This document discusses various topics related to cybercrime and cybersecurity. It begins by defining different types of cybercriminals like hackers, crackers, and phreakers. It then explains common cybercrimes like brute force hacking, cracking, phreaking etc. and how criminals plan attacks. It discusses reconnaissance, scanning, different attack types. It also covers social engineering, cyberstalking, botnets, cybercafe risks and securing systems. Finally, it discusses attack vectors, risks of cloud computing and how to mitigate risks.
This seminar discuss about the TOR BROWSER NETWORK TECHNOLOGY. The discussion includes, How it works, its weakness, its advantage, hidden services, about anonymity etc.
In this slide I present you an awareness about cyber security and crimes for students. Targeted audience are students aged 14-17 years of age. I also present common mistakes we all do in our lives that lead to cyber insecurities
Introduction to Cyber Crime is very necessary and useful for Forensic Science students serving in the cybercrime field and also useful for the general public. Types and Examples of Cyber Crime, How to prevent and report cybercrime, investigating cybercrime.
This seminar discuss about the TOR BROWSER NETWORK TECHNOLOGY. The discussion includes, How it works, its weakness, its advantage, hidden services, about anonymity etc.
In this slide I present you an awareness about cyber security and crimes for students. Targeted audience are students aged 14-17 years of age. I also present common mistakes we all do in our lives that lead to cyber insecurities
Introduction to Cyber Crime is very necessary and useful for Forensic Science students serving in the cybercrime field and also useful for the general public. Types and Examples of Cyber Crime, How to prevent and report cybercrime, investigating cybercrime.
In this presentation, I am trying to explain why and how email security should be implemented.
> Intro to Email
> Basic steps in emailing
> Intro to Email Security
> Common email threats
> How emailsecurity works
> Security requirements (CIA)
> Secure transmission of email: PGP
> PGP: Operation description (All 5 services)
> Secure transmission of email: S/MIME (With its functions)
This presentation was presented by me in the final year of my M.Sc. in Computer science.
Hope you like this presentation. Thank you!
Ethical hacking also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s
viewpoint so systems can be better secured. It’s part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate.
While computer systems today have some of the best security systems ever, they are more vulnerable than ever before.
This vulnerability stems from the world-wide access to computer systems via the Internet.
Computer and network security comes in many forms, including encryption algorithms, access to facilities, digital signatures, and using fingerprints and face scans as passwords.
Most investigators turn to Google and common social media platforms such as Facebook and Twitter to conduct research for their investigations. However, much of the Internet is inaccessible through simple searches, and criminals are increasingly turning to the dark web to conduct illicit business.
The dark web is anonymous and requires a special browser to access and some knowledge of how to navigate it safely. However, used properly, it can be a valuable source of information for investigators. It’s worthwhile for every investigator to develop the skills and knowledge to mine this treasure trove of dark data.
Join Chad Los Schumacher, investigator and researcher at iThreat Cyber Group, as he leads participants on an exploration of investigations in the dark web.
Webinar attendees will learn:
What the dark web is and how it fits into the rest of the worldwide web
What can be found on the dark web
How to get to the dark web using Tor and other browsers
How to locate common hubs and resources on the dark web and explore what they have to offer
How to bring leads from the dark web to the surface in an investigation
This PPT help you to present the topic Hacking at collage level and professional level. If you need more please share an email rashed_ec2012@rediffmail.com
This presentation will show you the basics of cryptography.
Main topics like basic terminology,goals of cryptography,threats,types of cryptography,algorithms of cryptography,etc. are covered in this presentation.If you like this presentation please do hit the like.
In this presentation, I am trying to explain why and how email security should be implemented.
> Intro to Email
> Basic steps in emailing
> Intro to Email Security
> Common email threats
> How emailsecurity works
> Security requirements (CIA)
> Secure transmission of email: PGP
> PGP: Operation description (All 5 services)
> Secure transmission of email: S/MIME (With its functions)
This presentation was presented by me in the final year of my M.Sc. in Computer science.
Hope you like this presentation. Thank you!
Ethical hacking also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s
viewpoint so systems can be better secured. It’s part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate.
While computer systems today have some of the best security systems ever, they are more vulnerable than ever before.
This vulnerability stems from the world-wide access to computer systems via the Internet.
