processes, water supplies, the electric power grid,
air traffic control systems, and stock market systems, to mention a few. As a consequence,
networkattack s have started to impact the practical aspects of our lives.

Today’s networks are very heterogeneous environments where highly critical

software applications (e.g., the control system for a dam) run side-by-side with other non-
critical network-based applications (e.g., a mail server). As a con-sequence, cyber attacks
against apparently “non-critical” services may produce unforeseen side effects of devastating
proportions.

The number, severity, sophistication, and cost of reported attacks is increasing [3].
Unfortunately, many attacks are not even detected; therefore, things are even worse than
reported. That is, attackers are often able to hide their tracks by disabling logging facilities or
modifying event logs, so their activity goes undetected.

Department of Information Science and Engineering Page 1

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

Another reason that things are so bad is because, for the most part, computer security
is reactive. That is, system administrators and security professionals are usually reacting to
the latest attack. After they fix the vulnerability that allowed the attack, the attackers look for
new vulnerabilities to exploit for new attacks. What is needed is a proactive approach.

Security is also expensive, both in dollars and in time taken from normal everyday
tasks. As a result, security vulnerabilities often exist not because there is not a known fix, but
because some administrator does not have the time to put in a patch to fix the problem.

Finally, there is not now, and never will be, a system with perfect security. That is, if
functionality is a requirement, then there will always be security gaps. Security is a system
attribute that must be traded off against user friendliness, efficiency, ease of use, and other
desirable system properties.

The next section presents some basic security terminology and outlines some basic
approaches to achieving secure systems. Section 3 presents eight principles to be followed
when designing and implementing a secure system. Section 4 presents the twenty top
vulnerabilities for Windows and Unix. Finally, Section 5 discusses how software engineering
practice can help make systems more secure.

Department of Information Science and Engineering Page 2

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

1.1 BACKGROUND

In the early days of computing, when standalone systems were used by one user at a
time, computer security consisted primarily of physical security. That is, the computer and its
peripherals were locked in a secure area with a guard at the door that checked each user’s
identification before allowing them to enter the room.

As time sharing systems emerged in themid to late 1960s and multiple jobs and users
were able to run at the same time, controlling the access to the data on the system became a
major point of concern. One solution that was used was to process classified data one level at
a time and “sanitize” the system after the jobs from one level were run and before the jobs for
the next level were run. This approach to computer security was known as periods processing
because the jobs for each level were all run in their particular period of the day. This was an
inefficient way to use the system, and an effort was made to find more efficient software
solutions to the multilevel security problem.

Another effort that occurred in the mid to late 1970s was the use of tiger teams to test
the security of a system. These teams attempted to obtain unauthorized access to the system
by exploiting design and implementation errors [21, 10]. The tiger team studies demonstrated
the difficulty of providing secure software; virtually every system that was attacked by a tiger
team was penetrated.

Before proceeding with more background, it is necessary to introduce some basic

terminology. In the context of this paper, the term computer security means the protection of
resources (including data and programs) from unauthorized disclosure, modification or
destruction. In addition, the system resources must also be protected (i.e., access to system
services should not be denied). These properties are usually referred to as confidentiality,
integrity, and availability. More precisely, confidentiality ensures that sensitive information is
not disclosed to unauthorized recipients; integrity ensures that data and programs are
modified or destroyed only in a specified and authorized manner, and availability ensures that
the resources of the system will be usable whenever they are needed by an authorized user.

The degree to which each of these three properties is needed varies from one
application to another. For instance, the military is primarily interested in confidentiality. In
contrast, the banking industry is primarily interested in integrity, and for the telephone
industry availability is most important. This is not to say that any of these applications do not

Department of Information Science and Engineering Page 3

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

care about the other properties. For instance, the military would not want missile targets to be
changed in an unauthorized manner, and they would like their battle plans to be available
when needed. Thus, they are interested in integrity and availability too. The exact
requirements that are needed for a particular system or application are expressed in the
security policy for that system or application. A security policy defines what is and what is
not allowed.

Cyber security consists largely of defensive methods used to detect and thwart would-
be intruders. The principles of computer security thus arise from the kinds of threats intruders
can impose. For instance, one general security stance is that “everything that is not permitted
is prohibited.” If this principle is enforced, then an intruder cannot get access to some object
just because the security administrator did not consider whether it should be restricted or not.
Most members of the security community believe that if software were designed with more of
an emphasis on security and if systems were configured properly, then there would be fewer
security problems1.

There are four general approaches to achieving a secure computing environment.

