Chapter:Cyber Security

 

 What is called malware in cyber security? Explain thee today's most common types of malware attacks to the data and software system.

Malware (short for malicious software) is any software or code intentionally designed to damage, disrupt, steal data from, or gain unauthorized access to a computer system, network, or device.

It can affect:

  • Data (steal, corrupt, delete, or encrypt it)
  • Software (disrupt or control applications)
  • Systems (slow down or completely disable devices or networks)

Most Common Types of Malware Attacks Today

1. Virus

A computer virus is malware that attaches itself to a legitimate file or program and spreads when the file is executed.

How it works:

  • Activates when the infected file is opened
  • Replicates and spreads to other files or systems

Impact:

  • Corrupts files
  • Damages system performance
  • Can delete data

2. Worm

A worm is a standalone malware that spreads automatically across networks without needing a host file.

How it works:

  • Exploits network vulnerabilities
  • Self-replicates and spreads quickly

Impact:

  • Consumes bandwidth
  • Slows down networks
  • Can cause large-scale outages

3. Trojan Horse (Trojan)

A Trojan is malware disguised as a legitimate program to trick users into installing it.

How it works:

  • Appears safe (e.g., fake app or software update)
  • Once installed, it opens backdoors for attackers

Impact:

  • Steals passwords and sensitive data
  • Allows remote control of the system
  • Installs other malware

4. Ransomware

Ransomware locks or encrypts a victim’s data and demands payment (ransom) to restore access.

How it works:

  • Encrypts files or locks system access
  • Displays ransom message

Impact:

  • Loss of access to important data
  • Financial loss
  • Business disruption

5. Spyware

Spyware secretly monitors user activity and collects personal information without consent.

How it works:

  • Runs in the background unnoticed
  • Tracks keystrokes, browsing habits, and passwords

Impact:

  • Identity theft
  • Privacy invasion
  • Financial fraud

Define different types of computer related threats. What types of control measure should be applied to get protected from them

Computer-related threats are any possible dangers that can harm computer systems, networks, software, or data by causing unauthorized access, disruption, damage, or theft.

1. Malware threats

These are harmful software programs designed to damage or control systems.

  • Examples: viruses, worms, Trojans, ransomware, spyware
  • Effects: data loss, system slowdown, data theft, system takeover

2. Phishing and social engineering threats

These rely on tricking users into revealing sensitive information.

  • Examples: fake emails, fake websites, impersonation calls/messages
  • Effects: password theft, financial fraud, identity theft

3. Network threats

These target communication systems and data transmission.

  • Examples: hacking, packet sniffing, man-in-the-middle attacks, DoS/DDoS attacks
  • Effects: service disruption, data interception, network downtime

4. Password-based threats

Attackers try to break or steal passwords to gain access.

  • Examples: brute-force attacks, dictionary attacks, credential stuffing
  • Effects: unauthorized account access, data breach

5. Insider threats

Threats coming from people within an organization.

  • Examples: employees misusing access, leaking data intentionally or accidentally
  • Effects: data theft, sabotage, loss of trust

6. Physical threats

Damage caused to hardware or physical systems.

  • Examples: theft of devices, fire, water damage, power failure
  • Effects: hardware loss, data destruction, system downtime

7. Software vulnerabilities

Weaknesses in software that attackers exploit.

  • Examples: unpatched software, bugs, outdated systems
  • Effects: unauthorized access, system crashes, malware injection

Control measures to protect computer systems

1. Technical controls

These are technology-based protections:

  • Install and update antivirus/anti-malware software
  • Use firewalls to block unauthorized access
  • Apply encryption for sensitive data
  • Keep software and operating systems updated (patching)
  • Use secure authentication (strong passwords, MFA)
  • Regular data backups

2. Administrative controls

These involve rules and policies:

  • Cybersecurity training for users
  • Access control policies (limit who can access what)
  • Regular security audits
  • Incident response plans
  • Password management policies

3. Physical controls

Protect hardware and physical infrastructure:

  • Locked server rooms
  • CCTV surveillance
  • Biometric or card access systems
  • Backup power supply (UPS)
  • Fire and disaster protection systems

4. Behavioral controls (user practices)

  • Avoid clicking unknown links or attachments
  • Use strong, unique passwords
  • Do not share sensitive information online
  • Verify emails and websites before logging in
  • Log out after use on public systems 

What is called firewall in network security? Differentiatae IDS and IPS in network security management.