Computer and network security comes in many forms, including encryption algorithms, access to facilities, digital signatures, and using fingerprints and face scans as passwords.
Most investigators turn to Google and common social media platforms such as Facebook and Twitter to conduct research for their investigations. However, much of the Internet is inaccessible through simple searches, and criminals are increasingly turning to the dark web to conduct illicit business.
The dark web is anonymous and requires a special browser to access and some knowledge of how to navigate it safely. However, used properly, it can be a valuable source of information for investigators. It’s worthwhile for every investigator to develop the skills and knowledge to mine this treasure trove of dark data.
Join Chad Los Schumacher, investigator and researcher at iThreat Cyber Group, as he leads participants on an exploration of investigations in the dark web.
Webinar attendees will learn:
What the dark web is and how it fits into the rest of the worldwide web
What can be found on the dark web
How to get to the dark web using Tor and other browsers
How to locate common hubs and resources on the dark web and explore what they have to offer
How to bring leads from the dark web to the surface in an investigation
This PPT help you to present the topic Hacking at collage level and professional level. If you need more please share an email rashed_ec2012@rediffmail.com
This presentation will show you the basics of cryptography.
Main topics like basic terminology,goals of cryptography,threats,types of cryptography,algorithms of cryptography,etc. are covered in this presentation.If you like this presentation please do hit the like.
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdflalitaggarwal627
Lab 3: Explore Social Engineering Techniques
Introduction
Cybersecurity is critical because it involves protecting unauthorized access to sensitive data,
personally identifiable information (PII), protected health information (PHI), personal
information, intellectual property (IP), and sensitive systems. Social engineering is a broad range
of malicious activities accomplished by psychologically manipulating people into performing
actions or divulging confidential information. In this lab, you will explore social engineering
techniques, sometimes called human hacking, which is a broad category for different types of
attacks.
Required Resources
PC or mobile device with internet access
Background / Scenario
Recent research reveals the most common types of cyberattacks are becoming more
sophisticated, and the attack targets are growing. The purpose of an attack is to steal information,
disable systems or critical services, disrupt systems, activities, and operations. Some attacks are
designed to destroy information or information systems, maliciously control a computing
environment or its infrastructure, or destroy the integrity of data and/or information systems. One
of the most effective ways an attacker can gain access to an organizations network is through
simple deception. In the cybersecurity world this is called social engineering.
Instructions
Step 1: Explore Baiting, Shoulder Surfing, and Pretexting.
The National Support Center for Systems Security and Information Assurance (CSSIA) hosts a
Social Engineering Interactive activity. The current link to the site is
https://www.cssia.org/social_engineering/ . However, if the link changes, try searching for
"CSSIA Social Engineering Interactive".
Click Next in the interactive activity, and then use the content to answer the following questions.
Questions:
What is baiting? What happened to the victims system after you clicked on the USB drive? (/1)
What is Shoulder Surfing? What device was used to perform the shoulder surfing? What
information was gained? (/2)
What is Pretexting? What type of information did the cybercriminal request? Would you fall
victim? (/2)
Step 2: Explore Phishing/Spear Phishing and Whaling
Phishing is designed to get victims to click on links to malicious websites, open attachments that
contain malware, or reveal sensitive information. Use the interactive activity to explore different
phishing techniques.
In this phishing example, what is the ploy the attacker uses to trick the victim to visit the trap
website? What is the trap website used to do? (/2)
What is the difference between phishing and spear phishing or whaling? (/1)
Step 3: Explore Scareware and Ransomware
Scareware is when victims are deceived into thinking that their system is infected with malware
and receive false alarms prompting them to install software that is not needed or is itself
malware. Ransomware is a type of malware that threatens to publish the victim's data or encrypts
the victims data prevent.
Short Presentation On Cyber Crime And Security which includes Cyber crime introduction and types , Hacking and its types, different Threats , and in last Prevention for Hacks and Threats.
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ransomware Attacks Perspective (pp. 79-82)
Sulaiman Al Amro, Computer Science Department, Computer College, Qassim University, Qassim, Saudi Arabia.
