KESHAV MEMORIAL INSTITUTE OF TECHNOLOGY

(AN AUTONOMOUS INSTITUTE)

Accredited by NBA & NAAC, Approved by AICTE, Affiliated to JNTUH, Hyderabad

[Link]. III Year II Semester Course Syllabus (KR21)

CYBER SECURITY (MC601CS)
Common to CSE, IT, CSE (AI&ML) and CSE (DS)
L T P C
Pre-requisites/ Co-requisites:
1. 21CS501PC - Computer Networks Course 3 0 0 0
Course Objectives: The course will help to

1. Understand cybercrime and Information Security

2. Understand cyber offences and their planning
3. Understand cybercrime in mobile and wireless devices
4. Understand the tools of cyber crime
5. Understand the implications of cyber crime

Course Outcomes: After learning the concepts of this course, the student is able to

1. Outline cybercrimes and legal perspectives

2. Identify cyber stalking, fuel of cyber crime
3. Illustrate cybercrime in mobile devices, wireless devices
4. Implement the methods used in cyber crime
5. Identify the cyber threats for organizations

UNIT - I
Introduction to Cyber Security: Basic Cyber Security Concepts, layers of security, Vulnerability, threat,
Harmful acts, Internet Governance – Challenges and Constraints, Computer Criminals, CIA Triad, Assets
and Threat, motive of attackers, active attacks, passive attacks, Software attacks, hardware attacks,
Spectrum of attacks, Taxonomy of various attacks, IP spoofing, Methods of defense, Security Models, risk
management, Cyber Threats-Cyber Warfare, Cyber Crime, Cyber terrorism, Cyber Espionage, etc.,
Comprehensive Cyber Security Policy.

UNIT - II
Cyberspace and the Law & Cyber Forensics: Introduction, Cyber Security Regulations, Roles of
International Law. The INDIAN Cyberspace, National Cyber Security Policy. Introduction, Historical
background of Cyber forensics, Digital Forensics Science, The Need for Computer Forensics, Cyber
Forensics and Digital evidence, Forensics Analysis of Email, Digital Forensics Lifecycle, Forensics
Investigation, Challenges in Computer Forensics, Special Techniques for Forensics Auditing.

UNIT - III
Cybercrime: Mobile and Wireless Devices: Introduction, Proliferation of Mobile and Wireless Devices,
Trends in Mobility, Credit card Frauds in Mobile and Wireless Computing Era, Security Challenges Posed
by Mobile Devices, Registry Settings for Mobile Devices, Authentication service Security, Attacks on
Mobile/Cell Phones, Mobile Devices: Security Implications for Organizations, Organizational Measures for
Handling Mobile, Organizational Security Policies and Measures in Mobile Computing Era, Laptops.

UNIT- IV
Cyber Security: Organizational Implications: Introduction, cost of cybercrimes and IPR issues, web
threats for organizations, security and privacy implications, social media marketing: security risks and
perils for organizations, social computing and the associated challenges for organizations.
Cybercrime and Cyber terrorism: Introduction, intellectual property in the cyberspace, the ethical
dimension of cybercrimes the psychology, mindset and skills of hackers and other cyber criminals.

UNIT - V
Privacy Issues: Basic Data Privacy Concepts: Fundamental Concepts, Data Privacy Attacks, Data linking
and profiling, privacy policies and their specifications, privacy policy languages, privacy in different
domains- medical, financial, etc.
Cybercrime: Examples and Mini-Cases
Examples: Official Website of Maharashtra Government Hacked, Indian Banks Lose Millions of Rupees,
Parliament Attack, Pune City Police Bust Nigerian Racket, e-mail spoofing instances.
Mini-Cases: The Indian Case of online Gambling, An Indian Case of Intellectual Property Crime,
Financial Frauds in Cyber Domain.

