This document outlines the course details for the Network Security course taught by Dr. Shivashankar. The course aims to help students understand network security concepts like services, mechanisms, transport layer security, IP security, intrusion detection, firewalls and malicious software. Students will learn about attacks on computers, security models, principles, threats like viruses, and management practices. The textbook and reference materials are also listed.
USER AUTHENTICATION
MEANS OF USER AUTHENTICATION
PASSWORD AUTHENTICATION
PASSWORD VULNERABILITIES
USE OF HASHED PASSWORDS – IN UNIX
PASSWORD CRACKING TECHNIQUES
USING BETTER PASSWORDS
TOKEN AUTHENTICATION
BIO-METRIC AUTHENTICATION
USER AUTHENTICATION
MEANS OF USER AUTHENTICATION
PASSWORD AUTHENTICATION
PASSWORD VULNERABILITIES
USE OF HASHED PASSWORDS – IN UNIX
PASSWORD CRACKING TECHNIQUES
USING BETTER PASSWORDS
TOKEN AUTHENTICATION
BIO-METRIC AUTHENTICATION
This slide explains the design part as well as implementation part of the firewall. And also tells about the need of firewall and firewall capabilities.
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
Cyber security professionals are in high demand, and those willing to learn new skills to enter the area will have plenty of opportunities. Our goal is to present you with the most comprehensive selection of cybersecurity interview questions available.
This slide explains the design part as well as implementation part of the firewall. And also tells about the need of firewall and firewall capabilities.
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
Cyber security professionals are in high demand, and those willing to learn new skills to enter the area will have plenty of opportunities. Our goal is to present you with the most comprehensive selection of cybersecurity interview questions available.
E-Commerce Privacy and Security SystemIJERA Editor
The Internet is a public networks consisting of thousand of private computer network connected together. Private computer network system is exposed to potential threats from anywhere on the public network. In physical world, crimes often leave evidence finger prints, footprints, witnesses, video on security comes and so on. Online a cyber –crimes, also leaves physical, electronic evidence, but unless good security measures are taken, it may be difficult to trace the source of cyber crime. In certain e-commerce-related areas, such as networking, data transfer and data storage, researchers applied scanning and testing methods, modeling analysis to detect potential risks .In the Security system ,Questions are related to online security in which given options are Satisfied, Unsatisfied ,Neutral, Yes, No. and weak password , Strong password. it is revealed that it is quite difficult, if not impossible, to suggest that which online security is best. Online security provide the flexibility, efficiency of work, provide the better security of net banking . The main feature of the research that the data is safe in banking management for long time and open any account after along time. The Future scope of the study of Security is use to reduce threats. Security is used in the long run results in the reduction of number of branches, saying rentals of related and properties. If the better Security operate than net banking and e-marketing will be increase.
E-Commerce Privacy and Security SystemIJERA Editor
The Internet is a public networks consisting of thousand of private computer network connected together. Private computer network system is exposed to potential threats from anywhere on the public network. In physical world, crimes often leave evidence finger prints, footprints, witnesses, video on security comes and so on. Online a cyber –crimes, also leaves physical, electronic evidence, but unless good security measures are taken, it may be difficult to trace the source of cyber crime. In certain e-commerce-related areas, such as networking, data transfer and data storage, researchers applied scanning and testing methods, modeling analysis to detect potential risks .In the Security system ,Questions are related to online security in which given options are Satisfied, Unsatisfied ,Neutral, Yes, No. and weak password , Strong password. it is revealed that it is quite difficult, if not impossible, to suggest that which online security is best. Online security provide the flexibility, efficiency of work, provide the better security of net banking . The main feature of the research that the data is safe in banking management for long time and open any account after along time. The Future scope of the study of Security is use to reduce threats. Security is used in the long run results in the reduction of number of branches, saying rentals of related and properties. If the better Security operate than net banking and e-marketing will be increase.
this report is about how network security and privacy security works on Wireless and Wired system.It is also contain encryption method for network security and privacy.