Vol. 18 No. 6 JUNE 2020 International Journal of Computer Science and Information Security
https://sites.google.com/site/ijcsis/vol-18-no-6-jun-2020
System Security:
1. Security problem & User Authentication
2. Program, network And system Threats
3. Handling the Security problem
CONTACT ME AT: reddhisb@gmail.com
Selected advanced themes in ethical hacking and penetration testingCSITiaesprime
Since 1980 cyberattacks have been evolving with the rising numbers of internet users and the constant evolving of security systems, and since then security systems experts have been trying to fight these kinds of attacks. This paper has both ethical and scientific goals, ethically, to raise awareness on cyberattacks and provide people with the knowledge that allows them to use the world wide web with fewer worries knowing how to protect their information and their devices with what they can. Scientifically, this paper includes a deep understanding of types of hackers, attacks, and various ways to stay safe online. This research investigates how ethical hackers adapt to the current and upcoming cyber threats. The different approaches for some famous hacking types along with their results are shown. Python and Ruby are used for coding, which we run on Kali Linux operating system.
What are cybercrimes? How cybercrime works?FarjanaMitu3
Today is the time of the internet, computers, and digital technology.
And, in this age of the Internet, we spend much of our lives online. However, there are many reasons why the internet is so fun and popular.
Getting the latest news through various websites, talking to our loved ones from anywhere, chatting and communicating via video call, shopping online through the internet, getting accurate information on any subject, watching videos for entertainment, playing online games, and online bills. Today it has become possible to do almost all kinds of work like payment easily through the internet.
Honestly, I think the internet is a contribution to us
Simply, if there is no complete internet for one day, it can have a lot of impact on public life.
At any given time, billions of people are active on the Internet and use various websites or applications to access the Internet on their mobile phones or computers.
In this case, there are many people who use computers and the internet to steal their personal information, cheat, and extort money from these "online traffic" or "online internet users" through various illegal means. More other crimes.
Thus, the crimes of cheating, privacy, and data theft or misuse of data online through a mobile, computer, and internet are called cyber crime or cybercrime. And, those who commit this kind of cybercrime are called cybercriminals. There are different types of cybercrime on the internet. This means that cybercriminals can deceive you through various illegal means online. You may be the next victim if you are not careful when using the Internet.
What are cybercrimes?
Object- objects have states and behaviors. Example: A dog has states-color, name, breed , as well as behaviors – barking, eating. An object is an instance of a class.
Class- A class can be defined as a template/blue print that describe the behavior/states that object of its type support.
Java is platform,Java is a language,Simple
Object-Oriented
Platform Independent
Secured
Robust
Architecture Neutral
Portable
High Performance
Distributed
Multi-threaded
Java is a simple in the sense of :-
Syntax based on C++(So easier for programmers to learn it after C++)
Removed many confusing and/or rarely-used features e.g. explicit pointers, operator overloading etc.
No need to remove unreferenced object because there is Automatic Garbage Collection in JAVA.
What is the computer network?
Bunch of computers connected to each other
Now computers do not mean just pc’s.
Now a bunch of computers include printers, cell phones, laptops, etc
Now next question is what do you mean by share data or share information?TYPES OF NETWORKS.Parts of Networks.
Overview of a .net framework: versioning and deployment, Memory management, Cross-
Language integration, Metadata, IL diassembler, The IDE components like IDE menu,
Toolbox, Solution explorer, Property window, Output window, Task list window.
Namespace and the imports keyword, the AssemblyInfo.vb file
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Home assignment II on Spectroscopy 2024 Answers.pdf
Unit 2
1. BCA602 – CYBERCRIME AND
CYBERSECURITY
Presented By:- Jigar Jobanputra
SRK INSTITUTE OF MANAGEMENT
AND COMPUTER EDUCATION
2. How Criminal Plan offenses
Cybercriminal use the internet for illegal activities
to store data, contacts, account information, etc.
People who commit cybercrimes are known as
“Crackers”.
3. Hackers, Crackers and Phreakers
A hacker is a person with strong interest in
computers who enjoys learning and experimenting
with them. Hackers are usually very talented,
smart people who understand computers better
than others.
4. Brute force hacking
It is a technique used to find passwords or
encryption keys. Brute force hacking involves
trying every possible combination of letters,
numbers, etc until the code is broken.
5. Cracker
A cracker is a person who breaks into computers.
Crackers should not be confused with hackers. The
term cracker is usually connected to computer
criminals.
6. Cracking
It is the act of breaking into computers. Cracking is
popular, growing subject on the internet. Many
sites are devoted to supplying crackers with
programs that allow them to crack computers.
