SlideShare a Scribd company logo

Unit 2

Download as PPSX, PDF
J
Jigarthacker

This document discusses various topics related to cybercrime and cybersecurity. It begins by defining different types of cybercriminals like hackers, crackers, and phreakers. It then explains common cybercrimes like brute force hacking, cracking, phreaking etc. and how criminals plan attacks. It discusses reconnaissance, scanning, different attack types. It also covers social engineering, cyberstalking, botnets, cybercafe risks and securing systems. Finally, it discusses attack vectors, risks of cloud computing and how to mitigate risks.

Education
1 of 56
BCA602 – CYBERCRIME AND CYBERSECURITY Presented By:- Jigar Jobanputra SRK INSTITUTE OF MANAGEMENT AND COMPUTER EDUCATION
How Criminal Plan offenses  Cybercriminal use the internet for illegal activities to store data, contacts, account information, etc.  People who commit cybercrimes are known as “Crackers”.
Hackers, Crackers and Phreakers  A hacker is a person with strong interest in computers who enjoys learning and experimenting with them. Hackers are usually very talented, smart people who understand computers better than others.
Brute force hacking  It is a technique used to find passwords or encryption keys. Brute force hacking involves trying every possible combination of letters, numbers, etc until the code is broken.
Cracker  A cracker is a person who breaks into computers. Crackers should not be confused with hackers. The term cracker is usually connected to computer criminals.
Cracking  It is the act of breaking into computers. Cracking is popular, growing subject on the internet. Many sites are devoted to supplying crackers with programs that allow them to crack computers.
Phreaking  This is the notorious art of breaking into communication system. Phreaking sites are popular among crackers and other criminals.
How Criminals plan the attacks  Criminals use many methods and tools to locate weakness(vulnerability) of their target.  Criminals plan passive and active attacks.  Active attacks are usually used to alter the system whereas passive attacks attempt to gain information about the target.  In addition to the active and passive categories, attacks can be categorized as either inside or outside.
Inside Attack  An attack originating and/or attempted within the security perimeter of an organization is an inside attack.  It is usually attempted by an “insider” who gains access to more resources than expected.
Outside Attack  An outside attack is attempted by a source outside the security perimeter.  It may be attempted by an insider and/or an outsider.  It is attempted through the Internet or a remote access connection.
Phases involved in planning cybercrime 1. Reconnaissance (information gathering) is the first phase and is treated as passive attacks. 2. Scanning the gathered information for the validity of the information as well as to identify the existing weakness. 3. Launching an attack.
Phase 1  The meaning of Reconnaissance is an act of reconnoitering – explore, often with the goal of finding something or somebody.  Reconnaissance phase begins with “Footprinting”.  Footprinting is the preparation toward preattack phase.
Continue…  Footprinting gives an overview about system weakness and provides a judgment about “How to break this?”.  The objective of this phase is to understand the system, its networking ports and services, and any other aspects of its security.
 Passive Attack :  In computer security, attempt to steal information stored in a system by electronic wiretapping or similar means. Although, in contrast to active attack, passive attack does not attempt to interfere with the stored data, it may still constitute a criminal offense.
 A passive attack involves gathering information about a target without his/her knowledge. Information can be gathered from :  It is usually done using Internet searches or by Googling. They use Google Earth to locate information about employees.  Surfing online community groups like orkut/facebook will prove useful to gain the information about an individual.
Continue…  Organization’s website may provide a personnel directory or information about key employees.  Bolgs, newgroups, press releases, etc. are generally used as the mediums to gain information about the company or employee.  Going through the job postings in particular job profiles for technical persons.  Network sniffing is another means of passive attack to yield useful information such as IP, hidden servers or networks.
Tools used for Passive Attack  Google Earth  WHOIS  Nslookup (name server lookup)  Dnsstuff  eMailTrackerPro  Website Watcher
 Active Attack In computer security, persistent attempt to introduce invalid data into a system, and/or to damage or destroy data already stored in it. In many countries, it is a criminal offense to attempt any such action.
Port Scanning  A port is place where information goes into and out of a computer.  Ports are entry/exit points that any computer has, to be able to communicate with external machines.  Each computer is enabled with three or more external ports.  Port scanning is an act of systematically scanning a computer’s ports.
Phase – 2 : Scanning and Scrutinizing gathered information  Scanning is a key step to examine intelligently while gathering information about the target. The objectives of scanning are as follows :  Port Scanning :  Identify open/close ports and services.  Network scanning :  Understand IP addresses and related information about the computer network system.  Vulnerability scanning :  Understand the existing weaknesses in the system.
