Module– V: Security and Ethical challenges in IT

Security Threats and Attacks

 Information systems are made up of many components that may be housed in several
locations. Thus, each information system is vulnerable to many potential hazards or
threats.

 Figure presents a summary of the major threats to the security of an information system.
Attacks on information systems can be either on internal systems (suffered by about 30%
of the responding organizations in the CSI/FBI survey, as reported in Richardson, 2003),
or via remotedial-ins (18%), or on Internet-based systems (78%).

 A universal vulnerability is a state in a computing system (or set of systems) which

either: allows an attacker to execute commands as another user; allows an attacker to
access data that is contrary to the specified access restrictions for that data; allows an
attacker to pose as another entity; or allows an attacker to conduct a denial of service

Dr [Link] Kumar Page 1

  An exposure is a state in a computing system (or set of systems) which is not a universal
vulnerability, but either: allows an attacker to conduct information gathering activities;
allows an attacker to hide activities; includes a capability that behaves as expected, but
can be easily compromised; is a primary point of entry that an attacker may attempt to
use to gain access to the system or data; and is considered a problem according to some
reasonable security policy.

UNINTENTIONAL THREATS.

 Unintentional threats can be divided into three major categories:

1. human errors,

2. environmental hazards, and

3. computer system failures

INTENTIONAL THREATS

As headlines about computer crime indicate, computer systems may be damaged as a result of
intentional actions as well. These account for about 30 percent of all computer problems,
according to the Computer Security Institute ([Link]), but the monetary damage from such
actions can be extremely large.

Dr [Link] Kumar Page 2

 Malicious software (malware)

 Malicious software (malware) is any software that gives partial to full control of the system to the
attacker/malware creator.

Types of Malwares

 Virus − A virus is a program that creates copies of itself and inserts these copies into other
computer programs, data files, or into the boot sector of the hard-disk. Upon successful
replication, viruses cause harmful activity on infected hosts such as stealing hard-disk space or
CPU time.

 Worm − A worm is a type of malware which leaves a copy of itself in the memory of each
computer in its path.

 Trojan − Trojan is a non-self-replicating type of malware that contains malicious code, which
upon execution results in loss or theft of data or possible system harm.

 Adware − Adware, also known as freeware or pitchware, is a free computer software that
contains commercial advertisements of games, desktop toolbars, and utilities. It is a web-based
application and it collects web browser data to target advertisements, especially pop-ups.

 Spyware − Spyware is infiltration software that anonymously monitors users which enables a
hacker to obtain sensitive information from the user's computer. Spyware exploits users and
application vulnerabilities that is quite often attached to free online software downloads or to
links that are clicked by users.

Dr [Link] Kumar Page 3

  Rootkit − A rootkit is a software used by a hacker to gain admin level access to a
computer/network which is installed through a stolen password or by exploiting a system
vulnerability without the victim's knowledge.

Hacking

 Hacking generally refers to unauthorized intrusion into a computer or a network.

 The person engaged in hacking activities is known as a hacker.

 This hacker may alter system or security features to accomplish a goal that differs from the
original purpose of the system.

 Hacking can also refer to non-malicious activities, usually involving unusual or improvised
alterations to equipment or processes.

Hackers employ a variety of techniques for hacking, including:

 Vulnerability scanner: checks computers on networks for known weaknesses

 Password cracking: the process of recovering passwords from data stored or transmitted by
computer systems

 Packet sniffer: applications that capture data packets in order to view data and passwords in
transit over networks

 Spoofing attack: involves websites which falsify data by mimicking legitimate sites, and they are
therefore treated as trusted sites by users or other programs

 Root kit: represents a set of programs which work to subvert control of an operating system from
legitimate operators

 Trojan horse: serves as a back door in a computer system to allow an intruder to gain access to
the system later

 Viruses: self-replicating programs that spread by inserting copies of themselves into other
executable code files or documents

 Key loggers: tools designed to record every keystroke on the affected machine for later retrieval

Dr [Link] Kumar Page 4

 Computer Virus and its Types

Computer Virus
A computer virus is a malicious program that self-replicates by copying itself to another
program. In other words, the computer virus spreads by itself into other executable code or
documents.

