ST.

PAUL’S DEGREE & PG COLLEGE

(Affiliated to Osmania University)
Street No. 8, Himayathnagar, Hyderabad. Ph.No: 27602533

B.Com VI Semester [Computer Application]

Cyber Security[Study Material]

UNIT-I

Cyber security is the application of technologies, processes and controls to protect systems,
networks, programs, devices and data from cyber attacks.
It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation of
systems, networks and technologies.
Who needs cyber security?
Everyone who is connected to the Internet needs cyber security. This is because most cyber
attacks are automated and aim to exploit common vulnerabilities rather than specific websites
or organisations.
Types of cyber threats
Common cyber threats include:
 Malware, such as ransom ware, botnet software, RATs (remote access Trojans),
rootkits and bootkits, spyware, Trojans, viruses and worms.
 Backdoors, which allow remote access.
 Form jacking, which inserts malicious code into online forms.
 Cryptojacking, which installs illicit crypto currency mining software.
 DDoS (distributed denial-of-service) attacks, which flood servers, systems and
networks with traffic to knock them offline.
 DNS (domain name system) poisoning attacks, which compromise the DNS to
redirect traffic to malicious sites.
What are the 5 types of cyber security?
1. Critical infrastructure cyber security
Critical infrastructure organisations are often more vulnerable to attack than others because
SCADA (supervisory control and data acquisition) systems often rely on older software.
Operators of essential services in the UK‘s energy, transport, health, water and digital
infrastructure sectors, and digital service providers are bound by the NIS Regulations
(Network and Information Systems Regulations 2018).
Among other provisions, the Regulations require organisations to implement appropriate
technical and organisational measures to manage their security risks.
2. Network security
Network security involves addressing vulnerabilities affecting our operating systems and
network architecture, including servers and hosts, firewalls and wireless access points, and
network protocols.
3. Cloud security
Cloud security is concerned with securing data, applications and infrastructure in the Cloud.
4. IoT (Internet of Things) security

1
IoT security involves securing smart devices and networks that are connected to the IoT. IoT
devices include things that connect to the Internet without human intervention, such as smart
fire alarms, lights, thermostats and other appliances.
5. Application security
Application security involves addressing vulnerabilities resulting from insecure development
processes in the design, coding and publishing of software or a website.
Cyber security vs information security
Cyber security is often confused with information security.
 Cyber security focuses on protecting computer systems from unauthorised access or
being otherwise damaged or made inaccessible.
 Information security is a broader category that protects all information assets, whether
in hard copy or digital form.
What is internet governance?
A) Internet governance refers to the rules, policies, standards and practices
that coordinate and shape global cyberspace. The Internet is a vast network of independently-
managed networks, woven together by globally standardized data communication protocols
(primarily, Internet Protocol, TCP, UDP, DNS and BGP). The common adoption and use of
these protocols unified the world of information and communications like never before.
Millions of digital devices and massive amounts of data, software applications, and electronic
services became compatible and interoperable. The Internet created a new environment, a
complex and dynamic ―cyberspace.‖
While Internet connectivity generated innovative new services, capabilities and
unprecedented forms of sharing and cooperation, it also created new forms of crime, abuse,
surveillance and social conflict. Internet governance is the process whereby cyberspace
participants resolve conflicts over these problems and develop a workable order.
The challenges of Internet governance
Cyber Threats:
the word ―cyber‖ referred to cybernetics – the science of understanding the control and
movement of machines and animals. This was followed by ―cyber‖ standing for
―computerized.‖
A cyber or cyber security threat is a malicious act that seeks to damage data, steal data, or
disrupt digital life in general. Cyber threats include computer viruses, data breaches, Denial
of Service (DoS) attacks, and other attack vectors.
Cyberwarfare:
cyberwarfare is the use of cyber attacks against a nation-state, causing it significant harm, up
to and including physical warfare, disruption of vital computer systems and loss of life.
Types of cyberwarfare attacks
The threat of cyberwarfare attacks grows as a nation, critical systems are increasingly
connected to the internet. Even if these systems can be properly secured, they can still be
hacked by perpetrators recruited by nation-states to find weaknesses and exploit them.
Major types of cyberwarfare attacks include the following.
Destabilization
In recent years, cybercriminals have been attacking governments through critical
infrastructure, including such entities as transportation systems, banking systems, power
grids, water supplies, dams and hospitals. The adoption of the internet of things makes the
manufacturing industry increasingly susceptible to outside threats.

