CYBER & INFORMATION SECURITY
Module- I
CYBER & INFORMATION SECURITY
1.1 Cyber Security
Cyber security standards are security standards which enable organizations to practice safe
security techniques to minimize the number of successful cyber security attacks. These guides
provide general outlines as well as specific techniques for implementing cyber security. For
certain specific standards, cyber security certification by an accredited body can be obtained.
There are many advantages to obtaining certification including the ability to get cybersecurity
insurance. (Spelling of Cyber Security or Cybersecurity depends on the institution, and there
have been discrepancies on older documents. However, since the US Federal Executive
Order (EO) 13636, “Improving Critical Infrastructure Cyber security,” most forums and media
have embraced spelling "cyber security" as a single word.)
1.2 Information Security
Information
security,
sometimes
shortened
to InfoSec,
is
the
practice
of
defending information from unauthorized access, use, disclosure, disruption, modification,
perusal, inspection, recording or destruction. It is a general term that can be used regardless of
the form the data may take (electronic, physical, etc...)
1.3 Security Threats (Triads)
The security threats or attacks on the security of a computer system are best characterized by
viewing the function of the computer system as providing information.
1.
Interruption: An asset is destroyed or becomes unavailable or unusable. This is an
attack on availability. Examples include destruction of a piece of hardware, such as a hard disk,
the cutting of a communication line, or the disabling of the file management system.
1|Page
Himanshu Gupta, Faculty Member - AIIT
CYBER & INFORMATION SECURITY
2.
Interception: An unauthorized party gains access to an asset. This is an attack on
confidentiality. The unauthorized party could be a person, a program, or a computer. Examples
include wiretapping to capture data in a network and the illicit copying of files or programs.
3.
Modification: An unauthorized party not only gains access to but tampers with an asset.
This is an attack on integrity, confidentiality, and authenticity. Examples include changing
values in a data file, altering program so that it performs differently, and modifying the content
of messages being transmitted in a network.
4.
Fabrication: An unauthorized party inserts counterfeit objects into the system. This is an
attack on integrity and authenticity. Examples include the insertion of spurious messages in a
network or the additions of records to a file.
1.4 Security Services / Information Security Services
There
are threats that
can attack the
resources
(information
or
devices
to
manage
it) exploiting one or more vulnerabilities. The resources can be protected by one or
more countermeasures or security controls. So, security services implement part of the
countermeasures, trying to achieve the security requirements of an organization
2|Page
Himanshu Gupta, Faculty Member - AIIT
CYBER & INFORMATION SECURITY
Confidentiality
Confidentiality refers to preventing the disclosure of information to unauthorized individuals or
systems. For example, a card transaction on the Internet requires the credit card number to be
transmitted from the buyer to the merchant and from the merchant to a transaction network. The
system attempts to enforce confidentiality by encrypting the card number during transmission, by
limiting the places where it might appear (in databases, log files, backups, printed receipts, and
so on), and by restricting access to the places where it is stored. If an unauthorized party obtains
the card number in any way, a breach of confidentiality has occurred.
Data Integrity
In information security, data integrity means maintaining and assuring the accuracy and
consistency of data over its entire life-cycle. This means that data cannot be modified in an
unauthorized or undetected manner. Integrity is violated when a message is actively modified in
transit. Information security systems typically provide message integrity in addition to data
confidentiality.
Availability
For any information system to serve its purpose, the information must be available when it is
needed. This means that the computing systems used to store and process the information,
the security controls used to protect it, and the communication channels used to access it must be
functioning correctly. High availability systems aim to remain available at all times, preventing
service disruptions due to power outages, hardware failures, and system upgrades. Ensuring
availability also involves preventing denial-of-service attacks.
Authenticity
In computing, e-Business, and information security, it is necessary to ensure that the data,
transactions, communications or documents (electronic or physical) are genuine. It is also
important for authenticity to validate that both parties involved are who they claim to be. Some
information security systems incorporate authentication features such as "digital signatures",
which give evidence that the message data is genuine and was sent by someone possessing the
proper signing key.
