Successfully reported this slideshow.
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
Cyber Security
WINDOWS SECURITY FEATURES
U...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
Windows Defender
Windows Vista and windows...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
friends, family, businesses & services. Wi...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
assessment and authentication of the emplo...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
network helps IT formulate better security...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
other computers by infecting files on a ne...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
Cryptography
Cryptography can be defined a...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
contract.
3. You then use a private key th...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
an https:// URL, and be decrypted for you ...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
Applies security mechanisms when a TCP or ...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
* True Positive: A legitimate attack which...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
some of the best forensic tools used to in...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
ability to evade source machine identity a...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
who would like to be Sherlock Holmes" on t...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
trademark sees they've been cyber-squatted...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
charge. If a person is caught using a copy...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
enabled to file all their requests/applica...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
critical systems in order to better protec...
Cyber Security and Cyber Law
By:-
D!vy@nk Gupt@
CR [ITESM]
IIT DWARKA
2012-2013
*
Megan's Law
The U.S. Congress has passed...
Upcoming SlideShare
Loading in …5
×

Cyber security and cyber law

572 views

Published on

Published in: Engineering, Technology
  • Be the first to comment

  • Be the first to like this

Cyber security and cyber law

  1. 1. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 Cyber Security WINDOWS SECURITY FEATURES User Account Control is a new infrastructure that requires user consent before allowing any action that requires administrative privileges. With this feature, all users, including users with administrative privileges, run in a standard user mode by default, since most applications do not require higher privileges. When some action is attempted that needs administrative privileges, such as installing new software or changing system settings, Windows will prompt the user whether to allow the action or not. BitLocker Drive Encryption Formerly known as "Secure Startup", this feature offers full disk encryption for the system volume. Using the command-line utility, it is possible to encrypt additional volumes. Bitlocker utilizes a USB key or Trusted Platform Module (compliant with the version 1.2 of the TCG specifications) to store its encryption key. It ensures that the computer running Windows Vista starts in a known-good state, and it also protects data from unauthorized access. Data on the volume is encrypted with a Full Volume Encryption Key (FVEK), which is further encrypted with a Volume Master Key (VMK) and stored on the disk itself. Windows firewall. The firewall to address a number of concerns around the flexibility of Windows Firewall in a corporate environment: * IPv6 connection filtering * Outbound packet filtering, reflecting increasing concerns about spyware and viruses that attempt to "phone home". * With the advanced packet filter, rules can also be specified for source and destination IP addresses and port ranges. * Rules can be configured for services by its service name chosen by a list, without needing to specify the full path file name. * IPsec is fully integrated, allowing connections to be allowed or denied based on security certificates, Kerberos authentication, etc. Encryption can also be required for any kind of connection. A connection security rule can be created using a wizard that handles the complex configuration of IPsec policies on the machine. Windows Firewall can allow traffic based on whether the traffic is secured by IPsec. * A new management console snap-in named Windows Firewall with Advanced Security which provides access to many advanced options, including IPsec configuration, and enables remote administration. * Ability to have separate firewall profiles for when computers are domain-joined or connected to a private or public network. Support for the creation of rules for enforcing server and domain isolation policies.