TEXT BOOKS:

1. Nina Godbole and Sunit Belpure, Cyber Security Understanding Cyber Crimes, Computer
Forensics and
Legal Perspectives, Wiley
2. B. B. Gupta, D. P. Agrawal, Haoxiang Wang, Computer and Cyber Security: Principles,
Algorithm, Applications, and Perspectives, CRC Press, ISBN 9780815371335, 2018.

REFERENCES:

1. Cyber Security Essentials, James Graham, Richard Howard and Ryan Otson, CRC Press.
2. Introduction to Cyber Security, Chwan-Hwa(john) Wu,J. David Irwin, CRC Press T&F
Group.

Noted and Approved

[Link]-DS [Link].T Venu 3. Dr. J Sasi [Link].V. Venkata 5. Ms. Mallam [Link]. Sara
[Link] kumar gopal Kiran Krishna Puja Fatima

7. Dr. S Padmaja 8. [Link] 9. Ms. [Link]. Sita [Link] [Link]. R.V.

kumar Priyanka Kameshwari Sirisha Gandhi
Saxena
 CYBER SECURITY (MC601CS)

Introduction to Cyber Security:

Cybersecurity is the practice of protecting systems, networks, and programs from digital
attacks. These cyberattacks are usually aimed at accessing, changing, or destroying
sensitive information; extorting money from users via ransomware; or interrupting
normal business processes.

Basic Cyber Security Concepts, layers of security:

1. Human Layer:
The human layer, often regarded as the most vulnerable layer, focuses on the human
element within an organization. It involves implementing practices and policies that
ensure that employees, contractors, and other users do not fall victim to phishing attacks
and other security threats due to human error or lack of knowledge.

Examples of human layer security measures include security awareness training, strong
password policies, and multi-factor authentication, ensuring that users can identify and
respond appropriately to security threats.

2. Perimeter Security Layer:

Perimeter security layer is akin to the walls of a fortress. It serves to protect the network
by controlling incoming and outgoing network traffic based on an organization's
previously established security policies. At its core, it involves implementing firewalls,
intrusion detection systems (IDS), intrusion prevention systems (IPS), and VPNs to
create a barrier between your secure internal network and untrusted external networks
such as the internet.

An example of how this works is a firewall that filters incoming traffic to allow or block
packets based on the organization’s security policies, thus preventing unauthorized access
to networked resources.

3. Network Layer:
The network layer is crucial in managing and protecting the communication between
applications and devices on your network. This layer employs various security measures
and controls to prevent attackers from intercepting and tampering with information as it
travels over the network. Examples of network layer security include the use of secure
protocols like HTTPS, employing network segmentation to separate sensitive parts of the
network from less sensitive ones, and implementing security solutions like anti-malware
and antivirus software to monitor and analyze network traffic for malicious activity and
unauthorized access.

The network layer is pivotal in the cyber security landscape as it serves as the
communication bridge connecting various components within a network, facilitating data
transfer between them. It holds immense importance because it is inundated with a
multitude of information exchanges, making it a lucrative target for cyber adversaries
aiming to intercept, modify, or disrupt the data flow. By securing the network layer
through strategies like encryption, secure protocols, and robust network architectures,
organizations can ensure the integrity, availability, and confidentiality of the transmitted
information, thereby protecting against unauthorized access and potential cyberattacks,
and maintaining seamless and secure organizational operations.

4. Application Security Layer:

This layer focuses on keeping software and devices free of threats. Secure coding
practices are vital here, as vulnerabilities in the application can serve as entry points for
cyber threats. Examples of application security measures include regular security
scanning and testing to identify and remedy vulnerabilities and employing application
security solutions like Web Application Firewalls (WAFs) to protect against threats such
as SQL injection and Cross-Site Scripting (XSS).