3|Page
Himanshu Gupta, Faculty Member - AIIT
CYBER & INFORMATION SECURITY
Non-repudiation
In law, non-repudiation implies one's intention to fulfill their obligations to a contract. It also
implies that one party of a transaction cannot deny having received a transaction nor can the
other party deny having sent a transaction.
It is important to note that while technology such as cryptographic systems can assist in nonrepudiation efforts, the concept is at its core a legal concept transcending the realm of
technology. It is not, for instance, sufficient to show that the message matches a digital signature
signed with the sender's private key, and thus only the sender could have sent the message and
nobody else could have altered it in transit. The alleged sender could in return demonstrate that
the digital signature algorithm is vulnerable or flawed, or allege or prove that his signing key has
been compromised. The fault for these violations may or may not lie with the sender himself, and
such assertions may or may not relieve the sender of liability, but the assertion would invalidate
the claim that the signature necessarily proves authenticity and integrity and thus prevents
repudiation.
Access control
This service provides protection against unauthorized use of resources accessible via OSI. These
may be OSI or non-OSI resources accessed via OSI protocols. This protection service may be
applied to various types of access to a resource (e.g., the use of a communications resource; the
reading, the writing, or the deletion of an information resource; the execution of a processing
resource) or to all accesses to a resource.
1.5 Adware
Adware is the common name used to describe software that is given to the user with
advertisements embedded in the application. Adware is considered a legitimate alternative
offered to consumers who do not wish to pay for software. There are many ad-supported
programs, games or utilities that are distributed as adware (or freeware). Today we have a
growing number of software developers who offer their goods as "sponsored" freeware (adware)
until you pay to register. If you're using legitimate adware, when you stop running the software,
4|Page
Himanshu Gupta, Faculty Member - AIIT
CYBER & INFORMATION SECURITY
the ads should disappear, and you always have the option of disabling the ads by purchasing a
registration key.
Adware can be described as a form of spyware that collects information about the user in order
to display advertisements in the Web browser. Unfortunately, some applications that contain
adware track your Internet surfing habits in order to serve ads related to you. When the adware
becomes intrusive like this, then we move it into the spyware category and it then becomes
something you should avoid for privacy and security reasons.
ADWARE
1.6 Back Door
A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing
normal authentication, securing illegal remote access to a computer, obtaining access
to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form
of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit.
Backdoor
5|Page
Himanshu Gupta, Faculty Member - AIIT
CYBER & INFORMATION SECURITY
This is also called a trapdoor. An undocumented way of gaining access to a program, online
service or an entire computer system. The backdoor is written by the programmer who creates
the code for the program. It is often only known by the programmer. A backdoor is a potential
security risk.
1.7 Hacker
A Hacker or a cracker or cracking is to "gain unauthorized access to a computer in order to
commit another crime such as destroying information contained in that system". These
subgroups may also be defined by the legal status of their activities.
White Hat
A white hat hacker breaks security for non-malicious reasons, perhaps to test their own security
system or while working for a security company which makes security software. The term "white
hat" in Internet slang refers to an ethical hacker. This classification also includes individuals who
perform penetration tests and vulnerability assessments within a contractual agreement. The ECCouncil,]also known as the International Council of Electronic Commerce Consultants, is one of
those organizations that have developed certifications, course-ware, classes, and online training
covering the diverse arena of Ethical Hacking.
6|Page
Himanshu Gupta, Faculty Member - AIIT
CYBER & INFORMATION SECURITY
Black Hat
A "black hat" hacker is a hacker who "violates computer security for little reason beyond
maliciousness or for personal gain" (Moore, 2005). Black hat hackers form the stereotypical,
illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the
public fears in a computer criminal". Black hat hackers break into secure networks to destroy
data or make the network unusable for those who are authorized to use the network.
Grey Hat
A grey hat hacker is a combination of a black hat and a white hat hacker. A grey hat hacker may
surf the internet and hack into a computer system for the sole purpose of notifying the
administrator that their system has a security defect, for example. Then they may offer to correct
the defect for a fee.