They are the use of special procedures for working with the system, the inclusion of
additional functions or mechanisms in the system, the use of assurance techniques to increase
one’s confidence in the security of the system, and the use of intrusion detection systems.
Each of these is discussed in the following subsections. Some security requirements can
either be achieved by requiring procedures to be followed or by using system mechanisms or
functions to enforce the requirement. However, in some cases system users need to follow
specific procedures in order to make security mechanisms effective. It is also possible to
trade off assurance techniques for less mechanism. For instance, one can use assurance
techniques, like formal proofs, to assure that the system cannot get into a particular state;
thus, alleviating the need for the software mechanism that would deal with that state.

Procedural approaches prescribe the appropriate behavior for a user to follow when
using a system. The periods processing approach for processing jobs at different security
levels, which was presented above, is an example of a procedural solution to satisfy a security
requirement.

Department of Information Science and Engineering Page 4

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

CHAPTER 2

SYSTEM ARCHITECTURE

Figure 1: System Architecture

Figure1: Consequently, the term cyber security architecture (or cyber

architecture for short) is commonly used to describe computer network architectures that
emphasize cyber security features, such as cyber security devices (firewalls, Intrusion
Detection/Protection Systems [IDS/IPS], encryption/decryption devices, etc.) and secure
communication protocols (HTTPS, SSL, etc.).

Department of Information Science and Engineering Page 5

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

1. Train employees in security principles: It is necessary to establish basic security

practices and policies for workers, such as requiring strong passwords, and
establishing proper Internet use guiding principle that detail penalties for violating
company cyber security policies. Establish rules of behaviour describing how to deal
with and protect customer information and other vital data.
2. Protect information, computers and networks from cyber attacks: It is very important
to keep clean machines and have the latest security software, web browser, and
operating system and secure with the best defences against viruses, malware, and
other online threats. Set antivirus software to run a scan after each update. Install
other key software updates as soon as they are available.
3. Provide firewall security for Internet connection: A firewall is a set of related
programs that prevent outsiders from accessing data on a private network. Company
must assure that the operating system's firewall is enabled or install free firewall
software available online. If employees work from home, ensure that their home
system(s) are protected by a firewall.
4. Create a mobile device action plan: Mobile devices can create considerable security
and management challenges, particularly if they hold confidential information or can
access the corporate network. Require users to password protect their devices, encrypt
their data, and install security apps to prevent criminals from stealing information
while the phone is on public networks. Be sure to set reporting procedures for lost or
stolen equipment.
5. Make backup copies of important business data and information: Companies are
instructed to maintain backup of the data on all computers at regular basis. Critical
data includes word processing documents, electronic spreadsheets, databases,
financial files, human resources files, and accounts receivable/payable files. Backup
data automatically if possible, or at least weekly and store the copies either offsite or
in the cloud.

The increasing reliance of our information age economies and governments on cyber
(computer-based) infrastructure makes them progressively more vulnerable to cyber attacks
on our computer systems, networks and data. In their most disruptive form, cyber attacks
target the enterprise, government, military, or other infrastructural assets of a nation or its
citizens. Both the volume and sophistication of cyber threats (cyber warfare, cyber terrorism,
cyber espionage and malicious hacking) are monotonically increasing, and pose potent threats

Department of Information Science and Engineering Page 6

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

to our enterprise, government, military, or other infrastructural assets. Recent newsworthy

cyber-attacks on critical cyber infrastructure (e.g., Target data breach, Mt. Gox bitcoin hacker
attacks, NSA data leaks and subsequent PRISM revelations) demonstrate the urgent need for
improved cybersecurity. As cyber threats grow, so must our abilities to neutralize them.

Towards that end the U.S. government issued an Executive Order for Improving
Critical Infrastructure Cybersecurity in February 2013, and the 2014 President's Budget
devotes over $13B to cyber-related programs and activities [Federal Information Technology
FY 2014 Budget Priorities, p. 15]. The European Union Agency for Network and Information
Security (ENISA) lists all known public documents of National Cyber Security Strategies in
the EU as well as the rest of the world.

Department of Information Science and Engineering Page 7

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

2.1 WAYS TO IMPROVE CYBER SECURITY

Cyberspace is a worldwide and interrelated sphere that covers geographic borders and
national jurisdictions. To support the growth, operation, maintenance, and security of this
area, information technology companies continually innovate and spend in the development
of internationally deployable products and services.