2
From a national security perspective, destabilizing critical digital infrastructure inflicts
damage on vital modern services or processes.
For example, an attack on the energy grid could have massive consequences for the
industrial, commercial and private sectors.
Sabotage
Cyber attacks that sabotage government computer systems can be used to support
conventional warfare efforts. Such attacks can block official government communications,
contaminate digital systems, enable the theft of vital intelligence and threaten national
security. State-sponsored or military-sponsored attacks,
for example, may target military databases to get information on troop locations, weapons
and equipment being used.
Data theft
Cybercriminals hack computer systems to steal data that can be used for intelligence, held for
ransom, sold, used to incite scandals and chaos, or even destroyed.
Cyber Crime
The crime that involves and uses computer devices and Internet, is known as cybercrime.
Cybercrime can be committed against an individual or a group; it can also be committed
against government and private organizations. It may be intended to harm someone‘s
reputation, physical harm, or even mental harm.
Cybercrime can cause direct harm or indirect harm to whoever the victim is. However, the
largest threat of cybercrime is on the financial security of an individual as well as the
government.
Types of Cybercrime
Hacking
It is an illegal practice by which a hacker breaches the computer‘s security
system of someone for personal interest.
Unwarranted mass-surveillance
Mass surveillance means surveillance of a substantial fraction of a group of people by the
authority especially for the security purpose, but if someone does it for personal interest, it is
considered as cybercrime.
Child pornography
It is one of the most heinous crimes that is brazenly practiced across the world. Children are
sexually abused and videos are being made and uploaded on the Internet.
Child grooming
It is the practice of establishing an emotional connection with a child especially for the
purpose of child-trafficking and child prostitution.
Copyright infringement
If someone infringes someone‘s protected copyright without permission and publishes that
with his own name, is known as copyright infringement.
Money laundering
Illegal possession of money by an individual or an organization is known as money
laundering. It typically involves transfers of money through foreign banks and/or legitimate
business. In other words, it is the practice of transforming illegitimately earned money into
the legitimate financial system.
Cyber terrorism:
Cyber terrorism can be explained as internet terrorism. With the advent of the internet,
individuals and groups are misusing the anonymity to threaten individuals, certain groups,

3
religions, ethnicities or beliefs. Cyberterrorism can be broadly categorized under three major
categories:
Simple: This consists of basic attacks including the hacking of an individual system.
Advanced: These are more sophisticated attacks and can involve hacking multiple systems
and/or networks.
Complex: These are coordinated attacks that can have a large-scale impact and make use of
sophisticated tools.
Cyber Espionage
Cyber espionage, or cyber spying, is a type of cyber attack in which an unauthorized user
attempts to access sensitive or classified data or intellectual property (IP) for economic gain,
competitive advantage or political reasons.
Cyber espionage attacks can be motivated by monetary gain; they may also be deployed in
conjunction with military operations or as an act of cyber terrorism or cyber warfare. The
impact of cyber espionage, particularly when it is part of a broader military or political
campaign, can lead to disruption of public services and infrastructure, as well as loss of life.
Need for a Comprehensive Cyber Security Policy
Security policies are a formal set of rules which is issued by an organization to ensure that the
user who are authorized to access company technology and information assets comply with
rules and guidelines related to the security of information. It is a written document in the
organization which is responsible for how to protect the organizations from threats and how
to handles them when they will occur. A security policy also considered to be a "living
document" which means that the document is never finished, but it is continuously updated as
requirements of the technology and employee changes.
Need of Security policies-
1) It increases efficiency.
The best thing about having a policy is being able to increase the level of consistency which
saves time, money and resources. The policy should inform the employees about their
individual duties, and telling them what they can do and what they cannot do with the
organization sensitive information.
2) It upholds discipline and accountability
When any human mistake will occur, and system security is compromised, then the security
policy of the organization will back up any disciplinary action
and also supporting a case in a court of law. The organization policies act as a contract which
proves that an organization has taken steps to protect its intellectual property, as well as its
customers and clients.
3) It can make or break a business deal
It is not necessary for companies to provide a copy of their information security policy to
other vendors during a business deal that involves the transference of their sensitive
information. It is true in a case of bigger businesses which ensures their own security interests
are protected when dealing with smaller businesses which have less high-end security
systems in place.
4) It helps to educate employees on security literacy
A well-written security policy can also be seen as an educational document which informs the
readers about their importance of responsibility in protecting the organization sensitive data.
It involves on choosing the right passwords, to providing guidelines for file transfers and data
storage which increases employees overall awareness of security and how it can be
strengthened.