  2. 2. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 Windows Defender Windows Vista and windows 7 includes Windows Defender, Microsoft's anti-spyware utility. According to Microsoft, it was renamed from 'Microsoft AntiSpyware' because it not only features scanning of the system for spyware, similar to other free products on the market, but also includes Real Time Security agents that monitor several common areas of Windows for changes which may be caused by spyware. These areas include Internet Explorer configuration and downloads, auto-start applications, system configuration settings, and add-ons to Windows such as Windows Shell extensions. Windows Defender also includes the ability to remove ActiveX applications that are installed and block startup programs. It also incorporates the SpyNet network, which allows users to communicate with Microsoft, send what they consider is spyware, and check which applications are acceptable. Cryptographic API Windows Vista and windows 7 features an update to the Crypto API known as Cryptography API: Next Generation (CNG). The CNG API is a user mode and kernel mode API that includes support for elliptic curve cryptography (ECC) and a number of newer algorithms that are part of the National Security Agency (NSA) Suite B. It is extensible, featuring support for plugging in custom cryptographic APIs into the CNG runtime. It also integrates with the smart card subsystem by including a Base CSP module which implements all the standard backend cryptographic functions that developers and smart card manufacturers need, so that they do not have to write complex CSPs. The Microsoft Certificate Authority can issue ECC certificates and the certificate client can enroll and validate ECC and SHA-2 based certificates. Network Access Protection Windows introduces Network Access Protection (NAP), which makes sure that computers connecting to a network or communicating over a network conform to a required level of system health as has been set by the administrator of the network. Depending on the policy set by the administrator, the computers which do not meet the requirements will either be warned and granted access or allowed a limited access to network resources or completely denied access. NAP can also optionally provide software updates to a noncompliant computer to upgrade itself to the level as required to access the network, using a Remediation Server. A conforming client is given a Health Certificate, which it then uses to access protected resources on the network. (2) nETWORK SECURITY cHALLENGES 1. Verifying User Identity How can others know it's you? Communication is approaching near continuous between
  3. 3. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 friends, family, businesses & services. With current authentication standards, often we take on faith that we're being contacted by the "real" sender the message claims. It's one thing if the imposter is just sending e-mails, but what if it's your bank or retirement account that doesn't know it's not you? Challenges five and three tie in closely with this, the top challenge. 2. Protecting Against DDoS Attacks Distributed denial of service attacks (DDoS) use force of numbers to overwhelm targets with data and connection attempts. Individual users may be the target of such attacks, or their systems may be usurped to use in such an attack against a company or organization. Bots on infected machines may lie dormant until an attack is triggered. 3. Preventing User System Hijacking Even with better and better firewalls and anti-malware software for users, malicious programs (like viruses, worms or trojans) that take control of a user's computer and programs are an ever-present threat. Once the malicious program has control it can wreak havoc acting as the user, attacking friends, family, and other contacts while masquerading as the hapless victim. 4. Protecting User Confidential Data More and more services are moving to the Internet. Interoperation between the various services is becoming more frequent and more complex. Financial transactions from sales to investments online are becoming ubiquitous. The risk of sensitive & high-value data exposure and criminal access to that data increases all the time. 5. Securing Web Applications Developers and application providers want their applications to be available quickly and easily to anyone in the world, from any platform from a phone to a kiosk. Having users hassle with anything more than a simple password seems too much to ask. I'm asking it! At least consider the option for certificates, multi-factor authentication, multi-stage authentication and so forth. Limitations of Today‟s Security Solutions As threats become more sophisticated and workplace data leaks grow more prevalent, today‟s security solutions struggle to keep up. Conventional technologies like firewalls, IDS systems, and VPNs may prevent outside threats but fail to protect “inside threats” from employees who accidentally infect the network. Security solutions such as Network Access Controls (NAC) focus on initial posture
  4. 4. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 assessment and authentication of the employee‟s endpoint. Once a user is authenticated, he or she is no longer monitored and can act in ways harmful to the network. In addition, today‟s "borderless" organizations freely share information globally between employees and partners. These enterprises attempt to balance openness and flexibility with security risks as employees work from home, airports, and from other, non-secure, off-site locations. Workplace Changes Greater numbers of telecommuting and traveling employees and the blurring between home and work offices have increased mobile device use, creating the need for better protection against the loss of sensitive corporate and user data. This mobile workforce makes it harder for IT departments to maintain updated antivirus and software patches on all computers, making it increasingly difficult to control how and where users connect. Storage devices, such as USB sticks, and music players add new channels for infection. In addition, inadequate remote office security, lack of security personnel, and lax policy enforcement negatively impact security. Unprotected channels, such as Web mail or wireless networks, and easily exploited technologies, such as P2P file sharing, streaming media, and instant messaging, allow malware to enter the network while draining valuable network bandwidth. In addition, hardto- detect, zero-day malware require immediate attention and are beyond the means of most antivirus applications, which rely on a pattern-based approach. Once inside, malware can leak data to cybercriminals, posing problems both for the consumers who lose confidential data and for businesses whose reputations are irreparably damaged when data is lost. Damage clean-up costs and lost productivity create the