MAHARASHTRA STATE BOARD OF TECHNICAL

EDUCATION,MUMBAI

A
Micro-Project Report
On
“Study of measures to be taken for ensuring cyber
security.”

SUBMITED BY
Sirse Suraj Uttam
Shaikh Mohmad Samad
Abdul Rahman Khan
Mirza Munawar Baig
GUIDED BY
“Mr.GILL C.S”

DEPARTMENT OF COMPUTER ENGINEERING

INDIRA INSTITUTE OF T ECHNOLOGY (POLYTECHNIC),
VISHNUPURI, NANDED.
ACADEMIC YEAR 2021-2022
 ACKNOWLEDGEMENT

I offer my sincere thank with a deep sense of gratitude to my guide

Mr.GILL.C.S And head of department Mr. SYED ATEEQ for their
valuable direction and guidance to my Micro project work his meticulous
attention towards my Micro project without taking of his voluminous
work. I am also thankful to our Prof. BARSE S. D. for his
encouragement towards my micro project. Last but not least I am also
thankful to all staff members of my department for their valuable
guidance during my Project works.

Sincerely

Sirse Suraj Uttam

Shaikh Mohmad Samad
Abdul Rahman Khan
Mirza Munawar Baig

Program: Computer Engineering

Class : (CO –5I)

-1-
 Maharashtra State Board of Technical Education

Mumbai

Certificate
CERTIFIED THAT THE MICRO-PROJECT REPORT ENTITLED

“Study of measures to be taken for ensuring cyber security.”

Is a Bonafide work carried out by Sirse Suraj Uttam ,Shaikh

Mohmad Samad ,Abdul Rahman Khan ,Mirza Munawar Baig in
partial fulfillment for the award of Diploma in COMPUTER
ENGINEERING of the Maharashtra State Board of Technical Education
Mumbai during the year 2021-22. It has been certified that all the
corrections/suggestions indicated for internal assessment has been
incorporated in the report deposited in the Departmental Library. The
micro project report has been approved as it satisfies the academic
requirements in respect of Micro-project for the Diploma Degree.

Course In-Charge HOD PRINCIPAL

(Mr.GILL C.S ) (Mr. SYED ATEEQ) (Mr. BARSE S. D)

DEPARTMENT OF COMPUTER ENGINEERING
INDIRA INSTITUTE OF TECHNOLOGY (POLYTECHNIC), VISHNUPURI,
NANDED.
ACADEMIC YEAR 2021-2022

-2-
 EVALUATION SHEET FOR THE MICRO PROJECT

Academic Year: 2021-22 Name of Faculty: Mr.GILL C.S

Course: CO Course Code: 22509 Semester: Six

Title of the Project: - “Study of measures to be taken for ensuring cyber

security.”
CO’s addressed by the Micro Project:

a) Use basic management principles to execute daily activities.

b) Use principles of planning and organizing for accomplishment of tasks.
c) Use principles of directing and controlling for implementing the plans.
d) Apply principles of safety management in all activities.

Major Learning Outcomes achieved by students by doing the Project:

Practical Outcomes in Cognitive domain:

Understand various provisions of industrial acts.

.Unit Outcomes in cognitive domain:

a) Describe the safe procedural steps required to be taken to prevent the given the
type of accident.
b) State the general safety norms required to be taken in the given case.
c) Suggest preventive measures of plant activities in the given situation.

Comments / Suggestions about team work/ leadership/ inter- Personal

communication (if any)

Roll Student Name Marks out of 6 Marks out of 4 Total out

No. for for performance of 10
performance in in
group activity oral /
(D5 Col.8 ) presentation
(D5 Col.9)
07. Sirse suraj uttam

(Name & Signature Faculty)

-3-
 INDEX

Sr.No Particulars Page No.

01 Acknowledgement 1

02 Certificate 2

03 Evaluation sheet 3

04 PART-A 5
05 Brief introduction 5

06 Aim of the micro-project 5

07 Resources required 5
08 PART-B 6

09 Brief description 6
10 Aim of micro-project 7
11 Course outcome integration 7

12 Actual procedure followed 8

13 Actual resources used 24

14 Outputs of micro-project 25
15 Skill developed 25

16 Conclusions 25

-4-
 PART-A

1.1 BRIEF INTRODUCTION: -

In recent years, the Cyber Security is most important challenge which plays most
important role and must require in digital era where cybercrime become so frequent.
Cyber security is all about to stop cyber-crime. Cyber security is must and we have to
know about all safety measures required to stop cybercrime. This paper gives details
information about cyber security and its safety measure. Also we will discuss about
the activities related to it and how actually cybercrime happens and all steps taken by
the various organization and Government to have cyber ethics everywhere. Cyber
security provides protection against the cybercrime and teaches us what essential
safety measures one need to follow from all cybercrimes. Securing online information
is priority where everyone is involved with technology. Whenever anyone talked
about cyber security, straight one thing comes in mind that is cybercrime and what
safety measures need to take to be safe from it.