Cyberspace's stakeholders such as consumers, businesses, governments, and

infrastructure owners and operators, search for a consistent, secure experience in cyberspace.
Efforts to improve cyber security should mirror cyberspace's borderless nature and be based
on internationally established standards, best practices, and international assurance programs.
This approach will augment security, because nationally focused efforts may not have the
advantage of the best peer-review processes conventionally found in global standards bodies,
because proven and effectual security measures must be deployed across the whole global
digital infrastructure, and because the need to meet multiple, conflicting security
requirements in multiple jurisdictions raises enterprises' costs, demanding valuable security
resources.

Cyber security standards also improve interoperability of the digital infrastructure,

because security practices and technologies can be better united across borders. It also allow
more private-sector resources to be used for investment and innovation to address future
security challenges and increase international trade in cyber security products and services
that can be sold in multiple markets. Best practices in cyber security allow countries to obey
with their international commitments, such as the World Trade Organization (WTO)'s
Technical Barriers to Trade Agreement (TBT), which calls for non-discrimination in the
preparation, acceptance, and application of technical rules, standards, and conformity
assessment procedures; evading unnecessary obstacles to trade; synchronizing specifications
and procedures with international standards as far as possible; and the clearness of these
measure.

Companies must have Password Management to prevent from cyber-attack. Strong

passwords are first defensive technique when it comes to controlling access to protected
systems and information. It is important to recognize the idiosyncrasies and limitations of
account administration when it comes to operating systems, database servers and

Department of Information Science and Engineering Page 8

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

applications. The following should be explored and analysed systematically before

establishing policy in a formal way:

1. Procedures for protecting password files and administrator accounts

2. Random password generation, one-time passwords and two-factor authentication
3. Length of a password's life
4. Password expiration and renewal
5. Procedures for cleansing ex-employee access
6. Length and qualities of acceptable passwords

Antivirus is an effective cyber security management policy that checks the

vulnerabilities exist for an organization's resources before formalizing processes and
procedures. This is especially factual for exposures to the outside Internet, community. Once
weaknesses are acknowledged, the policy will specify both commercial and internally
developed solutions to avoid the introduction of malicious code on the company's perimeter
defence systems, servers and desktops, how deployment is to unfold, and who is responsible
for deployment. Incident handling also prevent cyber-attacks.

Policy must be devised to cover practical steps that an organization needs to take
when a cyber-security incident occurs. Recognized incident handling tasks are aimed first at
securing information assets, minimizing damage as speedily as possible. Backup and
Recovery also protect cyber threat. Policy needs to highlight the primary importance of
backup and recovery processes for desktops, file servers and mainframes. Responsibilities
should be clearly acknowledged. Batch processing and storage capacity plans needs to be
vital parts of the operational planning process. A plan for disaster recovery from offsite
backups should be considered.

Department of Information Science and Engineering Page 9

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

2.2 PROPOSED SECURITY

The proposed security in this paper uses a modified versions of those presented taxonomies in
[12]-[15] to classify the attack based on types of attacks, target sector, intention, impact, and
incident categories. Each part of the attack will be broken down to the terms shown in Fig. 1
and explained.

1.Types of Attacks

Worm: in their propagation worm is like viruses with no direction by the network from the
attackers. However, unlike viruses, in worms, no interaction is needed from the user for
activating their attempt to spread.

Trojan: is a type of a program where subversive functionality is added to associate with the
existing program.

Virus: virus may be defined as a piece of codes that usually attaches itself to another
program, and when the program runs it will run with them.

DDoS: represents the coordinated attacks on the target system service availability that has
been given or a network that is indirectly launched through a number of compromised
computing systems.

Department of Information Science and Engineering Page 10

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

2.3 CYBER CRIME

Computer crime or cybercrime is a form of crime where the Internet or computers

are used as a medium to commit crime. Cybercrime is criminal activity done using computers
and the Internet. This includes anything from downloading illegal music files to stealing
millions of dollars from online bank accounts. Cybercrime also includes non-monetary
offenses, such as creating and distributing viruses on other computers or posting confidential
business information on the Internet.

Computer crime or cybercrime is a form of crime where the Internet or computers

are used as a medium to commit crime. Cybercrime is criminal activity done using computers
and the Internet. This includes anything from downloading illegal music files to stealing
millions of dollars from online bank accounts. Cybercrime also includes non-monetary
offenses, such as creating and distributing viruses on other computers or posting confidential
business information on the Internet.