need for a better solution to protect against insider threats. Forrester Research estimates that up to 85 percent of enterprise security breaches involve internal people and resources. And according to Gartner, “organizational costs of a sensitive data breach will increase 20 percent per year over the next two years.” Lack of Information About Your Local Threat Environment Today‟s security environment is ready for a new approach. Lack of visibility into the exact location and cause of infections prevents your IT department from determining the most appropriate remedy. To achieve more holistic coverage, security personnel need more information to better understand how threats occur and exactly where they enter the network. Most security systems show that malware was detected—for example that irc bot activity occurred— however, no information is provided about how or where the infection happened. This creates a lack of visibility into the overall security threat posture, which hampers the ability of IT personnel to identify network pain points and the origin of threats, such as a company‟s marketing department or an organization‟s remote office. Companies need greater detail about the threat environment, such as the type of threats residing in the network, or the percentage that are malware or hacking attempts or that are caused by disruptive applications. Determining the root cause of how these threats entered the
  5. 5. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 network helps IT formulate better security policies. Internet Security Network layer security TCP/IP can be made secure with the help of cryptographic methods and protocols that have been developed for securing communications on the Internet. These protocols include SSL and TLS for web traffic, PGP for email, and IPsec for the network layer security. IPsec Protocol This protocol is designed to protect communication in a secure manner using TCP/IP. This is a set of security extensions developed by IETF and it provides security and authentication at the IP layer by using cryptography. To protect the content, the data is transformed using encryption techniques. There are two main types of transformation that form the basis of IPsec: the Authentication Header (AH) and Encapsulating Security Payload (ESP). These two protocols provide data integrity, data origin authentication, and anti-reply service. These protocols can be used alone or in combination to provide desired set of security services for the Internet Protocol (IP) layer. The basic components of the IPsec security architecture are described in terms of the following functionalities: * Security protocols for AH and ESP * Security association for policy management and traffic processing * Manual and automatic key management for the internet key exchange (IKE) * Algorithms for authentication and encryption. Malicious software Malwares :- Malware, short for malicious software, is software designed to secretly access a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, scareware, crimeware, most rootkits, and other malicious and unwanted software or program. In law, malware is sometimes known as a computer contaminant. Viruses :-A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to
  6. 6. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 other computers by infecting files on a network file system or a file system that is accessed by another computer. Trojen Horse A Trojan horse, or Trojan, is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system. "It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems", as Cisco describes. Trojan horses may allow a hacker remote access to a target computer system. Once a Trojan horse has been installed on a target computer system, a hacker may have access to the computer remotely and perform various operations, limited by user privileges on the target computer system and the design of the Trojan horse. Spyware :- Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's personal computer. Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users. Worm :- A computer worm is a self-replicating malware computer program. It uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. Buffer Overflow :- In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates. This may result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security. They are thus the basis of many software vulnerabilities and can be maliciously exploited. Botnet :- A botnet is a collection of software agents, or robots, that run autonomously and automatically. The term is most commonly associated with IRC bots and more recently malicious software, but it can also refer to a network of computers using distributed computing software. The main drivers for botnets are for recognition and financial gain. The larger the botnet, the more „kudos‟ the herder can claim to have among the underground community. The bot herder will also „rent‟ the services of the botnet out to third parties, usually for sending out spam messages, or for performing a denial of service attack against a remote target. Due to the large numbers of compromised machines within the botnet huge volumes of traffic (either email or denial of service) can be generated.
  7. 7. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 Cryptography Cryptography can be defined as the conversion of data into a scrambled code that can be deciphered and sent across a public or private network. Cryptography uses two main styles or forms of encrypting data; symmetrical and asymmetrical. Symmetric encryptions, or algorithms, use the same key for encryption as they do for decryption. Other names for this type of encryption are secret-key, shared-key, and private-key. The encryption key can be loosely related to the decryption key; it does not necessarily need to be an exact copy. Symmetric Encryption Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key. Asymmetric Encryption In Asymmetric encryption there are two related keys - a key pair. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret, so that only you know it. Any message (text, binary files, or documents) that are encrypted by using the public key can only be decrypted by applying the same algorithm, but by using the matching private key. Any message that is encrypted by using the private key can only be decrypted by using the matching public key. This means that you do not have to worry about passing public keys over the Internet (the keys are supposed to be public). A problem with asymmetric encryption, however, is that it is slower than symmetric encryption. It requires far more processing power to both encrypt and decrypt the content of the message. Digital Signatures:- A digital signature (not to be confused with a digital certificate) is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later. A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real. Assume you were going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you. 1. You copy-and-paste the contract (it's a short one!) into an e-mail note. 2. Using special software, you obtain a message hash (mathematical summary) of the
