Professional Documents
Culture Documents
EDUCATION,MUMBAI
A
Micro-Project Report
On
“Study of measures to be taken for ensuring cyber
security.”
SUBMITED BY
Sirse Suraj Uttam
Shaikh Mohmad Samad
Abdul Rahman Khan
Mirza Munawar Baig
GUIDED BY
“Mr.GILL C.S”
Sincerely
-1-
Maharashtra State Board of Technical Education
Mumbai
Certificate
CERTIFIED THAT THE MICRO-PROJECT REPORT ENTITLED
-2-
EVALUATION SHEET FOR THE MICRO PROJECT
security.”
CO’s addressed by the Micro Project:
-3-
INDEX
01 Acknowledgement 1
02 Certificate 2
03 Evaluation sheet 3
04 PART-A 5
05 Brief introduction 5
07 Resources required 5
08 PART-B 6
09 Brief description 6
10 Aim of micro-project 7
11 Course outcome integration 7
14 Outputs of micro-project 25
15 Skill developed 25
16 Conclusions 25
-4-
PART-A
In recent years, the Cyber Security is most important challenge which plays most
important role and must require in digital era where cybercrime become so frequent.
Cyber security is all about to stop cyber-crime. Cyber security is must and we have to
know about all safety measures required to stop cybercrime. This paper gives details
information about cyber security and its safety measure. Also we will discuss about
the activities related to it and how actually cybercrime happens and all steps taken by
the various organization and Government to have cyber ethics everywhere. Cyber
security provides protection against the cybercrime and teaches us what essential
safety measures one need to follow from all cybercrimes. Securing online information
is priority where everyone is involved with technology. Whenever anyone talked
about cyber security, straight one thing comes in mind that is cybercrime and what
safety measures need to take to be safe from it.
a) Describe the safe procedural steps required to be taken to prevent the given the
type of accident.
b) State the general safety norms required to be taken in the given case.
c) Suggest preventive measures of plant activities in the given situation.
-5-
PART-B
Attackers are now using more sophisticated techniques to target the systems.
Individuals, small—scale businesses, or large organizations are all being impacted.
So, all these firms, whether IT or non—IT firms, have understood the importance of
Cyber Security and focusing on adopting all possible measures to deal with cyber
threats.
With the game up for cyber threats and hackers, organizations and their
employees should take a step ahead to deal with them. As we like to connect
everything to the internet, this also increases the chances of vulnerabilities, breaches,
and flows. Gone are the days when passwords were enough to protect the system and
its data. We all want to protect our personal and professional data, and thus Cyber
Security is what you should know to ensure data protection.
-6-
The attacks are now becoming more innovative and sophisticated that can
disrupt the security and hacking systems. So it‘s very challenging for every business
and security analyst to overcome this challenge and fight back with these attacks.
To understand the need for Cyber Security measures and their practices, let's
have a quick look at the types of threats and attacks.
a) Describe the safe procedural steps required to be taken to prevent the given the
type of accident.
b) State the general safety norms required to be taken in the given case.
c) Suggest preventive measures of plant activities in the given situation.
-7-
2.4 ACTUAL PROCEDURE FOLLOWED:-
The attacks are now becoming more innovative and sophisticated that can
disrupt the security and hacking systems. So it‘s very challenging for every business
and security analyst to overcome this challenge and fight back with these attacks.
To understand the need for Cyber Security measures and their practices, let's
have a quick look at the types of threats and attacks.
Ransomware
-8-
Fig 1.0
The authors of the Ransomware threat generate a unique decryption key for
each of its victims and save it on a remote server. Thus, users cannot access their files
by any application.
Botnets Attacks
Botnets were initially designed to carry out specific tasks within a group.
Fig 1.1
-9-
It is defined as a network or group of devices connected with the same network to
execute a task. But this is now being used by bad actors and hackers that attempt to
access the network and inject any malicious code or malware to disrupt its working.
Some of the botnet attacks
Include:
Botnets attacks are generally carried out against large—scale businesses and
organizations due to their huge data access. Through this attack, the hackers can
control many devices and compromise them for their evil motives.