1.2 AIM OF THE MICRO-PROJECT

a) Describe the safe procedural steps required to be taken to prevent the given the
type of accident.
b) State the general safety norms required to be taken in the given case.
c) Suggest preventive measures of plant activities in the given situation.

1.3 RESOURCES REQUIRED.

Sr.no Name of Resources Specification Quantity Remark

01) Computer System Intel I3 Processor 1 -
With 4 Gb Ram
02) Operating system Windows 10 1 -

-5-
 PART-B

2.1 BRIEF DESRIPTION: -

Attackers are now using more sophisticated techniques to target the systems.
Individuals, small—scale businesses, or large organizations are all being impacted.
So, all these firms, whether IT or non—IT firms, have understood the importance of
Cyber Security and focusing on adopting all possible measures to deal with cyber
threats.

With the game up for cyber threats and hackers, organizations and their
employees should take a step ahead to deal with them. As we like to connect
everything to the internet, this also increases the chances of vulnerabilities, breaches,
and flows. Gone are the days when passwords were enough to protect the system and
its data. We all want to protect our personal and professional data, and thus Cyber
Security is what you should know to ensure data protection.

What Is Cyber Security?

Cyber Security is the process and techniques involved in protecting sensitive

data, computer systems, networks, and software applications from cyber-attacks. The
cyber-attacks are general terminology that covers a large number of topics, but some
of the popular are:

a) Tampering systems and data stored within

b) Exploitation of resources
c) Unauthorized access to the targeted system and accessing sensitive
information
d) Disrupting the normal functioning of the business and its processes
e) Using ransomware attacks to encrypt data and extort money from
victims

-6-
 The attacks are now becoming more innovative and sophisticated that can
disrupt the security and hacking systems. So it‘s very challenging for every business
and security analyst to overcome this challenge and fight back with these attacks.

To understand the need for Cyber Security measures and their practices, let's
have a quick look at the types of threats and attacks.

2.2 AIM OF MICRO-PROJECT

a) Describe the safe procedural steps required to be taken to prevent the given the
type of accident.
b) State the general safety norms required to be taken in the given case.
c) Suggest preventive measures of plant activities in the given situation.

2.3 COURSE OUTCOME INTEGRATION

a) Use basic management principles to execute daily activities.

b) Use principles of planning and organizing for accomplishment of tasks.
c) Use principles of directing and controlling for implementing the plans.
d) Apply principles of safety management in all activities.

-7-
2.4 ACTUAL PROCEDURE FOLLOWED:-

What Is Cyber Security?

Cyber Security is the process and techniques involved in protecting sensitive

data, computer systems, networks, and software applications from cyber-attacks. The
cyber-attacks are general terminology that covers a large number of topics, but some
of the popular are:

a) Tampering systems and data stored within

b) Exploitation of resources
c) Unauthorized access to the targeted system and accessing sensitive
information
d) Disrupting the normal functioning of the business and its processes
e) Using ransomware attacks to encrypt data and extort money from
victims

The attacks are now becoming more innovative and sophisticated that can
disrupt the security and hacking systems. So it‘s very challenging for every business
and security analyst to overcome this challenge and fight back with these attacks.

To understand the need for Cyber Security measures and their practices, let's
have a quick look at the types of threats and attacks.

Ransomware

Ransomware is a file encryption software program that uses a unique, robust

encryption algorithm to encrypt the files on the target system.

-8-
 Fig 1.0

The authors of the Ransomware threat generate a unique decryption key for
each of its victims and save it on a remote server. Thus, users cannot access their files
by any application.

The Ransomware authors take advantage of this and demand a considerable

ransom amount from the victims to provide the decryption code or decrypt the data.
But such attacks have no guarantee of recovery of data even after paying the ransom.

Botnets Attacks

Botnets were initially designed to carry out specific tasks within a group.