Computer Security : Introduction, Need for security, Principles of Security,
Types of Attacks
Cryptography : Plain text and Cipher Text, Substitution techniques, Caesar
Cipher, Mono-alphabetic Cipher, Polygram, Polyalphabetic Substitution,
Playfair, Hill Cipher, Transposition techniques, Encryption and Decryption,
Symmetric and Asymmetric Key Cryptography, Steganography, Key Range and
Key Size,
Possible Types of Attacks
Symmetric Key Algorithms and AES: Algorithms types and modes, Overview
of Symmetric key Cryptography, Data Encryption Standard (DES), International
Data Encryption Algorithm (IDEA), RC4, RC5, Blowfish, Advanced Encryption
Standard (AES)
Asymmetric Key Algorithms, Digital Signatures and RSA: Brief history of
Asymmetric Key Cryptography, Overview of Asymmetric Key Cryptography,
RSA algorithm, Symmetric and Asymmetric key cryptography together, Digital
Signatures, Knapsack Algorithm, Some other algorithms (Elliptic curve
cryptography, ElGamal, problems with the public key exchange)
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
Cyber security positions have considerably taken the top list in the job market. Candidates vying for elite positions in the field of cyber security certainly need a clear-cut and detailed guide to channeling their preparation for smooth career growth, beginning with getting a job. We have curated the top cyber security interview questions that will help candidates focus on the key areas. We have classified the regularly asked cyber security interview questions here, in this article into different levels starting from basic general questions to advanced technical ones.
Before we move on to the top cyber security interview questions, it is critical to reflect on the vitality of cyber security in our modern times and how cyber security professionals are catering to the needs of securing a safe cyber ecosystem.
The times we live in is defined by the digital transition, in which the internet, electronic devices, and computers have become an integral part of our daily life. Institutions that serve our daily needs, such as banks and hospitals, now rely on internet-connected equipment to give the best possible service. A portion of their data, such as financial and personal information, has become vulnerable to illegal access, posing serious risks. Intruders utilize this information to carry out immoral and criminal goals.
Cyber-attacks have jeopardized the computer system and its arrangements, which has now become a global concern. To safeguard data from security breaches, a comprehensive cyber security policy is needed now more than ever. The rising frequency of cyber-attacks has compelled corporations and organizations working with national security and sensitive data to implement stringent security procedures and restrictions.
Computers, mobile devices, servers, data, electronic systems, networks, and other systems connected to the internet must be protected from harmful attacks. Cybersecurity, which is a combination of the words "cyber" and "security," provides this protection. 'Cyber' imbibes the vast-ranging technology with systems, networks, programs, and data in the aforementioned procedure. The phrase "security" refers to the process of protecting data, networks, applications, and systems. In a nutshell,
cyber security is a combination of principles and approaches that assist prevent unwanted access to data, networks, programs, and devices by meeting the security needs of technological resources (computer-based) and online databases.
As more business activities are being automated and an increasing number of computers are being used to store sensitive information, the need for secure computer systems becomes more apparent. This need is even more apparent as systems and applications are being distributed and accessed via an insecure network, such as the internet. The internet itself has become critical for governments, companies, financial institutions, and millions of everyday users. Networks of computers support a multitude of activities whose loss would all cripple these organizations. As a consequences Cyber Security issues have become national security issues. Protecting the internet is a very difficult task. Cyber Security can be obtained only through systematic development. P. H. Gopi Kannan | A. Karthik | M. Karthikeyan "Cyber Security" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33483.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/33483/cyber-security/p-h-gopi-kannan
Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It’s also known as information technology security or electronic information security. The term applies in a variety of contexts, from business to mobile computing, and can be divided into a few common categories.
Network Security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users and programs to perform their permitted critical functions within a secure environment. - sans.org
IOSR Journal of Electronics and Communication Engineering(IOSR-JECE) is an open access international journal that provides rapid publication (within a month) of articles in all areas of electronics and communication engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in electronics and communication engineering. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSEDuvanRamosGarzon1
AIRCRAFT GENERAL
The Single Aisle is the most advanced family aircraft in service today, with fly-by-wire flight controls.
The A318, A319, A320 and A321 are twin-engine subsonic medium range aircraft.
The family offers a choice of engines
Courier management system project report.pdfKamal Acharya
It is now-a-days very important for the people to send or receive articles like imported furniture, electronic items, gifts, business goods and the like. People depend vastly on different transport systems which mostly use the manual way of receiving and delivering the articles. There is no way to track the articles till they are received and there is no way to let the customer know what happened in transit, once he booked some articles. In such a situation, we need a system which completely computerizes the cargo activities including time to time tracking of the articles sent. This need is fulfilled by Courier Management System software which is online software for the cargo management people that enables them to receive the goods from a source and send them to a required destination and track their status from time to time.
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
2. Course Outcomes
After Completion of the course, student will be able to:
▪Explain network security services and mechanisms and explain security
concepts.