A firewall is a network security system (hardware, software, or both) that monitors and controls incoming and outgoing network traffic based on predefined security rules.

Functions of a Firewall:

  • Blocks unauthorized access to a network
  • Allows safe and trusted communication
  • Filters traffic based on IP addresses, ports, and protocols
  • Acts as a barrier between internal network and external networks (like the internet)

👉 In simple terms: A firewall is like a security guard at the entrance of a network.


Difference Between IDS and IPS

1. IDS (Intrusion Detection System)

An IDS (Intrusion Detection System) is a security tool that monitors network traffic and alerts administrators when suspicious activity is detected.

2. IPS (Intrusion Prevention System)

An IPS (Intrusion Prevention System) is a security tool that not only detects threats but also automatically blocks or prevents them.


Key Differences

Feature

IDS (Intrusion Detection System)

IPS (Intrusion Prevention System)

Main Function

Detects and alerts about threats

Detects and actively prevents threats

Action

Passive (no direct blocking)

Active (blocks malicious traffic)

Response

Sends alert to admin

Automatically stops attack

Placement

Monitors network traffic

Placed inline in network path

Risk Handling

Only reports suspicious activity

Stops harmful activity immediately

Example Use

Security monitoring and analysis

Real-time protection of systems


Simple Summary

  • Firewall: Controls and filters network traffic based on rules
  • IDS: Detects attacks and alerts the system admin
  • IPS: Detects and automatically blocks attacks

 

What does identity and access control mean in cyhber swcurity?: Expalin single factor and multifactor authentication applied in network and system security with suitable example.

Identity and Access Control (IAM – Identity and Access Management) refers to the process of:

  • Identifying users (who they are)
  • Authenticating users (verifying their identity)
  • Authorizing users (deciding what resources they can access)

In simple terms:

It ensures that only the right people get access to the right systems at the right time.

Example:

  • A student logs into a college portal using a username and password.
  • The system verifies the student’s identity and allows access only to student-related data, not admin controls.

Authentication Types in Network and System Security

Authentication is the process of verifying a user’s identity before granting access.

There are mainly two types:


1. Single-Factor Authentication (SFA)

Definition:
Single-factor authentication uses only one method to verify identity, usually something the user knows (like a password).

Common factors:

  • Password
  • PIN
  • Security question

Example:

  • Logging into your email using only a username and password.

Advantages:

  • Simple and fast
  • Easy to use

Disadvantages:

  • Less secure
  • Passwords can be stolen or guessed

2. Multi-Factor Authentication (MFA)

Definition:
Multi-factor authentication uses two or more verification methods from different categories:

  • Something you know (password/PIN)
  • Something you have (mobile phone, OTP, security token)
  • Something you are (fingerprint, face recognition)

Example:

  • Logging into a bank account:
    1. Enter password (something you know)
    2. Enter OTP sent to mobile (something you have)

Advantages:

  • Much more secure
  • Harder for attackers to access accounts

Disadvantages:

  • Slightly slower login process
  • Requires extra devices or steps

Simple Comparison

Feature

Single-Factor Authentication

Multi-Factor Authentication

Security Level

Low

High

Methods Used

One (password)

Two or more factors

Example

Password login

Password + OTP or fingerprint

Risk

Easy to hack

Very difficult to hack


Summary

Identity and access control ensures secure system access by verifying users. Single-factor authentication uses only one method like a password, while multi-factor authentication uses multiple verification steps such as OTPs and biometrics, making it much more secure for modern network and system protection.

 

What do you mean by digital signature?: How does it provide far more inherent security than handwritten signature?

A digital signature is a cryptographic technique used to verify the authenticity, integrity, and origin of a digital message or document.

