DIGITAL ASSIGNMENT

NAME: G.B.S. SATHVIK

REG:NO:18BCI0087

COURSE: CYBER SECURITY - CSE4003

GUIDED BY: PROF. MANIKANDAN. K

1)List the properties of security protocol. Compare any two cryptographic techniques with
neat block diagram?

Ans) A security protocol is an abstract or concentrate protocol that performs a security-related

function and applies cryptographic methods, often as sequences of cryptographic primitives.

Properties of security protocol:

• Key agreement or establishment.

• Entity authentication.
• Symmetric encryption and message authentication material construction.
• Secured application-level data transport.
• Non-repudiation methods.
• Secret sharing methods.
• Secure multi-party computation.

Comparison of SHA and MD5 Algorithms:

S.NO MD5 ALGORITHM SHA ALGORITHM

1. Length in bits is 128. Length in bits is 160
2. Attack to find original message in 2^64 Attack to find original message in
operations. 2^160 operations.
3. Two messages with same MD are 2^64 Two messages with same MD are 2^80
operations. operations.
4. Successful attacks some reported No such claim for Successful attacks.
incidents of MD5 break.
5. Faster execution. Slower execution.
6.

BLOCK DIAGRAM OF MD5 BLOCK DIAGRAM OF SHA

2)Case study on Cybercrimes and cyber offenses. How to prevent Cybercrimes and Cyber offences?

ANS) Case study on cybercrimes and cyber offences:

Case: SONY.SAMBANDH.COM CASE

India saw its first cybercrime conviction in 2013. It all began after a complaint was filed by Sony India
Private Ltd, which runs a website called www.sony-sambandh.com, targeting Non-Resident Indians.
The website enables NRIs to send Sony products to their friends and relatives in India after they pay
for it online.The company undertakes to deliver the products to the concerned recipients. In May
2002, according to the cybercrime case study, someone logged onto the website under the identity
of Barbara Campa and ordered a Sony Colour Television set and a cordless headphone. She gave her
credit card number for payment and requested the products to be delivered to Arif Azim in Noida.
The payment was duly cleared by the credit card agency, and the transaction was processed. After
following the relevant procedures of due diligence and checking, the company delivered the items to
Arif Azim. At the time of delivery, the company took digital photographs showing the delivery being
accepted by Arif Azim. The transaction closed at that, but after one and a half months the credit card
agency informed the company that this was an unauthorized transaction as the real owner had
denied having made the purchase. The company lodged a complaint about online cheating at the
Central Bureau of Investigation which registered a case under Section 418, 419 and 420 of the Indian
Penal Code. The matter was investigated, and Arif Azim was arrested. Investigations revealed that
Arif Azim while working at a call centre in Noida gained access to the credit card number of an
American national which he misused on the company's site.
The CBI recovered the colour television and the cordless headphone, in this one of a kind cyber fraud
case. In this matter, the CBI had evidence to prove their case, and so the accused admitted his guilt.
The court convicted Arif Azim under Section 418, 419 and 420 of the Indian Penal Code - this being
the first time that cybercrime has been convicted.
The court, however, felt that as the accused was a young boy of 24 years and a first-time convict, a
lenient view needed to be taken. The court, therefore, released the accused on probation for one
year. The judgment is of immense significance for the entire nation. Besides being the first
conviction in a cybercrime matter, it has shown that the Indian Penal Code can be effectively applied
to certain categories of cybercrimes which are not covered under the Information Technology Act
2000. Secondly, a judgment of this sort sends out a clear message to all that the law cannot be taken
for a ride.

Prevention from cybercrimes and cyber offences:

• Avoid disclosing your identity to strangers.

• Always use latest antivirus software to guard against virus attacks.
• Never send your credit card number to any site which is not secured.
• Use of firewall.
• Change passwords frequently.
• Uninstall unnecessary software.
• Take measures to help protect yourself against identity theft.
• Know what to do if you become a victim.

3)Compare the possible Cyber Threats, Attacks with an example?

ANS) There are many cyber attacks and cyber threats in daily life some of them are:
Phishing Attacks
Phishing is a type of social engineering usually employed to steal user data such as credit card
numbers and login credentials. It happens when an attacker, posing as a trusted individual, tricks the
victim to open a text message, email, or instant message. The victim is then deceived to open a
malicious link that can cause the freezing of a system as part of a ransomware attack, revealing
sensitive information, or installation of malware.