Fig 1.2
- 10 -
It may trick you by displaying attractive advertisements, prizes, huge offers,
and asking you to feed your personal and bank account details. All the information
you enter there is cloned and used for financial fraud, identity fraud, and so.
It is worth saying about the ZEUS virus that is active since 2007 and is being
used as a social engineering attack method to steal the victims‘ banking details. Along
with financial losses, Social engineering attacks can download other destructive
threats to the concerned system.
Cryptocurrency Hijacking
Fig 1.3
- 11 -
Cryptocurrency investors and traders are the soft targets for this attack’s
Phishing
Fig 1.4
Such mails have a strong subject line with attachments like an invoice, job
offers, big offers from reputable shipping services, or any important mail from higher
officials of the company.
- 12 -
The phishing scam attacks are the most common cyber-attacks that aim to steal
sensitive data like login credentials, credit card numbers, bank account information,
etc. To avoid this, you should learn more about phishing email campaigns and their
preventive measures. One can also use email filtering technologies to avoid this
attack. Along with these, 2019 will seek the potential in biometric attacks, Al attacks,
and loT attacks. Many companies and organizations are witnessing large—scale
cyber—attacks, and there is no stop for them. Despite the constant security analysis
and updates, the rise of cyber—threat is consistent. Thus, it is worth educating
yourself on the basics of cybersecurity and its implementations.
Cyber Security is a very broad term but is based on three fundamental concepts
known as ―The CIA Triad".It consists of Confidentiality, Integrity, and Availability.
This model is designed to guide the organization with the policies of Cyber Security
in the realm of Information security.
Fig 1.5
- 13 -
Confidentiality
They can change the way data is handled within an organization to ensure data
protection. There are various ways to ensure confidentiality, like two-factor
authentication, data encryption, data classification, biometric verification, and security
tokens.
Integrity
This assures that the data is consistent, accurate, and trustworthy over its time
period. It means that the data within the transit should not be changed, altered,
deleted, or illegally being accessed.
To cope with data loss or accidental deletion, or even cyberattacks, regular backups
should be there. Cloud backups are now the most trusted solution for this.
- 14 -
Availability
Fig 1.6
It also involves opting for extra security equipment in case of any disaster or
bottlenecks. Utilities like firewalls, disaster recovery plans, proxy servers, and a
proper backup solution should ensure to cope with DOS attacks. For a successful
approach, it should go through multiple layers of security to ensure protection to
every constituent of Cyber Security. Particularly involving computers, hardware
systems, networks, software programs, and the shared data.
- 15 -
10 Cyber Security Measures
1. Get a VPN
VPN stands for "Virtual Private Network" and describes the opportunity to
establish a protected network connection when using public networks. VPNs encrypt
your internet traffic and disguise your online identity. This makes it more difficult for
third parties to track your activities online and steal data. The encryption takes place
in real time.
Any business with an internet connection can benefit from a VPN. The term
stands for Virtual Private Network, and it's another layer of security masking your
online activity from third parties: 30% of VPN users say they use it to access the
internet for their jobs.
Fig 1.7
VPNs essentially funnel your data and IP address through another secure
connection in between your own internet connection and the actual website or online
service that you need to access. It's most useful when you are connecting to any
public internet connection, like a coffee shop or an Airbnb. These connections are
famously unsecured and hackers can relatively easily use them to scoop up the private
- 16 -
Data of anyone who log onto them. With a VPN. Your new, secured connection will
separate the hacker from the data that they are hoping to steal.
We have a guide to VPNs worth checking out if you plan to compare options.
Great standalone VPNs aimed at serving an entire workforce include PureVPN for
Teams and NordVPN Teams.
Fig 1.8
- 17 -
2. Install Reliable Antivirus Software
"Malware" refers to any software designed with malicious intent. While viruses are a
specific type of malware that replicates itself within a computer until it has spread
through an entire system. Another type of malware is called ―spyware‖ and is
designed to remain hidden from sight, while collecting data on the business that it has
latched onto. Needless to say. You‘ll need to be protected from all these forms of
virtual warfare.