It is created using public key cryptography, where:

  • The sender uses a private key to sign the data
  • The receiver uses the sender’s public key to verify it

In simple terms:

A digital signature is an electronic “seal” or proof that a message truly comes from the sender and has not been changed.


How a Digital Signature Works (Basic Idea)

  1. A message is created (e.g., an email or document)
  2. A hash (digital fingerprint) of the message is generated
  3. The hash is encrypted using the sender’s private key → this becomes the digital signature
  4. The receiver decrypts it using the sender’s public key
  5. The receiver compares the hash → if it matches, the message is authentic and unchanged

Why Digital Signatures are More Secure than Handwritten Signatures

1. Authentication (Identity Verification)

  • Handwritten signature: Can be copied or forged
  • Digital signature: Cryptographically linked to the sender’s private key, making it extremely hard to fake

2. Integrity (No Tampering)

  • Handwritten signature: Document can be changed after signing without easy detection
  • Digital signature: Any change in the document invalidates the signature immediately

3. Non-repudiation (No Denial)

  • Handwritten signature: Sender may deny signing it
  • Digital signature: Legally and technically proves the sender signed it using their private key

4. Strong Encryption Security

  • Uses advanced algorithms like RSA or ECC
  • Breaking it without the private key is practically impossible with current computing power

5. Automatic Verification

  • Handwritten signatures require human judgment
  • Digital signatures are verified instantly by systems with high accuracy

6. Security Against Forgery

  • Handwritten signatures can be traced, scanned, or replicated
  • Digital signatures are unique and tied to secure cryptographic keys

Summary

A digital signature is a secure electronic method of signing data using cryptography. It is far more secure than handwritten signatures because it ensures:

  • Identity verification
  • Data integrity
  • Prevention of forgery
  • Legal proof of authenticity 

What do yo mean by hacking? Classify the types of hacker with suitable example.

Hacking is the process of gaining unauthorized or authorized access to a computer system, network, or digital device by exploiting weaknesses in security.

It may be used for:

  • Testing security (ethical use)
  • Stealing data or causing damage (illegal use)

Types of Hackers (with examples)

Hackers are classified based on their intent and purpose.


1. White Hat Hackers (Ethical Hackers)

These hackers work legally and ethically to find and fix security vulnerabilities.

Purpose:

  • Improve system security
  • Protect organizations from attacks

Example:

  • A security expert hired by a company to test their website for weaknesses (penetration testing)

2. Black Hat Hackers (Malicious Hackers)

These hackers hack systems illegally for personal gain or to cause harm.

Purpose:

  • Steal data
  • Financial fraud
  • Damage systems

Example:

  • A hacker stealing credit card information from an online shopping site

3. Grey Hat Hackers

These hackers fall between ethical and unethical. They may break into systems without permission but not for harmful intent.

Purpose:

  • Discover vulnerabilities, sometimes report them later
  • May violate laws but not always for personal gain

Example:

  • A hacker accessing a website without permission and informing the owner about security flaws

4. Script Kiddies

These are unskilled hackers who use existing tools or scripts created by others.

Purpose:

  • Cause disruption or show off
  • Lack deep technical knowledge

Example:

  • A teenager using a ready-made tool to crash a website

5. Hacktivists

These hackers use hacking for political or social causes.

Purpose:

  • Protest against governments or organizations
  • Spread messages or awareness

Example:

  • Defacing a government website to protest a policy

Summary Table

Type

Intent

Example

White Hat

Ethical, security improvement

Company security tester

Black Hat

Illegal, harmful

Data theft hacker

Grey Hat

Mixed intent

Unauthorized vulnerability finder

Script Kiddie

Low skill, uses tools

Uses hacking software to attack sites

Hacktivist

Political/social cause

Website defacement for protest

 

What is digital signature? Explain the major aplication of digital signature?

A digital signature is a cryptographic method used to verify the authenticity, integrity, and origin of a digital message or document.

It works using public key cryptography, where:

  • The sender signs the document using a private key
  • The receiver verifies it using the sender’s public key

In simple terms:

A digital signature is an electronic proof of identity and approval for digital data, ensuring it has not been altered.


Major Applications of Digital Signature

Digital signatures are widely used in areas where security, trust, and legal validity are important.