Spear Phishing Attacks

Spear phishing is an email aimed at a particular individual or organization, desiring unauthorized

access to crucial information. These hacks are not executed by random attackers but are most likely
done by individuals out for trade secrets, financial gain, or military intelligence.
Whale Phishing Attack

A Whale Phishing attack is a type of phishing that centres on high-profile employees such as the CFO or
CEO. It is aimed at stealing vital information since those holding higher positions in a company have
unlimited access to sensitive information. Most whaling instances manipulate the victim into permitting
high-worth wire transfers to the attacker.

Malware Attacks

Malware is a code that is made to stealthily affect a compromised computer system without the consent
of the user. This broad definition includes many particular types of malevolent software (malware) such
as spyware, ransomware, command, and control.

Ransomware

Ransomware blocks access to a victims data, typically threating delete it if a ransom is paid. There is no
guarantee that paying a ransom will regain access to the data. Ransomware is often carried out via a
Trojan delivering a payload disguised as a legitimate file.

Drive-by Attack

A drive-by attack is a common method of distributing malware. A cyber attacker looks for an insecure
website and plants a malicious script into PHP or HTTP in one of the pages. This script can install
malware into the computer that visits this website or become an IFRAME that redirects the victim’s
browser into a site controlled by the attacker. In most cases, these scripts are obfuscated, and this makes
the code to be complicated to analyze by security researchers.

Trojan Horses

A Trojan is a malicious software program that misrepresents itself to appear useful. They spread by
looking like routine software and persuading a victim to install. Trojans are considered among the most
dangerous type of all malware, as they are often designed to steal financial information.

SQL INJECTION

SQLI can have devastating effects on a business. A successful SQLI attack can cause deletion of entire
tables, unauthorized viewing of user lists, and in some cases, the attacker can gain administrative access
to a database. These can be highly detrimental to a business. When calculating the probable cost of SQLI,
you need to consider the loss of customer trust in case personal information like addresses, credit card
details, and phone numbers are stolen.

Cross Site Scripting

Cross-site scripting (XSS) is a kind of injection breach where the attacker sends malicious scripts into
content from otherwise reputable websites. It happens when a dubious source is allowed to attach its
own code into web applications, and the malicious code is bundled together with dynamic content that is
then sent to the victim’s browser.

Distributed Denial-of-Service (DDoS) attack

Denial-of-service (DDoS) aims at shutting down a network or service, causing it to be inaccessible to its
intended users. The attacks accomplish this mission by overwhelming the target with traffic or flooding it
with information that triggers a crash. In both situations, the DoS onslaught denies legitimate users such
as employees, account holders, and members of the resource or service they expected.

Password Attack

A password attack simply means an attempt to decrypt or obtain a user’s password with illegal
intentions. Crackers can use password sniffers, dictionary attacks, and cracking programs in password
attacks. There are few defense mechanisms against password attacks, but usually, the remedy is
inculcating a password policy that includes a minimum length, frequent changes, and unrecognizable
words.

Brute-Force and Dictionary Network Attacks

Dictionary and brute-force attacks are networking attacks whereby the attacker attempts to log into a
user’s account by systematically checking and trying all possible passwords until finding the correct one.

Man-in-the-Middle (MITM) Attack

These are a type of cybersecurity breach that allows an attacker to eavesdrop a communication between
two entities. The attack occurs between two legitimate communicating parties, enabling the attacker to
intercept communication they should otherwise not be able to access. Thus the name “man-in-the-
middle.” The attacker “listens” to the conversation by intercepting the public key message transmission
and retransmits the message while interchanging the requested key with his own.

Insider Threats

Not every network attack is performed by someone outside an organization. Inside attacks are malicious
attacks performed on a computer system or network by an individual authorized to access the system.
Insiders that carry out these attacks have the edge over external attackers since they have authorized
system access. They may also understand the system policies and network architecture. Furthermore,
there is less security against insider attacks since most organizations focus on defending against external
attacks.

Be Prepared For Attacks On Your Network

This article has reviewed the top cyber-security attacks that hackers use to disrupt and compromise
information systems. For you to mount a good defense mechanism, you need to understand the offense.
This review of the most common cyberattacks shows you that attackers have many options while
choosing attacks to compromise and disrupt information systems. You also need to be proactive in
defending and securing your network. Maintain an updated antivirus database, train your employees,
keep your passwords strong, and use a low-privilege IT environment model to protect yourself against
cyber attacks.

4)Analysis the Cyber security Policies and Practices?