1.7 Botnet Cracker
Botnets are groups of computers connected to the Internet that have been taken over by a hacker.
The hacker controls all the computers and they behave like a “robot network” (a.k.a. "botnet").
Bonets contain anywhere from hundreds to thousands of computers. The botmaster (the hacker
who controls the botnet) then uses these computers to send spam email, spread viruses, attack
other networks or any other variety of malicious activity. This is also known as Bots, zombies,
zombie army
7|Page
Himanshu Gupta, Faculty Member - AIIT
CYBER & INFORMATION SECURITY
Examples:
If your computer is hacked and becomes part of a botnet you may not even know it.
1.8 Phishing
Phishing is the act of attempting to acquire information such as usernames, passwords, and
credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in
an electronic communication. Communications purporting to be from popular social web sites,
auction sites, online payment processors or IT administrators are commonly used to lure the
unsuspecting public. Phishing emails may contain links to websites that are infected
with malware. Phishing is typically carried out by email spoofing or instant messaging and it
often directs users to enter details at a fake website whose look and feel are almost identical to
the legitimate one. Phishing is an example of social engineering techniques used to deceive
users, and exploits the poor usability of current web security technologies. Attempts to deal with
the growing number of reported phishing incidents include legislation, user training, public
awareness, and technical security measures.
A phishing technique was described in detail in 1987, and (according to its creator) the first
recorded use of the term "phishing" was made in 1995 by Jason Shannon of AST Computers.
8|Page
Himanshu Gupta, Faculty Member - AIIT
CYBER & INFORMATION SECURITY
The term is a variant of fishing, probably influenced by phreaking, and alludes to "baits" used in
hopes that the potential victim will "bite" by clicking a malicious link or opening a malicious
attachment, in which case their financial information and passwords may then be stolen.
1.9 Virus
A computer virus is a type of malware that, when executed, replicates by inserting copies of
itself (possibly modified) into other computer programs, data files, or the boot sector of the hard
drive; when this replication succeeds, the affected areas are then said to be "infected". Viruses
often perform some type of harmful activity on infected hosts, such as stealing hard disk space
or CPU time, accessing private information, corrupting data, displaying political or humorous
messages on the user's screen, spamming their contacts, or logging their keystrokes.
Computer viruses infect a variety of different subsystems on their hosts. One manner of
classifying viruses is to analyze whether they reside in binary executables, data files (such
as Microsoft Word documents or PDF files), or in the boot sector of the host's hard drive (or
some combination of all of these).
Resident vs. non-resident viruses
A memory-resident virus (or simply "resident virus") installs itself as part of the operating
system when executed, after which it remains in RAM from the time the computer is booted up
to when it is shut down. Resident viruses overwrite interrupt handling code or other functions,
and when the operating system attempts to access the target file or disk sector, the virus code
intercepts the request and redirects the control flow to the replication module, infecting the target
Macro viruses
Many
common
applications,
such
as Microsoft
Outlook and Microsoft
Word,
allow macro programs to be embedded in documents or emails, so that the programs may be run
automatically when the document is opened. A macro virus (or "document virus") is a virus that
is written in a macro language, and embedded into these documents so that when users open the
file, the virus code is executed, and can infect the user's computer. This is one of the reasons that
it is dangerous to open unexpected attachments in e-mails.
9|Page
Himanshu Gupta, Faculty Member - AIIT
CYBER & INFORMATION SECURITY
Boot sector viruses
Boot sector viruses specifically target the boot sector/Master Boot Record (MBR) of the
host's hard drive or removable storage media (flash drives, floppy disks, etc).
Stealth Virus
In order to avoid detection by users, some viruses employ different kinds of deception. Some old
viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host
file stays the same when the file is infected by the virus. This approach does not fool antivirus
software, however, especially those which maintain and date cyclic redundancy checks on file
changes. Some viruses try to avoid detection by killing the tasks associated with antivirus
software before it can detect them.