The purpose of creating a computer virus is to infect vulnerable systems, gain admin control and
steal user sensitive data. Hackers design computer viruses with malicious intent and prey on
online users by tricking them.
One of the ideal methods by which viruses spread is through emails – opening the attachment in
the email, visiting an infected website, clicking on an executable file, or viewing an infected
advertisement can cause the virus to spread to your system. Besides that, infections also spread
while connecting with already infected removable storage devices, such as USB drives.
It is quite easy and simple for the viruses to sneak into a computer by dodging the defense
systems. A successful breach can cause serious issues for the user such as infecting other
resources or system software, modifying or deleting key functions or applications and
copy/delete or encrypt data.

How does a computer virus operate?

A computer virus operates in two ways. The first kind, as soon as it lands on a new computer,
begins to replicate. The second type plays dead until the trigger kick starts the malicious code. In
other words, the infected program needs to run to be executed. Therefore, it is highly significant
to stay shielded by installing a robust antivirus program.

Types of Computer Viruses

A computer virus is one type of malware that inserts its virus code to multiply itself by altering
the programs and applications. The computer gets infected through the replication of malicious
code. Computer viruses come in different forms to infect the system in different ways. Some of
the most common viruses are,

Dr [Link] Kumar Page 5

Various types of virus :
1. File Virus : This type of virus infects the system by appending itself to the end of a file. It
changes the start of a program so that the control jumps to its code. After the execution of
its code, the control returns back to the main program. Its execution is not even noticed. It
is also called Parasitic virus because it leaves no file intact but also leaves the host
functional.
2. Boot sector Virus : It infects the boot sector of the system, executing every time system is
booted and before operating system is loaded. It infects other bootable media like floppy
disks. These are also known as memory virus as they do not infect file system.

3. Macro Virus: Unlike most virus which are written in low-level language(like C or
assembly language), these are written in high-level language like Visual Basic. These
viruses are triggered when a program capable of executing a macro is run. For example,
macro virus can be contained in spreadsheet files.
4. Source code Virus: It looks for source code and modifies it to include virus and to help
spread it.
5. Polymorphic Virus: A virus signature is a pattern that can identify a virus(a series of
bytes that make up virus code). So in order to avoid detection by antivirus a polymorphic
virus changes each time it is installed. The functionality of virus remains same but its
signature is changed.

Dr [Link] Kumar Page 6

 6. Encrypted Virus: In order to avoid detection by antivirus, this type of virus exists in
encrypted form. It carries a decryption algorithm along with it. So the virus first decrypts
and then executes.
7. Stealth Virus : It is a very tricky virus as it changes the code that can be used to detect it.
Hence, the detection of virus becomes very difficult. For example, it can change the read
system call such that whenever user asks to read a code modified by virus, the original
form of code is shown rather than infected code.
8. Tunneling Virus : This virus attempts to bypass detection by antivirus scanner by
installing itself in the interrupt handler chain. Interception programs, which remain in the
background of an operating system and catch viruses, become disabled during the course of
a tunneling virus. Similar viruses install themselves in device drivers.
9. Multipartite Virus : This type of virus is able to infect multiple parts of a system
including boot sector, memory and files. This makes it difficult to detect and contain.
10. Armored Virus: An armored virus is coded to make it difficult for antivirus to unravel and
understand. It uses a variety of techniques to do so like fooling antivirus to believe that it
lies somewhere else than its real location or using compression to complicate its code.

Dr [Link] Kumar Page 7

 What is Cryptography?
Cryptography is the study and application of techniques that hide the real meaning of
information by transforming it into nonhuman readable formats and vice versa.