7. Phreaking
This is the notorious art of breaking into
communication system. Phreaking sites are
popular among crackers and other criminals.
8. How Criminals plan the attacks
Criminals use many methods and tools to
locate weakness(vulnerability) of their target.
Criminals plan passive and active attacks.
Active attacks are usually used to alter the
system whereas passive attacks attempt to gain
information about the target.
In addition to the active and passive categories,
attacks can be categorized as either inside or
outside.
9. Inside Attack
An attack originating and/or attempted within the
security perimeter of an organization is an inside
attack.
It is usually attempted by an “insider” who gains
access to more resources than expected.
10. Outside Attack
An outside attack is attempted by a source outside
the security perimeter.
It may be attempted by an insider and/or an
outsider.
It is attempted through the Internet or a remote
access connection.
11. Phases involved in planning cybercrime
1. Reconnaissance (information gathering) is the
first phase and is treated as passive attacks.
2. Scanning the gathered information for the
validity of the information as well as to identify
the existing weakness.
3. Launching an attack.
12. Phase 1
The meaning of Reconnaissance is an act of
reconnoitering – explore, often with the goal of
finding something or somebody.
Reconnaissance phase begins with “Footprinting”.
Footprinting is the preparation toward preattack
phase.
13. Continue…
Footprinting gives an overview about system
weakness and provides a judgment about “How to
break this?”.
The objective of this phase is to understand the
system, its networking ports and services, and any
other aspects of its security.
14. Passive Attack :
In computer security, attempt to steal information stored in
a system by electronic wiretapping or similar means.
Although, in contrast to active attack, passive attack does
not attempt to interfere with the stored data, it may still
constitute a criminal offense.
15. A passive attack involves gathering information about a
target without his/her knowledge. Information can be
gathered from :
It is usually done using Internet searches or by Googling. They
use Google Earth to locate information about employees.
Surfing online community groups like orkut/facebook will prove
useful to gain the information about an individual.
16. Continue…
Organization’s website may provide a personnel directory or
information about key employees.
Bolgs, newgroups, press releases, etc. are generally used as the
mediums to gain information about the company or employee.
Going through the job postings in particular job profiles for
technical persons.
Network sniffing is another means of passive attack to yield
useful information such as IP, hidden servers or networks.
17. Tools used for Passive Attack
Google Earth
WHOIS
Nslookup (name server lookup)
Dnsstuff
eMailTrackerPro
Website Watcher
18. Active Attack
In computer security, persistent attempt
to introduce invalid data into a system,
and/or to damage or destroy data already
stored in it. In many countries, it is a
criminal offense to attempt any such
action.
19. Port Scanning
A port is place where information goes into and
out of a computer.
Ports are entry/exit points that any computer
has, to be able to communicate with external
machines.
Each computer is enabled with three or more
external ports.
Port scanning is an act of systematically
scanning a computer’s ports.
20. Phase – 2 : Scanning and Scrutinizing
gathered information
Scanning is a key step to examine intelligently
while gathering information about the target.
The objectives of scanning are as follows :
Port Scanning :
Identify open/close ports and services.
Network scanning :
Understand IP addresses and related information about
the computer network system.
Vulnerability scanning :
Understand the existing weaknesses in the system.
21. The scrutinizing (inspecting) phase is called
“enumeration” (listing) in the hacking world.
The objective behind this step is to identify :
The valid user accounts or groups;
Network resources and/or shared resources;
OS and different applications that are running on the
OS.
Note : Usually most of the attackers consume
90% of the time in scanning, scrutinizing and
gathering information on a target and 10% of
the time in launching the attack.
22. Phase 3 : Attack
The attack is launched using the following steps :
Crack the password;
Exploit the privileges;
Execute the malicious command/applications;
Hide the files (if required);
Cover the tracks – delete the access logs, so that there is no
trail illicit activity.
23. Social Engineering
Social engineering is the “technique to
influence” people to obtain the information.
It is generally observed that people are the
weak link in security and this principle makes
social engineering possible.
Social engineering involves gaining sensitive
information or unauthorized access privileges
by building inappropriate trust relationships
with insiders.
24. Classification of Social Engineering
Human Based Social Engineering
Computer Based Social Engineering
25. Human Based Social Engineering
Human based social engineering refers to
person-to-person interaction to get
information.