5. Endpoint Security Layer:

The security layer concentrates on safeguarding the individual devices that connect to the
network, like computers, smartphones, and tablets. Since these endpoints serve as access
points to the network, securing them is crucial. An example of endpoint security is
employing antivirus programs and endpoint detection and response (EDR) solutions to
monitor, detect, and block malicious activities and threats on endpoints, ensuring that
even if a device is compromised, the threat does not propagate through the network.

6. Data Security Layer:

This layer is dedicated to protecting the data residing in the network, focusing on
maintaining its confidentiality, integrity, and availability. Encryption is a prime example
of a data security measure, where sensitive data is converted into a coded format to
prevent unauthorized access. Another example is employing backup solutions and
establishing robust access controls to safeguard data from loss, exposure, and
unauthorized access, ensuring only authorized personnel can access sensitive
information.

7. Mission-Critical Assets:
This layer focuses on safeguarding assets that are crucial to an organization's operations
and business continuity. These could include proprietary software, sensitive customer
data, or essential hardware. Protection strategies here involve implementing layered
defenses like firewalls, intrusion detection and prevention systems, and robust access
controls. For instance, regularly updating and patching mission-critical applications
ensures that vulnerabilities are addressed, minimizing the risk of exploitation and
ensuring the uninterrupted functionality of essential assets.
 Vulnerability
Vulnerability in security refers to a weakness or opportunity in an information system
that cybercriminals can exploit and gain unauthorized access to a computer system.
Vulnerabilities weaken systems and open the door to malicious attacks.

What are the 4 main types of security vulnerability?

Security Vulnerability Types

• Network Vulnerabilities. These are issues with a network's hardware or software that
expose it to possible intrusion by an outside party. ...
• Operating System Vulnerabilities. ...
• Human Vulnerabilities. ...
• Process Vulnerabilities.

Threat:

A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal
data, or disrupt digital life in general.

Any circumstance or event with the potential to adversely impact organizational

operations (including mission, functions, image, or reputation), organizational assets, or
individuals through an information system via unauthorized access, destruction,
disclosure, modification of information, and/or denial of service. Also, the potential for a
threat-source to successfully exploit a particular information system vulnerability.

Harmful acts:

Defamation: It involves damaging the good reputation of someone using a computer or

electronic service as a medium. E.g., Posting vulgar messages and photos ...
• Malware. Malware — or malicious software — is any program or code that is created
with the intent to do harm to a computer, network or server. ...
• Denial-of-Service (DoS) Attacks. ...
• Phishing. ...
• Spoofing. ...
• Identity-Based Attacks. ...
• Code Injection Attacks. ...
• Supply Chain Attacks. ...
• Insider Threats.

Internet Governance:

5 Internet Governance Challenges and Constraints

• Biggest Challenges in Internet Governance. The Internet started as a tool for

communication. ...
• Tech Giants. ...
• Geopolitics. ...
• Creating an Inclusive Future. ...
• The Challenge of Regulation. ...
• Combatting Misinformation. ...
• Fighting Cybercrime. ...
• Closing Thoughts.
•
Computer Criminals

Cyber criminals, also known as hackers, often use computer systems to gain access to
business trade secrets and personal information for malicious and exploitive purposes.
Hackers are extremely difficult to identify on both an individual and group level due to
their various security measures, such as proxies and...

What is computer crime and its types?

Cybercrime, the use of a computer as an instrument to further illegal ends, such as

committing fraud, trafficking in child pornography and intellectual property, stealing
identities, or violating privacy

CIA Triad in cyber security

The three letters in "CIA triad" stand for Confidentiality, Integrity, and Availability. The
CIA triad is a common model that forms the basis for the development of security
systems.

Confidentiality

Confidentiality means that only authorized individuals/systems can view sensitive or

classified information. The data being sent over the network should not be accessed by
unauthorized individuals. The attacker may try to capture the data using different tools
available on the Internet and gain access to your information. A primary way to avoid
this is to use encryption techniques to safeguard your data so that even if the attacker
gains access to your data, he/she will not be able to decrypt it. Encryption standards
include AES(Advanced Encryption Standard) and DES (Data Encryption Standard).
Another way to protect your data is through a VPN tunnel. VPN stands for Virtual
Private Network and helps the data to move securely over the network.