ANS) Analysis the Cyber security Policies and Practices

1. Update software and systems

After Spectre struck in January 2018, Apple issued security fixes for its iOS 11 Operating system This
is no different from what other IT vendors do when they discover a security vulnerability. However, the
rub for IT is making sure that the diversity of devices that are in the hands of users are all updated
with the latest versions of a bevy of OSs. This requires centralized policy making in IT that likely
adopts a 'push' methodology, forcing new security updates onto a user's device when they connect to
the network, instead of a 'pull' methodology, which notifies the user that a new security patch is
available and gives them the option to load this new software when it's convenient.

2. Conduct top-to-bottom security audits

If your company hasn't already done so, it should conduct a thorough security audit of its IT assets
and practices. This audit will review the security practices and policies of your central IT systems, as
well as your end-user departments and at the 'edges' of your enterprise, like the automated
machines and IoT you might be employing at remote manufacturing plants. The audit should look
not only at the software and hardware techniques you have in place to protect security but also at
remote site personnel habits and compliance with security policies.

3. Don't forget social engineering

As part of your end-to-end IT audit, you should include social engineering, which reviews whether
your employees are demonstrating vulnerability when it comes to offering up confidential information
.This social engineering can be as simple as someone shouting a password to a co-worker over an
office partition -- or it could be a user who pulls up a website at work and surrenders passwords or
other vital information that ultimately gets into the wrong hands. "Requests for social engineering
audits have increased," said Stuart Chontos-Gilchrist, CEO of E3 Technology, an IT security audit
firm. "Companies are recognizing that it is people, more often than machines, who generate security
breaches."

4. Demand audits from vendors and business partners

According to a 2017, more than 80 percent of companies see the cloud as integral to their technology.
But with the move away from internal data centers, it's also become more important to demand
regular IT audit reports from your vendors and business partners. Companies should have policies in
place that require regular security audit reports from vendors they are considering before contracts
are signed. Thereafter, vendors, as part of their SLAs, should be expected to deliver security audit
reports on an annual basis.

5. Provide new and continuing security education

Cybersecurity education should be a staple of every new employee orientation, with new employees
signing off that they have read and understood the training. On an annual basis, a refresher course in
cybersecurity practices should also be given to employees company-wide. This ensures that security
policies and practices stay fresh in employees' minds, and that they understand any policy additions
or changes.

6. Watch the edge

Manufacturing 4.0 and other remote computing strategies are moving computing away from data
centers and out to the edges of companies. This means that a manufacturer with a remote plant in
Ireland is likely to have manufacturing personnel operate automated robots and production analytics
with local servers in the plant. Software and hardware security must be maintained on these devices,
but the devices must also be locally administered under accepted cybersecurity policies and
procedures by personnel who are asked to do these jobs without an IT background.

7. Perform regular data backups that work

If your data is compromised or held hostage in a ransomware attack, a nightly data backup will at
least enable you to roll back to the previous day's data with minimal loss. It's a simple enough policy
and practice to enact. Unfortunately, a bigger problem for companies is not so much that they don't
perform data backups -- it's that the backups don't always work. One of the most important
cybersecurity policies that corporate IT can put in place is a requirement that data backups and
disaster recovery minimally be full-tested on an annual basis to ensure that everything is working
properly.

8. Physically secure your information assets

Even if software, hardware, and network security are in place, it doesn't help much if servers are left
unsecured on manufacturing floors and in business units. Physical security, like a locked 'cage' for a
server in a plant that is accessible only to personnel with security clearance, is vital. Security policies
and practices should address the physical as well as the visual aspects of information.

9. Maintain industry compliance

Especially for companies in highly regulated industries like healthcare, insurance, and finance,
regulatory compliance that concerns IT security should be closely adhered to. Companies in these
industries should annually review security compliance requirements and update their security policies
and practices as needed.

10. Inform your board and CEO

A successful cybersecurity strategy is one where you never find yourself in front of the CEO or the
board having to explain how a cyber breach happened and what you are doing to mitigate it.
Unfortunately, great security systems are 'invisible', because they never give you problems.This
makes it important for CIOs, CSOs, and others with security responsibilities to clearly explain
cybersecurity technologies, policies, and practices in plain language that the CEO, the board, and
other nontechnical stakeholders can understand. If the non-technical people in your organization can't
understand why you are enacting a certain policy or asking for a sizeable investment for a
cybersecurity technology, you're going to have trouble making your case -- unless you're all suffering
through an embarrassing security breach that could end careers and put the entire company's survival
on the line.