Fig 1.1

-9-
It is defined as a network or group of devices connected with the same network to
execute a task. But this is now being used by bad actors and hackers that attempt to
access the network and inject any malicious code or malware to disrupt its working.
Some of the botnet attacks

Include:

a) Distributed Denial of Service (DDoS) attacks

b) Spreading spam emails
c) Stealing of confidential data

Botnets attacks are generally carried out against large—scale businesses and
organizations due to their huge data access. Through this attack, the hackers can
control many devices and compromise them for their evil motives.

Social Engineering Attacks

Social engineering is now a common tactic used by cybercriminals to gather

user‘s sensitive information.

Fig 1.2

- 10 -
 It may trick you by displaying attractive advertisements, prizes, huge offers,
and asking you to feed your personal and bank account details. All the information
you enter there is cloned and used for financial fraud, identity fraud, and so.

It is worth saying about the ZEUS virus that is active since 2007 and is being
used as a social engineering attack method to steal the victims‘ banking details. Along
with financial losses, Social engineering attacks can download other destructive
threats to the concerned system.

Cryptocurrency Hijacking

Cryptocurrency hijacking is the new addition to this cyber world.

Fig 1.3

As digital currency and mining are becoming popular, so it is among

cybercriminals. They have found their evil benefit to crypto—currency mining, which
involves complex computing to mine virtual currency like Bitcoin, Ethereum,
Monero, Litecoin, etc.

- 11 -
Cryptocurrency investors and traders are the soft targets for this attack’s

Cryptocurrency hijacking is also known as "Cryptojacking‖. It is a program

designed to inject mining codes silently into the system. Thus the hacker silently uses
the CPU, GPU, and power resources of the attacked system to mine for the
Cryptocurrency.

The technique is used to mine Monero coins particularly. As mining is a

complex process, it consumes most of the CPU resources, impacting the system's
performance. Also, it is done under all your expenses so that the victim may get a
huge electricity bill and internet bill. It also lessens the lifespan of the affected device.

Phishing

Phishing is a fraudulent action of sending spam emails by imitating to be from

any legitimate source.

Fig 1.4

Such mails have a strong subject line with attachments like an invoice, job
offers, big offers from reputable shipping services, or any important mail from higher
officials of the company.

- 12 -
The phishing scam attacks are the most common cyber-attacks that aim to steal
sensitive data like login credentials, credit card numbers, bank account information,
etc. To avoid this, you should learn more about phishing email campaigns and their
preventive measures. One can also use email filtering technologies to avoid this
attack. Along with these, 2019 will seek the potential in biometric attacks, Al attacks,
and loT attacks. Many companies and organizations are witnessing large—scale
cyber—attacks, and there is no stop for them. Despite the constant security analysis
and updates, the rise of cyber—threat is consistent. Thus, it is worth educating
yourself on the basics of cybersecurity and its implementations.

The key concept of Cyber Security?

Cyber Security is a very broad term but is based on three fundamental concepts
known as ―The CIA Triad".It consists of Confidentiality, Integrity, and Availability.
This model is designed to guide the organization with the policies of Cyber Security
in the realm of Information security.

Fig 1.5

- 13 -
Confidentiality

It defines the rules that limit access to information. Confidentiality takes on

the measures to restrict sensitive information from being accessed by cyber attackers
and hackers.

In an organization, people are allowed or denied access to information

according to its category by authorizing the right persons in a department. They are
also given proper training about the sharing of information and securing their
accounts with strong passwords.

They can change the way data is handled within an organization to ensure data
protection. There are various ways to ensure confidentiality, like two-factor
authentication, data encryption, data classification, biometric verification, and security
tokens.

Integrity

This assures that the data is consistent, accurate, and trustworthy over its time
period. It means that the data within the transit should not be changed, altered,
deleted, or illegally being accessed.

Proper measures should be taken in an organization to ensure its safety. File

permissions and user access control are the measures controlling the data breach.
Also, tools and technologies should be implemented to detect any change or a breach
in the data. Various organizations use a checksum and even cryptographic checksum
to verify the integrity of data.

To cope with data loss or accidental deletion, or even cyberattacks, regular backups
should be there. Cloud backups are now the most trusted solution for this.

- 14 -
Availability

Availability in terms of all necessary components like hardware, software,

networks, devices, and security equipment should be maintained and upgraded. This
will ensure the smooth functioning and access of Data without any disruption. Also,
providing constant communication between the components through providing
enough bandwidth.