▪Understand the concept of Transport Level Security and Secure Socket
Layer.
▪Explain security concerns in Internet Protocol Security.
▪Explain Intruders, Intrusion detection and Malicious Software.
▪Describe Firewalls, Firewall characteristics, Biasing and Configuration.
▪Text Book:
1. Cryptography and Network Security Principles and Practice, Pearson
Education Inc., William Stallings 5th Edition, ISBN: 978-81-317-6166-3.
2. Cryptography and Network Security, Atul Kahate, TMH, 2003.
▪Reference:
▪Cryptography and Network Security, Behrouz A Forouzan, TMH, 2007.
3/10/2023 2
Dr. Shivashankar, E&CE, RRIT
3. Module-1
Attacks on Computers and Computer Security
Network security is any activity designed to protect the
usability and integrity of our network and data.
• It includes both hardware and software technologies.
• It targets a variety of threats.
• It stops them from entering or spreading on your
network.
• Effective network security manages access to the
network.
3/10/2023 3
Dr. Shivashankar, E&CE, RRIT
4. Module-1
Attacks on Computers and Computer Security
Computer and network security are built on three pillars, commonly referred to
by the C-I-A acronym:
1. Confidentiality: Refers to the protection of information transmitted over
computer networks from unauthorized access, interception, or tampering.
This is achieved through encryption and secure protocols such as SSL/TLS.
2. Integrity: the ability to ensure that a system and its data has not suffered
unauthorized modification. Integrity protection protects not only data, but
also operating systems, applications and hardware from being altered by
unauthorized individuals.
3. Availability: protecting the functionality of support systems and ensuring
data is fully available at the point in time (or period requirements) when it
is needed by its users. The objective of availability is to ensure that data is
available to be used when it is needed to make decisions
3/10/2023 4
Dr. Shivashankar, E&CE, RRIT
5. CONTI…
▪ A Threat is nothing but a possible event that can damage and harm an information
system
▪ Security Threat is defined as a risk that which, can potentially harm Computer systems
& organizations.
▪ Security attacks are mainly aimed at stealing altering or destroying a piece of personal
and confidential information, stealing the hard drive space, and illegally accessing
passwords.
• Web security threats are constantly emerging and evolving, but many threats
consistently appear at the top of the list of web security threats. These include:
• Cross-site scripting (XSS)
• SQL Injection
• Phishing
• Ransomware
• Code Injection
• Viruses and worms
• Spyware
• Denial of Service
3/10/2023 5
Dr. Shivashankar, E&CE, RRIT
6. CONTI…
▪Two typical examples of such security mechanisms were as follows:
• Provide a user id and password to every user and use that information to
authenticate a user
• Encode information stored in the databases in some fashion so that it is not
visible to users who donot have the right permissions.
3/10/2023 6
Dr. Shivashankar, E&CE, RRIT
Fig. 1.1Example of information traveling from a client to a
server over the Internet.
7. Modern Nature of Attacks
Automating attacks
▪An automated threat is a type of computer security threat to a computer network or
web application, characterized by the malicious use of automated tools such as Internet
bots.
▪Automated threats are popular on the internet as they can complete large amounts of
repetitive tasks with almost no cost to execute.
Example: Credential stuffing. Scratching. Application layer DDoS. Captcha Bypass. Card Cracking, etc
3/10/2023 7
Dr. Shivashankar, E&CE, RRIT
Fig. 1.2The changing
nature of attacks due to
automation
8. CONTI…
Privacy concerns
• Data privacy is concerned with the proper handling of sensitive information
such as financial data and intellectual property data.
• Cyber privacy can include both personally identifying information (PII) or
non-identifying information which when aggregated can be used to identify
- like a user's behavior on a website and cookie information.
Example:
❖ Products you've purchased online.
❖ Search engine and browser histories.
❖ Location information.
❖ Financial data.
❖ Employee benefits service providers such as: Insurance companies. ...
❖ Preferred operational solutions for tasks like: Employee messaging.
3/10/2023 8
Dr. Shivashankar, E&CE, RRIT
9. CONTI…
Security Approaches
Trusted Systems
A trusted system is a computer system that can be trusted to a
specified extent to enforce as specified security policy.
Trusted systems were initially of primary interest to the military.
Trusted systems often use the term reference monitor.
It is mainly responsible for all the decisions related to access
controls.
