CRIMINOLOGY

CYBER CRIMINOLOGY & CYBER FORENSICS

Cyber Security

1
 MODULE 37 : CYBER SECURITY

Component - I - Personal Details

Role Name Affiliation

Principal Investigator
Paper Coordinator
Content Writer/Author(s)
Content Reviewer
Prof(Dr) G S Bajpai Registrar
National Law University
Delhi
Prof(Dr) K. Jaishankar Professor and Head,
Department of Criminology,
Raksha Shakti University,
Ahmedabad, Gujarat
Prof(Dr) Priyanka Sharma Professor and Head,
Department of Information
Technology and
Telecommunications, Raksha
Shakti University,
Ahmedabad, Gujarat
Prof(Dr) K. Jaishankar Professor and Head,
Department of Criminology,
Raksha Shakti University,
Ahmedabad, Gujarat

Component - I (B) Description of Module

Description of Module
Subject Name Criminology
Paper Name Cyber Criminology and Cyber Forensics
Module No. 37
Module Name/Title Cyber Security
Pre-requisites Computers, Network, Network layers & protocols,
Internet.
Objectives  To understand countermeasures of cyber crime.
 To understanding working of Authentication,
Firewalls, Instruction Detection Prevention
System.
Keywords Cyber crime, Cyber security.

2
Table of Contents

1. Introduction
2. Cyber security
3. Security Attacks
4. Firewalls
5. Intrusion Detection Systems
6. Summary and Conclusion

Learning Outcomes
After the completion of this module, you will be able to:
 To understand countermeasures of cyber crime
 To understanding working of Authentication, Firewalls, Instruction Detection
Prevention System

3
 Cyber Security
1. Introduction
Advancements in field of Information Technology (IT) has great impact on day to
day human life, business and trading, Health services, Banking services, education, tourism,
agriculture, social integration and all aspects of society. With the growing popularity and easy
availability of the Internet services, a virtual world has been created and that connected
people and markets like in real world. However, as real world faces challenges of crime
similarly, hyper connected world has its own threats and risks. These kind of attacks are
sourced from various origins intending to target person, businesses/corporate, Govt.
organization, national infrastructure etc. which may adversely affect society, security
of nation and the overall growth and economy. Cyber crime is latest crime happening all over
world making computer victim and target at the same time. To detect and prevent cyber
crimes, Cyber Security measures and proper implementation of Cyber Law may reduce cyber
crimes like Hacking, online scams, impersonation, unauthorized access etc. This module
deals with Cyber Security.

2. Cyber Security
"Cyber security is the collection of tools, policies, security concepts, security
safeguards, guidelines, risk management approaches, actions, training, best practices,
assurance and technologies that can be used to protect the cyber environment and
organization and user's assets. Organization and user's assets include connected computing
devices, personnel, infrastructure, applications, services, telecommunications systems, and the
totality of transmitted and/or stored information in the cyber environment. Cyber security
strives to ensure the attainment and maintenance of the security properties of the organization
and user's assets against relevant security risks in the cyber environment".”
ITU-T X.805 defines seven security dimensions which protect against all major
security threats.
A. Access control
B. Availability
C. Authentication
D. Communication security
E. Data confidentiality
F. Integrity
G. Non repudiation

4
2.1. Key Security Concepts
Confidentiality: A loss of confidentiality is the unauthorized disclosure of
information is known as confidentiality. In it, authorized restrictions on information access
are reserved and disclosed confidentiality also refers for securing personal privacy and its
information.
Integrity: Integrity means securing the data from improper alteration of information
or its devastation. It also ensures the non- repudiation of information and authenticity.
Availability: Availability of data means it is available all the time and must be
reliable to use the information. Availability ensures the absence of disruption which is a loss
of availability not able to access the information.

2.2. Security Threats

 "Interruption" is a type of attack on availability.
 "Modification" is a type of attack on integrity.
 "Interception" is a type of attack on confidentiality.
 "Fabrication" is a type of attack on authenticity.

5
3. Security Attacks
There are several types of Attacks and they are classified as passive and active
security attacks.