Integrity

The next thing to talk about is integrity. Well, the idea here is to make sure that data has
not been modified. Corruption of data is a failure to maintain data integrity. To check if
our data has been modified or not, we make use of a hash function.
We have two common types: SHA (Secure Hash Algorithm) and MD5(Message Direct
5). Now MD5 is a 128-bit hash and SHA is a 160-bit hash if we’re using SHA-1. There
are also other SHA methods that we could use like SHA-0, SHA-2, and SHA-3.

Let’s assume Host ‘A’ wants to send data to Host ‘B’ to maintain integrity. A hash
function will run over the data and produce an arbitrary hash value H1 which is then
attached to the data. When Host ‘B’ receives the packet, it runs the same hash function
over the data which gives a hash value of H2. Now, if H1 = H2, this means that the
data’s integrity has been maintained and the contents were not modified.

Availability

This means that the network should be readily available to its users. This applies to
systems and to data. To ensure availability, the network administrator should maintain
hardware, make regular upgrades, have a plan for fail-over, and prevent bottlenecks in a
network. Attacks such as Do’s or DDoS may render a network unavailable as the
resources of the network get exhausted. The impact may be significant to the companies
and users who rely on the network as a business tool. Thus, proper measures should be
taken to prevent such attacks .

Assets and Threat, cyber security:

Online, your company website and data are the assets. A hacker and their tools (like
malicious code) would be a cyber threat. The criminal can install the code on your site,
which can infiltrate your platform and shut it down or install viruses.
Threat: Something that can damage or destroy an asset

Let's use the example of home ownership to illustrate these. Your home would be your
asset. A threat would be a burglar, or even the tools that a burglar might use, like a lock
pick. These potential threats can do damage to your home if not protected against.
motive of attackers
Some common motivations for threat actors include: Financial Gain. Many
cybercriminals are primarily motivated by financial gain. They seek to steal sensitive
information, such as credit card data, personal information, or login credentials, which
they can sell on the black market or use for fraudulent activities .

What is the main goal of a cyber attacker?

A cyber attack is any malicious attempt to gain unauthorized access to a computer,

computing system or computer network with the intent to cause damage. Cyber attacks
aim to disable, disrupt, destroy or control computer systems or to alter, block, delete,
manipulate or steal the data held within these systems.

What is an active attack?

An active attack is a security attack in which the attacker directly communicates with the
target system or network. In this attack, an attacker attempts to modify or disrupt the
system or network’s functioning by injecting malicious traffic or executing unauthorized
commands. It can be dangerous to the integrity and availability of a system or network. It
can compromise the data integrity and reduce the availability of system resources,
leading to significant damage and financial loss for the targeted organization.
Types of active attacks:
Active attacks can take many forms, including:
• Distributed Denial of Service (DDoS) attack: In this attack, the attacker uses a
network of compromised devices known as a botnet to flood a target system or
network with excessive traffic causing it to crash or become unavailable.
• Masquerade attack: In this attack, the attacker pretends to be a legitimate user or
system to gain unauthorized access to confidential information or perform malicious
actions.
• Session hijacking: In this attack, the attacker takes over a user’s session by stealing
their session ID, which can be used to impersonate the user and perform actions on
their behalf.
• Replay attack: In this attack, the attacker intercepts and records data packets
transmitted between two parties and later replays them to gain unauthorized access to
a system or network.
What is a passive attack?
A passive attack is also a type of security attack in which an attacker is in indirect contact
with the target system or network and monitors the communication between the target
system. In this attack, an attacker monitors, intercepts, or eavesdrops on data
transmissions without altering or affecting them. The main objective of a passive attack is
to gain unauthorized access to sensitive or confidential data or information without being
detected. They are often difficult to discover as they do not disrupt system operations or
modify data.
Types of passive attacks:
Passive attacks can take many forms, including:
• Release of message contents: In this attack, the attacker can intercept and view the
content of a message being transmitted over a network and use this information for
malicious purposes.
• Traffic analysis: In this attack, the attacker can monitor the traffic between two or
more communication nodes to obtain information about the communication patterns
and behaviour of the system.
• Network mapping: In this attack, the attacker creates a network map by monitoring
the network traffic and identifying the communication patterns between different
devices on the network.
• Sniffing: In this attack, the attacker captures and analyses network traffic to intercept
sensitive data such as login details, credit card numbers, or other confidential
information.
Hardware attacks
• To carry out hardware attacks, hackers must be on-site and have undisturbed
access to computers — or at least enough time to insert a tracking device and gain
remote access to data. These attacks target machines and other physical systems
and include human tampering and destruction.
Software attacks
• Software threats are malicious pieces of computer code and applications that can
damage your computer, as well as steal your personal or financial information.
For this reason, these dangerous programs are often called malware (short for
“malicious software”).