Fig 1.9
- 18 -
3. Use Complex Passwords
Using space before and/or after your passwords is also a good idea to throw
the hacker off. That way, even if you write your password down, it would be safe as
only you would know that it also needs a space at the front/end. Using a combination
of upper and lower cases also helps, apart from using alphanumeric Characters and
symbols.
Fig 2.0
- 19 -
4. Use Password Managers
Password managers will track your internet use. Automatically generating the
correct username, password, and even security question answers that you'll need to
log into any website or service. Users will just have to remember a single PIN or
master password in order access their vault of login information. Many tools also
support other benefits, like a password generator that guides users away from weak or
reused passwords.
We've ranked the top options in our extensive guide to password managers:
Last Pass is the top pick for, thanks to great features and pricing, plus a handy
browser plugin. Other great options include Password. for control and ease of use, as
well as Dash lane, which includes a unique perks like the ability to auto- save
receipts.
- 20 -
Putting tip a firewall aids in protecting a small business's network traffic –both
inbound and outbound. It can stop hackers from attacking your network by blocking
certain websites. It can also be programmed so that sending out proprietary data and
confidential emails from your company‘s network is restricted.
Just getting a firewall isn't enough: You'll also have to reguarly check that it's
equipped with the latest updates for software or firmware.
Top options include Bitdefender, Avast, and Norton, and many brands will
include a firewall in a package with other useful security offerings such as VPNs,
password managers, and automatic data backups on the cloud.
If you deal with data pertaining to credit cards, bank accounts, and social security
numbers on a daily basis, it makes sense to have an encryption program in place.
Encryption keeps data safe by altering information on the computer into unreadable
codes.
Top options here include Microsoft BitLocker, IBM Guardium, and Apple
FileVault -they‗re all high-quality, so just pick your favorite computer company and
get in touch for a free trial or demo of what they have to offer.
- 21 -
7. Ignore Suspicious Emails
Sometimes the simplest security measures are the best: Make it a habit to never
open or reply to suspicious-looking emails, even if they appear to be from a known
sender. Even if you do open the email, do not click on suspicious links or download
attachments. Doing so may make you a victim of online financial and identity theft
through a "phishing" scam, a term that refers to a false message sent in order to bait
the victim into freely giving their login data to the scammer.
For further security. Make sure you change your email password every 60 – 90
days. Additionally, refrain from using the same password for different email accounts
and never leave your password written down.
Keep the number of people with access to critical data to a minimum such as the
company‘s CEO. CIO, and a handful of trusted staff. This will minimize the fallout
from a data breach, should it occur, and further reduces the possibility of bad actors
from within your organization gaining unauthorized access to data.
Formulate a clear plan that mentions which individual has access to which sensitive
information for increased accountability, and communicate it to your entire team, so
that everyone is on the same page.
- 22 -
9. Back Up Data Often
Your business should either manually back up all data to an external hard drive or
the cloud, or simply schedule automated backups to ensure that your information is
stored safely. That way, even if your systems are compromised. You still have your
information safe with you.
This feature is frequently baked into much software that handle sensitive data, but
it won't hurt to run an audit of all your business communications in order to ensure
that no single point of failure can erase months or years of historical data.
Fig 2.1
Say goodbye to the WEP (or Wired Equivalent Privacy) network if you still use it and
switch to WPAZ (that's Wi-Fi Protected Access version 2) instead as the latter is
much more secure.
- 23 -
WPA2 is an increasingly common standard for online security, so there‗s a
good chance you're already using it. However, some large businesses neglect
upgrading their infrastructure, and will need to make a concentrated effort to roll all
their operations over to a more secure network.
To protect your WI—Fl network from breaches by hackers, change the name of your
wireless access point or router, also called the Service Set identifier (SSlD). You can
also ensure that you use a complex Pie—shared KeylPSK) passphrase for additional
security.
- 24 -
2.7 SKILL DEVELOPED/ LEARNING OUT OF THIS MICRO-
PROJECT:
2.8 CONCLUSIONS:
.---------------------------------------------------
- 25 -