 The scrutinizing (inspecting) phase is called “enumeration” (listing) in the hacking world.  The objective behind this step is to identify :  The valid user accounts or groups;  Network resources and/or shared resources;  OS and different applications that are running on the OS.  Note : Usually most of the attackers consume 90% of the time in scanning, scrutinizing and gathering information on a target and 10% of the time in launching the attack.
Phase 3 : Attack  The attack is launched using the following steps :  Crack the password;  Exploit the privileges;  Execute the malicious command/applications;  Hide the files (if required);  Cover the tracks – delete the access logs, so that there is no trail illicit activity.
Social Engineering  Social engineering is the “technique to influence” people to obtain the information.  It is generally observed that people are the weak link in security and this principle makes social engineering possible.  Social engineering involves gaining sensitive information or unauthorized access privileges by building inappropriate trust relationships with insiders.
Classification of Social Engineering  Human Based Social Engineering  Computer Based Social Engineering
Human Based Social Engineering  Human based social engineering refers to person-to-person interaction to get information.  Impersonating an employee or valid user  Posing as an important user  Using a third person  Calling technical support  Shoulder surfing  Dumpster diving
Computer Based Social Engineering  Computer based social engineering refers to an attempt made to get the required information by using computer software/internet.  Fake E-mail  E-mail attachments  Pop-up windows
Cyberstalking  Stalking is an “act or process of following victim silently – trying to approach somebody or something”  Cyberstalking has been defined as the use of information and communications technology of individuals to harass another individual.
Types of Stalkers  There are primarily two types of stalkers.  Online stalkers  Offline stalkers  Online stalkers :  They aim to start the interaction with the victim directly with the help of the internet (email/Chat Room).  The stalker makes sure that the victim recognizes the attack attempted on him/her.  The stalker can make use of a third party to harass the victim.
 Offline stalkers :  The stalker may begin the attack using traditional methods such as following victim, watching the daily routine of the victim, etc.  For ex. Use of community sites, newsgroups, social websites, personal websites.  The victim is not aware that the Internet has been used to achieve an attack against them.
Cases reported on Cyberstalking  The majority of cyberstalking are men and the majority of their victims are women.  In many cases, the cyberstalker is ex-lover, ex- spouse, boss/subordinate, and neighbor.  There also have been cases about strangers who are cyberstalkers.
How Stalking works?  Personal information gathering about the victim;  Establish a contact with victim through telephone/cell phone. Once the contact is established, the stalker may make calls to the victim to harass.  Stalkers always establish a contact with victim through e-mail.
 The stalker may post the victim’s personal information as sex workers’ service or dating service. The stalker will use bad/attractive language to invite the interested persons.  Whosoever comes across the information, starts calling victim and asking for sexual services or relationship.  Some stalkers subscribe the e-mail account of the victim to innumerable pornographic and sex sites.
Real Life Example  The indian police have registered first case of cyberstalking in Delhi.  Mrs. Joshi received almost 40 calls in 3 days mostly at odd hours.  Mrs. Joshi decided to register a complaint with Delhi police.  A person was using her ID to chat over the Internet at the website www.mirc.com.
Cybercafe and Cybercrimes  In February 2009 survey, 90% of the audience across eight cities and 3500 cafes were male and in the age group of 15-35 years;  52% were graduates and postgraduates  Almost 50% were students.  In India, cybercafes are known to be used for either real or false terrorist communication.
 Cybercafe hold two types of risks : 1. We do not know what programs are installed on the computer like keyloggers or spyware. 2. Over the shoulder peeping can enable others to find out your passwords.  Cybercriminals prefer cybercafes to carry out their activities.  A recent survey conducted in one of the metropolitan cities in India reveals the following facts :
1. Pirated softwares are installed in all the computers. 2. Antivirus was not updated with latest patch. 3. Several cybercafes has installed “Deep Freeze” to protect computer which helps cybercriminals. 4. Annual Maintenance Contract (AMC) was not found for servicing of the computer. 5. Pornographical websites were not blocked.
6. Cybercafe owner have very less awareness about IT security. 7. Cybercafe association or State Police do not seem to conduct periodic visits to cybercafe.
Security tips for cybercafe  Always Logout  While checking email or logging in for chatting, always click logout/sign out.  Stay with the computer  While surfing, don’t leave the system unatteneded for any period of time.  Clear history and temporary files  Before browsing deselect AutoComplete option. Browser - > Tools -> Internet options -> Content tab.  Tools -> Internet Option -> General Tab -> Temporary Internet Files -> Delete files and then Delete Cookies.
