SSR DEGREE COLLEGE Cyber Security

(LAB-RECORD)- SEM-III

UNIT-I & II
1. Check List for reporting in cyber-crime at Cyber-crime police Station

Ans: Check list for Complainant

Please have this information ready before filing your complaint:

Mandatory Information

1. Incident Date and Time.

2. Incident details (minimum 200 characters) without any special characters (#$@^*`’’~|!).
3. Soft copy of any national Id ( Voter Id, Driving license, Passport, PAN Card, Aadhar Card) of
complainant in .jpeg, .jpg, .png format (file size should not more than 5 MB).
4. In case of financial fraud, please keep following information ready:
i) Name of the Bank/ Wallet/Merchant
ii) 12-digit Transaction id/UTR No.
iii) Date of transaction
iv) Fraud amount
5. Soft copy of all the relevant evidences related to the cyber crime (not more than 10 MB each)

Optional/Desirable Information:

1. Suspected website URLs/ Social Media handles (wherever applicable)

2. Suspect Details (if available)
i) Mobile No
ii) Email id
iii) Bank Account No
iv) Address
v) Soft copy of photograph of suspect in .jpeg, .jpg, .png format (not more than 5 MB)
vi) Any other document through which suspect can be identified.

Cyber Security LAB SEM-III (All groups) Page 1

 Cyber Security
SSR DEGREE COLLEGE (LAB-RECORD)- SEM-III

2. Check list for Reporting Cyber Crime Online.

How to file a Cyber Crime Complaint online?

The online portal where a victim can file a cyber crime complaint is https://cyber
crime.gov.in/Accept.aspx, an initiative of Government of India that caters to complaints pertaining
to the online Child Pornography (CP), Child Sexual Abuse Material (CSAM) or sexually explicit
content and other cyber crimes such as social media crimes, online financial frauds, ransomware,
hacking, crypto currency crimes, and online cyber trafficking. The portal also provides an option of
reporting an anonymous complaint about reporting Child Pornography (CP) or sexually explicit
content. One can follow below-mentioned steps to report a cyber crime online –

STEP 1: Go to https://cyber crime.gov.in/Accept.aspx

STEP 2: Click on ‘Report other cyber crimes’ on the menu.

STEP 3: Click on ‘File a Complaint’.

STEP 4: Read the conditions and accept them.

STEP 5: Register your mobile number and fill in your name and State.

STEP 6: Fill in the relevant details about the offence.

3. Reporting phishing e-mails

Avoid and report phishing emails
Learn how to spot deceptive requests online and take recommended steps to help protect your
Gmail and Google Account.

What phishing
Phishing is an attempt to steal personal information or break in to online accounts using deceptive
emails, messages, ads, or sites that look similar to sites you already use. For example, a phishing
email might look like it's from your bank and request private information about your bank
account.

Phishing messages or content may:

 Ask for your personal or financial information.

 Ask you to click links or download software.
 Impersonate a reputable organization, like your bank, a social media site you use, or your
workplace.
 Impersonate someone you know, like a family member, friend, or coworker.
 Look exactly like a message from an organization or person you trust.

Cyber Security LAB SEM-III (All groups) Page 2

 Cyber Security
SSR DEGREE COLLEGE (LAB-RECORD)- SEM-III

4. Demonstration of email phishing attack and preventive measures.

Internet pirates steal personal financial information with a new a type of Internet piracy
called phishing, pronounced "fishing," and that's exactly what these thieves are doing:
"fishing" for your personal financial information.

What they want are account numbers, passwords, Social Security numbers, and other
confidential information that they can use to loot your checking account or run up bills on
your credit cards. In the worst case, you could find yourself a victim of identity theft. With
the sensitive information obtained from a successful phishing scam, these thieves can take
out loans or obtain credit cards and even driver's licenses in your name. They can do
damage to your financial history and personal reputation that can take years to unravel.
But if you understand how phishing works and how to protect yourself, you can help stop
this crime.