Let’s illustrate this with the aid of an example. Suppose you want to send the message “I LOVE
APPLES”, you can replace every letter in the phrase with the third successive letter in the
alphabet. The encrypted message will be “K NQXG CRRNGU”. To decrypt our message, we
will have to go back three letters in the alphabet using the letter that we want to decrypt. The
image below shows how the transformation is done.

Fig:Cipher Encryption and Decryption

The process of transforming information into nonhuman readable form is called encryption. The
process of reversing encryption is called decryption. Decryption is done using a secret
key which is only known to the legitimate recipients of the information. The key is used to
decrypt the hidden messages. This makes the communication secure because even if the attacker
manages to get the information, it will not make sense to them. The encrypted information is
known as a cipher.

Encryption is the process of converting normal message (plaintext) into meaningless message
(Ciphertext).

Dr [Link] Kumar Page 8

 Decryption is the process of converting meaningless message (Ciphertext) into its original form
(Plaintext).

The major distinction between secret writing associated secret writing is that secret writing is
that the conversion of a message into an unintelligible kind that’s undecipherable unless
decrypted. whereas secret writing is that the recovery of the first message from the encrypted
information.

Dr [Link] Kumar Page 9

 Firewall

Definition:
A firewall is a device or a combination of systems that supervises the flow of traffic between
distinctive parts of the network. A firewall is used to guard the network against nasty people and
prohibit their actions at predefined boundary levels.

The concept of the firewall was introduced in order to secure the communication process
between various networks.

A firewall is a software or a hardware device which examines the data from several networks and
then either permits it or blocks it to communicate with your network and this process is governed
by a set of predefined security guidelines.

A firewall is not only used to protect the system from exterior threats but the threat can be
internal as well. Therefore we need protection at each level of the hierarchy of networking
systems.

A good firewall should be sufficient enough to deal with both internal and external threats and be
able to deal with malicious software such as worms from acquiring access to the network. It also
provisions your system to stop forwarding unlawful data to another system.

For Example, firewall always exists between a private network and the Internet which is a
public network thus filters packets coming in and out.
Firewall as a barrier between the Internet and LAN

Dr [Link] Kumar Page 10

Selecting a precise firewall is critical in building up a secure networking system.

Firewall provisions the security apparatus for allowing and restricting traffic, authentication,
address translation and content security.

It ensures 365 *24*7 protection of network from hackers. It is a onetime investment for any
organization and only needs timely updates to function properly. By deploying firewall there is
no need of any panic in case of network attacks.

Software Vs Hardware Firewall

Basic Firewall Network Example

Hardware firewall protects the entire network of an organization using it from external threats
only. In case, if an employee of the organization is connected to the network via his personal
laptop then he can’t avail the protection.

On the other hand, software firewall provision host-based security as the software is installed on
each of the device connected to the network, thereby protecting the system from external as well
as internal threats. It is most widely used by mobile users to digitally protect their handset from
malicious attacks.

Dr [Link] Kumar Page 11

Components of a Firewall System
The building blocks of a good firewall system are as follows:
 Perimeter router
 Firewall
 VPN
 IDS
#1) Perimeter Router
The main reason for using it is to provide a link to the public networking system like the internet,
or to a distinctive organization. It performs the routing of data packets by following an
appropriate routing protocol.

It also provisions the filtering of packets and addresses translations.

#2) Firewall
As discussed earlier also its main task is to provisions distinctive levels of security and
supervises traffic among each level. Most of the firewall exists near the router to provide security
from external threats but sometimes present in the internal network also to protect from internal
attacks.

#3) VPN
Its function is to provisions a secured connection among two machines or networks or a machine
and a network. This consist of encryption, authentication and, packet-reliability assurance. It
provisions the secure remote access of the network, thereby connecting two WAN networks
together on the same platform while not being physically connected.