 Be alert  One have to be alert for snooping over the shoulder.  Avoid online financial transactions  One should avoid online banking, shopping, etc.  Don’t provide sensitive information such as credit card number or bank account details.  Change Passwords / Virtual Keyboard  Change password after completion of transaction.  Almost every bank websites provide virtual keyboard.  Security Warnings  Follow security warning while accessing any bank websites.
 The meaning of botnet is “an automated program for doing some particular task, over a network”.  Botnet term is used for collection of software that run autonomously and automatically.  Botnets are exploited for various purposes, including denial-of-service attacks, creation or misuse of SMTP mail relays for spam, click fraud, and financial information such as credit card numbers. Botnet
 In short, a botnet is a network of computers infected with a malicious program that allows cybercriminals to control the infected machines remotely without the users’ knowledge.  A Botnet is also called a zombie network.
 A botnet operator sends out viruses or worms, infecting ordinary users' computers, whose payload is a malicious application—the bot.  The bot on the infected PC logs into a particular C&C server (often an IRC server, but, in some cases a web server). How a botnet is created and used
 A spammer purchases the services of the botnet from the operator.  The spammer provides the spam messages to the operator, who instructs the compromised machines via the IRC server, causing them to send out spam messages.
Use of Botnet  If someone wants to start a business and has no programming skills, there are plenty of “Bot for Sale” offers on forums.  Encryption of these program’s code can also be ordered to protect them from detection by antivirus.
Botnet creation Botnet renting Ddos attacks Spam attacks Malware and Adware installation Botnet selling Stealing confidential information Selling credit card and bank account details Selling personal identity information Selling internet services and shops account Phishing attacks Spamdexing
Points to secure the system :  Use antivirus and anti-Spyware software and keep it up-to-date.  Set the OS to download and install security patches automatically.  Use a firewall to protect the system from hacking attacks while it is connected on the internet.  Disconnected from the internet when you are away from your computer.
 Downloading the freeware only from websites that are known and trustworthy.  Check regularly the folders in the mail box for those messages you did not send.  Take an immediate action if your system is infected.
Attack Vector  An attack vector is a path by which an attacker can gain access to a computer or to a network server to deliver a payload.  Attack vectors enable attackers to exploit system vulnerability.  Attack vectors include viruses, e-mail attachments, webpages, pop-up windows, instant messages, and chat rooms.
 The most common malicious payloads are viruses, trojan horses, worms and spyware.  Payload means the malicious activity that the attack performs.  How attack launched ?  Attack by e-mail  Attachment  Attack by deception  Hackers  Heedless guests  Attack of worms  Malicious macros  Virues
Cybercrime and Cloud Computing  Prime area of the risk in cloud computing is protection of user data.  Risk associated with cloud computing environment are :
Risk How to Remediate the Risk? Any data processed outside the organization brings with it an inherent level of risk. Customer should obtain as much information as he/she can about the service provider. Cloud computing service providers are not able and/or not willing to undergo external assessments. The organization is entirely responsible for the security and integrity of their own data, even when it is held by a service provider. The organizations that are obtaining cloud computing services may not be aware about where the data is hosted and may not even know in which country it is hosted. Organization should ensure that the service provider is committed to obey local privacy requirements on behalf of the organization to store and process the data in the specific jurisdictions.
As the data will be stored under stored environment, encryption mechanism should be strong enough to segregate (separate) the data from another organization, whose data are also stored under the same server. Organization should be aware of the arrangements made by the service provider about segregation of the data. The service provider should display encryption schemes. Business continuity in case of any disaster. Service provider have to provide complete restoration of data within minimum timeframe.
Due to complex IT environment and several customer logging in and logging out of the hosts, it becomes difficult to trace inappropriate and illegal activity. Organization should enforce the provider to provide security violation logs at frequent intervals. In case of any major change in the cloud computing service provider, the service provided is at the stake. Organization should ensure getting their data in case of such major event.
Questions  Explain difference between passive and active attack.  What is social engineering? Explain each type of social engineering in detail.  What is cyberstalking?  What is botnet? How it works? • OR  How do viruses get disseminated? Explain with diagram.
 What is Attack Vector? How different attacks launched with attack vector.  What is cloud computing? List and explain type of services of cloud computing?  What is cloud computing? Explain types of cloud and also list the advantages of cloud computing.  Explain cloud computing and cybercrime.