How to Protect Yourself

1. Never provide your personal information in response to an unsolicited request, whether

it is over the phone or over the Internet. Emails and Internet pages created by phishes may
look exactly like the real thing. They may even have a fake padlock icon that ordinarily is
used to denote a secure site. If you did not initiate the communication, you should not
provide any information.
2. If you believe the contact may be legitimate, contact the financial institution yourself.
You can find phone numbers and Websites on the monthly statements you receive from
your financial institution, or you can look the company up in a phone book or on the
Internet. The key is that you should be the one to initiate the contact, using contact
information that you have verified yourself.
3. Never provide your password over the phone or in response to an unsolicited Internet
request. A financial institution would never ask you to verify your account information
online. Thieves armed with this information and your account number can help themselves
to your savings.
4. Review account statements regularly to ensure all charges are correct. If your account
statement is late in arriving, call your financial institution to find out why. If your financial

Cyber Security LAB SEM-III (All groups) Page 3

 SSR DEGREE COLLEGE Cyber Security
(LAB-RECORD)- SEM-III

institution offers electronic account access, periodically review activity online to catch
suspicious activity.

UNIT- III
5. Basic Check list, privacy and security settings of popular Social media
Platforms.

Social Media Security Checklist

Keep your personal data safe while using social media

Manage Privacy Settings

These settings allow you to make sure you are only sharing with friends and family. These setting
can change with updates so you should check them regularly.

Don’t Enable Auto Login

If someone gets access to your phone or computer make sure they can’t automatically access your
social sites. Make sure your computer’s browser “remember” your login and password isn’t set.

Use Two-factor authentication 2FA

‘Double checking’ you really are who you say you are by texting your phone a code that you need
to enter before you can log in.

Setup Security Answers

You can set up security questions on your accounts use questions that are hard to find out about
you.

Use a VPN
Virtual Private Network is an encryption tool. If you want to keep your conversations, messages,
and calls secure this is the best solution.

Keep Antivirus Updated

Never go on the internet without installing anti-malware and antivirus software to secure your
online activity and important data.

Change Passwords Frequently

Always use a combination of letters, numbers, and symbols to make it harder to break.

Good, secure passwords shouldn’t be easy to remember.

Never use the same password for multiple websites because they will all become compromised.

Selective Accepting Friends

Are they really who they say they are? Do you really know that their profile is real and not fake?
The safest option is to only accept “friend” requests from people you know in the real world.

Cyber Security LAB SEM-III (All groups) Page 4

 SSR DEGREE COLLEGE Cyber Security
(LAB-RECORD)- SEM-III

Turn Off GPS

Turn off your GPS to keep your exact location private. If you plan to share images online turn off
the GPS function to protect your safety.

Internet is Permanent
Always consider that anything you post stays there forever. Even if you delete your account,
someone may already print/copy your content.

Personal Information
Careful who you reveal personal information. Always be suspicious of anyone who asks for your
personal information over any social media platform.

Beware Clicking on Links

Even if sent from your friends think twice. Hackers love social platforms because you are more
likely to click on something from your friends.

Block Fake Accounts

Sadly social media is full of fake profiles. These can be used for a number of reasons from hacking
or monitoring your activities.

Suspicious Login Attempts

Social media platforms email you if they feel a login is suspicious. Maybe because it comes from a
different IP address, a different browser or your account is sending spamming posts.

Keep checking your emails regularly. If you get a suspicious login attempt to your account, change
your password as soon as possible.

Keep Browser Updated

Make sure you have the latest version of your browser that is not vulnerable to attacks and
hackers.

Don’t save passwords in your browser because if your system gets compromised your passwords
can be easily read.

Auto Share Options

There are options to automatically share posts from one platform to another.

Close Old Accounts

Old social media accounts you haven’t used in years can risk your personal data security. Delete
account and remove as much personal information as possible.

App Authorization
Every time you log in to another site using the option of using a social media login you are granting
authorisation to your account.

They tell you what data this app will have access to before you agree but if you stop using that site
remember to revoke authorisation.

Cyber Security LAB SEM-III (All groups) Page 5

 SSR DEGREE COLLEGE Cyber Security
(LAB-RECORD)- SEM-III

Password Manager
Your passwords are valuable, so treat them that way.

There is a number of password manager software available that help you store and organise
passwords. This enables you to log in with just one main password that then allows you to access
all your accounts.

