2. Course Objective
• To make student know, the essentials of
computer security, also to provide the basic
knowledge of security issues.
• To make students know, different type of security
algorithm, which includes a set of protocol and its
implementation.
• To make students know, the authorization and
authentication in security system.
• To make students know, the general principles of
IP based web security standards.
2
3. Course Outcomes
• The students will be able to understand the structure
and organization of computer security and cyber
crimes.
• The students will have basic understanding of security
techniques and function.
• The students will have in depth understanding of
network security algorithm.
• The students will be able to understand the basic
concepts of security threats.
• The students will be able to understand the basic
concepts of firewalls; including authentication,
integrity, and system security design challenges.
3
4. Table of Contents
S. No Topic Slide No.
1 Survey in Cyber Crime 6
2 Cyber Crime 7
3 Hackers 8
4 Principles of Security 9 – 14
5 Types of Attack 15 – 18
6 Computer Viruses 19
7 Phishing 20
8 Spoofing 21
9 Phone Phishing 22
4
5. Table of Contents
No Topic Slide No.
10 Internet Pharming 23
11 Investment Newsletter 24
12 Credit Card Fraud 25
13 IT Act. 2000 26 – 27
14 Security Tips 28 – 29
15 Text and Reference Book 30
5
6. Survey in Cyber Crime
• As per the study, during 2011, 2012, 2013 and
2014 years, a total number of cyber crimes
registered were 13,301, 22,060 71,780 and
62,189.
• Currently, the cyber crimes in India is nearly
around 1,49,254 and may likely to cross the
3,00,000 by 2016 growing at compounded annual
growth rate (CAGR) of about 107 per cent.
• As per the findings, every month nearly 12,456
cases registered in India.
6
7. Cyber Crime
Cyber Crime could be any unlawful act where
computer was used as a tool or target or both.
Cyber terrorists usually use the computer as a
tool, target, or both for their unlawful act
either to gain information which can result in
heavy loss/damage to the owner of that
intangible sensitive information.
7
8. Hackers
Hacker is computer expert who uses his
knowledge to gain unauthorized access to the
computer network. He’s not any person who
intends to break through the system but also
includes one who has no intent to damage the
system but intends to learn more by using
one’s computer.
8
9. Principles of Security
• Confiedentiality
Sender A sends a secret message to receiver B.
Interception cause loss of message confidentiality.
9
10. Principles of Security
• Authentication
The authentication process ensures that the origin of a
electronic message or document is correctly identified.
“Proof of identity”.
Fabrication is possible in absence of proper
authentication.
10
11. • Integrity
When the contents of a message are changed after the
sender sends it, but before it reaches the intended
recipients, the integrity of the message is lost.
Modification causes loss of message integrity.
11
Principles of Security
13. • Availibility
The principle of availability states that resources should
be available to authorized parties at all times.
Interruption puts the availability of resource in danger.
13
Principles of Security
14. Principles of Security
• Access Control
The principle of access control determines “who”
should be able to access “what”.
Access control specifies and control who can
access what.
14
16. Types of Attack
• Fraud
It includes manipulation of electronic currency,
credit cards, electronic stock certificates, checks
letters of credit, purchase order, ATM, etc.
• Scams
Various forms of scams includes sale of service,
auction, multi-level marketing scheme, general
merchandise and business opportunities, etc.
People are enticed to send money in return to
great profit.
16
17. Types of Attack
• Destruction
Grudge is the main motive of such kind of attack. Unhappy
employee attack their own organization, Terrorists strike, etc.
Yahoo!, CNN, eBay, Buy.com, amazon.com where authorised
users of these sites failed to log in or access these sites.
• Identity Theft
“Why steal from someone when you can just become
that person?”
It is easier to manage to get the password of someone else’s
bank account until it gets detected.
17
18. Types of Attack
• Intellectual Property Theft
It ranges from stealing companies’ trade secrets,
databases, digital music and videos, electronic
documents, and books software and so on.
• Brand theft
Fake Web sites that look like real Web sites.
Causing an identity theft.
18
19. A) Computer Viruses
Viruses are used by Hackers to infect the user’s
computer and damage data saved on the computer.
Person would be liable under I.T Act only when the
consent of the owner is not taken before inserting
virus in his system.