Recommended

Cyber crimes and their prevention
Cyber crimes and their preventionCyber crimes and their prevention
Cyber crimes and their preventionTejasvi Bhatia
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeMuhammad Osama Khalid
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringPaul Devassy, CPP
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYMohammad Shakirul islam
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityMaryam Hidayatallah CPFA,MIPA,MA,CICA
 
Computer Crimes
Computer CrimesComputer Crimes
Computer CrimesIvy Rose Recierdo
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 

Recommended

Cyber crimes and their prevention
Cyber crimes and their preventionCyber crimes and their prevention
Cyber crimes and their preventionTejasvi Bhatia
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeMuhammad Osama Khalid
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringPaul Devassy, CPP
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYMohammad Shakirul islam
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityMaryam Hidayatallah CPFA,MIPA,MA,CICA
 
Computer Crimes
Computer CrimesComputer Crimes
Computer CrimesIvy Rose Recierdo
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
OSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesOSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesSyedAmoz
 
Cyber security
Cyber securityCyber security
Cyber securityPrem Raval
 
Ipspoofing
IpspoofingIpspoofing
IpspoofingAkhil Kumar
 
What is malware
What is malwareWhat is malware
What is malwareMalcolm York
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKeshab Nath
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security pptCH Asim Zubair
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
Cyber crime presentation
Cyber crime presentation Cyber crime presentation
Cyber crime presentation Priya Saluja
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securitySelf-employed
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing pptAnushakp9
 
Online Social Media: Opportunities, Challenges, and Pitfalls
Online Social Media: Opportunities, Challenges, and Pitfalls Online Social Media: Opportunities, Challenges, and Pitfalls
Online Social Media: Opportunities, Challenges, and Pitfalls IIIT Hyderabad
 
Ppt growing need of cyber security
Ppt growing need of cyber securityPpt growing need of cyber security
Ppt growing need of cyber securityyatendrakumar47
 
Virus and worms
Virus and wormsVirus and worms
Virus and wormsVikas Sharma
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesTam Nguyen
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationHajarul Cikyen
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Unit-2 ICS.ppt
Unit-2 ICS.pptUnit-2 ICS.ppt
Unit-2 ICS.ppt20ME1A4607YANAMADALA
 
Cyber crime
Cyber crimeCyber crime
Cyber crime24sneha
 

More Related Content

What's hot

OSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesOSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesSyedAmoz
 
Cyber security
Cyber securityCyber security
Cyber securityPrem Raval
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKeshab Nath
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
Cyber crime presentation
Cyber crime presentation Cyber crime presentation
Cyber crime presentation Priya Saluja
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securitySelf-employed
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing pptAnushakp9
 
Online Social Media: Opportunities, Challenges, and Pitfalls
Online Social Media: Opportunities, Challenges, and Pitfalls Online Social Media: Opportunities, Challenges, and Pitfalls
Online Social Media: Opportunities, Challenges, and Pitfalls IIIT Hyderabad
 
Ppt growing need of cyber security
Ppt growing need of cyber securityPpt growing need of cyber security
Ppt growing need of cyber securityyatendrakumar47
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesTam Nguyen
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationHajarul Cikyen
 

What's hot (20)

OSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesOSINT with Practical: Real Life Examples
OSINT with Practical: Real Life Examples
 
Cyber security
Cyber securityCyber security
Cyber security
 
Ipspoofing
IpspoofingIpspoofing
Ipspoofing
 
What is malware
What is malwareWhat is malware
What is malware
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
 
Cyber crime presentation
Cyber crime presentation Cyber crime presentation
Cyber crime presentation
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detection
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing ppt
 
Online Social Media: Opportunities, Challenges, and Pitfalls
Online Social Media: Opportunities, Challenges, and Pitfalls Online Social Media: Opportunities, Challenges, and Pitfalls
Online Social Media: Opportunities, Challenges, and Pitfalls
 
Ppt growing need of cyber security
Ppt growing need of cyber securityPpt growing need of cyber security
Ppt growing need of cyber security
 
Virus and worms
Virus and wormsVirus and worms
Virus and worms
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and Challenges
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics Presentation
 
Denial of service
Denial of serviceDenial of service
Denial of service
 

Similar to Unit 2

Cyber crime
Cyber crimeCyber crime
Cyber crime24sneha
 
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdfLab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdflalitaggarwal627
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security ritik shukla
 