6. Reporting and redressal mechanism for violations and misuse of Social

media Platforms.
Some common issues reported on social media:

 Reporting abusive content: Users can report content that they find abusive, offensive, or
in violation of platform policies. These reports are reviewed by the help centre.
 Reporting CSAM (Child Sexual Abuse Material): CSAM content can be reported to
platform help centre. Social media platforms have stringent policies in place to address
such concerns and ensure a safe digital environment for everyone, including children.
 Reporting Misinformation or Fake News: With the proliferation of misinformation online,
users can report content that they find or suspect misleading or false information and Fact-
checking bodies are employed to assess the accuracy of reported content.
 Content violating intellectual property rights: If there is a violation or infringement of any
intellectual property work, it can be reported on the platform.
 Violence of commercial policies: Products listed on social media platforms are also needed
to comply with the platform’s Commercial Policies.

Background:

The Digital India programme has now become a movement which is empowering common Indians
with the power of technology. The extensive spread of mobile phones, Internet etc. has also
enabled many social media platforms to expand their footprints in India. Common people are also
using these platforms in a very significant way. Some portals, which publish analysis about social
media platforms and which have not been disputed, have reported the following numbers as user
base of major social media platforms in India:

 WhatsApp users: 53 Crore

 YouTube users: 44.8 Crore
 Facebook users: 41 Crore
 Instagram users: 21 Crore
 Twitter users: 1.75 Crore
 UNIT- IV
7. Configuring Security settings in Mobile Wallets and UPIs.

Choose a Strong Password or PIN:

 Set a strong and unique password or personal identification number (pin) for your mobile
wallet and UPI application.

Cyber Security LAB SEM-III (All groups) Page 6

 SSR DEGREE COLLEGE Cyber Security
(LAB-RECORD)- SEM-III

 Avoid using common passwords or easily guessable combinations like birth dates or phone
numbers.

Enable Biometric Authentication:

 If your mobile device supports biometric authentication methods such as fingerprints or
facial recognition, enable these options for added security.
 Biometric provide an extra layer of protection in addition to your password or pin.

Keep your mobile device updated:

 Regularly update your mobile devices operating system and keep your mobile wallet and
UPI application up to date.
 Software updates often include security patches that address vulnerabilities.

Enable Two –Factor Authentication (2FA):

 Whenever possible, enable two factor authentications for your mobile wallet and UPI
application.
 This typically involves entering a verification code sent to your registered mobile number
or email. Address, providing and extra layer of security during login or transaction
confirmation.

Use secure Networks:

 Avoid using public wifi network or unsecured internet connections while conducting
financial transactions.
 Use a trusted network or enable your mobile data connection for secure communication.

8. Check list secure net

banking Online Banking Checklist

1. Protect and memorize your passwords. Never write your passwords down or share them
with anyone. Change passwords regularly and use combinations of letters, numbers and
"special characters" such as the #, @, ), ? Signs. Do not use your Social Security Number or
birthday as a username or password. Never use your username as a password.
2. Keep your computer operating system up to date. If your computer is older than five
years, its operating system may not offer the same level of protection as newer systems.
System manufacturers provide frequent updates to help make your system more secure.
Regularly check for updates from your system manufacturer.
3. Use a current web browser. Cathay Bank continually upgrades our online services to
provide you with the most secure online services. We do not allow access to Cathay Online
Banking or Cathay Business Online Banking using browsers that do not meet our security
criteria. If you have problems accessing our online banking services, you may need to
upgrade your browser.
4. Install a personal firewall. Firewalls provide additional protection for your home
computer. Many operating systems come with firewall protection. Before purchasing a
firewall, check your operating system.