Naturally, following are the expectations from the reference
monitor:
(a) It should be tamper proof
(b) It should always be invoked
(c) It should be small enough so that it can be independently
tested.
3/10/2023
9
Dr. Shivashankar, E&CE, RRIT
10. Security Models
▪An organization can take several approaches to implement its
security model.
▪No security: In this simplest case, the approach could be a decision
to implement no security at all. This approach cannot work for too
long, as there are many ways an attacker can come to know about
it.
▪Host security: In this scheme, the security for each host is enforced
individually. This is a very safe approach, but the trouble is that it
cannot scale well.
▪Network security: Host security is tough to achieve as
organizations grow and become more diverse. In this technique, the
focus is to control network access to various hosts and their
services, rather than individual host security. This is a very efficient
and scalable model.
3/10/2023 10
Dr. Shivashankar, E&CE, RRIT
11. Security Management Practices
Good security management practices always talk of a security policy being in
place. A good security policy and its proper implementation go a long way in
ensuring adequate security management practices. A good security policy
generally takes care off our key aspects, as follows:
• Affordability Cost and effort in security implementation.
• Functionality Mechanism of providing security.
• Cultural issues Whether the policy gels well with people’s expectations, working
style and beliefs.
• Legality Whether the policy meets the legal requirements. Once a security
policy is in place, the following points should be ensured.
(a) Explanation of the policy to all concerned.
(b) Outline everybody’s responsibilities.
(c) Use simple language in all communications.
(d) Establishment of accountability.
(e) Provision for exceptions and periodic reviews.
3/10/2023 11
Dr. Shivashankar, E&CE, RRIT
12. Principles of Security
• The purpose of the cyber security principles is to
provide strategic guidance on how an organisation can
protect their systems and data from cyber threats.
• These cyber security principles are grouped into four
key activities:
➢ Govern: Identifying and managing security risks.
➢ Protect: Implementing controls to reduce security
risks.
➢ Detect: Detecting and understanding cyber security
events to identify cyber security incidents.
➢ Respond: Responding to and recovering from cyber
security incidents.
3/10/2023 12
Dr. Shivashankar, E&CE, RRIT
13. Confidentiality
• Confidentiality measures are designed to prevent unauthorized
disclosure of information.
• The purpose of the confidentiality principle is to keep personal
information private and to ensure that it is visible and accessible
only to those individuals who own it or need it to perform their
organizational functions.
➢ Example: confidential email message sent by A to B, which is accessed by C
without the permission or knowledge of A and B. This type of attack is called
as interception.
➢ Interception causes loss of message confidentiality.
3/10/2023 13
Dr. Shivashankar, E&CE, RRIT
Fig. 1.4Loss of confidentiality
14. Authentication
▪The process of verifying the identity of a user or information. User
authentication is the process of verifying the identity of a user when that
user logs in to a computer system.
▪The main objective of authentication is to allow authorized users to
access the computer and to deny access to unauthorized users.
▪Operating Systems generally identify/authenticates users using the
following 3 ways: Passwords, Physical identification, and Biometrics.
▪Fabrication is possible in absence of proper authentication mechanisms.
3/10/2023 14
Dr. Shivashankar, E&CE, RRIT
Fig. 1.5Absence of authentication
15. Integrity
• Integrity is the ability to ensure that a system and its data has
not suffered unauthorized modification.
• Integrity protection protects not only data, but also operating
systems, applications and hardware from being altered by
unauthorized individuals.
➢ User C somehow manages to access it, change its contents and send the changed
message to user B. User B has no way of knowing that the contents of the message
were changed after user A had sent it. User A also does not know about this change.
➢ This type of attack is called as modification.
3/10/2023 15
Dr. Shivashankar, E&CE, RRIT
Fig. 1.6Loss of integrity
16. Non-repudiation
• The assurance that someone cannot deny the validity of something.
• A legal concept that is widely used in information security and refers to
a service, which provides proof of the origin of data and the integrity of
the data.
• In other words, non-repudiation makes it very difficult to successfully
deny who/where a message came from as well as the authenticity and
integrity of that message.
➢ Digital signatures (combined with other measures) can offer non-
repudiation when it comes to online transactions.
3/10/2023 16
Dr. Shivashankar, E&CE, RRIT
Fig. 1.7Establishing non-repudiation
17. Access Control
• Access control is a fundamental component of data security that
dictates who’s allowed to access and use company information and
resources.
• Through authentication and authorization, access control policies make
sure users are who they say they are and that they have appropriate
access to company data.