Cybercrime 111205224958-phpapp02
Cybercrime 111205224958-phpapp02Cybercrime 111205224958-phpapp02
Cybercrime 111205224958-phpapp02Shumail Tariq
 
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...IJCSIS Research Publications
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hackingVishal Kumar
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityjyoti_lakhani
 
Report of cyber crime
Report of cyber crimeReport of cyber crime
Report of cyber crimeAlisha Korpal
 
455845434-Chapter-2-Cyber-Security-pptx.pptx
455845434-Chapter-2-Cyber-Security-pptx.pptx455845434-Chapter-2-Cyber-Security-pptx.pptx
455845434-Chapter-2-Cyber-Security-pptx.pptxDrVPadmavathiAssocia
 
Ethical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptxEthical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptxNargis Parveen
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxyoufanlimboo
 
34088.Chapter-2.pptx
34088.Chapter-2.pptx34088.Chapter-2.pptx
34088.Chapter-2.pptxNAVEEN128672
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingCSITiaesprime
 
What are cybercrimes? How cybercrime works?
What are cybercrimes? How cybercrime works?What are cybercrimes? How cybercrime works?
What are cybercrimes? How cybercrime works?FarjanaMitu3
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security9784
 

Similar to Unit 2 (20)

Unit-2 ICS.ppt
Unit-2 ICS.pptUnit-2 ICS.ppt
Unit-2 ICS.ppt
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdfLab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security
 
Cybercrime 111205224958-phpapp02
Cybercrime 111205224958-phpapp02Cybercrime 111205224958-phpapp02
Cybercrime 111205224958-phpapp02
 
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...
 
System Security
System SecuritySystem Security
System Security
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hacking
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Report of cyber crime
Report of cyber crimeReport of cyber crime
Report of cyber crime
 
455845434-Chapter-2-Cyber-Security-pptx.pptx
455845434-Chapter-2-Cyber-Security-pptx.pptx455845434-Chapter-2-Cyber-Security-pptx.pptx
455845434-Chapter-2-Cyber-Security-pptx.pptx
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Ethical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptxEthical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptx
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptx
 
34088.Chapter-2.pptx
34088.Chapter-2.pptx34088.Chapter-2.pptx
34088.Chapter-2.pptx
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testing
 
What are cybercrimes? How cybercrime works?
What are cybercrimes? How cybercrime works?What are cybercrimes? How cybercrime works?
What are cybercrimes? How cybercrime works?
 
unit-1.pptx
unit-1.pptxunit-1.pptx
unit-1.pptx
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security
 

More from Jigarthacker

Basic object oriented approach
Basic object oriented approachBasic object oriented approach
Basic object oriented approachJigarthacker
 

More from Jigarthacker (13)

File mangement
File mangementFile mangement
File mangement
 
Java session14
Java session14Java session14
Java session14
 
Java session13
Java session13Java session13
Java session13
 
Java session5
Java session5Java session5
Java session5
 
Java session4
Java session4Java session4
Java session4
 
Java session3
Java session3Java session3
Java session3
 
Java session2
Java session2Java session2
Java session2
 
Computer networks
Computer networksComputer networks
Computer networks
 
Unit 1(sem-iv)
Unit 1(sem-iv)Unit 1(sem-iv)
Unit 1(sem-iv)
 
Unit 2
Unit 2Unit 2
Unit 2
 
Unit 1
Unit 1Unit 1
Unit 1
 
C programming
C programmingC programming
C programming
 
Basic object oriented approach
Basic object oriented approachBasic object oriented approach
Basic object oriented approach
 

Recently uploaded

Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Quarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayQuarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayMakMakNepo
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationAadityaSharma884161
 

Recently uploaded (20)

Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Quarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayQuarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up Friday
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint Presentation
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Rapple "Scholarly Communications and the Sustainable Development Goals"
Rapple "Scholarly Communications and the Sustainable Development Goals"Rapple "Scholarly Communications and the Sustainable Development Goals"
Rapple "Scholarly Communications and the Sustainable Development Goals"
 