4
Need for a Nodal Authority:
What is nodal authority?
Nodal Officer means an officer of the Company nominated by the Board to receive protected
disclosures from whistle blowers, maintaining records thereof, placing the same before the
Audit Committee for its disposal and informing the whistle blower the result thereof.
CERT-In is the national nodal agency for responding to computer security incidents as and
when they occur. CERT-In has been designated to serve as the national agency to perform the
following functions in the area of cyber security: Collection, analysis and dissemination of
information on cyber incidents.
Need for an International convention on Cyberspace.
The need to create a universal and transparent global framework to ensure the effective
security and utilization of cyberspace ―for the economic and social advancement of
all peoples‖ has become paramount.
Cyber Security Vulnerabilities: Overview
What is Vulnerability in Cyber Security?
A vulnerability in cyber security refers to any weakness in an information system, system
processes, or internal controls of an organization. These vulnerabilities are targets for lurking
cybercrimes and open to exploitation through the points of vulnerability.
These hackers are able to gain illegal access to the systems and data and cause severe
damage. Therefore, cyber security vulnerabilities are extremely important to monitor for the
overall security posture as gaps in a network can result in a full-scale breach of systems in an
organization.
Examples of Vulnerabilities
A weakness in a firewall that can lead to malicious hackers getting into a computer network
 Lack of security cameras
 Unlocked doors at businesses.
 vulnerabilities in software
A software vulnerability is a defect in software that could allow an attacker to gain control of
a system. These defects can be because of the way the software is designed, or because of a
flaw in the way that it‘s coded.
How Does a Software Vulnerability Work?
An attacker first finds out if a system has a software vulnerability by scanning it. The scan
can tell the attacker what types of software are on the system, are they up to date, and
whether any of the software packages are vulnerable.
When the attacker finds that out, he or she will have a better idea of what types of attacks to
launch against the system. A successful attack would result in the attacker being able to run
malicious commands on the target system.
System administration
A security systems administrator is someone who gives expert advice to companies regarding
their internal security procedures and can also help to detect any weaknesses in a companys
computer network that may make them vulnerable to cyber attacks. Security systems
administrators are a company‘s first step in monitoring suspicious activity either within the
local network or from outside internet traffic.
Security systems administrators are in charge of the daily operation of security systems, and
can handle things like systems monitoring and running regular backups; setting up, deleting
and maintaining individual user accounts; and developing organizational security procedures.