Self-modification
Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning
them for so-called virus signatures. Such a virus signature is merely a sequence of bytes that an
antivirus program looks for because it is known to be part of the virus. A better term would be
"search strings". These viruses modify their code on each infection. That is, each infected file
contains a different variant of the virus.
Encrypted viruses
One method of evading signature detection is to use simple encryption to encipher the body of
the virus, leaving only the encryption module and a cryptographic key in cleartext. In this case,
the virus consists of a small decrypting module and an encrypted copy of the virus code. If the
virus is encrypted with a different key for each infected file, the only part of the virus that
remains constant is the decrypting module, which would (for example) be appended to the end.
In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect
the decrypting module, which still makes indirect detection of the virus possible.
Polymorphic Virus
Polymorphic code was the first technique that posed a serious threat to virus scanners. Just like
regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself,
which is decoded by a decryption module. In the case of polymorphic viruses, however, this
10 | P a g e
AIIT
Himanshu Gupta, Faculty Member -
CYBER & INFORMATION SECURITY
decryption module is also modified on each infection. A well-written polymorphic virus
therefore has no parts which remain identical between infections, making it very difficult to
detect directly using signatures. Antivirus software can detect it by decrypting the viruses using
an emulator, or by statistical pattern analysis of the encrypted virus body.
1.10 Spam
Spam is flooding the Internet with many copies of the same message, in an attempt to force the
message on people who would not otherwise choose to receive it. Most spam is commercial
advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Spam
costs the sender very little to send -- most of the costs are paid for by the recipient or the carriers
rather than by the sender.
Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of electronic
spam involving nearly identical messages sent to numerous recipients by email. Clicking on links
in spam email may send users to phishing web sites or sites that are hosting malware. Spam
email may also include malware as scripts or other executable file attachments. Definitions of
spam usually include the aspects that email is unsolicited and sent in bulk.
1.11 Spoofing
A technique used to gain unauthorized access to computers, whereby the intruder sends messages
to a computer with an IP address indicating that the message is coming from a trusted host. To
engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a
trusted host and then modify the packet headers so that it appears that the packets are coming
from that host. Newer routers and firewall arrangements can offer protection against IP spoofing.
11 | P a g e
AIIT
Himanshu Gupta, Faculty Member -
CYBER & INFORMATION SECURITY
Email spoofing is the creation of email messages with a forged sender address - something which
is simple to do because the core protocols do no authentication. Spam and phishing emails
typically use such spoofing to mislead the recipient about the origin of the message.
1.12 Trojan Horse
A Trojan horse, or Trojan, is a hacking program that is a non-self-replicating type of malware
which gains privileged access to the operating system while appearing to perform a desirable
function but instead drops a malicious payload, often including a backdoor allowing
unauthorized access to the target's computer. These backdoors tend to be invisible to average
users, but may cause the computer to run slow. Trojans do not attempt to inject themselves into
other files like a computer virus. Trojan horses may steal information, or harm their host
computer systems. Trojans may use drive-by downloads or install via online games or internetdriven applications in order to reach target computers. The term is derived from the Trojan Horse
story in Greek mythology because Trojan horses employ a form of “social engineering,”
presenting themselves as harmless, useful gifts, in order to persuade victims to install them on
their computers.
Trojan Horse
A Trojan may give a hacker remote access to a targeted computer system. Operations that could
be performed by a hacker on a targeted computer system may include:
12 | P a g e
AIIT
Himanshu Gupta, Faculty Member -
CYBER & INFORMATION SECURITY
 Crashing the computer
 Blue screen of death
 Electronic money theft
 Data theft (e.g. retrieving passwords or credit card information)
 Installation of software, including third-party malware and ransomware
 Downloading or uploading of files on the user's computer
 Modification or deletion of files
 Keystroke logging
 Watching the user's screen
 Viewing the user's webcam
 Controlling the computer system remotely
1.13 Zombie
In computer science, a zombie is a computer connected to the Internet that has been
compromised by a hacker, computer virus or trojan horse and can be used to perform malicious
tasks of one sort or another under remote direction. Botnets of zombie computers are often used
to spread e-mail spam and launch denial-of-service attacks. Most owners of zombie computers
are unaware that their system is being used in this way. Because the owner tends to be unaware,
these computers are metaphorically compared to zombies.