19
Methods of Attacks
20. B) Phishing
By using e-mail messages which completely
resembles the original mail messages of
customers, hackers can ask for verification of
certain information, like account numbers or
passwords etc. here customer might not have
knowledge that the e-mail messages are
deceiving and would fail to identify the originality
of the messages, this results in huge financial loss
when the hackers use that information for
fraudulent acts like withdrawing money from
customers account without him having
knowledge of it.
20
21. C) Spoofing
This is carried on by use of deceiving Websites
or e-mails. These sources mimic the original
websites so well by use of logos, names,
graphics and even the code of real bank’s site.
21
22. D) Phone Phishing
Is done by use of in-voice messages by the
hackers where the customers are asked to
reveal their account identification, and
passwords to file a complaint for any problems
regarding their accounts with banks etc.
22
23. E) Internet Pharming
Hacker here aims at redirecting
the website used by the
customer to another bogus
website by hijacking the victim’s
DNS server (they are computers
responsible for resolving internet
names into real addresses -
“signposts of internet), and
changing his I.P address to fake
website by manipulating DNS
server. This redirects user’s
original website to a false
misleading website to gain
unauthorised information.
23
24. (F) Investment Newsletter
We usually get newsletter providing us free
information recommending that investment in
which field would be profitable. These may
sometimes be a fraud and may cause us huge
loss if relied upon. False information can be
spread by this method about any company
and can cause huge inconvenience or loss
through junk mails online.
24
25. (H) Credit Card Fraud
Huge loss may cause to the victim due to this
kind of fraud. This is done by publishing false
digital signatures. Most of the people lose
credit cards on the way of delivery to the
recipient or its damaged or defective,
misrepresented etc.
25
27. Noteworthy Provisions Under The
Information Technology Act, 2000.
No Act Punishment
1 Sec.43 Damage to Computer system etc. Compensation for Rupees 1crore.
2 Sec.66 Hacking (with intent or knowledge) Fine of 2 lakh rupees, and
imprisonment for 3 years.
3 Sec.67 Publication of obscene material in e-form Fine of 1 lakh rupees, and
imprisonment of 5 years, and double
conviction on second offence
4 Sec.68 Not complying with directions of
controller
Fine upto 2 lakh and imprisonment of
3 years.
5 Sec.70 attempting or securing access to
computer
Imprisonment upto 10 years.
6 Sec.72 For breaking confidentiality of the
information of computer
Fine upto 1 lakh and imprisonment
upto 2 years
7 Sec.73 Publishing false digital signatures, false in
certain particulars
Fine of 1 lakh, or imprisonment of 2
years or both.
8 Sec.74 Publication of Digital Signatures for
fraudulent purpose
Imprisonment for the term of 2 years
and fine for 1 lakh rupees. 27
28. Security Tips
• Avoid online banking, shopping, entering credit card details,
etc. if the network is not properly secured
• Check your online account frequently and make sure all listed
transactions are valid
• Be extremely wary of e-mails asking for confidential
information. Never ever click on a link given in a spam e-mail
• Always delete spam e-mails immediately and empty the trash
box to prevent clicking on the same link accidentally
• Beware of lotteries that charge a fee prior to delivery of your
prize
• While using a credit card for making payments online, check if
the website is secure as the CVV will also be required for the
payment
28
29. • Notify your bank/credit card issuer if you do not receive the
monthly credit card statement on time. If a credit card is
misplaced or lost, get it cancelled immediately
• Do not respond to lottery messages or call on the numbers
provided in the text messages
• Do not provide photocopies of both sides of the credit card to
anyone. The card verification value (CVV), which is required
for online transactions, is printed on the reverse. Anyone can
use the card for online purchases if they get that information
• Do not click on links in e-mails seeking details of your account,
they could be phishing e-mails from fraudsters. Most reputed
companies will ask you to visit their website directly
• Do not give any information to people seeking credit card
details over the phone
Security Tips
29
30. • Text Book:
1. Cryptography abd Network Security, William
Stalling, PHI
2. Cryptography abd Network Security, Atul Kahate,
Tata McGraw Hill, 2003.
3. Cyber Security Policy Guidebook, Jinnifer, Jason,
Paul Marcus, Jeffery, Joseph, Willey publication,
2012
• Reference Books:
1. Network Security: The complete Reference, Robertra
Bragg, Tata McGraw Hill.
2. Cyber Security Essentials, James Graham, Richard, Ryan,
CRC press, 2011.
30