5
Complex Network Architectures:
Cybersecurity architecture, also known as ―network security architecture‖, is a
framework that specifies the organizational structure, standards, policies and functional
behavior of a computer network, including both security and network features. Cyber
security architecture is also the manner in which various components of our cyber or
computer system are organized, synced and integrated.
The components listed below are part of an effective and carefully planned security
architecture:
Direction in the area of incident response to threats, disaster recovery, systems configuration,
account creation and management, and cyber security monitoring.
 Identity management.
 Decided inclusion and exclusion of those subject to the domain of the
security architecture.
 Access and border control.
 Validation and adjustment of the architecture.
 Training.
Poor Cyber Security Awareness:
While many businesses use strong security practices to reduce the risks to our
information, it‘s up to everyone to make these methods stronger. After all, we wouldn‘t
leave our car unlocked when we‘re heading off to the mall for the day. Companies will
do what they can to protect our information, but we should also do what we can to keep
it safe as well.
1. Outdated Software
Websites are not the only ways we can be hacked, either. Operating systems on our
computer, mobile devices or even software running our wireless network at home are easy to
compromise for hackers.
2. Not Understanding the Threat
One of the most common reasons why cyber attacks cause so much damage is because
of the lack of proper understanding. A lot of people believe themselves to be immune
from threats and don‘t really put thought into how dangerous attacks can become.
Even something as simple as a web browser can lead to all kinds of problems in work
and personal lifestyles
3. Lack of Proper Protection
One of the leading causes to how hackers gain a foothold in our systems is due to
improper protection.
Remember the comment earlier about not locking our door at night? Essentially, a lack
of security software on our computer or website would be like removing that door
entirely.
3. Effects of Ransomware
Ransomware has been around for quite some time, but it has grown exponentially since
2015. Essentially, this is when someone gains control of a database or computer system
and blocks its use until a ―ransom‖ is paid.
Keep firewalls online and updates current. If we come across suspicious emails or
programming, run anti-malware applications or seek professional help. Unfortunately,
some attacks may require far more attention than what software can give.
4. Evolving Software

6
 Some forms of attacks are extremely difficult to track down and stop, even for
high-end software.
For example, a polymorphic virus delivers a new payload every time it expands.
This means it essentially mutates each time making it very difficult to spot.
Update all of our applications regularly. Even things we don‘t use that often, such
as Adobe Flash or Java Runtime, can have vulnerabilities. This is why companies
will often send out update requests to computers running those apps.
5. Carelessness through Email
One of the most common forms of attacks from hackers is that of using email.
Messages that may look legitimate are often points for the criminal element to steal
information. This is called, ―phishing.‖ In many cases, these messages are
almost impossible to discern from the real thing.

Attachments are another common way that hackers infiltrate computer systems through
email. Even the most innocent of files can become weapons against we. Many of these
file types include ZIP, EXE and XLS extensions.
Never open unknown or suspicious attachments in our email. If we didn‘t specifically
ask for the file to be sent to we, there is a good chance that it‘s a form of an attack we
want to avoid.
6. Unprotected Home Networks
A common problem that affects many people every year is an unprotected home
network. Update firmware on our devices when it becomes available. Also, keep our
Wi-Fi networks protected with high-encryption methods and MAC address
authentication if it‘s available. And don‘t underestimate the value of hiding our SSID.
Older wireless networks are just as sensitive to new attacks as older pieces of software. It
may be worth the money to upgrade our system.
8. Social Media Behavior
Even our activity on social media can become a target for hackers. Most of the time,
this is through gaining access to an account.
Always be on the lookout for suspicious links from friends and family. We may also want to
be mindful about what applications we allow to have access to our social media accounts.
We could be handing someone over the keys to our proverbial front door in the cyber world.
9. Lack of Recovery
Another dangerous aspect to cyber threats is the inability to recover from a disaster.
invest in a system that delivers regular backups and an easy recovery system. Even if a
hacker does destroy our information, we can easily replace it all with the right platform.
In some instances, this can all be done automatically or with a drag-and-drop platform.
Cyber security safeguards overview
Cyber security is the application of technologies, processes and controls to protect systems,
networks, programs, devices and data from cyber attacks. It aims to reduce the risk of cyber
attacks and protect against the unauthorised exploitation of systems, networks and
technologies. Boost our cyber defences with these must-have security measures:
1. Staff awareness training
Human error is the leading cause of data breaches. It is therefore essential that we equip staff
with the knowledge to deal with the threats they face.
Staff awareness training will show employees how security threats affect them and help them
apply best-practice advice to real-world situations.