3.1. Passive attacks

Passive attacks are way of attack in which attacker try to get information from any
system in such a way that it does not affect system resources. There are several category of
attack which comes under passive attacks like eavesdropping and monitoring of message.
Access content of message and monitoring of traffic flows comes under it. These types of
attack are difficult to detect as they are not involve in alteration of data.

6
3.2. Active Attacks
These types of attacks are different from passive attacks, such types of attack attempt
to alter system resources or affect the original operation. In it attacker can modify the data
stream by masquerading someone's entity and can replay of messages or modify the messages
in reply. Using active attacks the attacker can start denial of service.

7
4. Firewall
A firewall act as a security system for network which monitors and controls the all
incoming and outgoing network traffic flow through it of an organization. A firewall work on
predetermined security rules to block the unwanted and malicious packets based on security
measures.
 A firewall act a gatekeeper to control and monitoring the packets.
 It connects several different networks having differing trust levels.
 It applies boundaries with limitation on network services i.e. it only allow authorized
traffic to pass through it.
 It is used to auditing the network and control the access
 It can be use to implement alarms when there is any abnormal behavior occurs in
network
 It provide Network Address Translation and usage of monitoring
 It is implemented in Virtual Private Networks with IPSec
 A firewall act as a codegate which work as an interface between two networks, one is
the trusted which is secure internal network and another one is the unsecured
internet.
 Firewalls are of two types: software firewall & hardware firewall. Software firewall
has the basic functionality but hardware-based firewalls offer several other
functionality to protect the internal network, i.e. providing functionality of DHCP
server for the network.

8
4.1. Firewall Limitation
 Firewall basically is to block the unauthorized access but it cannot protect from
attacks which can bypass it.
 Firewall is not able to protect the network from the internal threats
o E.g. disgruntled or colluding employees
 It is not able to protect from attacker using connection via WLAN
o If improperly secured against external use
 It is not so intelligent to protect the network from malware if it is enter through
laptop, Pen drive or any other storage which is infected from malwares.

4.2. Firewall-Packet Filter

 It is the simplest firewall component.
 It is the fastest firewall component.
 Packet filter firewall is the basis of each and every firewall system.
 It examines each and every IP packet passing through it and either permit it or deny it
according to predetermined rules.
 It doesn't allow the connection to access the ports.
 There are several already made inbuilt default policies

9
4.3. Attacks on Packet Filters
 The IP address of a packet can be spoofed by the attacker. The attacker can add filters
on routers to block the genuine access and by trust the fake source addresses.
 The attacker can change the previous route according to its need by source routing
attacks. Even it can block routed packets which can hold the attack.
 The attacker can split the packet into tiny fragment attacks. The attacker can split the
header info of a packet into several tiny packets.

4.4. Firewalls State full Packet Filters

 Previously traditional packet filters are not capable to check the context of higher
layer. So there is a need of State full packet filters.
 State full packet filter are able to inspect every single IP packet passing through it and
keep track of each and every session between server and client.
 State full packet filters are capable to notice about the bogus packets

4.5. Firewalls - Application Level Gateway (or Proxy)

 It is an application precise gateway or proxy and has full access to the protocol.
o User can send its requests using different services from proxy.
o It is the responsibility of proxy to validate the request whether it is legal or
not.
o After checking the request, actions are required to returns result to the user.
o It is able to save the log or audit traffic generated at application level.

10
4.6. Personal Firewalls
 Personal firewall is used between PC/workstation network/internet. It generally
controls the traffic existing in these networks.
 It is a type of software module installed on personal computer which is present either
office or home etc.
 It is easy to handle and less complex compare than other types of firewall.
 Its primary responsibility is to stop the unauthorized access try to get remotely.
 It also monitors outgoing activity for connection.

11
5. Intrusion Detection Systems (IDS)
 Intrusion detection is a process in a computer system or a network is monitored for its
all events and the traffic is analyzed for the presence of artifacts of any intrusions.
 IDS is a kind of software which automates the process of intrusion detection.
Detecting unauthorized, unwanted and malicious activities are the basic responsibility
of Intrusion Detection System.