Cyber crime encompasses any criminal act dealing with computers and networks
(called hacking). Additionally, cyber crime also includes traditional crimes conducted
through the Internet. For example; hate crimes, telemarketing and Internet fraud, identity
theft, and credit card account thefts are considered to be cyber crimes when the illegal
activities are committed through the use of a computer and the Internet. Cyber crime can be
classified in to 4 major categories as;

(A) Cyber crime against Individual

(B) Cyber crime Against Property

(C) Cyber crime Against Organization

(D) Cyber crime Against Society

(A)Against Individuals:

Department of Information Science and Engineering Page 11

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

 Email spoofing:
A spoofed email is one in which e-mail header is forged so that mail appears to
originate from one source but actually has been sent from another source

 Spamming:
Spamming means sending multiple copies of unsolicited mails or mass e-mails such
as chain letters.
 Cyber Defamation:
This occurs when defamation takes place with the help of computers and / or the
Internet. E.g. someone publishes defamatory matter about someone on a website or
sends e-mails containing defamatory information.
 Harassment & Cyberstalking:
Cyber Stalking Means following the moves of an individual's activity over internet.
It can be done with the help of many protocols available such as e- mail, chat rooms,
user net groups etc.

 Phishing:
Phishing is a way of attempting to acquire sensitive information such as usernames,
passwords and credit card details by masquerading as a trustworthy entity in an
electronic communication.

(B) Against Property:

 Credit Card Fraud :

Credit card fraud is a wide-ranging term for theft and fraud committed using a credit
card or any similar payment mechanism as a fraudulent source of funds in a
transaction. The purpose may be to obtain goods without paying, or to obtain
unauthorized funds from an account.

 Intellectual Property crimes :

These include Software piracy, illegal copying of programs, Distribution of copies of
software, Copyright infringement, Trademarks violations, Theft of computer source
code.
 Internet time theft:

Department of Information Science and Engineering Page 12

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

The usage of the Internet hours by an unauthorized person which is actually paid by
another person.

(C)Against Organization
 Denial of Service:
When Internet server is flooded with continuous bogus requests so as to denying
legitimate users to use the server or to crash the server.

 Virus attack:
A computer virus is a computer program that can infect other computer programs by
modifying them in such a way as to include a (possibly evolved) copy of it. Viruses
can be file infecting or affecting boot sector of the computer. Worms, unlike viruses
do not need the host to attach themselves to.

 Email Bombing:
Sending large numbers of mails to the individual or company or mail servers thereby
ultimately resulting into crashing.

 Salami Attack:
When negligible amounts are removed & accumulated in to something larger. These
attacks are used for the commission of financial crime.

 Logic Bomb:
It is an event dependent program, as soon as the designated event occurs, it crashes
the computer, release a virus or any other harmful possibilities.

 Trojan horse:
An unauthorized program which functions from inside what seems to be an
authorized program, thereby concealing what it is actually doing.

 Data diddling:
His kind of an attack involves altering raw data just before it is processed by a
computer and then changing it back after the processing is completed.

(D) Against Society

Department of Information Science and Engineering Page 13

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

 Forgery :
Currency notes, revenue stamps, mark sheets etc can be forged using computers and
high quality scanners and printers.
 Cyber Terrorism :
According to the U.S. Federal Bureau of Investigation, cyber terrorism is any
"premeditated, politically motivated attack against information, computer systems,
computer programs, and data which results in violence against non-combatant targets
by sub-national groups or clandestine agents."
 Web Jacking :
Hackers gain access and control over the website of another, even they change the
content of website for fulfilling political objective or for money.

CLASSIFICATION OF CYBER CRIMES

 Where computers are used to commit crime:
1. Threatening email
2. Assuming someone’s identity
3. Defamation (damaging the good reputation of someone)
4. SPAM and phishing
 Where computers become target of crime
1. Viruses and worms
2. Industrial espionage (the practice of spying to obtain information)
3. Software piracy
4. Hacking

Department of Information Science and Engineering Page 14

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

2.4 AGAINST SOCIETY

1. COMPUTER FORGERY:

Offences of computer forgery and counterfeiting have become rampant as it is very easy to
counterfeit a document like birth certificate and use the same to perpetuate any crime. The
authenticity of electronic documents hence needs to be safeguarded by making forgery with
the help of computers abs explicit offence punishable by law. When a perpetrator alters
documents stored in computerized form, the crime committed may be forgery. In this
instance, computer systems are the target of criminal activity. Computers, however, can also
be used as instruments with which to commit forgery. A new generation of fraudulent
alteration or counterfeiting emerged when computerized color laser copiers became available.
These copiers are capable of high-resolution copying, modification of documents, and even
the creation of false documents without benefit of an original, and they produce documents
whose quality is indistinguishable from that of authentic documents except by an expert.
These schemes take very little computer knowledge to perpetrate. Counterfeit checks,
invoices and stationery can be produced using scanners, color printers, and graphics software.
Such forgeries are difficult to detect for the untrained eye. It is relatively easy to scan a logo
into a computer system and go from there.

