Professional Documents
Culture Documents
1520939586E Text CyberSecurity
1520939586E Text CyberSecurity
1
MODULE 37 : CYBER SECURITY
Description of Module
Subject Name Criminology
Paper Name Cyber Criminology and Cyber Forensics
Module No. 37
Module Name/Title Cyber Security
Pre-requisites Computers, Network, Network layers & protocols,
Internet.
Objectives To understand countermeasures of cyber crime.
To understanding working of Authentication,
Firewalls, Instruction Detection Prevention
System.
Keywords Cyber crime, Cyber security.
2
Table of Contents
1. Introduction
2. Cyber security
3. Security Attacks
4. Firewalls
5. Intrusion Detection Systems
6. Summary and Conclusion
Learning Outcomes
After the completion of this module, you will be able to:
To understand countermeasures of cyber crime
To understanding working of Authentication, Firewalls, Instruction Detection
Prevention System
3
Cyber Security
1. Introduction
Advancements in field of Information Technology (IT) has great impact on day to
day human life, business and trading, Health services, Banking services, education, tourism,
agriculture, social integration and all aspects of society. With the growing popularity and easy
availability of the Internet services, a virtual world has been created and that connected
people and markets like in real world. However, as real world faces challenges of crime
similarly, hyper connected world has its own threats and risks. These kind of attacks are
sourced from various origins intending to target person, businesses/corporate, Govt.
organization, national infrastructure etc. which may adversely affect society, security
of nation and the overall growth and economy. Cyber crime is latest crime happening all over
world making computer victim and target at the same time. To detect and prevent cyber
crimes, Cyber Security measures and proper implementation of Cyber Law may reduce cyber
crimes like Hacking, online scams, impersonation, unauthorized access etc. This module
deals with Cyber Security.
2. Cyber Security
"Cyber security is the collection of tools, policies, security concepts, security
safeguards, guidelines, risk management approaches, actions, training, best practices,
assurance and technologies that can be used to protect the cyber environment and
organization and user's assets. Organization and user's assets include connected computing
devices, personnel, infrastructure, applications, services, telecommunications systems, and the
totality of transmitted and/or stored information in the cyber environment. Cyber security
strives to ensure the attainment and maintenance of the security properties of the organization
and user's assets against relevant security risks in the cyber environment".”
ITU-T X.805 defines seven security dimensions which protect against all major
security threats.
A. Access control
B. Availability
C. Authentication
D. Communication security
E. Data confidentiality
F. Integrity
G. Non repudiation
4
2.1. Key Security Concepts
Confidentiality: A loss of confidentiality is the unauthorized disclosure of
information is known as confidentiality. In it, authorized restrictions on information access
are reserved and disclosed confidentiality also refers for securing personal privacy and its
information.
Integrity: Integrity means securing the data from improper alteration of information
or its devastation. It also ensures the non- repudiation of information and authenticity.
Availability: Availability of data means it is available all the time and must be
reliable to use the information. Availability ensures the absence of disruption which is a loss
of availability not able to access the information.
5
3. Security Attacks
There are several types of Attacks and they are classified as passive and active
security attacks.
6
3.2. Active Attacks
These types of attacks are different from passive attacks, such types of attack attempt
to alter system resources or affect the original operation. In it attacker can modify the data
stream by masquerading someone's entity and can replay of messages or modify the messages
in reply. Using active attacks the attacker can start denial of service.
7
4. Firewall
A firewall act as a security system for network which monitors and controls the all
incoming and outgoing network traffic flow through it of an organization. A firewall work on
predetermined security rules to block the unwanted and malicious packets based on security
measures.
A firewall act a gatekeeper to control and monitoring the packets.
It connects several different networks having differing trust levels.
It applies boundaries with limitation on network services i.e. it only allow authorized
traffic to pass through it.
It is used to auditing the network and control the access
It can be use to implement alarms when there is any abnormal behavior occurs in
network
It provide Network Address Translation and usage of monitoring
It is implemented in Virtual Private Networks with IPSec
A firewall act as a codegate which work as an interface between two networks, one is
the trusted which is secure internal network and another one is the unsecured
internet.
Firewalls are of two types: software firewall & hardware firewall. Software firewall
has the basic functionality but hardware-based firewalls offer several other
functionality to protect the internal network, i.e. providing functionality of DHCP
server for the network.
8
4.1. Firewall Limitation
Firewall basically is to block the unauthorized access but it cannot protect from
attacks which can bypass it.
Firewall is not able to protect the network from the internal threats
o E.g. disgruntled or colluding employees
It is not able to protect from attacker using connection via WLAN
o If improperly secured against external use
It is not so intelligent to protect the network from malware if it is enter through
laptop, Pen drive or any other storage which is infected from malwares.
9
4.3. Attacks on Packet Filters
The IP address of a packet can be spoofed by the attacker. The attacker can add filters
on routers to block the genuine access and by trust the fake source addresses.
The attacker can change the previous route according to its need by source routing
attacks. Even it can block routed packets which can hold the attack.
The attacker can split the packet into tiny fragment attacks. The attacker can split the
header info of a packet into several tiny packets.
10
4.6. Personal Firewalls
Personal firewall is used between PC/workstation network/internet. It generally
controls the traffic existing in these networks.
It is a type of software module installed on personal computer which is present either
office or home etc.
It is easy to handle and less complex compare than other types of firewall.
Its primary responsibility is to stop the unauthorized access try to get remotely.
It also monitors outgoing activity for connection.
11
5. Intrusion Detection Systems (IDS)
Intrusion detection is a process in a computer system or a network is monitored for its
all events and the traffic is analyzed for the presence of artifacts of any intrusions.
IDS is a kind of software which automates the process of intrusion detection.
Detecting unauthorized, unwanted and malicious activities are the basic responsibility
of Intrusion Detection System.
12
5.2. Responsibility of all types of IDPSs
In Enterprises all the information is recorded locally daily, and this recorded data is
send to systems which are separated centralized logging servers keeping.
There are notifications to know “as an alert” either in “the form of audible” signal, e-
mail or in the form of log entries. That notification message alert is about the
unauthorized try to access the system or network.
Reports generated are summarized and the events details of particular event of
interest are monitored.
An Intrusion Detection Prevention System also change or modify the settings for the
type of incident and it gives the alarm of intrusion.
Intrusion Prevention Systems responds respective to the detection of threat and stop
it.
5.3. a. Signature-based:
It is a signature based detection methodology which only compares previously known
signatures of threats to the newly occurred events.
This type of technique is very effective to detect the known threats but largely
ineffective when it have to detect unknown attacks signature.
It is not able to follow the attack and even not able to understand the complex codes
in the events of the intrusion.
13
5.3. c. Stateful protocol analysis:
It is a type of analyzer which analyze the protocol and it is a key in development of
IDPS technologies.
Protocol analyzers decode the application layer protocols i.e., HTTP or FTP. After
the decoding of the protocols, engine is analyzed by the IPS and it evaluates diverse
parts of the protocol for malicious activity.
There are certain problems that it is generally very tricky or impracticable of
development of such accurate model of protocols. These types of modes are source
rigorous.
14
References
Cyber Security, Nina Godbole, Sunit Belapure, Wiley Publishers 2015.
Cyber Security, Challenges & Opportunities in 21st Century, Mohit Publctions, 2014.
Cyber Crime & Cyber Law, Serials Publication, 2011.
Cyber Laws , C.K. Punai, Sumit Enterprise, 2009.
15