• Access control can also be applied to limit physical access to campuses,
buildings, rooms, and datacenters.
• Access control specifies and controls who can access what.
➢ Authentication
➢ Authorization
➢ Access
➢ Manage
➢ Audit
3/10/2023 17
Dr. Shivashankar, E&CE, RRIT
18. Availability
• Protecting the functionality of support systems and ensuring data is
fully available at the point in time when it is needed by its users.
• The objective of availability is to ensure that data is available to be
used when it is needed to make decisions.
There are mainly two threats to availability of the system which are as
follows:
1. Denial of Service
2. Loss of Data Processing Capabilities
3/10/2023 18
Dr. Shivashankar, E&CE, RRIT
Fig. 1.8Attack on availability
19. Ethical and Legal Issues
▪Piracy, copyright issues, prevention of loss, trade secrets, patent issues,
access rights, and privacy problems are all ethical issues in the computer
world.
▪Classically, the ethical issues in security systems are classified into
the following four categories:
▪Privacy – This deals with the right of an individual to control
personal information.
▪Accuracy – This talks about the responsibility for the authenticity,
fidelity and accuracy of information.
▪Property – Here we find out the owner of the information. We also
talk about who controls access.
▪Accessibility – This deals with the issue of the type of information
an organization has the right to collect. And in that situation, it also
expects to know the measures which will safeguard againstany
unforeseen eventualities.
3/10/2023 19
Dr. Shivashankar, E&CE, RRIT
20. CONTI…
When dealing with legal issues, we need to remember that there is a
hierarchy of regulatory bodies that govern the legality of information
security.
We can roughly classify them as follows.
• International: e.g. International Cybercrime Treaty
• Federal: e.g. FERPA, GLB, HIPAA, DMCA, Teach Act, Patriot Act,
Sarbanes-Oxley Act, etc.
• State: e.g. UCITA, SB 1386, etc.
• Organization: e.g. Computer use policy
3/10/2023 20
Dr. Shivashankar, E&CE, RRIT
21. Types of Attacks
▪ Network attacks are unauthorized actions on the digital assets within an
organizational network. Malicious parties usually execute network attacks to
alter, destroy, or steal private data.
▪Example:
▪Criminal Attacks: The sole aim of the attackers is to maximize financial gain by
attacking computer systems.
▪Publicity Attacks : the aim of the attacker is to gain publicity.
▪Publicity attacks occur because the attackers want to see their names appear on
television news channels and newspapers.
3/10/2023 21
Dr. Shivashankar, E&CE, RRIT
Fig. 1.9Classification of attacks as understood in general terms
22. CONTI…
Legal Attacks
• In a legal attack, attackers try to make judge doubtful about the
security of the computer system.
• i.e. attacker attacks on the system and later on tries to convey to the
judge that there is a problem within the computer system, it’s not
his/her fault.
• Fraud, scams, identity theft, grand theft, destruction, intellectual
property theft are some of the legal attacks.
3/10/2023 22
Dr. Shivashankar, E&CE, RRIT
23. Attacks
Actions taken through the use of computer networks to disrupt, deny,
degrade, or destroy information resident in computers and computer
networks, or the computers and networks themselves.
▪Two types:
3/10/2023 23
Dr. Shivashankar, E&CE, RRIT
Active Attack Passive Attack
Modification in information takes
place.
Modification in the information does
not take place.
Danger to Integrity as well
as availability.
A danger to Confidentiality.
Due to active attacks, the execution
system is always damaged.
While due to passive attack, there is
no harm to the system
Victim gets informed about the
attack.
Victim does not get informed about
the attack.
System resources can be changed. System resources are not changing.
24. The Practical Side of Attacks
▪A security exploit that aims to gather information from or influence the
program execution of a system by measuring or exploiting indirect effects of the
system or its hardware
▪Two types
▪Application level attacks –The attacker attempts to access, modify or prevent
access to information of a particular application or to the application itself.
• Credit card information on the Internet or changing the contents of a message
to change the amount in a transaction, etc.
•Network level attacks –An attempt to either slow down or completely bring to
halt, a computer network.
3/10/2023 24
Dr. Shivashankar, E&CE, RRIT
Fig. 1.13Practical side of attacks
25. Virus
A virus is a computer program that attaches itself to another legitimate program and causes damage to the
computer system or to the network. During its lifetime, a virus goes through four phases:
(a) Dormant phase: Here, the virus is idle. It gets activated based on certain action or event (e.g. the user typing
a certain key or certain date or time is reached, etc). This is an optional phase.