Zombies have been used extensively to send e-mail spam; as of 2005, an estimated 50–80% of
all spam worldwide was sent by zombie computers. This allows spammers to avoid detection and
presumably reduces their bandwidth costs, since the owners of zombies pay for their own
bandwidth.
1.14 Computer Forensic
Computer forensics is the application of investigation and analysis techniques to gather and
preserve evidence from a particular computing device in a way that is suitable for presentation in
a court of law. The goal of computer forensics is to perform a structured investigation while
maintaining a documented chain of evidence to find out exactly what happened on a computing
device and who was responsible for it.
13 | P a g e
AIIT
Himanshu Gupta, Faculty Member -
CYBER & INFORMATION SECURITY
Forensic investigators typically follow a standard set of procedures: After physically isolating the
device in question to make sure it cannot be accidentally contaminated, investigators make a
digital copy of the device's storage media. Once the original media has been copied, it is locked
in a safe or other secure facility to maintain its pristine condition. All investigation is done on the
digital copy.
Computer Forensic
Investigators use a variety of techniques and proprietary software forensic applications to
examine the copy, searching hidden folders and unallocated disk space for copies of deleted,
encrypted, or damaged files. Any evidence found on the digital copy is carefully documented in
a "finding report" and verified with the original in preparation for legal proceedings that involve
discovery, depositions, or actual litigation.
1.15 E-Commerce Security
E-commerce Security is a part of the Information Security framework and is specifically applied
to the components that affect e-commerce that include Computer Security, Data security and
14 | P a g e
AIIT
Himanshu Gupta, Faculty Member -
CYBER & INFORMATION SECURITY
other wider realms of the Information Security framework. E-commerce security has its own
particular nuances and is one of the highest visible security components that affect the end user
through their daily payment interaction with business. The “E-commerce” term refers to online
payment transaction between Businesses to Consumer (B2C), or between Businesses to Business
(B2B).
Global e-commerce sales are growing at more than 19% per year
While security features do not guarantee a secure system, they are necessary to build a secure
system. Security features have four categories:
 Authentication: Verifies who you say you are. It enforces that you are the only one
allowed to logon to your Internet banking account.
 Authorization: Allows only you to manipulate your resources in specific ways. This
prevents you from increasing the balance of your account or deleting a bill.
 Encryption: Deals with information hiding. It ensures you cannot spy on others during
Internet banking transactions.
 Auditing: Keeps a record of operations. Merchants use auditing to prove that you bought
a specific merchandise.
1.16 Steganography
15 | P a g e
AIIT
Himanshu Gupta, Faculty Member -
CYBER & INFORMATION SECURITY
The art and science of hiding information by embedding messages within other, seemingly
harmless messages. An encrypted file may still hide information using steganography, so even if
the encrypted file is deciphered, the hidden message is not seen.
.Steganography can utilize various medium as carriers of the message. These mediums may
include the classical methods of steganography as:
1. Character Marking,
2. Invisible Ink,
3. Pin Pictures,
4. Type-writer Correction
1.17 Security Engineering
Security engineering is the field of engineering dealing with the security and integrity of realworld systems. It is similar to systems engineering in that its motivation is to make a system
meet requirements, but with the added dimension of enforcing a security policy.
Security Engineering Model
Because modern systems cut across many areas of human endeavor, security engineers not only
need consider the mathematical and physical properties of systems; they also need to consider
attacks on the people who use and form parts of those systems using social engineering attacks.
16 | P a g e
AIIT
Himanshu Gupta, Faculty Member -
CYBER & INFORMATION SECURITY
It has existed as an informal field for centuries, in the fields of locksmithing and security
printing. Technological advances, principally in the field of computers, have now allowed the
creation of far more complex systems, with new and complex security problems.
THANKS!
17 | P a g e
AIIT
Himanshu Gupta, Faculty Member -