Cyber Security LAB SEM-III (All groups) Page 7

 SSR DEGREE COLLEGE Cyber Security
(LAB-RECORD)- SEM-III

5. Antivirus and Antispyware Software. Virus and Spyware protection software helps reduce
the risk of contracting computer malwares (viruses and spyware) that can compromise
your computer and personal security while online.
6. Use secure websites for transactions and shopping. Make sure the web page you are
viewing offers encryption of your data. If you see a lock symbol in the lower right-hand
corner of your browser window, or if the web address of the page you are viewing begins
with https://, this indicates that web page is secure and uses encryption. Cathay Bank
provides 2048-bit encryption, the highest level available today.
7. Do not open e-mail or download programs from unknown sources. Sometimes hidden
programs or viruses are contained in e-mail or on downloaded programs which can
compromise your computer. Use caution when downloading from an unfamiliar site.
8. Terminate the Internet when not in use. Take an additional precaution by terminating
your Internet session when not in use. This will help to avoid unwanted access to your
computer and its data.

UNIT- V
9. Setting, configuring and managing three password policy in the computer (BIOS,
Administrator and Standard User)

Set a BIOS Password

1. Protect your laptop with BIOS passwords. A BIOS password is the extremely strong password
that locks up the hardware and makes the laptop completely unusable. Only logging with the
password can you enter into the operating system.

2. Create a BIOS password. Restart the laptop, and press F2 continuously to the following
interface. Select the security with the cursor and choose "Set User" password or "Set User
Password".

Cyber Security LAB SEM-III (All groups) Page 8

 SSR DEGREE COLLEGE Cyber Security
(LAB-RECORD)- SEM-III

 Note: The difference between Set User Password and Set Supervisor Password: User
password controls access to the system at boot; supervisor password controls access to the
setup utility.

3. Press Enter, and fill the three blanks with your password.

4. Press Enter and pop up Setup Notice, which means that you have reset BIOS password.

5. Press F10 to save it and select Yes to exit, your laptop will log on automatically.

6. Ensure a reset. It is challenging if you forget a BIOS password. Rest the BIOS password using
standard BIOS backdoor passwords to reset BIOS password. A backdoor is one of the best
way to protect BIOS password which is provided for users to access the BIOS when the
hardware is being maintained. Note that some types of backdoor passwords will cease to
work when entering the wrong password for more than three times. Here are some well-
known backdoor passwords:

7. Protect your laptop with Windows Password. A Windows password is the confirmation
code that a PC user requesting access to the Windows system is really that particular user.

 Create an administrator password with which the owner can log on in to the Windows
system. And then you can create a Windows password reset disk.

10. Setting and configuring two factor authentications in the Mobile phone.

Set up your mobile device to use a text message as your verification method

1. On the Additional security verification page, select Authentication phone from the Step 1:
How should we contact you area, select your country or region from the drop-down list,
and then type your mobile device phone number.
2. Select Send me a code by text message from the Method area, and then select Next.
3. Type the verification code from the text message sent from Microsoft into the Step 2:
We've sent a text message to your phone area, and then select Verify.

4. From the Step 3: Keep using your existing applications area, copy the provided app
password and paste it somewhere safe.

Cyber Security LAB SEM-III (All groups) Page 9

 SSR DEGREE COLLEGE Cyber Security
(LAB-RECORD)- SEM-III

5. Select Done.

Set up your mobile device to receive a phone call

1. On the Additional security verification page, select Authentication phone from the Step 1:
How should we contact you area, select your country or region from the drop-down list,
and then type your mobile device phone number.
2. Select Call me from the Method area, and then select Next.

3. You'll receive a phone call from Microsoft, asking you press the hash tag (#) sign on your
mobile device to verify your identity.

4. From the Step 3: Keep using your existing applications area, copy the provided app
password and paste it somewhere safe.

11. Security Patch management and updates in computer and Mobiles.

Patch management creates a centralized process for applying new patches to IT assets. These
patches can improve security, enhance performance, and boost productivity.

Security updates

Security patches address specific security risks, often by remediating a particular vulnerability.

Hackers often target unpatched assets, so the failure to apply security updates can expose a
company to security breaches.

Feature updates

Some patches bring new features to apps and devices. These updates can improve asset
performance and user productivity.

Bug fixes

Bug fixes address minor issues in hardware or software. Typically, these issues don't cause security
problems but do affect asset performance.

Minimizing downtime

Most companies find it impractical to download and apply every patch for every asset as soon as
it's available. That's because patching requires downtime. Users must stop work, log out, and
reboot key systems to apply patches.