5.1. Intrusion Detection Prevention Systems

 “Intrusion prevention system (IPS): is software which have the capabilities of an IDS
and it can also attempt to stop possible incidents which are” malicious by nature.
 It is “not a new technology;” it is “simply an evolved version of” Intrusion Detection
System.
 The combination of IPS with IDSs improves the firewall capability which enable it
can take decision of access control which are based on application level contents.
 There are several types of intrusions, such as virus, worms, Trojan etc. using these,
the attackers gain unauthorized access to systems and which enable them to act as an
“authorized users of systems.”

12
5.2. Responsibility of all types of IDPSs
 In Enterprises all the information is recorded locally daily, and this recorded data is
send to systems which are separated centralized logging servers keeping.
 There are notifications to know “as an alert” either in “the form of audible” signal, e-
mail or in the form of log entries. That notification message alert is about the
unauthorized try to access the system or network.
 Reports generated are summarized and the events details of particular event of
interest are monitored.
 An Intrusion Detection Prevention System also change or modify the settings for the
type of incident and it gives the alarm of intrusion.
 Intrusion Prevention Systems responds respective to the detection of threat and stop
it.

5.3. Different types of detection methodologies

5.3. a. Signature-based:
 It is a signature based detection methodology which only compares previously known
signatures of threats to the newly occurred events.
 This type of technique is very effective to detect the known threats but largely
ineffective when it have to detect unknown attacks signature.
 It is not able to follow the attack and even not able to understand the complex codes
in the events of the intrusion.

5.3.b. Anomaly based detection:

 Anomaly based detection technique take sample from the network activity which is
compare with the traffic of the network
 If there is an action which is exterior the predefined parameters or threshold level
then the Intrusion Detection Prevention System will trigger an alarm.
 This detection technique can detect new types of attack which are not recorded
previously.
 It requires more processing power and capacity to analyze and securing the network
than signature based.
 Several false positive may be generated by it.

13
5.3. c. Stateful protocol analysis:
 It is a type of analyzer which analyze the protocol and it is a key in development of
IDPS technologies.
 Protocol analyzers decode the application layer protocols i.e., HTTP or FTP. After
the decoding of the protocols, engine is analyzed by the IPS and it evaluates diverse
parts of the protocol for malicious activity.
 There are certain problems that it is generally very tricky or impracticable of
development of such accurate model of protocols. These types of modes are source
rigorous.

5.4. Types of IDPSs

 Network-based IDPS execute the sniffing of packets and examine it for the malicious
activity in network traffic. They work basically as network firewall. They accept the
packets, then they analyze packets for any intrusion and decide whether they are
permitted to pass through or have to block.
 Previously known patterns of some attacks like virus, worms, e-mail attacks and
borne worms are easily identifiable characteristics.
 Network-based firewall are capable to detect and resist some new and unfamiliar
threats which are new for it with the help of analysis of application level protocol
 Some IDPS give facility to the administrators to make and deploy the attack
signatures for new malware and some other threats. However, sometimes it
inadequately creates signature gives false positives which even block the benign
activity.
 Network-based products have some disadvantages that they not able to mitigate
malicious code such as ransomware and Trojans.

6. Summary and Conclusion

Presence of crime is human society is observed since inception of social structure.
However, the techniques and patterns of crimes are changing constantly. Cyber crime is latest
crime happening all over world making computer victim and target at the same time. Trends
in cyber crime like ransomware, hacking, image manipulation, financial crimes etc are
increasing day by day. Cyber Security has become the norm of the day and cyber crimes can
be prevented by means of authentication, techniques and tools like firewalls, IDS and finally
cyber awareness including that of cyber law.

14
References
Cyber Security, Nina Godbole, Sunit Belapure, Wiley Publishers 2015.
Cyber Security, Challenges & Opportunities in 21st Century, Mohit Publctions, 2014.
Cyber Crime & Cyber Law, Serials Publication, 2011.
Cyber Laws , C.K. Punai, Sumit Enterprise, 2009.

15