Unit 2

  • 1. BCA602 – CYBERCRIME AND CYBERSECURITY Presented By:- Jigar Jobanputra SRK INSTITUTE OF MANAGEMENT AND COMPUTER EDUCATION
  • 2. How Criminal Plan offenses  Cybercriminal use the internet for illegal activities to store data, contacts, account information, etc.  People who commit cybercrimes are known as “Crackers”.
  • 3. Hackers, Crackers and Phreakers  A hacker is a person with strong interest in computers who enjoys learning and experimenting with them. Hackers are usually very talented, smart people who understand computers better than others.
  • 4. Brute force hacking  It is a technique used to find passwords or encryption keys. Brute force hacking involves trying every possible combination of letters, numbers, etc until the code is broken.
  • 5. Cracker  A cracker is a person who breaks into computers. Crackers should not be confused with hackers. The term cracker is usually connected to computer criminals.
  • 6. Cracking  It is the act of breaking into computers. Cracking is popular, growing subject on the internet. Many sites are devoted to supplying crackers with programs that allow them to crack computers.
  • 7. Phreaking  This is the notorious art of breaking into communication system. Phreaking sites are popular among crackers and other criminals.
  • 8. How Criminals plan the attacks  Criminals use many methods and tools to locate weakness(vulnerability) of their target.  Criminals plan passive and active attacks.  Active attacks are usually used to alter the system whereas passive attacks attempt to gain information about the target.  In addition to the active and passive categories, attacks can be categorized as either inside or outside.
  • 9. Inside Attack  An attack originating and/or attempted within the security perimeter of an organization is an inside attack.  It is usually attempted by an “insider” who gains access to more resources than expected.
  • 10. Outside Attack  An outside attack is attempted by a source outside the security perimeter.  It may be attempted by an insider and/or an outsider.  It is attempted through the Internet or a remote access connection.
  • 11. Phases involved in planning cybercrime 1. Reconnaissance (information gathering) is the first phase and is treated as passive attacks. 2. Scanning the gathered information for the validity of the information as well as to identify the existing weakness. 3. Launching an attack.
  • 12. Phase 1  The meaning of Reconnaissance is an act of reconnoitering – explore, often with the goal of finding something or somebody.  Reconnaissance phase begins with “Footprinting”.  Footprinting is the preparation toward preattack phase.
  • 13. Continue…  Footprinting gives an overview about system weakness and provides a judgment about “How to break this?”.  The objective of this phase is to understand the system, its networking ports and services, and any other aspects of its security.
  • 14.  Passive Attack :  In computer security, attempt to steal information stored in a system by electronic wiretapping or similar means. Although, in contrast to active attack, passive attack does not attempt to interfere with the stored data, it may still constitute a criminal offense.
  • 15.  A passive attack involves gathering information about a target without his/her knowledge. Information can be gathered from :  It is usually done using Internet searches or by Googling. They use Google Earth to locate information about employees.  Surfing online community groups like orkut/facebook will prove useful to gain the information about an individual.
  • 16. Continue…  Organization’s website may provide a personnel directory or information about key employees.  Bolgs, newgroups, press releases, etc. are generally used as the mediums to gain information about the company or employee.  Going through the job postings in particular job profiles for technical persons.  Network sniffing is another means of passive attack to yield useful information such as IP, hidden servers or networks.
  • 17. Tools used for Passive Attack  Google Earth  WHOIS  Nslookup (name server lookup)  Dnsstuff  eMailTrackerPro  Website Watcher
  • 18.  Active Attack In computer security, persistent attempt to introduce invalid data into a system, and/or to damage or destroy data already stored in it. In many countries, it is a criminal offense to attempt any such action.
  • 19. Port Scanning  A port is place where information goes into and out of a computer.  Ports are entry/exit points that any computer has, to be able to communicate with external machines.  Each computer is enabled with three or more external ports.  Port scanning is an act of systematically scanning a computer’s ports.
  • 20. Phase – 2 : Scanning and Scrutinizing gathered information  Scanning is a key step to examine intelligently while gathering information about the target. The objectives of scanning are as follows :  Port Scanning :  Identify open/close ports and services.  Network scanning :  Understand IP addresses and related information about the computer network system.  Vulnerability scanning :  Understand the existing weaknesses in the system.
  • 21.  The scrutinizing (inspecting) phase is called “enumeration” (listing) in the hacking world.  The objective behind this step is to identify :  The valid user accounts or groups;  Network resources and/or shared resources;  OS and different applications that are running on the OS.  Note : Usually most of the attackers consume 90% of the time in scanning, scrutinizing and gathering information on a target and 10% of the time in launching the attack.