Regulatory compliance

Cyber Security LAB SEM-III (All groups) Page 10

 SSR DEGREE COLLEGE Cyber Security
(LAB-RECORD)- SEM-III

Under regulations like the General Data Protection Regulation (GDPR), the Health Insurance
Portability and Accountability Act (HIPAA), and the Payment Card Industry Data Security Standard
(PCI-DSS), companies must follow certain cybersecurity practices. Patch management can help
organizations keep critical systems compliant with these mandates.

12. Managing Application permissions in Mobile phone.

Change app permissions

1. On your device, open the Settings app.

2. Tap Apps.
3. Tap the app you want to change. If you can't find it, tap See all apps. Then, choose your
app.
4. Tap Permissions.
o If you allowed or denied any permission for the app, you’ll find them here.
5. To change a permission setting, tap it, then choose Allow or don’t allow.

For location, camera, and microphone permissions, you may be able to choose:

 All the time: For location only. The app can use the permission at any time, even when
you’re not using the app.
 Allow only while using the app: The app can use the permission only when you're using
that app.
 Ask every time: Every time you open the app, it'll ask to use the permission. It can use the
permission until you’re done with the app.
 Don't allow: The app cannot use the permission, even when you’re using the app.

Change permissions based on their type

You can check which apps have the same permission setting. For example, you can check which
apps have permission to check your calendar.

1. On your device, open the Settings app.

2. Tap Security & Privacy Privacy Permission manager.
3. Tap a permission type.
o If you allowed or denied permission to any apps, you’ll find them here.
4. To change an app’s permission, tap the app, and then choose your permission settings.

13. Installation and configuration of computer Anti-virus.

What is Antivirus?

A computer antivirus is a software tool that is developed to detect, remove, or prevent computer
viruses and other malware from a computer and similar devices. This software kind usually spends
some time scanning for any patterns or behaviour that may be done by a malicious code like a
virus, worm, Trojan, or ransomware.

Cyber Security LAB SEM-III (All groups) Page 11

 Cyber Security
SSR DEGREE COLLEGE (LAB-RECORD)- SEM-III

Why do we Need Antivirus?

Antivirus protection is the program helping us to fulfil the aim of keeping our devices safe from
viruses, malware, and ransomware. Such harmful software can be very dangerous, it can just
infect our computers and steal our personal information, corrupt files, or completely devastate a
designated device and make it unusable.

How to Install Antivirus on Computer Step by Step?

Step 1: Download a Reliable Antivirus Software
The first thing to do when you want to install antivirus software on your Windows 10 OS is you
have to download dependable antivirus software.
Step 2: Install the Antivirus Software
When you have downloaded the antivirus software, click the ‘Open a file’ button and after that
click the ‘Install’ button. Installation is convenient.
Step 3: Configure the Software Settings
When you company the antivirus software, then you can set the settings to give you the best
protection according to you.
Step 4: Start the Scan
When the antivirus software has been installed, properly configured, and activated, you can start
the scan. The scan will detect all the problems on your PC and delete them from your system
effortlessly.
Step 5: Resolve the issues
After the scan, all issues or viruses that have been found in your computer are displayed. Click on
Resolve all issues to remove the virus from pc.
Step 6: Monitor the Software Performance
When you are done installing and setting up the antivirus app, you need to follow up on its
performance.
Configuring Anti-Virus
This section describes how to configure Anti-Virus.
Preparing
Before enabling Anti-Virus, make the following preparations:
1. Make sure your system version supports Anti-Virus.
2. Import an Anti-Virus license and reboot. The Anti-Virus will be enabled after the rebooting.
Creating an Anti-Virus Rule
To create an Anti-Virus rule, take the following steps:

1. On the Navigation pane, click Configure > Security > Anti-Virus to visit the Anti-Virus page.
2. Click New.
3. In the Anti-Virus Rule Configuration dialog, type the name into the Rule name box.
4. After the Binding zone option, select a security zone for the Anti-Virus rule from the
Available list, and click to add to the selected list.
5. Specify a protection type. If Predefined is selected, you need to specify a security level for
the protection in the Security level section. The default level is Medium. If User-defined is
selected, you need to specify the file types and protocol types, as well as the actions that
will be taken if any virus has been detected

Cyber Security LAB SEM-III (All groups) Page 12

 Cyber Security
SSR DEGREE COLLEGE (LAB-RECORD)- SEM-III

14. Installation and Configuration of computer Host Firewall.

A firewall plays a vital role in network security and needs to be properly configured to keep
organizations protected from data leakage and cyber attacks.