(b) Propagation phase: In this phase, a virus copies itself and each copy starts creating more copies of self, thus
propagating the virus.
(c) Triggering phase: A dormant virus moves into this phase when the action/event for which it was waiting is
initiated.
(d) Execution phase: This is the actual work of the virus, which could be harmless (display some message on the
screen) or destructive (delete a file on the disk).
Viruses can be classified into the following categories:
(a) (a) Parasitic virus: This is the most common form of viruses. Such a virus attaches itself toexecutable files and
keeps replicating. Whenever the infected file is executed, the virus looks forother executable files to attach
itself and spread.
(b) (b) Memory-resident virus: This type of virus first attaches itself to an area of the main memory andthen
infects every executable program that is executed.
(c) (c) Boot sector virus: This type of virus infects the master boot record of the disk and spreads on thedisk
when the operating system starts booting the computer.
(d) (d) Stealth virus: This virus has intelligence built in, which prevents anti-virus software programsfrom
detecting it.
(e) (e) Polymorphic virus: A virus that keeps changing its signature (i.e. identity) on every execution,making it
very difficult to detect.
(f) (f) Metamorphic virus: In addition to changing its signature like a polymorphic virus, this type ofvirus keeps
rewriting itself every time, making its detection even harder.
3/10/2023 25
Dr. Shivashankar, E&CE, RRIT
26. Worms
• A computer worm is a type of malware whose primary function is to self-
replicate and infect other computers while remaining active on infected
systems.
• A computer worm duplicates itself to spread to uninfected computers.
• It often does this by exploiting parts of an operating system that are
automatic and invisible to the user.
• Typically, a user only notices a worm when its uncontrolled replication
consumes system resources and slows or halts other tasks.
• A computer worm is not to be confused with WORM, or write once, read
many.
• Computer worms often rely on vulnerabilities in networking protocols, such
as File Transfer Protocol, to propagate.
• After a computer worm loads and begins running on a newly infected system,
it will typically follow its prime directive: to remain active on an infected
system for as long as possible and spread to as many other vulnerable systems
as possible.
3/10/2023 26
Dr. Shivashankar, E&CE, RRIT
27. Cookies
• A piece of data from a website that is stored within a web browser that the website can
retrieve at a later time.
• Cookies are used to tell the server that users have returned to a particular website.
• When users return to a website, a cookie provides information and allows the site to
display selected settings and targeted content.
• Cookies also store information such as shopping cart contents, registration or login
credentials, and user preferences.
• This is done so that when users revisit sites, any information that was provided in a
previous session or any set preferences can be easily retrieved.
• Advertisers use cookies to track user activity across sites so they can better target ads.
While this particular practice is usually offered to provide a more personalized user
experience, some people also view this as a privacy concern.
Type of Cookies
▪Session cookies are also known as transient cookies or per-session cookies.
▪Persistent cookies are stored for a specific length of time. These cookies remain on your
device until they expire or are deleted.
▪First-party cookies are cookies set by websites that users directly visit.
▪Super cookies are similar to session cookies in that they also track user behavior and
browsing history.
3/10/2023 27
Dr. Shivashankar, E&CE, RRIT
28. MCQ
1. First boot sector virus is
(A) Computed (B) Mind (C) Brain (D) Elk cloner
2. The linking of computers with a communication system is called
(A) Assembling (B) Interlocking (C) Pairing (D) Networking
3. The phrase ____ describe viruses, worms, Trojan horse attack applets and attack scripts.
(A) Spam (B) Phishing (C) Malware (D) Virus
4. Abuse messaging systems to send unsolicited is
(A) Phishing (B) Adware (C) Firewall (D) Spam
5. A person who uses his or her expertise to gain access to other people’s computers to get
information illegally or do damage is a
(A) Hacker (B) Analyst (C) Spammer (D) Programmer
6. Malicious access are unauthorized
(A) Destruction of data (B) Modification of data (C) Reading of data (D) All of these
7. Encrypted passwords are used for
(A) Security purpose (B) Passwords list secret (C) Faster execution (D) Both (a) and (b)
8. A firewall
(A) Separates a network into multiple domains (B) May need to allow http to pass
(C) Limits network access between the two security domains and maintains and logs all
connections (D) is a computer or router that sits between the trusted and untrusted
3/10/2023 28
Dr. Shivashankar, E&CE, RRIT