Spectrum of attacks, Taxonomy of various attacks

The “Spectrum of Cyber Attack” incorporates the definition of denial from Joint
Publication ( JP) 3-12, Cyberspace Operations, “to prevent access to, operation of, or
availability of a target function”3 as the foundation for the three levels des- ignited as
denial attacks: Network Denial, Enterprise Denial, and Mission ...

IP spoofing’s

IP spoofing is the creation of Internet Protocol (IP) packets which have a modified
source address in order to either hide the identity of the sender, to impersonate
another computer system, or both.
 Spoofing definition. Spoofing, as it pertains to cybersecurity, is when someone or
something pretends to be something else in an attempt to gain our confidence, get
access to our systems, steal data, steal money, or spread malware. Spoofing attacks
come in many forms, including: Email spoofing.

What is IP spoofing and its types?

What is IP spoofing? IP spoofing, or IP address spoofing, refers to the creation of Internet

Protocol (IP) packets with a false source IP address to impersonate another computer
system. IP spoofing allows cybercriminals to carry out malicious actions, often without
detection.

Methods of defence:

• Installing and maintaining the hardware and software for your security infrastructure.
• Analyzing, identifying, and patching system vulnerabilities within your network.
• Implementing real-time solutions to diffuse zero-day attacks.

Security Models

These models are used for maintaining goals of security, i.e. Confidentiality, Integrity, and
Availability.

• Access control list (ACL)

• Attribute-based access control (ABAC)
• Bell–LaPadula model.
• Biba model.
• Brewer and Nash model.
• Capability-based security.
• Clark-Wilson model.
• Context-based access control (CBAC)

Risk management in cyber security

Cybersecurity risk management is an ongoing process of identifying, analyzing,
evaluating, and addressing your organization's cybersecurity threats. Cybersecurity risk
management isn't simply the job of the security team;

Cyber threats

A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data,
or disrupt digital life in general.

Cyber warfare

Cyberwarfare is the use of cyber-attacks against an enemy state, causing comparable

harm to actual warfare and/or disrupting vital computer systems. Some intended
outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

Cyber crime
Cybercrime is illegal activity involving computers, the internet, or network devices.
Cybercriminals commit identity theft, initiate phishing scams, spread malware, and
instigate other digital attacks.

Cyber terrorism
Cyber terrorism (also known as digital terrorism) is defined as disruptive attacks by
recognized terrorist organizations against computer systems with the intent of
generating alarm, panic, or the physical disruption of the information system.

Comprehensive cyber security policy:

Definitions of confidential data and the importance of its protection. Procedures for data
transfer, ensuring security and preventing unauthorized access. Reporting mechanisms
for scams, privacy breaches, and potential security threats, ensuring timely response and
resolution.