This is possible by configuring domain names and Internet Protocol (IP) addresses to keep the
firewall secure. Firewall policy configuration is based on network type, such as public or private,
and can be set up with security rules that block or allow access to prevent potential attacks from
hackers or malware.

Proper firewall configuration is essential, as default features may not provide maximum protection
against a cyberattack.

How To Configure a Firewall

1. Secure the firewall

Securing a firewall is the vital first step to ensure only authorized administrators have access to it.
This includes actions such as:

1. Update with the latest firmware

2. Never putting firewalls into production without appropriate configurations in place
3. Deleting, disabling, or renaming default accounts and changing default passwords
4. Use unique, secure passwords
5. Never using shared user accounts. If a firewall will be managed by multiple administrators,
additional admin accounts must have limited privileges based on individual responsibilities
6. Disabling the Simple Network Management Protocol (SNMP), which collects and organizes
information about devices on IP networks, or configuring it for secure usage
7. Restricting outgoing and incoming network traffic for specific applications or the
Transmission Control Protocol (TCP)

2. Establish firewall zones and an IP address structure

It is important to identify network assets and resources that must be protected. This includes
creating a structure that groups corporate assets into zones based on similar functions and the
level of risk.
3. Configure access control lists (ACLs)
Access control lists (ACLs) enable organizations to determine which traffic is allowed to flow in and
out of each zone. ACLs act as firewall rules, which organizations can apply to each firewall
interface and sub interface.
4. Configure other firewall services and logging

Some firewalls can be configured to support other services, such as a Dynamic Host Configuration
Protocol (DHCP) server, intrusion prevention system (IPS), and Network Time Protocol (NTP)
server. It is important to also disable the extra services that will not be used.

5. Test the firewall configuration

Cyber Security LAB SEM-III (All groups) Page 13

 SSR DEGREE COLLEGE Cyber Security
(LAB-RECORD)- SEM-III

With the configurations made, it is critical to test them to ensure the correct traffic is being
blocked and that the firewall performs as intended.
6. Manage firewall continually
Firewall management and monitoring are critical to ensuring that the firewall continues to
function as intended. This includes monitoring logs, performing vulnerability scans, and regularly
reviewing rules.

15. Wi-Fi Security management in computer and Mobile.

Mobile devices are very subjective tools, mainly used to facilitate routine operations, but they also
serve to store very confidential personal knowledge and data. Mobile security is the safety and
protection of smartphones, tablets, laptops and other portable devices, and the systems they
connect to, from threats and vulnerabilities linked with wireless computing.

SMiShing: SMiShing attack is initiated via text messages as an alternative of email.

BYOD: As enterprise users are permitted advanced admittance/access from individual mobiles
gadgets like smartphones and tablets are efficiently substituting desktops for numerous business
duties.

The Internet of Things (IoT): With the numerous kinds of smart devices, they cannot constantly be
supervised by customers or antivirus software’s. This makes IoT systems an attractive objective for
invaders who make use of them as entry points to the bigger network.

 Attacks based on GSM networks

Once the encryption algorithm of GSM is cracked, the invader can capture all unencrypted
messages made by the target's/user’s Smartphone system.
 Attacks based on lack of Wi-Fi security
An invader can attempt to snoop on Wi-Fi communications to obtain intelligence (e.g username,
password).
 Attacks based on Bluetooth
A mobile phone must be in the reach and Bluetooth in discovery mode. The invader sends a
file/script via Bluetooth. If the receiver acknowledges the request, a virus is broadcast.
Example: Cabir is a worm that circulates via Bluetooth link/connection.
 Attacks based on Operating system

Occasionally it is feasible to conquer the security defences by altering the OS itself.

ALL THE BEST

Cyber Security LAB SEM-III (All groups) Page 14