  • 22. Phase 3 : Attack  The attack is launched using the following steps :  Crack the password;  Exploit the privileges;  Execute the malicious command/applications;  Hide the files (if required);  Cover the tracks – delete the access logs, so that there is no trail illicit activity.
  • 23. Social Engineering  Social engineering is the “technique to influence” people to obtain the information.  It is generally observed that people are the weak link in security and this principle makes social engineering possible.  Social engineering involves gaining sensitive information or unauthorized access privileges by building inappropriate trust relationships with insiders.
  • 24. Classification of Social Engineering  Human Based Social Engineering  Computer Based Social Engineering
  • 25. Human Based Social Engineering  Human based social engineering refers to person-to-person interaction to get information.  Impersonating an employee or valid user  Posing as an important user  Using a third person  Calling technical support  Shoulder surfing  Dumpster diving
  • 26. Computer Based Social Engineering  Computer based social engineering refers to an attempt made to get the required information by using computer software/internet.  Fake E-mail  E-mail attachments  Pop-up windows
  • 27. Cyberstalking  Stalking is an “act or process of following victim silently – trying to approach somebody or something”  Cyberstalking has been defined as the use of information and communications technology of individuals to harass another individual.
  • 28. Types of Stalkers  There are primarily two types of stalkers.  Online stalkers  Offline stalkers  Online stalkers :  They aim to start the interaction with the victim directly with the help of the internet (email/Chat Room).  The stalker makes sure that the victim recognizes the attack attempted on him/her.  The stalker can make use of a third party to harass the victim.
  • 29.  Offline stalkers :  The stalker may begin the attack using traditional methods such as following victim, watching the daily routine of the victim, etc.  For ex. Use of community sites, newsgroups, social websites, personal websites.  The victim is not aware that the Internet has been used to achieve an attack against them.
  • 30. Cases reported on Cyberstalking  The majority of cyberstalking are men and the majority of their victims are women.  In many cases, the cyberstalker is ex-lover, ex- spouse, boss/subordinate, and neighbor.  There also have been cases about strangers who are cyberstalkers.
  • 31. How Stalking works?  Personal information gathering about the victim;  Establish a contact with victim through telephone/cell phone. Once the contact is established, the stalker may make calls to the victim to harass.  Stalkers always establish a contact with victim through e-mail.
  • 32.  The stalker may post the victim’s personal information as sex workers’ service or dating service. The stalker will use bad/attractive language to invite the interested persons.  Whosoever comes across the information, starts calling victim and asking for sexual services or relationship.  Some stalkers subscribe the e-mail account of the victim to innumerable pornographic and sex sites.
  • 33. Real Life Example  The indian police have registered first case of cyberstalking in Delhi.  Mrs. Joshi received almost 40 calls in 3 days mostly at odd hours.  Mrs. Joshi decided to register a complaint with Delhi police.  A person was using her ID to chat over the Internet at the website www.mirc.com.
  • 34. Cybercafe and Cybercrimes  In February 2009 survey, 90% of the audience across eight cities and 3500 cafes were male and in the age group of 15-35 years;  52% were graduates and postgraduates  Almost 50% were students.  In India, cybercafes are known to be used for either real or false terrorist communication.
  • 35.  Cybercafe hold two types of risks : 1. We do not know what programs are installed on the computer like keyloggers or spyware. 2. Over the shoulder peeping can enable others to find out your passwords.  Cybercriminals prefer cybercafes to carry out their activities.  A recent survey conducted in one of the metropolitan cities in India reveals the following facts :
  • 36. 1. Pirated softwares are installed in all the computers. 2. Antivirus was not updated with latest patch. 3. Several cybercafes has installed “Deep Freeze” to protect computer which helps cybercriminals. 4. Annual Maintenance Contract (AMC) was not found for servicing of the computer. 5. Pornographical websites were not blocked.
  • 37. 6. Cybercafe owner have very less awareness about IT security. 7. Cybercafe association or State Police do not seem to conduct periodic visits to cybercafe.
  • 38. Security tips for cybercafe  Always Logout  While checking email or logging in for chatting, always click logout/sign out.  Stay with the computer  While surfing, don’t leave the system unatteneded for any period of time.  Clear history and temporary files  Before browsing deselect AutoComplete option. Browser - > Tools -> Internet options -> Content tab.  Tools -> Internet Option -> General Tab -> Temporary Internet Files -> Delete files and then Delete Cookies.
  • 39.  Be alert  One have to be alert for snooping over the shoulder.  Avoid online financial transactions  One should avoid online banking, shopping, etc.  Don’t provide sensitive information such as credit card number or bank account details.  Change Passwords / Virtual Keyboard  Change password after completion of transaction.  Almost every bank websites provide virtual keyboard.  Security Warnings  Follow security warning while accessing any bank websites.