7
2. Application security
Web application vulnerabilities are a common point of intrusion for cyber criminals.
As applications play an increasingly critical role in business, it is vital to focus on web
application security.
3. Network security
Network security is the process of protecting the usability and integrity of our network and data.
This is achieved by conducting a network penetration test, which assesses our network for
vulnerabilities and security issues.
4. Leadership commitment
Leadership commitment is key to cyber resilience. Without it, it is tough to establish or enforce
effective processes. Top management must be prepared to invest in appropriate cyber security
resources, such as awareness training.
5. Password management
Almost half of the UK population uses ‗password‘, ‗123456‘ or ‗qwerty‘ as their password. We
should implement a password management policy that provides guidance to ensure staff create
strong passwords and keep them secure.
6. Access control:
Access control is a data security process that enables organizations to manage who is
authorized to access corporate data and resources. Secure access control uses policies that
verify users are who they claim to be and ensures appropriate control access levels are
granted to users.
Access control is managed through several components:
7. Authentication

Authentication is the initial process of establishing the identity of a user. For example, when
a user signs in to their email service or online banking account with a username and
password combination, their identity has been authenticated. However, authentication alone
is not sufficient to protect organizations‘ data.
8. Authorization

Authorization adds an extra layer of security to the authentication process. It specifies access
rights and privileges to resources to determine whether the user should be granted access to
data or make a specific transaction.
For example, an email service or online bank account can require users to provide two-factor
authentication (2FA), which is typically a combination of something they know (such as a
password), something they possess (such as a token), or something they are (like a biometric
verification). This information can also be verified through a 2FA mobile app or a
thumbprint scan on a smartphone.
9. Access

Once a user has completed the authentication and authorization steps, their identity will be
verified. This grants them access to the resource they are attempting to log in to.

8
 10. Manage

Organizations can manage their access control system by adding and removing the
authentication and authorization of their users and systems. Managing these systems can
become complex in modern IT environments that comprise cloud services and on-premises
systems.
11.Audit
Organizations can enforce the principle of least privilege through the access control audit
process. This enables them to gather data around user activity and analyze that information to
discover potential access violations.

12. Biometrics:
Biometrics scanners are hardware used to capture the biometric for verification of identity.
These scans match against the saved database to approve or deny access to the system. In other
words, biometric security means our body becomes the ―key‖ to unlock our access.
13. cryptography
Cryptography is the study of secure communications techniques that allow only the sender and
intended recipient of a message to view its contents. The term is derived from the Greek
word kryptos, which means hidden. It is closely associated to encryption, which is the act of
scrambling ordinary text into what's known as ciphertext and then back again upon arrival. In
addition, cryptography also covers the obfuscation of information in images using techniques
such as microdots or merging. Ancient Egyptians were known to use these methods in complex
hieroglyphics, and Roman Emperor Julius Caesar is credited with using one of the first modern
ciphers.

14. Deception:
Deception technology is a cybersecurity defense practice that aims to deceive attackers by
distributing a collection of traps and decoys across a system's infrastructure to imitate genuine
assets.
Denial of Service Filters

15] Ethical Hacking

Ethical Hacking is an authorized practice of bypassing system security to identify potential
data breaches and threats in a network. The company that owns the system or network