1. E-Governance and Government Services

Digital signatures are used in online government systems for secure document submission.

Examples:

  • Filing income tax returns
  • Online passport applications
  • Digital land record submissions

2. Banking and Financial Services

Banks use digital signatures to secure transactions and documents.

Examples:

  • Online fund transfers
  • Loan agreements
  • Digital account opening forms

3. E-Commerce Transactions

They help ensure secure online business activities.

Examples:

  • Signing purchase agreements
  • Verifying online contracts
  • Securing payment confirmations

4. Legal Documents and Contracts

Digital signatures make electronic documents legally valid.

Examples:

  • Employment contracts
  • Business agreements
  • Court filings in e-legal systems

5. Email Security

Digital signatures are used to verify that emails are genuine and not altered.

Examples:

  • Business communication verification
  • Preventing email spoofing or fraud

6. Software Distribution

Software companies use digital signatures to ensure software authenticity.

Examples:

  • Verifying software updates
  • Preventing installation of tampered software

What is phising ? Explain the types of phising?

Phishing is a type of cyber attack where attackers try to trick users into revealing sensitive information such as:

  • Passwords
  • Bank account details
  • Credit card numbers
  • OTPs or personal data

They usually do this by pretending to be a trusted source like a bank, company, or government service.

👉 In simple terms: Phishing is a fake attempt to steal your personal information by deception.


Types of Phishing Attacks

1. Email Phishing

This is the most common type of phishing attack.

How it works:

  • Attackers send fake emails that look like they are from banks or companies
  • The email contains fake links or attachments

Example:
An email saying “Your bank account is blocked. Click here to verify.”


2. Spear Phishing

This type targets a specific person or organization.

How it works:

  • The attacker collects personal information about the victim
  • Sends highly customized and believable messages

Example:
A fake email sent to an employee pretending to be their company manager asking for login details.


3. Whaling

This is a form of spear phishing that targets high-level executives like CEOs or managers.

How it works:

  • Uses very convincing messages
  • Focuses on important people with access to valuable data

Example:
A fake legal email sent to a company CEO requesting urgent financial transfer.


4. Smishing (SMS Phishing)

Phishing done through text messages (SMS).

How it works:

  • Victim receives a fake SMS with malicious links

Example:
“Your bank account is locked. Click this link to unlock it.”


5. Vishing (Voice Phishing)

Phishing done through phone calls.

How it works:

  • Attackers pretend to be bank officers or customer support
  • They try to extract sensitive information

Example:
A caller asking for your OTP or ATM PIN pretending to be from a bank.


6. Clone Phishing

This involves creating a fake copy of a real email.

How it works:

  • Attacker duplicates a legitimate email
  • Replaces safe links with malicious ones

Example:
A copied delivery confirmation email with a fake tracking link.

What is the role of confidentially, integrity and Availability in cyber Security? Explain

The CIA Triad is the core model of cyber security. It defines three main goals that protect information systems and data from threats and misuse:

  • Confidentiality
  • Integrity
  • Availability

Together, they ensure information is secure, trustworthy, and accessible to the right users.


1. Confidentiality

Confidentiality means keeping information secret from unauthorized users.

Role in cyber security:

  • Protects sensitive data from being accessed by hackers or outsiders
  • Ensures privacy of users and organizations

How it is maintained:

  • Passwords and authentication systems
  • Encryption (data is converted into unreadable form)
  • Access control (user permissions and roles)

Example:

Only a bank customer can see their account balance, not other users.


2. Integrity

Integrity means ensuring that data is accurate, complete, and not changed without permission.

Role in cyber security:

  • Prevents unauthorized modification or tampering of data
  • Ensures trust in information systems

How it is maintained:

  • Hash functions
  • Digital signatures
  • Data validation and checksums

Example:

The amount of money in a bank transaction should not be changed during transfer.


3. Availability

Availability means ensuring that data and systems are accessible when needed by authorized users.