2. CYBER TERRORISM:

The North Atlantic Treaty Organization (NATO) has offered its own definition in 2008.
NATO defined cyber terrorism as “a cyber-attack using or exploiting computer or
communication networks to cause sufficient destruction or disruption to generate fear or to
intimidate a society into an ideological goal.”
Cyber terrorism is a controversial term. Some authors choose a very narrow definition,
relating to deployments, by known terrorist organizations, of disruption attacks against
information systems for the primary purpose of creating alarm and panic. By this narrow
definition, it is difficult to identify any instances of cyber terrorism.

Department of Information Science and Engineering Page 15

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

3. WEB JACKING:

This term is derived from the term hi jacking. In these kinds of offences the hacker gains
access and control over the web site of another. He may even change the information on the
site. This may be done for fulfilling political objectives or for money.
E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the
Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay
crime branch was also web jacked.

Department of Information Science and Engineering Page 16

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

CHAPTER-3

APPLICATIONS
 Application security management is an essential aspect of security in the
enterprise.
Scroll down for all the latest news and information covering mobile application security.

 Learn application
Application security management is an essential aspect of security in the enterprise. And data
security best practices in several areas, including web application security, secure coding
practices, patch management & mobile application security.

 Mobile Application Security

Scroll down for all the latest news and information covering mobile application security.

 Patch Management
Scroll down for all the latest news and information on patch management.

 Secure Coding
Scroll down for all the latest news and information on secure coding.

 Web Application Security

Scroll down for all the latest web application security news and information.

Department of Information Science and Engineering Page 17

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

CHAPTER 4

ADVANTAGES & DISADVANTAGES

Advantages

 Protection from malicious attacks on your network.

 Deletion and/or guaranteeing malicious elements within a preexisting network.
 Prevents users from unauthorized access to the network.
 Deny's programs from certain resources that could be infected.
 Securing confidential information

Disadvantages

 Strict Regulations
 Difficult to work with for non-technical users
 Restrictive to resources
 Constantly needs Patching
 Constantly being attacked

Department of Information Science and Engineering Page 18

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

CONCLUSION

Cybercrime is criminal activity done using computers and the Internet. This includes
anything from downloading illegal music files to stealing millions of dollars from online
bank accounts. Cybercrime also includes non-monetary offenses, such as creating and
distributing viruses on other computers or posting confidential business information on the
Internet.

Because cybercrime covers such a broad scope of criminal activity, the examples
above are only a few of the thousands of crimes that are considered cybercrimes. While
computers and the Internet have made our lives easier in many ways, it is unfortunate that
people also use these technologies to take advantage of others. Therefore, it is smart to
protect yourself by using antivirus and spyware blocking software and being careful where
you enter your personal information.

Department of Information Science and Engineering Page 19

Godutai Engineering College for Women’s, Kalaburagi
 CYBER SECURITY

REFERENCES

[1] J. Anderson, et al. Computer Security Technology Planning Study. Technical Report
ESD-TR-73-51, Deputy for Command and Management Systems, HQ Electronic
Systems Division (AFSC), 1972. Vol. 1.
[2] W. Bevier. Kit: A study in operating system verification. IEEE Transactions on
Software Engineerin, 15(11), November 1989.
[3] Cert coordination center statistics. http://www.cert. org/stats/, 2003.
[4] Minutes of the FirstWorkshop on Covert Channel Analysis. IEEE Cipher, July 1990.
Los Angeles, CA.
[5] Z. Dang and R. Kemmerer. Using the astral model checker to analyze mobile i. In
Proceedings of the International Conference on Software Engineering, pages 132–
141, May 1999.
[6] F. De Paoli, A. dos Santos, and R. Kemmerer. Mobile Agents and Security, volume
1419, chapter Web Browsers and Security, pages 235–256. Springer-Verlag, 1998.
[7] D. Denning. Cryptography and Data Security. Addison Wesley, Reading,
Massachusetts, 1982.
[8] S. Forrest. A Sense of Self for UNIX Processes. In Proceedings of the IEEE
Symposium on Security and Privacy, pages 120–128, Oakland, CA, May 1996.
[9] A. Ghosh, J. Wanken, and F. Charron. Detecting Anomalous and Unknown Intrusions
Against Programs. In Proceedings of the Annual Computer Security Application
Conference (ACSAC’98), pages 259–267, Scottsdale, AZ, December 1998.

Department of Information Science and Engineering Page 20

Godutai Engineering College for Women’s, Kalaburagi