So692 cyber security-document

Table of Content
Task-1 ………………………………………………………………………………………… 3
Task-1a ……………………………………………………………………………….. 3
Task-1b ……………………………………………………………………………….. 5
Task-1c ……………………………………………………………………………….. 5
Task-2 ………………………………………………………………………………………… 9
Task-2a ……………………………………………………………………………….. 9
Task-2b ……………………………………………………………………………….. 10
Task-3 ………………………………………………………………………………………… 11
Task-3a ……………………………………………………………………………….. 11
Task-3b ……………………………………………………………………………….. 13
Task-4 ………………………………………………………………………………………… 15
Task-4a ……………………………………………………………………………….. 15
Task-4b ……………………………………………………………………………….. 18
Task-4c ……………………………………………………………………………….. 19
Task-5 ………………………………………………………………………………………… 20
Task-5a ……………………………………………………………………………….. 20
Task-5b ……………………………………………………………………………….. 20
Task-5c ……………………………………………………………………………….. 22
References ……………………………………………………………………………………. 23

Task-1
Task-1a
There are different types of scams and frauds are there in the computer network. They mostly
attacks the user while online transaction of data, online purchase or any other works that is
related with the internet and native device. Basically the attackers read the port that is in use and
steals the information and private credentials (Bryan Monk, 2018). The types of fraud and the
scams performed by them are discussed below:
A. Frauds:
Malware: This is a type of malicious software which harms the computers as well as the digital
device. This includes the Worms, Trojans or any kind of the Spywares. Those individually or
collectively harm the computer when connected to the internet. Basically, the user allows those
kinds of malware unconsciously through any file download (Lu, 2018). That actually looks in to
the log in fields of the portal and snatches the useful resource like the credit or debit card
number, bank account details or any other things. Mostly those are represented in a coded
version. The malware can be obstructed using anti-malware. But, in the very present days, the
malware are represented as the polymorphic version which continuously changes its base code so
every time it can change its behavior and so it is hard to obstruct as for the regular data structure
update. So, in that case only those anti malware tool will be applicable which include the
signature based sandbox (Mansfield-Devine, 2009).
Phishing Attack: This is a specified attack by some kind of malware and virus. In this case, the
hackers use the victim’s mail to send their mails and if the user will click on any link that is
placed in the mail body, all the secured information of the mail are hacked as those are now
visible to the hacker and this will cause the interruption of the privacy. Those phishes or the
hackers are generally do this to spread the scams over the internet (Bouchard, 2016). The main
intention of the operation is to steal the user identity and the password so that the hackers can use
the accounts of the victims without prior knowledge of the user. In another case, the hackers use
to make fraud website which looks similar to one of their known website and that is the trap
when the user enters into it and perform the login (Guitton, 2013). But if the user will be cautious
enough to properly read the Unified Resource Location or URL properly, they can find that all
the true websites now contains the secured version of Hyper Text Transfer Protocol or HTTPS
rather having HTTP only. But the hacker’s website does not include HTTPS. So, if such websites
will be avoided, the probable attack can be obstructed but for most of the cases, the user does not
follow this and thus they will be under attack (Lan Liu, 2017).
Ransomware Attack: This another type of fraud in computer network which attack the world
most recently. The attackers send the malicious program to the victim which locks down the
computer and the attackers demand the money in exchange of make the system as previous (J.

François, 2014). This one had been done for most probably the raising of crypto currency and
often the attackers demand the amount in bitcoin. Meanwhile all the private document and
credential will be steal by the hackers (T. Lu, 2012). This one was the most ferocious attacks
ever by the computer frauds. After providing the amount the computer gets recovered though all
the other files in the device gets affected and thus it is spread over the computer and make severe
harm (Romdhane, 2016).
B. Scams:
The types of frauds discussed in the previous section, can cause the massive damage to the user
system by creating online scam. There are different types of scams in computer network and they
are shown below:
Online Market Scam: Now a days, most of the people prefers the online marketing rather by
going to the physical market. The online market portal is logged in by the user itself. If the
network contains any malicious component, the credential of the user will be theft (Christin,
2012). It is dangerous because most of the user prefers to purchase the product by using debit
card. Those malicious agent will theft those data and the card will be misused (Rid, 2016).
Job Portal Scam: Most of the job portal uses to send the promotional and update mails to the
registered user. The hacker follows the same as they send fake job mails to the user and ask them
to open the link in the mail body to apply. When the user click on the mail link, they get
victimized and their and details may be hacked (Bryan Monk, 2018).
Advertisement Scam: While surfing on the internet, the user can see different advertisement and
some of those may contain the malicious content and can affect the system if those were clicked
(Bouchard, 2016). Actually those advertisements are the gateway of entering into the system and
thus the hacker shows the advertisement in a very attractive way (Rid, 2016).
Relief Fund Scam: When some disaster occurs, different group of people start campaigning for
the relief fund and even they start campaigning through building some website where the well
wishers can deposit money. But unfortunately, some hackers also do this where the fake websites
which attracts the user to deposit money which actually don’t goes to the fund rather those
amount will be redirected to the hacker’s account (G. Moura, 2014).
Software Download Scam: Most of the time, the computer users download their preferred
software from the internet may be from known or unknown sites. While downloading software
from unknown sites, the hackers invokes the malicious program into the software which affect
the files and folder of computer device (J. François, 2014).