  • 40.  The meaning of botnet is “an automated program for doing some particular task, over a network”.  Botnet term is used for collection of software that run autonomously and automatically.  Botnets are exploited for various purposes, including denial-of-service attacks, creation or misuse of SMTP mail relays for spam, click fraud, and financial information such as credit card numbers. Botnet
  • 41.  In short, a botnet is a network of computers infected with a malicious program that allows cybercriminals to control the infected machines remotely without the users’ knowledge.  A Botnet is also called a zombie network.
  • 42.
  • 43.  A botnet operator sends out viruses or worms, infecting ordinary users' computers, whose payload is a malicious application—the bot.  The bot on the infected PC logs into a particular C&C server (often an IRC server, but, in some cases a web server). How a botnet is created and used
  • 44.  A spammer purchases the services of the botnet from the operator.  The spammer provides the spam messages to the operator, who instructs the compromised machines via the IRC server, causing them to send out spam messages.
  • 45. Use of Botnet  If someone wants to start a business and has no programming skills, there are plenty of “Bot for Sale” offers on forums.  Encryption of these program’s code can also be ordered to protect them from detection by antivirus.
  • 46. Botnet creation Botnet renting Ddos attacks Spam attacks Malware and Adware installation Botnet selling Stealing confidential information Selling credit card and bank account details Selling personal identity information Selling internet services and shops account Phishing attacks Spamdexing
  • 47. Points to secure the system :  Use antivirus and anti-Spyware software and keep it up-to-date.  Set the OS to download and install security patches automatically.  Use a firewall to protect the system from hacking attacks while it is connected on the internet.  Disconnected from the internet when you are away from your computer.
  • 48.  Downloading the freeware only from websites that are known and trustworthy.  Check regularly the folders in the mail box for those messages you did not send.  Take an immediate action if your system is infected.
  • 49. Attack Vector  An attack vector is a path by which an attacker can gain access to a computer or to a network server to deliver a payload.  Attack vectors enable attackers to exploit system vulnerability.  Attack vectors include viruses, e-mail attachments, webpages, pop-up windows, instant messages, and chat rooms.
  • 50.  The most common malicious payloads are viruses, trojan horses, worms and spyware.  Payload means the malicious activity that the attack performs.  How attack launched ?  Attack by e-mail  Attachment  Attack by deception  Hackers  Heedless guests  Attack of worms  Malicious macros  Virues
  • 51. Cybercrime and Cloud Computing  Prime area of the risk in cloud computing is protection of user data.  Risk associated with cloud computing environment are :
  • 52. Risk How to Remediate the Risk? Any data processed outside the organization brings with it an inherent level of risk. Customer should obtain as much information as he/she can about the service provider. Cloud computing service providers are not able and/or not willing to undergo external assessments. The organization is entirely responsible for the security and integrity of their own data, even when it is held by a service provider. The organizations that are obtaining cloud computing services may not be aware about where the data is hosted and may not even know in which country it is hosted. Organization should ensure that the service provider is committed to obey local privacy requirements on behalf of the organization to store and process the data in the specific jurisdictions.
  • 53. As the data will be stored under stored environment, encryption mechanism should be strong enough to segregate (separate) the data from another organization, whose data are also stored under the same server. Organization should be aware of the arrangements made by the service provider about segregation of the data. The service provider should display encryption schemes. Business continuity in case of any disaster. Service provider have to provide complete restoration of data within minimum timeframe.
  • 54. Due to complex IT environment and several customer logging in and logging out of the hosts, it becomes difficult to trace inappropriate and illegal activity. Organization should enforce the provider to provide security violation logs at frequent intervals. In case of any major change in the cloud computing service provider, the service provided is at the stake. Organization should ensure getting their data in case of such major event.
  • 55. Questions  Explain difference between passive and active attack.  What is social engineering? Explain each type of social engineering in detail.  What is cyberstalking?  What is botnet? How it works? • OR  How do viruses get disseminated? Explain with diagram.
  • 56.  What is Attack Vector? How different attacks launched with attack vector.  What is cloud computing? List and explain type of services of cloud computing?  What is cloud computing? Explain types of cloud and also list the advantages of cloud computing.  Explain cloud computing and cybercrime.