#4) IDS(Intrusion Detection System)

Its function is to identify, preclude, investigate and resolve the unauthorized attacks. A hacker
can attack the network in various ways. It can execute a DoS attack or an attack from the back
side of the network through some unauthorized access. An IDS solution should be smart enough
to deal with these types of attacks.

Dr [Link] Kumar Page 12

 What are the types of Firewalls

There are various types of firewalls in a computer network, which are as follows −
Packet Filtering Firewalls
A packet filtering firewall is an essential type of firewall. It facilitates a management program
that monitors web traffic and filters incoming packets based on configured security methods.
These firewalls are created to block network traffic IP protocols, an IP address, and a port
number if a data packet does not connect to the established rule-set.
Application Level Gateway Firewall
It is also known as Proxy Firewalls. Proxies are mainly used to control or monitor outbound
traffic. Some application proxies cache the data requested.
This lower bandwidth requirement decreases the access time for the following user to access the
same data. It also gives unquestionable evidence of what was transferred.
Circuit-level Gateways
Circuit-level gateways are another type of firewall that can easily configure to allow or block
traffic without significant computing resources.
These types of firewalls typically operate at the OSI model’s session-level by verifying TCP
(Transmission Control Protocol) connections and sessions. Circuit-level gateways are designed
to ensure that the regular sessions are protected.
Next-Generation Firewalls (NGFW)
These work by filtering traffic moving by a network by the filtering is specified by the
applications or traffic methods and the ports they are created.
Stateful Multi-Layer Inspection (SMLI) Firewalls
Stateful multilayer inspection firewalls contain both packet inspection technology and TCP
handshake verification. It can create SMLI firewalls better than packet-filtering firewalls or
circuit-level gateways. These types of firewalls keep track of the status of established
connections.
Network address translation (NAT) Firewalls
It allows multiple devices with independent network addresses to connect to the internet using a
single IP address, keeping individual IP addresses hidden.
Cloud Firewalls
Whenever a firewall is created using a cloud solution, it is called a cloud firewall or FaaS
(firewall-as-service). Cloud firewalls are supported and run on the Internet by third-party
vendors.

Dr [Link] Kumar Page 13

 Types of Biometric Techniques

 Fingerprint Recognition : It is one of the oldest technologies of biometric recognition in

which the ridges and the furrows in the finger are used as the identifying trait since it is
immutable. It uses the fingerprint scanner to get an image of user’s finger. The user
simply places the finger on a glass plate and a CCD (charged couple device) camera takes
a picture. Before matching the print to pre-scanned images, the scanner processor makes
sure the CCD has captured a clear image. It examines the average pixel darkness and
rejects the scan if the overall image is too dark or too light.

 Voice or Sound Recognition: Voice of a human is one more attribute which is unique.
In this technique, the user speaks into the microphone, and an analog-to-digital converter
(ADC) creates digital sound files for the VR program to work with. Then the VR
programs accept the digital recording and parse it into small, recognizable speech bits
called phonemes.

Once the program has identified the phonemes, it begins a complex process of
identification and analysis, comparing each string of recorded phonemes against the one
recorded in its memory. It then accesses its internal database and pairs up the recorded
phonemes with the most equivalent texts.

 Palm Vein Recognition: n this, a vein in the palm is used as an identification trait. In
this technique, the user simply put his hand above the sensor for less than a second. The
sensor then records and examines the vein pattern of the user, which stays unique over
time, to provide a positive ID.
Dr [Link] Kumar Page 14
 It gives each test taker a single record that is virtually impossible to fake and prevents
people from testing under assumed identities.

 IRIS Recognition: The iris is unique to a human being. No two humans can have the
same iris pattern even identical twins have different iris patterns. The iris pattern of right
eye differs from the left eye. Usually, the left eye is used.

It uses camera technology in which the iris is exposed to subtle infrared rays. The image
of the eye is captured and iris scanner analyzes the features in the iris which have more
than 200 points that can be used for comparison, including rings, furrows and freckles.
Patterns are drawn and then matched with that of the user.