Task-1b
The types of theft are already discussed in the previous section. This type of fraud can prevented
if the proper measure can be applied. Below some of the measure are discussed (Lu, 2018) (G.
Moura, 2014).
1. Avoiding E-Mail from unknown source: To ensure the system will be secure, try to
avoid to open the emails from un source or those mails that are dropped in the spam
folder.
2. Updated Password: To ensure the security in the email account or social media, the
password should be updated periodically to avoid the snatching the password by the
hackers.
3. High Strength Password: To protect the account in a better way, the password should be
strong enough and will be the combination of number, alphabet and characters.
4. Revealing Privacy Policy: To ensure the security, try to reveal the personal identity from
the websites which ask for it.
5. Updated Anti-Virus and Firewalls: To prevent the system to be attacked by the
malwares and virus, the anti-virus and the firewalls to be updated periodically so that that
can attain the updated virus database.
Task-1c
The privacy setting of the browser to be set in order to protect the browser from any kind of
external attack (Rid, 2016). The settings for the Firefox Browser are shown below:
1. Open the Firefox browser and select the option
Fig-1: Selecting Option of Firefox Browser

2. Select the Privacy Settings
Fig-2: Privacy setting and Security
3. Select the content Blocking option
Fig-3: Select Content Blocking

4. Select the Cookie Option
Fig-4: Select Delete Cookie Option
5. Select “Ask to save Login Password: Option
Fig-5: Ask to save Login Password

6. Select “Block Pop-up and install add-on” option
Fig-6: Block Pop-up and install add-on
7. Select “Block dangerous downloads” option
Fig-7: Block dangerous downloads

Task-2
Task-2a
Malware and the spyware may attack the system for the poor or irrelevant anti threat software
like anti-malware and anti-virus. Most of the user uses the anti-virus in demo or trial mode which
is actually not le to detect the updated virus because of lack of database of the virus (Hong Zhao,
2019). To get the updated database of the most recent virus, the database of the anti-virus or the
anti-malware will have o updated periodically and automatically . But the anti-virus or the anti-
malware itself not sufficient to detect all the external attacks (S. L. Toral, 2010). Some attacks
may come through the network injecting, like the SQL injection which is not detectable using
anti-virus or the anti-malware. To detect such type of attack, typical tools like Wire shark is
required which can detect the network activity (Dholakia, 2002).
If the computer is regularly threatened by the Malware or the Spywares, some changes in the
computer can be seen which can be checked after some days of operation as the Malware or the
Spywares takes their time to spread and when their objective will be fulfilled, they start attacking
and then that be late to detect because there will be no meaning of detection and the system files
may be captured by the Malware or the Spywares (Hong Zhao, 2019). The malware infects the
system files so the system gets down and the speed of operation is reduced. Spyware, if injected
into the system, steals the persona data and redirects to the hackers (Bryan Monk, 2018).
So, to protect the system, the network capture tool is essential through which the network
activity can be observed. The network capture tool like Wire Shark check the network activity h
instance of time for the incoming and outgoing packet and check the severity of the remote port
address and can detect if the remote host is trusted or not (S. Yadav, 2012). The trust of the port
depends upon the health of the network activity means if the port is told to be healthy it means it
does not contain any malfunctioned programs like Malware or the Spywares. The color scheme
of the Wire Shark helps to understand the port and packet severity. If it is observed that the post
is not healthy, then the proper action can be taken by properly blocking the ports (J. Narayan,
2015).
The demonstration steps of the operation of Wire Shark tools id briefed below:
1. After opening Wire Shark, it starts capturing the network activity. It can be seen that the
files are being transferred using different protocols as follows:

Fig-8: Wire shark Scanning page
2. It can be seen that different transaction has different color. The color actually shown for
the severity of the port transfer. To determine the severity of different protocol, the
Protocol Hierarchy will be selected.
Fig-9 Selecting Protocol Hierarchy
3. After the selection, the protocols can be selected individually and check the health of the
ports. Like here the in the Fig-8, the port checking is shown. Some of the ports are
marked in black which means those ports contains Malware. So, the action can be taken
against those ports for example the port with IP 192.168. 97.101 or 192.168. 97.42 etc.
can be blocked to obstruct the port to access the native device to be affected with the
malware injection.
So, in this technique, the malware can be detected perfectly using Wire Shark and the malware
can be detected and hence can be blocked.
Task-2b
In New Zealand, two acts are there of the cyber crime namely, Crime Act 1961 and Privacy Act
1993 which works as the backbone to prevent the cyber crime there. These two acts make any
kind of misuse of cyber use and to use the internet with wrong intention, will be punishable
under law. The section of the laws are described below (CrimesAct, 1961):

Section 249: It states that, if anyone use the computer and internet for any dishonest purpose,
the following actions will be taken against the person:
1. Imprisonment up to 7 years who directly or indirectly related to the dishonest work and
cause for the damage of the property of others.
2. Imprisonment up to 5 years who have been caught with an intention to damage others
property by cyber issue.
Section 250: It states that, if anyone use the computer with wrong intention and do unlawful
works, the following actions will be taken against the person:
1. Imprisonment up to 10 years if found to do unethical work and intentionally damages
other cyber property.
2. Imprisonment up to 7 years if anyone found to do such that the others computer fails to
work properly and does not provide any administrative privilege to work any more.
Section 251: It states that, if anyone found to do fraud selling of the computer software and
integral parts, they falls under the category of cyber crime and the following actions will be
taken:
1. If anyone takes any unpublished software from others and try sell to other without prior
intimation and permission, they will be got imprisonment up to 2 years.
2. Imprisonment up to 2 years if found to lean any information related to the unpublished
software.
Section 252: It states that, if anyone is found to use others computer in unauthorized manner and
without prior information, may be physically or logically, the person will got imprisonment for 2
years.
Task-3
Task-3a
Denial-of-Service or DoS IS the technique of attack by the hackers where the hackers send
unauthorized message and mails which has invalid return address. User go the message or mail
and revert on it, the network will try to find the destination address for which it fails and for that
time being, the server will be busy in that operation. As the hackers sends this type of message
continuously, so the server will be busy and it cause the flooding of the network and in the
meantime the hackers will steal the data from the computer. The effect of the DoS attack are as
follows:
1. It floods the network and server will be made busy unnecessarily.
2. Prevent the current operation of the user by interruption of service.

3. It prevent the individual to access the internet service ans so that the user cannot have
much aware of what happening.
4. It act as the administrative operation and reset the TCP setting and so the user has no
control over the network service.
Different types of DoS attacks are as follows:
Volumetric Attack: In this type of attack, the entire bandwidth of the network is captured and so
the internet connection get hanged.
Sync Flooding: In this attack, the hackers send multiple packets which make the system flooded
with the network packet and get the system down. Syns flooding is shown below (OpenCampus,
2017):
Fig-10: Sync Flooding
Fragmentation attack: In this type of attack, the hackers send multiple fragmented packet for
which the system fails to reassemble the actual situation as it cannot recognize those packets.
Application layer Attack: In this type of attack, the hackers program for which the application
error can be found in the user machine. If causes overflow the network as the memory allocation
size of the variable differs from its actual expectation. Application flooding is shown below
(OpenCampus, 2017).

Fig-11: Application Flooding
Task-3b
To design a system which is protective to the DoS attack, different components are required like
Server, Firewalls, network scanners etc. The following figure shows the network that can prevent
the DoS attack (Karnel, 2017).
Fig-12: DoS Protection

In this design, several components are used and they are discussed below:
Firewall: It helps the system to protect from any external attacks. This is basically a network
scanner which scan for the vulnerability of the network port and if found any issue that is coming
from any port, it immediately block that port (J. François, 2014).
Intrusion Detection: This is another toll that is used in network protection which collects the
information of the ports that are being used for file transaction and if found any port to be
malicious, it informs the firewall (J. Narayan, 2015).
Anti-Malware and Anti-Spyware: This is the third and important component of the software
network which is actually a program code outcome which detects and prevents any kind of
malware or spyware injection to the system (Romdhane, 2016).
SDN Controller: It is the controller for Software Defined Network which actually collect and
protect the system form any unknown file injection (Lan Liu, 2017).