Impersonating an employee or valid user
Posing as an important user
Using a third person
Calling technical support
Shoulder surfing
Dumpster diving
26. Computer Based Social Engineering
Computer based social engineering refers to an
attempt made to get the required information
by using computer software/internet.
Fake E-mail
E-mail attachments
Pop-up windows
27. Cyberstalking
Stalking is an “act or process of following victim
silently – trying to approach somebody or
something”
Cyberstalking has been defined as the use of
information and communications technology of
individuals to harass another individual.
28. Types of Stalkers
There are primarily two types of stalkers.
Online stalkers
Offline stalkers
Online stalkers :
They aim to start the interaction with the victim directly with
the help of the internet (email/Chat Room).
The stalker makes sure that the victim recognizes the attack
attempted on him/her.
The stalker can make use of a third party to harass the victim.
29. Offline stalkers :
The stalker may begin the attack using traditional methods
such as following victim, watching the daily routine of the
victim, etc.
For ex. Use of community sites, newsgroups, social websites,
personal websites.
The victim is not aware that the Internet has been used to
achieve an attack against them.
30. Cases reported on Cyberstalking
The majority of cyberstalking are men and the
majority of their victims are women.
In many cases, the cyberstalker is ex-lover, ex-
spouse, boss/subordinate, and neighbor.
There also have been cases about strangers who are
cyberstalkers.
31. How Stalking works?
Personal information gathering about the victim;
Establish a contact with victim through
telephone/cell phone. Once the contact is
established, the stalker may make calls to the
victim to harass.
Stalkers always establish a contact with victim
through e-mail.
32. The stalker may post the victim’s personal
information as sex workers’ service or dating
service. The stalker will use bad/attractive
language to invite the interested persons.
Whosoever comes across the information,
starts calling victim and asking for sexual
services or relationship.
Some stalkers subscribe the e-mail account of
the victim to innumerable pornographic and
sex sites.
33. Real Life Example
The indian police have registered first case of
cyberstalking in Delhi.
Mrs. Joshi received almost 40 calls in 3 days
mostly at odd hours.
Mrs. Joshi decided to register a complaint with
Delhi police.
A person was using her ID to chat over the
Internet at the website www.mirc.com.
34. Cybercafe and Cybercrimes
In February 2009 survey, 90% of the audience
across eight cities and 3500 cafes were male
and in the age group of 15-35 years;
52% were graduates and postgraduates
Almost 50% were students.
In India, cybercafes are known to be used for
either real or false terrorist communication.
35. Cybercafe hold two types of risks :
1. We do not know what programs are installed on the
computer like keyloggers or spyware.
2. Over the shoulder peeping can enable others to find
out your passwords.
Cybercriminals prefer cybercafes to carry out
their activities.
A recent survey conducted in one of the
metropolitan cities in India reveals the
following facts :
36. 1. Pirated softwares are installed in all the
computers.
2. Antivirus was not updated with latest patch.
3. Several cybercafes has installed “Deep Freeze”
to protect computer which helps
cybercriminals.
4. Annual Maintenance Contract (AMC) was not
found for servicing of the computer.
5. Pornographical websites were not blocked.
37. 6. Cybercafe owner have very less awareness
about IT security.
7. Cybercafe association or State Police do not
seem to conduct periodic visits to cybercafe.
38. Security tips for cybercafe
Always Logout
While checking email or logging in for chatting, always click
logout/sign out.
Stay with the computer
While surfing, don’t leave the system unatteneded for any
period of time.
Clear history and temporary files
Before browsing deselect AutoComplete option. Browser -
> Tools -> Internet options -> Content tab.
Tools -> Internet Option -> General Tab -> Temporary
Internet Files -> Delete files and then Delete Cookies.
39. Be alert
One have to be alert for snooping over the shoulder.
Avoid online financial transactions
One should avoid online banking, shopping, etc.
Don’t provide sensitive information such as credit card
number or bank account details.
Change Passwords / Virtual Keyboard
Change password after completion of transaction.
Almost every bank websites provide virtual keyboard.
Security Warnings
Follow security warning while accessing any bank websites.
40. The meaning of botnet is “an automated
program for doing some particular task,
over a network”.
Botnet term is used for collection of software that
run autonomously and automatically.