  8. 8. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 contract. 3. You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash. 4. The encrypted hash becomes your digital signature of the message. (Note that it will be different each time you send a message.) At the other end, your lawyer receives the message. 1. To make sure it's intact and from you, your lawyer makes a hash of the received message. 2. Your lawyer then uses your public key to decrypt the message hash or summary. 3. If the hashes match, the received message is valid. SSL The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. SSL is included as part of both the Microsoft and Netscape browsers and most Web server products. Developed by Netscape, SSL also gained the support of Microsoft and other Internet client/server developers as well and became the de facto standard until evolving into Transport Layer Security. The "sockets" part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate. TLS and SSL are an integral part of most Web browsers (clients) and Web servers. If a Web site is on a server that supports SSL, SSL can be enabled and specific Web pages can be identified as requiring SSL access. Any Web server can be enabled by using Netscape's SSLRef program library which can be downloaded for noncommercial use or licensed for commercial use. HTTPS HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. The use of HTTPS protects against eavesdropping and man-in-the-middle attacks. HTTPS was developed by Netscape. HTTPS and SSL support the use of X.509 digital certificates from the server so that, if necessary, a user can authenticate the sender. Unless a different port is specified, HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP. Suppose you visit a Web site to view their online catalog. When you're ready to order, you will be given a Web page order form with a Uniform Resource Locator (URL) that starts with https://. When you click "Send," to send the page back to the catalog retailer, your browser's HTTPS layer will encrypt it. The acknowledgement you receive from the server will also travel in encrypted form, arrive with
  9. 9. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 an https:// URL, and be decrypted for you by your browser's HTTPS sublayer. The effectiveness of HTTPS can be limited by poor implementation of browser or server software or a lack of support for some algorithms. Furthermore, although HTTPS secures data as it travels between the server and the client, once the data is decrypted at its destination, it is only as secure as the host computer. According to security expert Gene Spafford, that level of security is analogous to "using an armored truck to transport rolls of pennies between someone on a park bench and someone doing business from a cardboard box." FIREWALL A firewall is a set of related programs located at a network gateway server that protects the resources of a private network from potential intruders. Firewalls do not verify that information is coming from a secure source. Instead, they enforce a set of rules that determine what information is allowed to pass. There are several types of firewall techniques: 1. Packet filter: Packet filtering inspects each packet passing through the network and accepts or rejects it based on user-defined rules. Although difficult to configure, it is fairly effective and mostly transparent to its users. It is susceptible to IP spoofing. This type of packet filtering pays no attention to whether a packet is part of an existing stream of traffic (i.e. it stores no information on connection "state"). Instead, it filters each packet based only on information contained in the packet itself. Packet filtering firewalls work mainly on the first three layers of the OSI reference model, which means most of the work is done between the network and physical layers, with a little bit of peeking into the transport layer to figure out source and destination port numbers. When a packet originates from the sender and filters through a firewall, the device checks for matches to any of the packet filtering rules that are configured in the firewall and drops or rejects the packet accordingly. When the packet passes through the firewall, it filters the packet on a protocol/port number basis (GSS). For example, if a rule in the firewall exists to block telnet access, then the firewall will block the IP protocol for port number 2. Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation. The key benefit of application layer filtering is that it can "understand" certain applications and protocols (such as File Transfer Protocol, DNS, or web browsing), and it can detect if an unwanted protocol is sneaking through on a non-standard port or if a protocol is being abused in any harmful way. An application firewall is much more secure and reliable compared to packet filter firewalls because it works on all seven layers of the OSI reference model, from the application down to the physical Layer. This is similar to a packet filter firewall but here we can also filter information on the basis of content. 3. Circuit-level gateway:
  10. 10. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking. A circuit-level gateway is a type of firewall, circuit level gateways work at the session layer of the OSI model, or as a "shim-layer" between the application layer and the transport layer of the TCP/IP stack. They monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to a remote computer through a circuit level gateway appears to have originated from the gateway. This is useful for hiding information about protected networks. Circuit level gateways are relatively inexpensive and have the advantage of hiding information about the private network they protect. On the other hand, they do not filter individual packets. 4. Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses. In computer networks, a proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it 'caches' responses from the remote server, and returns subsequent requests for the same content directly. INTRUSION DETECTION SYSTEM An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators. In addition, organizations use IDPSs for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSs have become a necessary addition to the security infrastructure of nearly every organization. IDPSs typically record information related to observed events, notify security administrators of important observed events, and produce reports. Many IDPSs can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g., reconfiguring a firewall), or changing the attack‟s content. IDS Terminology * Alert/Alarm: A signal suggesting that a system has been or is being attacked.