Role in cyber security:

  • Keeps systems running without interruption
  • Prevents downtime caused by attacks or failures

How it is maintained:

  • Backups and disaster recovery systems
  • Firewalls and DDoS protection
  • Redundant servers and power supply systems

Example:

A website should remain accessible even during heavy traffic or cyber attacks.


Summary (CIA Triad)

Principle

Meaning

Purpose

Example

Confidentiality

Prevent unauthorized access

Protect privacy

Secure login to email

Integrity

Prevent data modification

Ensure accuracy

Safe bank transaction

Availability

Ensure system access

Maintain uptime

Website always online

 

What do yo mean of Denial of Service Attack? How can you protect firm DOS attack  Explain?

A Denial of Service (DoS) attack is a cyber attack in which an attacker tries to make a computer system, server, or network unavailable to its legitimate users by overwhelming it with excessive traffic or requests.

In simple terms:

A DoS attack is like blocking the entrance of a shop by crowding it with fake customers so real customers cannot enter.

Key idea:

  • The system becomes slow, unresponsive, or completely unavailable

Types (brief idea)

  • DoS (single source attack)
  • DDoS (Distributed Denial of Service): Attack comes from many systems (botnet), making it more powerful

Effects of DoS Attack

  • Website or server downtime
  • Slow network performance
  • Loss of business and revenue
  • Service disruption for users
  • Damage to company reputation

How to Protect a Firm from DoS/DDoS Attacks

1. Use Firewalls and Filtering Systems

  • Firewalls block suspicious or unwanted traffic
  • Filters can block traffic from known malicious IP addresses

2. Intrusion Detection and Prevention Systems (IDS/IPS)

  • IDS detects unusual traffic patterns
  • IPS automatically blocks malicious traffic

3. Traffic Monitoring and Rate Limiting

  • Controls number of requests from a single user/IP
  • Prevents overload on servers

4. Use DDoS Protection Services

  • Cloud-based services like Cloudflare or AWS Shield absorb and filter attack traffic
  • They distribute traffic across multiple servers

5. Load Balancing

  • Distributes traffic across multiple servers
  • Prevents a single server from being overloaded

6. Increase Bandwidth and Server Capacity

  • Helps handle sudden traffic spikes
  • Reduces chances of system crash

7. IP Blacklisting and Geo-blocking

  • Blocks malicious IP addresses or regions where attacks originate

8. Regular Security Updates

  • Keeps systems patched against vulnerabilities attackers may exploit 

List out the types of social engineering attack and explain any five of them briefly.

Social engineering attacks are methods used by cybercriminals to manipulate people into revealing confidential information instead of hacking systems directly.

Common types include:

  • Phishing
  • Spear Phishing
  • Whaling
  • Vishing
  • Smishing
  • Pretexting
  • Baiting
  • Quid Pro Quo
  • Tailgating (Piggybacking)

Explanation of Any Five Types

1. Phishing

Phishing is a fraudulent attempt to steal sensitive information using fake emails or websites.

How it works:

  • Attacker sends fake emails pretending to be a trusted organization
  • User clicks malicious links or enters personal data

Example:
Email saying “Your bank account is blocked, click here to verify.”


2. Spear Phishing

Spear phishing targets a specific individual or organization using personalized information.

How it works:

  • Attacker researches the victim
  • Sends highly convincing and customized messages

Example:
An email sent to an employee pretending to be their manager requesting login credentials.


3. Whaling

Whaling is a type of spear phishing that targets high-profile individuals like CEOs or executives.

How it works:

  • Very carefully crafted fake emails
  • Focus on large financial or sensitive data access

Example:
Fake email to a company CEO requesting urgent fund transfer.


4. Vishing (Voice Phishing)

Vishing uses phone calls to trick victims into revealing information.

How it works:

  • Attacker pretends to be bank staff or technical support
  • Asks for OTPs, passwords, or account details

Example:
A caller pretending to be a bank officer asking for ATM PIN.


5. Smishing (SMS Phishing)

Smishing uses text messages (SMS) to deceive users.

How it works:

  • Fake SMS contains malicious links or urgent warnings
  • Victim is tricked into clicking links or sharing data

Example:
“You have won a prize! Click this link to claim.”


0 Komentar

Practical Questions