Botnets are exploited for various purposes,
including denial-of-service attacks, creation or
misuse of SMTP mail relays for spam, click fraud,
and financial information such as credit card
numbers.
Botnet
41. In short, a botnet is a network of computers
infected with a malicious program that allows
cybercriminals to control the infected machines
remotely without the users’ knowledge.
A Botnet is also called a zombie network.
42.
43. A botnet operator sends out viruses or worms,
infecting ordinary users' computers, whose payload
is a malicious application—the bot.
The bot on the infected PC logs into a particular
C&C server (often an IRC server, but, in some cases
a web server).
How a botnet is created and used
44. A spammer purchases the services of the botnet
from the operator.
The spammer provides the spam messages to the
operator, who instructs the compromised machines
via the IRC server, causing them to send out spam
messages.
45. Use of Botnet
If someone wants to start a business and has no
programming skills, there are plenty of “Bot for
Sale” offers on forums.
Encryption of these program’s code can also be
ordered to protect them from detection by
antivirus.
46. Botnet
creation
Botnet
renting
Ddos attacks Spam attacks
Malware and
Adware
installation
Botnet selling
Stealing
confidential
information
Selling credit
card and
bank account
details
Selling
personal
identity
information
Selling
internet
services and
shops
account
Phishing
attacks
Spamdexing
47. Points to secure the system :
Use antivirus and anti-Spyware software and
keep it up-to-date.
Set the OS to download and install security
patches automatically.
Use a firewall to protect the system from
hacking attacks while it is connected on the
internet.
Disconnected from the internet when you are
away from your computer.
48. Downloading the freeware only from websites that
are known and trustworthy.
Check regularly the folders in the mail box for
those messages you did not send.
Take an immediate action if your system is
infected.
49. Attack Vector
An attack vector is a path by which an attacker can
gain access to a computer or to a network server to
deliver a payload.
Attack vectors enable attackers to exploit system
vulnerability.
Attack vectors include viruses, e-mail attachments,
webpages, pop-up windows, instant messages, and
chat rooms.
50. The most common malicious payloads are
viruses, trojan horses, worms and spyware.
Payload means the malicious activity that the
attack performs.
How attack launched ?
Attack by e-mail
Attachment
Attack by deception
Hackers
Heedless guests
Attack of worms
Malicious macros
Virues
51. Cybercrime and Cloud Computing
Prime area of the risk in cloud computing is
protection of user data.
Risk associated with cloud computing environment
are :
52. Risk How to Remediate the Risk?
Any data processed outside the
organization brings with it an
inherent level of risk.
Customer should obtain as
much information as he/she can
about the service provider.
Cloud computing service
providers are not able and/or
not willing to undergo external
assessments.
The organization is entirely
responsible for the security and
integrity of their own data, even
when it is held by a service
provider.
The organizations that are
obtaining cloud computing
services may not be aware
about where the data is hosted
and may not even know in
which country it is hosted.
Organization should ensure that
the service provider is
committed to obey local privacy
requirements on behalf of the
organization to store and
process the data in the specific
jurisdictions.
53. As the data will be stored
under stored environment,
encryption mechanism
should be strong enough to
segregate (separate) the
data from another
organization, whose data
are also stored under the
same server.
Organization should be
aware of the arrangements
made by the service
provider about segregation
of the data. The service
provider should display
encryption schemes.
Business continuity in case
of any disaster.
Service provider have to
provide complete
restoration of data within
minimum timeframe.
54. Due to complex IT
environment and several
customer logging in and
logging out of the hosts, it
becomes difficult to trace
inappropriate and illegal
activity.
Organization should
enforce the provider to
provide security violation
logs at frequent intervals.
In case of any major
change in the cloud
computing service provider,
the service provided is at
the stake.
Organization should ensure
getting their data in case of
such major event.
55. Questions
Explain difference between passive and active attack.
What is social engineering? Explain each type of social
engineering in detail.
What is cyberstalking?
What is botnet? How it works?
• OR
How do viruses get disseminated? Explain with diagram.
56. What is Attack Vector? How different attacks
launched with attack vector.
What is cloud computing? List and explain type of
services of cloud computing?
What is cloud computing? Explain types of cloud
and also list the advantages of cloud computing.
Explain cloud computing and cybercrime.