Fig 1.6

It also involves opting for extra security equipment in case of any disaster or
bottlenecks. Utilities like firewalls, disaster recovery plans, proxy servers, and a
proper backup solution should ensure to cope with DOS attacks. For a successful
approach, it should go through multiple layers of security to ensure protection to
every constituent of Cyber Security. Particularly involving computers, hardware
systems, networks, software programs, and the shared data.

- 15 -
10 Cyber Security Measures

1. Get a VPN

VPN stands for "Virtual Private Network" and describes the opportunity to
establish a protected network connection when using public networks. VPNs encrypt
your internet traffic and disguise your online identity. This makes it more difficult for
third parties to track your activities online and steal data. The encryption takes place
in real time.

Any business with an internet connection can benefit from a VPN. The term
stands for Virtual Private Network, and it's another layer of security masking your
online activity from third parties: 30% of VPN users say they use it to access the
internet for their jobs.

Fig 1.7

VPNs essentially funnel your data and IP address through another secure
connection in between your own internet connection and the actual website or online
service that you need to access. It's most useful when you are connecting to any
public internet connection, like a coffee shop or an Airbnb. These connections are
famously unsecured and hackers can relatively easily use them to scoop up the private

- 16 -
Data of anyone who log onto them. With a VPN. Your new, secured connection will
separate the hacker from the data that they are hoping to steal.

There's one unavoidable downside: Funneling your internet aetivity through

another server (often in another country) will reduce your internet speed slightly. The
best VPNs will be secure, speedy, and inexpensive.

We have a guide to VPNs worth checking out if you plan to compare options.
Great standalone VPNs aimed at serving an entire workforce include PureVPN for
Teams and NordVPN Teams.

Fig 1.8

- 17 -
 2. Install Reliable Antivirus Software

"Malware" refers to any software designed with malicious intent. While viruses are a
specific type of malware that replicates itself within a computer until it has spread
through an entire system. Another type of malware is called ―spyware‖ and is
designed to remain hidden from sight, while collecting data on the business that it has
latched onto. Needless to say. You‘ll need to be protected from all these forms of
virtual warfare.

A good Reliable antivirus program is a basic must-have of any cyber security

system. Apart from that, anti-malware software is also an essential. They work as the
final frontier for defending unwanted attacks, should they get through your security
network. They work by detecting and removing virus and malware, adware and
spyware. They also scan through and filter out potentially harmful downloads and
emails scam or patch any bugs. You‗ll need to keep this software updated in orderto
stay safe from the latest.

Fig 1.9

- 18 -
 3. Use Complex Passwords

Almost every computer and Web-based application requires a key for

accessing it. Whether it is the answers to security questions or the passwords make
sure you create complex ones to make it difficult for hackers to crack them.

For answers to security questions, consider translating them into another

language using free online translations tools. This may make them unpredictable and
difficult to decipher, and less susceptible to social engineering.

Using space before and/or after your passwords is also a good idea to throw
the hacker off. That way, even if you write your password down, it would be safe as
only you would know that it also needs a space at the front/end. Using a combination
of upper and lower cases also helps, apart from using alphanumeric Characters and
symbols.

Fig 2.0

- 19 -
 4. Use Password Managers

So you're using dozens of unique. Complex, tough-to-remember passwords

when Logging into all your work software. This raises an entirely new issue: How can
you quickly and easily sign in when you have to take the time to recall and type out a
lengthy string of symbols every time? The answer is a good password management
tool.

Password managers will track your internet use. Automatically generating the
correct username, password, and even security question answers that you'll need to
log into any website or service. Users will just have to remember a single PIN or
master password in order access their vault of login information. Many tools also
support other benefits, like a password generator that guides users away from weak or
reused passwords.

We've ranked the top options in our extensive guide to password managers:
Last Pass is the top pick for, thanks to great features and pricing, plus a handy
browser plugin. Other great options include Password. for control and ease of use, as
well as Dash lane, which includes a unique perks like the ability to auto- save
receipts.

5. Protect with a Firewall

What separates a firewall from an antivirus program? Well, a firewall protects

hardware as well as software, making it a boon to any company with its own physical
servers. But a firewall also works by blocking or deterring viruses from entering your
network, while an antivirus works by targeting the software affected by a virus that
has already gotten through. They work well together, in other words.

- 20 -
 Putting tip a firewall aids in protecting a small business's network traffic –both
inbound and outbound. It can stop hackers from attacking your network by blocking
certain websites. It can also be programmed so that sending out proprietary data and
confidential emails from your company‘s network is restricted.

