Cyber Security(203105346)

Vishwas Kumar, Assistant Professor

Computer Science and Engineering
 CHAPTER-5
Introduction to Cyber Crime
Investigation
Packet filter vs Firewall

• A firewall is a computer connected to both a private

(protected) network and a public (unprotected) network,
which receives and resubmits specific kinds of network
requests on behalf of network clients on either the private
or public network.

• Its same as proxy firewall

Packet filter

• A packet filter is a set of rules, applied to a stream of data

packets, which is used to decide whether to permit or deny
the forwarding of each packet. These rules are usually on a
router or in the routing layer of a computer's network
protocol stack. Using a packet filter, an administrator can
dictate what types of packets are allowed into or out of a
network or computer.
Password Cracking
• Password cracking refers to various measures used to
discover computer passwords.
• This is usually accomplished by recovering passwords from
data stored in, or transported from, a computer system.
• Password cracking is done by either repeatedly guessing the
password, usually through a computer algorithm in which
the computer tries numerous combinations until the
password is successfully discovered.
• The most malicious reason is in order to gain unauthorized
access to a computer without the computer owner’s
awareness. This results in cybercrime such as stealing
passwords for the purpose of accessing banking
information.
Virus and Worms
• Virus and Worms are the malicious programs, which enters our computers
through CD’s, Pen drives, email attachments and the files we download
from the Internet.
• One of the major differences is that Worms do not require any human
action to replicate while Viruses replicates as soon as the user runs the
infected file.
• Definition Of Virus :A virus is a software program that can replicate itself,
and can enter the system through pen drives, disk drives, email
attachments as well as downloaded files.
• It tends to harm the system by various means such as:
• Using the disk space,
• Completely erasing the hard disk drive,
• Modifying personal data, text files,
• And can even bring the computer to a halt.
Virus
• A virus requires a host, to attach and spread throughout the
system. It can link itself to the executable files of a computer
and gets transferred to another via email. All Viruses are
Man-Made and aims to harm the target computer.
WORMS
• Definition Of Worms :Worms are self-replicating files that reside in the
memory of an infected computer.
• It often disguises itself as system files to avoid detection. It is similar to a
Virus by design and a sub-class of it.
• It spreads through one computer to another via email, network, etc.
• Worms can transfer itself from one computer to another by using the
user’s email address book. It may cause the system resources to slow
down or completely halt the task.
Key Difference Between Virus And Worms
• Worms use Computer Networks to spread itself while Viruses spread to
different systems through executable files.
• Spreading speed of a Worm is faster than a Virus.
• The virus tends to damage, destroy or alter the files of target computers,
whereas, Worms does not modify any file but aims to harm the resources.
• The virus needs human action to replicate, whereas, Worms don’t.
• Worms are independent files that exist within the memory of an infected
computer, whereas, Virus are executable files or attach themselves to other
executable files to operate.
• The Virus needs hosts to spread while Worms do not require any host.
• Virus corrupts or modifies the data on the target computer, whereas,
Worms harm the network by consuming the bandwidth, deleting files or
sending emails.
Key logger and spyware
• A keylogger is a program that runs in the background or
hardware, recording all the keystrokes.
• Once keystrokes are logged, they are hidden in the machine
for later retrieval, or shipped raw to the attacker.
• Attacker checks files carefully in the hopes of either finding
passwords, or possibly other useful information.
Keylogger
The Hardware KeyLogger™ Stand-alone Edition is a tiny hardware device
that can be attached in between a keyboard and a computer. It keeps a
record of all keystrokes typed on the keyboard. The recording process is
totally transparent to the end user. The keystrokes can only be retrieved by
an administrator with a proper password.
BEFORE AFTER

Figure 5.1 Key Logger

KeyKatcher
The KeyKatcher is a hardware device to log activity as it is performed on
the keyboard. The device works with any PS/2 keyboard and is not
dependant on the operating system because there is not any software
required for the manufacture to product to interact with the hardware.