 Hand Geometry: In this technique, the geometric shape of the hand – size of the palm,
length and width of the fingers, the distance between the knuckles, etc are used.

It uses the geometry scanner, the user simply puts his or her hand onto a platen which
consists of 5 pegs that help the user to position their fingers properly

Dr [Link] Kumar Page 15

 Information Security & Cyber Law

The Internet has now become all-encompassing; it touches the lives of every
human being. We cannot undermine the benefits of Internet, however its
anonymous nature allows miscreants to indulge in various cybercrimes.

Need for Legislation

Under the general law, a person may obtain rights or be subject to obligations because of a
particular legal relationship with another person. The relationship may arise because of
agreement or because of a document made by a person conferring a power over the person’s
property on another person. It may be a legal relationship found to exist because of a civil
wrong committed by a person. These relationships are essentially narrow in their ambit and can
not be unilaterally created under the general law for all citizens or for all citizens of particular
classes.

Only legislation, properly authorised and made, can unilaterally create or change rights and
obligations of citizens generally, or change or affect the operation of the general law.

Legislation may also be an option chosen to present a policy in a particularly powerful way or
to create a state of affairs that can only be further changed or brought to an end by legislation.

Dr [Link] Kumar Page 16

 What is Cyber Law?

Cyber law is the part of the overall legal system that deals with the Internet, cyberspace, and
their respective legal issues. Cyber law covers a fairly broad area, encompassing several
subtopics including freedom of expression, access to and usage of the Internet, and online
privacy. Generically, cyber law is referred to as the Law of the Internet.

Cyber laws help to reduce or prevent people from cybercriminal activities on a large scale with
the help of protecting information access from unauthorized people, freedom of speech related to
the use of the Internet, privacy, communications, email, websites, intellectual property, hardware
and software, such as data storage devices.

Cyberlaw offers legal protections for people who are using the Internet as well as running an
online business. It is most important for Internet users to know about the local area and cyber law
of their country by which they could know what activities are legal or not on the network. Also,
they can prevent ourselves from unauthorized activities.

The Computer Fraud and Abuse Act was the first cyber law, called CFFA, that was enacted in
1986. This law was helpful in preventing unauthorized access to computers. And it also provided
a description of the stages of punishment for breaking that law or performing any illegal activity.

Dr [Link] Kumar Page 17

 Salient features of IT Act

the Government of India enacted the Information Technology (I.T.) Act with some major
objectives to deliver and facilitate lawful electronic, digital, and online transactions, and mitigate
cyber-crimes.

Salient Features of I.T Act

The salient features of the I.T Act are as follows −
 Digital signature has been replaced with electronic signature to make it a more
technology neutral act.
 It elaborates on offenses, penalties, and breaches.
 It outlines the Justice Dispensation Systems for cyber-crimes.
 It defines in a new section that cyber café is any facility from where the access to the
internet is offered by any person in the ordinary course of business to the members of
the public.
 It provides for the constitution of the Cyber Regulations Advisory Committee.
 It is based on The Indian Penal Code, 1860, The Indian Evidence Act, 1872, The
Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934, etc.
 It adds a provision to Section 81, which states that the provisions of the Act shall have
overriding effect. The provision states that nothing contained in the Act shall restrict
any person from exercising any right conferred under the Copyright Act, 1957.

Application of the I.T Act

As per the sub clause (4) of Section 1, nothing in this Act shall apply to documents or
transactions specified in First Schedule. Following are the documents or transactions to which
the Act shall not apply −
 Negotiable Instrument (Other than a cheque) as defined in section 13 of the Negotiable
Instruments Act, 1881;
 A power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;
 A trust as defined in section 3 of the Indian Trusts Act, 1882;
 A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including
any other testamentary disposition;
 Any contract for the sale or conveyance of immovable property or any interest in such
property;

Dr [Link] Kumar Page 18