9
allows Cyber Security engineers to perform such activities in order to test the system‘s
defenses. Thus, unlike malicious hacking, this process is planned, approved, and more
importantly, legal.
Ethical hackers aim to investigate the system or network for weak points that malicious
hackers can exploit or destroy. They collect and analyze the information to figure out ways to
strengthen the security of the system/network/applications. By doing so, they can improve
the security footprint so that it can better withstand attacks or divert them.
Ethical hackers are hired by organizations to look into the vulnerabilities of their systems and
networks and develop solutions to prevent data breaches. Consider it a high-tech permutation
of the old saying ―It takes a thief to catch a thief.‖
They check for key vulnerabilities include but are not limited to:
 Injection attacks
 Changes in security settings
 Exposure of sensitive data
 Breach in authentication protocols
 Components used in the system or network that may be used as access points
16]Firewalls: A Firewall is a network security device that monitors and filters incoming and
outgoing network traffic based on an organization‘s previously established security policies.
At its most basic, a firewall is essentially the barrier that sits between a private internal
network and the public Internet. A firewall‘s main purpose is to allow non-threatening traffic
in and to keep dangerous traffic out.
17] Intrusion Detection Systems:An Intrusion Detection System (IDS) is a monitoring
system that detects suspicious activities and generates alerts when they are detected.
Based upon these alerts, a security operations center (SOC) analyst or incident responder can
investigate the issue and take the appropriate actions to remediate the threat.
18] Response:Incident response (IR) is a set of information security policies and procedures
that we can use to identify, contain, and eliminate cyberattacks. The goal of incident response
is to enable an organization to quickly detect and halt attacks, minimizing damage and
preventing future attacks of the same type
19] Scanning:Scanning is a set of procedures for identifying live hosts, ports, and services,
discovering Operating system and architecture of target system, Identifying vulnerabilities
and threats in the network.
20] Security policy:A cybersecurity policy sets the standards of behavior for activities such
as the encryption of email attachments and restrictions on the use of social media.
Cybersecurity policies are important because cyberattacks and data breaches are potentially
costly. For large organizations or those in regulated industries, a cybersecurity policy is often
dozens of pages long. For small organizations, however, a security policy might be only a
few pages and cover basic safety practices. Such practices might include:

1
  Rules for using email encryption
 Steps for accessing work applications remotely
 Guidelines for creating and safeguarding passwords
 Rules on use of social media

What is Ethical Hacking and Type of Ethical Hackers

The term ‗Hacker‘ was coined to describe experts who used their skills to re-develop
mainframe systems, increasing their efficiency and allowing them to multi-task. Nowadays,
the term routinely describes skilled programmers who gain unauthorized access into
computer systems by exploiting weaknesses or using bugs, motivated either by malice or
mischief. For example, a hacker can create algorithms to crack passwords, penetrate
networks, or even disrupt network services.
The primary motive of malicious/unethical hacking involves stealing valuable information or
financial gain. However, not all hacking is bad. This brings us to the second type of hacking:
Ethical hacking. So what is ethical hacking, and why do we need it? And in this article, we
will learn all about what is ethical hacking and more.

Type of Hackers
The practice of ethical hacking is called ―White Hat” hacking, and those who perform it are
called White Hat hackers. In contrast to Ethical Hacking, “Black Hat‖ hacking describes
practices involving security violations. The Black Hat hackers use illegal techniques to
compromise the system or destroy information.
Unlike White Hat hackers, ―Grey Hat” hackers don‘t ask for permission before getting into
our system. But Grey Hats are also different from Black Hats because they don‘t perform
hacking for any personal or third-party benefit. These hackers do not have any malicious
intention and hack systems for fun or various other reasons, usually informing the owner
about any threats they find. Grey Hat and Black Hat hacking are both illegal as they both
constitute an unauthorized system breach, even though the intentions of both types of hackers
differ.

White Hat vs Black Hat Hacker

The best way to differentiate between White Hat and Black Hat hackers is by taking a look at
their motives. Black Hat hackers are motivated by malicious intent, manifested by personal
gains, profit, or harassment; whereas White Hat hackers seek out and remedy vulnerabilities,
so as to prevent Black Hats from taking advantage.

1
Threat Management.
Most security teams face information fragmentation, which can lead to blind spots in security
operations. And wherever they exist, blind spots compromise a team‘s ability to identify,
protect against and respond to security threats promptly.
Today‘s dangers now include mutating software, advanced persistent threats (APT), insider
threats, and vulnerabilities around cloud-based computing services — more than antivirus
software can handle.
How threat management works
Many modern threat management systems use the cybersecurity framework established by
the National Institute of Standards and Technology (NIST). NIST provides comprehensive
guidance to improve information security and cybersecurity risk management for private
sector organizations. One of their guides, the NIST Cybersecurity Framework (NIST CF),
consists of standards and best practices. Five primary functions make up its core structure.
They are to identify, protect, detect, respond and recover.

1
13
14