  11. 11. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 * True Positive: A legitimate attack which triggers an IDS to produce an alarm. * False Positive: An event signaling an IDS to produce an alarm when no attack has taken place. * False Negative: A failure of an IDS to detect an actual attack. * True Negative: When no attack has taken place and no alarm is raised. * Noise: Data or interference that can trigger a false positive. * Site policy: Guidelines within an organization that control the rules and configurations of an IDS. * Site policy awareness: The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity. * Confidence value: A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack. * Alarm filtering: The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks. * Attacker or Intruder: An entity who tries to find a way to gain unauthorized access to information, inflict harm or engage in other malicious activities. * Masquerader: A user who does not have the authority to a system, but tries to access the information as an authorized user. They are generally outside users. * Misfeasor: They are commonly internal users and can be of two types: 1. An authorized user with limited permissions. 2. A user with full permissions and who misuses their powers. * Clandestine user: A user who acts as a supervisor and tries to use his privileges so as to avoid being captured. Limitations Noise Noise can severely limit an Intrusion detection systems effectiveness. Bad packets generated from software bugs, corrupt DNS data, and local packets that escaped can create a significantly high false-alarm rate. Too few attacks It is not uncommon for the number of real attacks to be far below the false-alarm rate. Real attacks are often so far below the false-alarm rate that they are often missed and ignored. Signature updates Many attacks are geared for specific versions of software that are usually outdated. A constantly changing library of signatures is needed to mitigate threats. Outdated signature databases can leave the IDS vulnerable to new strategies. Cyber Forensic Tools Cyber forensic is a field that is increasingly getting noted on higher levels so be it for solving a local crime or be it that interests the security factors of a country. Let us look at
  12. 12. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 some of the best forensic tools used to investigate cases related to cyber crime or those that are used for scientific purposes. Cyber forensic is an interesting domain which is coupled with technical advances and the ability to use them effectively. Cyber forensic primarily is used in the investigation of cyber crimes (i.e., crimes that occur over and on the technology front). However this need not be the case, since most forensic techniques and tools are also used for scientific purposes and research. With serious issues like terrorism that threaten the national integrity of a country it is only wise to learn and know the tools of the trade that terrorists use against the state. Cyber forensic tools aid not only in investigating crime cases but also for drafting and creating hard evidences for the same. Let us evaluate just some of these tools that have been used since long by forensic investigators, scientists and some notorious elements alike: X-Ways WinHex WinHex is used as a universal hexadecimal editor and is primarily useful in low-level data processing, file inspection, digital camera card recovery, recovery of files even from corrupt files systems, etc. This is one heck of a powerful tool and can especially be used in gathering digital evidence. FirstOnScene (FOS) FOS is the only one tool of its kind. It is rather a visual basic script code than a executable binary file. First On Scene works with other tools such as PSTools, LogonSessions, FPort, NTLast, PromiscDetect, FileHasher, etc. to gather an evidence log report. This log report can further be analyzed by forensic experts to extract important information. Rifiuti Rifiuti is a unique tool that aids investigators in finding the very last details of your system's recycle bin folders. Rifiuti is useful to gather critical information on all your delete and undelete activities. Pasco Pasco is a Latin word for "browse". Pasco helps in the analysis of the contents of internet explorer's cache. So in short it can be particularly useful to gather internet activity records from a target computer. Galleta Galleta is a Spanish word that means "cookie". Galleta is useful in examining the contents of cookie files on your machine. Cookie files are basically temporary internet files used by websites to maintain their indigenous logs for tracking and other such purposes. Forensic Acquisition Utilities (FAU) Forensic Acquisition Utilities is a set of forensic tools such as md5 checker, file wiper, etc. used for assorted purposes in research and investigation. NMap NMap is particularly associated with network security. NMap is a port scanner tool that helps find open ports on a remote machine. What separates NMap from other tools is its