The KeyKatcher records up to 32,000 bytes (keystrokes) in the 33k model

or 64,000 bytes (key strokes) in the 64k model. Even if the device is
unplugged from the keyboard it will still remember EVERYTHING and you
wont lose a single keystroke.

Figure 5.2 KeyKatcher

Defending from a key logger
• Have our computer up to date with:
• Keep net firewall on
• Anti-spywares
• Anti-viruses
• Check USB ports and PS/2
• Check programs installed
• Also we can maintain a practice of using only the soft
keyboard (on screen). However is not completely
secure.
Steganography
• Steganography is data hidden within data.
• Steganography is the practice of concealing a file, message,
image, or video within another file, message, image, or video.
• The word steganography combines the Greek words steganos,
meaning "covered, concealed, or protected", and graphein
meaning "writing".
• Steganography is an encryption technique that can be used
along with cryptography as an extra-secure method in which to
protect data.
• Steganography is an ancient practice. When spies in the
Revolutionary War wrote in invisible ink or when Da Vinci
embedded secret meaning in a painting that was steganography.
Steganography
Trojan
DDOS Attack

• DDOS is short of Distributed Denial of Service. DDOS is a type of DOS

attack where multiple compromised systems, which are often infected
with a Trojan, are used to target a single system causing a Denial of
Service (DOS) attack. Victims of a DDOS attack consist of both the end
targeted system and all systems maliciously used and controlled by the
hacker in the distributed attack.
How DDOS works?

• In a DDOS attack, the incoming traffic flooding the victim originates

from many different sources – potentially hundreds of thousands or
more. This effectively makes it impossible to stop the attack simply by
blocking a single IP address; plus, it is very difficult to distinguish
legitimate user traffic from attack traffic when spread across so many
points of origin.

• So it will stops victim for providing service to legitimate user

The Difference Between DOS and DDOS Attacks

• A Denial of Service (DOS) attack is different from a DDOS attack. The

DOS attack typically uses one computer and one Internet connection
to flood a targeted system or resource. The DDOS attack uses multiple
computers and Internet connections to flood the targeted resource.

• DDOS attacks are often global attacks.

Types of DDOS Attacks

• There are many types of DDOS attacks. Common attacks include the
following:
• Traffic attacks: Traffic flooding attacks send a huge volume of TCP, UDP
and ICPM packets to the target. Legitimate requests get lost and these
attacks may be accompanied by malware exploitation.
• Bandwidth attacks: This DDOS attack overloads the target with
massive amounts of junk data. This results in a loss of network
bandwidth and equipment resources and can lead to a complete
denial of service.
• Application attacks: Application-layer data messages can deplete
resources in the application layer, leaving the target's system services
unavailable.
SQL Injection

• SQL injection is a code injection technique that might destroy your

database.
• SQL injection is one of the most common web hacking techniques.
• SQL injection is the placement of malicious code in SQL statements, via
web page input.
SQL Injection Based on 1=1 is Always True

Figure 5.3 SQL Injection

SQL INJECTION
Attack on wireless Network

• Nowadays everyone uses the internet – most commonly through

WIFI (wireless fidelity).

• Wi-fi is a short-range wireless transmission technology that can send

signals up to hundreds of feet away to support access to the Internet.
But what about the security of our data which is easily breached by
any attacker through these airwaves.
WiFi Basic
Access point

Figure 5.4 WiFi Access point

WEP
WEP
Before DOS Attack

Figure 5.5 Before DOS Attack

After DOS Attack

Figure 5.6 After DOS Attack

Man In The Middle Attack

Figure 5.7 Man In The Middle Attack

Spoofing

Figure 5.8 Spoofing

WiFi Jamming

Figure 5.9 WiFi Jamming

Contd……

Figure 5.10 Fake Access Point

www.paruluniversity.ac.in