Task-4
Task-4a
There are different tools are available to protect the network by preventing the suspicious items
coming from internet and network flow. The top five those are discussed below:
Wire Shark: This is the network observer and detects for any kind of faulty transaction of data.
The term faulty means that the data from that particular port is suspicious. If so, wire shark will
detect it by suspicious activity and thus it can be blocked. So, the network will be kept secured
by this action (ActiveTips, 2018).
Fig-12: Wire Shark
Solar Winds Log Manager: This tools helps to find critical activity find the ports by continuous
scanning. It has in-build network monitor ugh which it can monitor the traffic activity and has
also the traffic analyzer through which the detected traffic can be analyzed. So, it can identify the
suspicious activity of the network and file transaction (ActiveTips, 2018).

Fig-14: Solar Winds
Nessus Professional Tool: It is one of the most widely used network analyzer in industry as well
as personal purposes. It checks for the vulnerability, issues of configuration and detects the
malware. And so, it is able to prevent such activity to keep the system secure (ActiveTips, 2018).
Fig-15: Nessas

Snort: It is one of the best known and open source Intrusion detection tool through which the
unwanted traffic and packets can be identified and hence prevented (ActiveTips, 2018).
Fig-16: Snort
TCPDump: It is actually the Packet Sniffer. It checks the network activity and shown each event
on the screen. The network monitor thus can detect the malware and so it can be prevented
(ActiveTips, 2018).
Fig-17: TCPDump

Task-4b
There are another way to protect the data from the hackers by sing the cryptographic method.
There are generally two types of cryptography is available namely, Symmetric Key
Cryptography and Asymmetric Key Cryptography. In both cases, the cryptographic key is used
which enables the security system (Christin, 2012).
Symmetric Key Cryptography: In this cryptography method, the encryption and decryption key
are same. When the file is transferred over internet, the key is send along that and so at the
receiving end, the file will be decrypted (S. L. Toral, 2010). When the file is transferred, it will
be transferred by encryption with that key (Rid, 2016). In that case, the person who transfer the
file and the one who receives the file are aware of the key and so it is easy to deploy (ssl2buy,
2015).
Fig-17: Symmetric Key Cryptography
Asymmetric Key Cryptography: In this type of cryptography, there are separate key for
encryption and decryption. In this case, there are two keys, one in knows as the public key which
is transferred with the file or it may be stored at the end device through which the encrypted file
will be decrypted and another key is called private key which is not shared (T. Lu, 2012). In this
technique the end device may not know the decryption process until it gets both two keys
because the execution of encryption and decryption depends upon both two keys (Romdhane,
2016). The figure is shown below (ssl2buy, 2015):

Fig-18: Asymmetric Key Cryptography
Task-4c
In view to protect the computer network, the Asymmetric key Cryptography will work better.
The reason behind that is the security. When the Asymmetric key Cryptography works, the
private key is always hidden and will not be displayed. So, if the hacker will achieve the public
key, they will still unable to decrypt the encrypted file and they has no private key and so the
system gets the security.
Asymmetric key encryption process applies a logical pair of keys for decryption an encryption.
One of it is the public key and another one is private key. Encryption uses one of that key ans
other keys will be used as the decryption. So, these two are logically related and the decryption
process will not be done without missing of any of the keys.
So, this kind of algorithmic approach will help to secure the encryption and decryption process
better.

Task-5
Task-5a
The ten tools of the network vulnerability assessments are:
 Wireshark
 Intruder
 Microsoft Baseline Security Analyzer
 Nikto
 Probely
 Tripwire IP360
 Nessus Professional
 OpenVAS
 Retina CS Community
 Secunia Personal Software Inspector
The selected tolls for the analysis should be:
Wire Shark: It is open source and easy to use and hence the security analysis is done better using
this tools by automatic scanning and hence it supports a wide range of capture file.
Nessus Professional: It is one of the good and demanding tools I the industry and for personal
use through which the network issues can be checked thoroughly.
Intruder: Using this tool, the network issues can be checked properly and hence the trace log
will store all the issues related to the intrusion. So, it makes the detection easier.
Task-5b
The system under test is with the IP address 192.168.92.34 and it is under attack by the DoS
using a remote tool with name X4U Doser which is actually a hacking tool as follows:

Fig-19: X4U Doser
Now this attack in the host device is being analyzed using the Wire shark tool. The analysis is
shown below:
Fig-20: Analysis using Wire Shark
Wire Shark is displaying the red result to those TCP protocol from where the suspicious activity
is generated. The list of such IPs are shown below:
Start
frame
IP address of
host
IP address of
destination
Host
Port
Destination
Port
93 192.168.97.42 192.168.97.101 33086 22
11365 192.168.97.42 192.168.97.4 17007 57734
11460 192.168.97.101 192.168.97.4 17007 57734
11922 192.168.97.41 192.168.97.4 17007 57734
12427 192.168.97.41 192.168.97.4 16959 57734
12510 192.168.97.250 192.168.97.4 16959 57734

As soon as the vulnerability is checked, the tool will block the port an no packet will ne in the
transaction in that case.
Task-5c
As the analysis is shown for the vulnerability check for the ports, the recommendation is given
below to make the ports secured and thus the external attack will not be entertained (Guitton,
2013).
Use of Firewall: Updated firewall should be used for the protection of the website to deny the
unauthorized packet.
Updating Anti-Virus Service: Updated anti-virus service should be used to reject any kind of
unknown file to be injected.
Secure Mail Service: Securing the mail service by caution so not to open the mail coming from
unauthorized address.
Use of cloud service: To get more security, cloud service is the good option where the protection
is high.
Use of DDoS attack detectors: By using this service, the DDoS attack can be identify which
helps the system will be working as earlier and not get affected.

Bibliography
ActiveTips.(2018). ActiveTips.RetrievedfromActiveTips: https://www.addictivetips.com/net-
admin/best-network-security-tools/
Bouchard,B. G. (2016). Likingandhyperlinking:Communitydetectioninonlinechildsexual exploitation
networks. SocialScience Research .
Bryan Monk,J. M. (2018). UncoveringTor: An Examinationof the NetworkStructure. Security and
Communication Networks .
Christin,N.(2012). Travelingthe SilkRoad:A Measurementof a Large AnonymousOnlineMarketplace.
DefenseTechnical Information Center .
CrimesAct.(1961).CrimesAct 1961. New Zealand Legislation .
Dholakia,R.P. (2002). Intentional social actioninvirtual communities. Journalof InteractiveMarketing .
G. Moura, R. S. (2014). Bad neighborhoodsonthe internet. IEEECommunicationsMagazine .
Guitton,C.(2013). A reviewof the availablecontentonTorhiddenservices:The case againstfurther
development. Computersin Human Behavior .
Hong Zhao,Z. C. (2019). MaliciousDomainNamesDetectionAlgorithmBasedonN-Gram. Journalof
ComputerNetworksand Communications .
J. François,L. D. (2014). Networksecuritythroughsoftware definednetworking:asurvey. Proceedingsof
the Conferenceon Principles,Systemsand Applicationsof IPTelecommunications .
J. Narayan,S.K. (2015). A surveyof automaticprotocol reverse engineeringtools. ACMComputing
Surveys.
Karnel.(2017). DoSPotection.RetrievedfromDoSPotection:https://thekernel.com/dos-protection/
Lan Liu,R. K. (2017). Malware PropagationandPreventionModel forTime-VaryingCommunity
NetworkswithinSoftware DefinedNetworks. Security and Communication Networks .
Lu, S. (2018). What is the dark webandwho usesit?The Globe and Mail. Security and Communication
Networks .
Mansfield-Devine,S.(2009).Darknets. omputerFraud & Security .
OpenCampus.(2017). greycampus.Retrievedfromgreycampus:
https://www.greycampus.com/opencampus/ethical-hacking/denial-of-service-attacks-and-its-types
Rid,D. M. (2016). Cryptopolitikandthe darknet,. Survival.

Romdhane,A.H. (2016). Minimal contrastfrequentpatternminingformalware detection. Computers&
Security .
S. L. Toral,M. R.-T.(2010). Analysisof virtual communitiessupportingOSSprojectsusingsocial network
analysis. Information and SoftwareTechnology .
S. Yadav,A. K.(2012). Detectingalgorithmicallygenerateddomain-flux attackswithDNStrafficanalysis.
IEEE/ACMTransactionson Networking .
ssl2buy.(2015). ssl2buy.Retrievedfromssl2buy:SSL2BUY.com
T. Lu, K. Z. (2012). A dangertheory basedmobile virusdetectionmodel anditsapplicationininhibiting
virus. Journalof Networks .

So692 cyber security-document

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to So692 cyber security-document

Similar to So692 cyber security-document (20)

More from Subhadeep Chakraborty

More from Subhadeep Chakraborty (16)

Recently uploaded

Recently uploaded (20)

So692 cyber security-document