  13. 13. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 ability to evade source machine identity and to work without causing any Intrusion Detection System (IDS) alarms to go of. Ethereal Ethereal is another network security tool which is not a port scanner but rather a network packet sniffer. Ethereal sniffs data packets over the network and can provide investigators with incoming/outgoing data that is sent over a network. However, ethereal itself cannot be useful in cases where strong encryption algorithms are in place at the source and destination computers. BinText BinText does not directly investigate but can be useful to browse through gathered evidence files such as that of log files generated by other forensic tools. BinText can be used for pattern matching and filtering these log files. PyFlag Tools PyFlag are a couple of tools used for log analysis and can be a very effective tool for investigators if coupled and used with other forensic tools. Miscellaneous Steganography Tools Steganography is out of the scope of this article however they cannot be ruled out from the forensic dimension. Steganography is an art to deceive by embedding text or data files in an image file. Various steganography tools help achieve just that. There are some tools however that help in detecting such injections. Recently, hackers and malicious users have been coming up with ideas to inject data files not just in image files but also music and video files and to our much discomfort they have been sucessful with these attempts. Implement Cyber Security Plan A computer network assessment will help you begin a cyber security plan to mitigate the largest risks to your business. A cyber security plan needs to be developed by an employee or a contractor that has a basic understanding of cyber security. A comprehensive cyber security plan needs to focus on three key areas: * Prevention. Solutions, policies and procedures need to be identified to reduce the risk of attacks. * Resolution. In the event of a computer security breach, plans and procedures need to be in place to determine the resources that will be used to remedy a threat. * Restitution. Companies need to be prepared to address the repercussions of a security threat with their employees and customers to ensure that any loss of trust or business is minimal and short-lived. PART 'B' CYBER LAW Scope of Cyber Law Cyber law is gaining a stronger foothold and there are several job opportunities for those
  14. 14. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 who would like to be Sherlock Holmes" on the Internet. Everything is becoming cyber and the concerns of maintaining security of the information on the internet is also growing. Therefore there are tremendous career opportunities in almost every field, from law to the IT Industry. You may be working in any field, knowledge of cyber law will definitely give you an edge over the rest. Apart from being a full-fledged lawyer, one can get the job of Cyber Consultant in an IT firm, police department or in banks, Research assistants in a law firm, Research assistants in a technology firm, Advisors to the web developers, Advisors in the Ministry of Information and Technology or in Corporate Houses, Security Auditors and Network Administrators in Technology firms, Trainers in law schools and Multinational Corporations. Since a cyber lawyer has to inevitably deal with criminal law, intellectual property law, commercial and civil law in his cyber law cases, it is best to have a sound and in-depth knowledge of these laws apart from cyber laws to give your practice a real edge. Talwant Singh, Additional District and Sessions Judge, Delhi says, “Scope of cyber law increases when combined with intellectual property rights laws as in many cyber law cases, the question of violation of copy rights is also involved.” As far as job opportunities are concerned, the field of cyber law is full of them. For example, you can choose from private practice, litigation, corporate advising and international cyber law work. Although litigation may take some time to firm its roots, consultancy has a lot of instant money to offer. ESSENCE OF DIGITAL CONTRACTS * Quality, first and foremost - legal contracts and documents you'd expect from a top law firm. * You know the draftsman (not an unnamed "leading attorney"). * It's online, quick, and easy; no software to download and install. * Free assistance with contract selection. * Pay only once; then draft unlimited legal contracts and documents during your subscription. * Easy-to-use "Intelligent" wizard guides your drafting. * "Intelligent" document assembly produces near-custom agreements. * Free updates and new documents as they're released (unlike downloadable forms). * You own your agreements - copy to your word processor; edit and customize as you like. * Safe and secure - your document data archived for limited time. Digital Signature System ----- refer to digital signatures..... Domain Name Issues # Having a great domain name can be a valuable commodity. In 2008 the domain pizza.com sold for $2.6 million and the year before that business.com sold for $350 million. There is a lot of money in the domain business so sometimes people are willing to walk the line between legal and illegal. Cyber Squatting # When someone registers a domain with trademarked phrases they do not own in bad faith or to make a profit, it is called cyber-squatting. When someone who owns the
  15. 15. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 trademark sees they've been cyber-squatted, he can file a dispute with ICANN, the Internet Corporation for Assigned Names and Numbers, which oversees domain names. Courts can also handle domain disputes but because of the international nature of the Internet jurisdiction isn't clear. Sometimes it's unclear whether the domain was registered in good faith in the case of a man named Uzi Nissan, who owns a computer company, versus Nissan Motor Company, who fought over nissan.com. As of 2010, Mr. Uzi Nissan still owns the domain, but they've been fighting since 1999. Famous actors will also fight over domains that have their name, as the singer Madonna did over madonna.com in the year 2000 when it became a pornography site. Typo-Squatting # Typo-squatting is when someone registers a domain for the purpose of getting visitors who mistype a webpage name. Using the original domain name microsoft.com as an example, a typo squatter could register wwwmicrosoft.com as one word to gain visitors who forget to type a period between www and microsoft. The squatter could then place advertisements on the page for profit or make a fake page replicating the original one for the purpose of identity theft in the form of logins and other personal data. In 