Just getting a firewall isn't enough: You'll also have to reguarly check that it's
equipped with the latest updates for software or firmware.

Top options include Bitdefender, Avast, and Norton, and many brands will
include a firewall in a package with other useful security offerings such as VPNs,
password managers, and automatic data backups on the cloud.

6. Install Encryption Software

If you deal with data pertaining to credit cards, bank accounts, and social security
numbers on a daily basis, it makes sense to have an encryption program in place.
Encryption keeps data safe by altering information on the computer into unreadable
codes.

Encryption is designed with a worst—case scenario in mind: Even if your data

does get stolen, it would be useless to the hacker as they wouldn't have the keys to
decrypt the data and decipher the information. That's a smart security feature in a
world where billions of records get exposed every month.

Top options here include Microsoft BitLocker, IBM Guardium, and Apple
FileVault -they‗re all high-quality, so just pick your favorite computer company and
get in touch for a free trial or demo of what they have to offer.

- 21 -
 7. Ignore Suspicious Emails

Sometimes the simplest security measures are the best: Make it a habit to never
open or reply to suspicious-looking emails, even if they appear to be from a known
sender. Even if you do open the email, do not click on suspicious links or download
attachments. Doing so may make you a victim of online financial and identity theft
through a "phishing" scam, a term that refers to a false message sent in order to bait
the victim into freely giving their login data to the scammer.

Phishing emails appear to come from trustworthy senders, such as a bank or

someone you may have done business with. Through it, the hacker attempts to acquire
your private and financial data like bank account details and credit card numbers.

For further security. Make sure you change your email password every 60 – 90
days. Additionally, refrain from using the same password for different email accounts
and never leave your password written down.

8. Limit Access to Critical Data

Keep the number of people with access to critical data to a minimum such as the
company‘s CEO. CIO, and a handful of trusted staff. This will minimize the fallout
from a data breach, should it occur, and further reduces the possibility of bad actors
from within your organization gaining unauthorized access to data.

Formulate a clear plan that mentions which individual has access to which sensitive
information for increased accountability, and communicate it to your entire team, so
that everyone is on the same page.

- 22 -
 9. Back Up Data Often

Your business should either manually back up all data to an external hard drive or
the cloud, or simply schedule automated backups to ensure that your information is
stored safely. That way, even if your systems are compromised. You still have your
information safe with you.

This feature is frequently baked into much software that handle sensitive data, but
it won't hurt to run an audit of all your business communications in order to ensure
that no single point of failure can erase months or years of historical data.

Fig 2.1

10. Secure Your Wi-Fi Network

Say goodbye to the WEP (or Wired Equivalent Privacy) network if you still use it and
switch to WPAZ (that's Wi-Fi Protected Access version 2) instead as the latter is
much more secure.

- 23 -
 WPA2 is an increasingly common standard for online security, so there‗s a
good chance you're already using it. However, some large businesses neglect
upgrading their infrastructure, and will need to make a concentrated effort to roll all
their operations over to a more secure network.

To protect your WI—Fl network from breaches by hackers, change the name of your
wireless access point or router, also called the Service Set identifier (SSlD). You can
also ensure that you use a complex Pie—shared KeylPSK) passphrase for additional
security.

2.5 ACTUAL RESOURCES USED:

Sr.no Name of Resources Specification Quantity Remark

01) Computer System Intel I3 1 -
Processor
With 4 Gb
Ram
03) Operating system Manjaro linix 1 -

2.6 OUTPUTS OF MICRO-PROJECT:

a) Use basic management principles to execute daily activities.

b) Use principles of planning and organizing for accomplishment of tasks.
c) Use principles of directing and controlling for implementing the plans.
d) Apply principles of safety management in all activities.

- 24 -
2.7 SKILL DEVELOPED/ LEARNING OUT OF THIS MICRO-
PROJECT:

a) Describe the safe procedural steps required to be taken to prevent the

given the type of accident.
b) State the general safety norms required to be taken in the given case.
c) Suggest preventive measures of plant activities in the given situation.

2.8 CONCLUSIONS:

Computer security is a vast topic that is becoming more important

because the world is becoming highly interconnected, with networks being used
to carry out critical transactions. Cybercrime continues to diverge down
different paths with each New Year that passes and so does the security of the
information. The latest and disruptive technologies, along with the new cyber
tools and threats that come to light each

.---------------------------------------------------

- 25 -