2008, Microsoft sued a company called Domain Investments for typo-squatting on the domains zunedrivers.com, windoesmobile.com, microsoft-games.com and wwwhotmajl.com. Front Running # Domain front running is when a domain registrar temporarily or permanently registers a domain that someone recently searched to register when using their website. Although this practice can be legal, it's frowned upon by those registering domains. A popular domain registrar, Network Solutions, was accused of this in 2008. Whenever users searched for a potential domain on their websites, Network Solutions registered the domain for four days with a message in the whois data saying they can register it at Network Solutions website. This forced users to register the domain with them instead of their normal registrar or risk the registration of the domain by someone else. Some smaller domain availability websites might outright register themselves permanently for your domain they see you searching for, so search for your domain where you wish to register and buy it right away so front runners won't have time to see if it's a good idea. Copyright Laws for Digital Media As more and more material gets digitized for preservation and for easier access by a wider number of people, it's important to remember that the U.S. Copyright Office has a set of laws pertaining exclusively to digital media. Digital media in this case has a number of definitions, but most commonly it refers to a digital audio copied recording--that is, digitally recorded music or sound. Basic Copyright Law The law that deals with digital media is Title 17. This states that copyright for creative works lasts for the life of the author or creator plus 75 years. The Copyright Term Extension Act is a controversial law, as it was amended in 1998 with help of musicianturned- politician Sonny Bono. After the creator is dead for 75 years, the work passes into the public domain, meaning that no one individual owns it and everyone can use it free of
  16. 16. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 charge. If a person is caught using a copyrighted work before it enters the public domain, he is subject to injunction, fines and possibly jail time depending on the severity of the infringement. Reproduction and Distribution Reproduction and distribution of copyrightedS works without permission is illegal. Under provisions of copyright law, a person who is not the legal owner of a piece of digital media is prohibited from copying or sharing that media. It is also illegal to import, manufacture or distribute any device that allows others to copy digital media for purposes of distribution. Persons seeking to use copyrighted material must be approved by the legal owner before proceeding with copying. Royalty Payments Any person who obtains permission to copy and distribute copyrighted works of digital media must pay royalties to the copyright holder. Royalties are defined under Section 1003 of the copyright code as three percent of the transfer price, but not less than one dollar. Anyone found violating royalty agreements must cease distribution of all works until the case is reviewed by a copyright royalty judge. The judge withholds the amount of money in question until the case is resolved. E-Governance Under e-governance scenario, the Government and its citizens/business houses should be able to transact all their activities or at least majority of activities without meeting each other using Information technology tools such as internet, public kiosks etc. For example, when a citizen wants to get a ration card, he/she should be able to apply and get the ration card without physically going to the Taluka office. Similarly, when a widow wants to get a widow pension she should be able to get it by applying through the village or block level internet centre. Or, a farmer wanting to get a land extract / cultivation extract should be able to do it without going to any government official through the internet or public kiosks. Going to the Government offices and waiting there to get these services should be only an optional one. The citizens should have a choice of going to the internet centres or the government offices to get their works done with the Government. This can be achieved only through the following steps: 1. Government offices should be computerised using online workflow procedure. That means all the paper based registers have to be given up and all government works have to be carried out only through computers. 2. All Government employees working in the areas where e-governance is proposed have to be computer trained and each one should be given user ID and password to operate the system. 3. All these government employees have to be trained in their area of operation in the software. 4. The Government servers should be connected to the internet so that the citizens and business houses are enabled to access the Government information at any time and also
  17. 17. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 enabled to file all their requests/applications online. The scope for meeting government officials should be reduced to the extent that only where statutorily such physical presence is required they should be asked to meet the government officials. 5. All applications or requests from citizens/business houses should be received only through online procedure using internet as medium. 6. STD booths or similar public kiosks should be authorised to intermediate between the citizens and the government. This includes online remittance facility too. A similar facility should be made available to the business houses too. Cyber Crimes Spam Spam, or the unsolicited sending out of junk e-mails for commercial purposes, which is unlawful. New anti-spam laws are being passed in various countries which will hopefully limit the use of unsolicited electronic communications. Fraud Computer fraud refers to the fallacious misrepresentation of fact conveyed with an intention of inducing another to do or refrain from doing something that will ultimately lead to some major kind of loss. Obscene or Offensive Content The contents of some of the websites and other electronic communications over the net can be really distasteful, obscene or offensive for a variety of reasons. In many countries such communications are considered illegal. It can be very troubling if your children are exposed to adult content. Harassment This cyber crime encompasses all the obscenities and derogatory comments directed towards a specific individual or individuals focusing for example on gender, race, religion, nationality, and sexual orientation. Harassment is the cybercrime most commonly encountered in chat rooms or through newsgroups. Drug Trafficking Drug traffickers use the Internet as a medium for trading their illegal substances by sending out enciphered e-mail and other Internet Technology. Most of the drug traffickers can be found arranging their illegal deals at internet cafes, using courier websites for the delivery of illegal packages containing drugs, and sharing formulas for amphetamines in restricted-access chat rooms. Cyber Terrorism Due to the increase in cyber terrorism, the hacking into official websites or the crashing of official websites, government officials and Information Technology security specialists have recently begun a significant increase their mapping of potential security holes in
  18. 18. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 critical systems in order to better protect information sensitive sites. Common Sources of Cybercrime Researchers at Sophos Labs claim to have created a language software that can figure out the host country of malicious software by tracing the default language of the computer on which it was programmed. According to their analysis of the default language linked up with about 19,000 samples at the end of last year, Americans and other non-British English speakers, surprisingly, produced a large proportion of malware. China produced 30%, Brazil with 14.2% and Russia produced 4.1% of the world's malware. Child Abuse Law USA * ABA Center on Children and the Law The ABA Center on Children and the Law, a program of the Young Lawyers Division, aims to improve children's lives through advances in law, justice, knowledge, practice and public policy. Our areas of expertise include child abuse and neglect, child welfare and protective services system enhancement, foster care, family preservation, termination of parental rights, parental substance abuse, adolescent health, and domestic violence. * Chapter 419B — Juvenile Code: Dependency - Reporting Child Abuse The Legislative Assembly finds that for the purpose of facilitating the use of protective social services to prevent further abuse, safeguard and enhance the welfare of abused children, and preserve family life when consistent with the protection of the child by stabilizing the family and improving parental capacity, it is necessary and in the public interest to require mandatory reports and investigations of abuse of children and to encourage voluntary reports. * Child Abuse Prevention and Treatment Act as Amended by the Keeping Children and Families Safe Act of 2003 The basis for government's intervention in child maltreatment is grounded in the concept of parens patriae—a legal term that asserts that government has a role in protecting the interests of children and in intervening when parents fail to provide proper care. Beginning in the late 19th century, States and local jurisdictions started initiating mechanisms to assist and protect children. Then in 1912, the Federal Government established the Children's Bureau to guide Federal programs that were designed to support State child welfare programs as well as to direct Federal aid to families, which began with the passage of the Social Security Act (SSA) in 1935. The child welfare policy of the SSA layered Federal funds over existing State-supervised and administered programs that were already in place. * Definitions of Child Abuse and Neglect - Child Welfare Information Gateway Child abuse and neglect are defined by Federal and State laws. The Child Abuse Prevention and Treatment Act (CAPTA) is the Federal legislation that provides minimum standards that States must incorporate in their statutory definitions of child abuse and neglect. The CAPTA definition of "child abuse and neglect" refers to: * "Any recent act or failure to act on the part of a parent or caretaker, which results in death, serious physical or emotional harm, sexual abuse, or exploitation, or an act or failure to act which presents an imminent risk of serious harm"
  19. 19. Cyber Security and Cyber Law By:- D!vy@nk Gupt@ CR [ITESM] IIT DWARKA 2012-2013 * Megan's Law The U.S. Congress has passed several laws that require states to implement sex offender and crimes against children registries: the Jacob Wetterling Crimes Against Children and Sexually Violent Offender Registration Act, the Pam Lychner Sexual Offender Tracking and Identification Act, and Megan's Law. On March 5, 2003, the United States Supreme Court ruled that information about potential predators may be publicly posted on the Internet. * Sex Offender Registration and Notification Act To provide for the registration of sex offenders and for appropriate notification of their whereabouts, and for other purposes. * US Code, Title 42, 13031 - Child Abuse Reporting A person who, while engaged in a professional capacity or activity described in subsection (b) of this section on Federal land or in a federally operated (or contracted) facility, learns of facts that give reason to suspect that a child has suffered an incident of child abuse, shall as soon as possible make a report of the suspected abuse to the agency designated under subsection (d) of this section.

×