Cybersecurity

1.​ SSL

Secure Socket Layer (SSL) provides security to the data that is transferred between web
browser and server. SSL encrypts the link between a web server and a browser which ensures
that all data passed between them remain private and free from attack
Secure Socket Layer Protocols
●​ SSL Record Protocol

●​ Handshake Protocol

●​ Change-Cipher Spec Protocol

●​ Alert Protocol

SSL Record Protocol

SSL Record provides two services to SSL connection.

●​ Confidentiality

●​ Message Integrity
In the SSL Record Protocol application data is divided into fragments. The fragment is
compressed and then encrypted MAC (Message Authentication Code) generated by algorithms
like SHA (Secure Hash Protocol) and MD5 (Message Digest) is appended. After that encryption
of the data is done and in last SSL header is appended to the data.

Handshake Protocol

Handshake Protocol is used to establish sessions. This protocol allows the client and server to
authenticate each other by sending a series of messages to each other. Handshake protocol uses
four phases to complete its cycle.

●​ Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In this IP

session, cipher suite and protocol version are exchanged for security purposes.

●​ Phase-2: Server sends his certificate and Server-key-exchange. The server end

phase-2 by sending the Server-hello-end packet.

 ●​ Phase-3: In this phase, Client replies to the server by sending his certificate and

Client-exchange-key.

●​ Phase-4: In Phase-4 Change-cipher suite occurs and after this the Handshake Protocol

ends. ​

SSL Certificate
SSL (Secure Sockets Layer) certificate is a digital certificate used to secure and verify the identity
of a website or an online service. The certificate is issued by a trusted third-party called a
Certificate Authority (CA), who verifies the identity of the website or service before issuing the
certificate.
 2.​ KERBEROS

Kerberos provides a centralized authentication server whose function is to authenticate users to

servers and servers to users. In Kerberos Authentication server and database is used for client
authentication. Kerberos runs as a third-party trusted server known as the Key Distribution
Center (KDC). Each user and service on the network is a principal.

The main components of Kerberos are: ​

●​ Authentication Server (AS): ​

The Authentication Server performs the initial authentication and ticket for Ticket

Granting Service. ​

●​ Database: ​

The Authentication Server verifies the access rights of users in the database. ​

●​ Ticket Granting Server (TGS): ​

The Ticket Granting Server issues the ticket for the Server ​

Kerberos Overview:
●​ Step-1: ​

User login and request services on the host. Thus user requests for ticket-granting

service. ​

●​ Step-2: ​

Authentication Server verifies user’s access right using database and then gives

ticket-granting-ticket and session key. Results are encrypted using the Password of the

user. ​

●​ Step-3: ​

The decryption of the message is done using the password then send the ticket to

Ticket Granting Server. The Ticket contains authenticators like user names and network

addresses. ​

●​ Step-4: ​

Ticket Granting Server decrypts the ticket sent by User and authenticator verifies the
 request then creates the ticket for requesting services from the Server. ​

●​ Step-5: ​

The user sends the Ticket and Authenticator to the Server. ​

●​ Step-6: ​

The server verifies the Ticket and authenticators then generate access to the service.

After this User can access the services.

3.​ Types of attack

Phishing: Scammers trick you into giving away your personal info, like passwords or credit card numbers, by
pretending to be someone you trust (like a bank or a website).
DDoS Attack: Attackers send so much traffic to a website or server that it crashes, making it unavailable to real users.
SQL Injection: Hackers use a website's search or input boxes to insert harmful commands into its database, letting
them steal or mess with data.

Malware Attacks

Malware refers to malicious software designed to damage or disrupt systems. Common types of malware include:

●​ Viruses: Malicious programs that attach themselves to legitimate software and spread to other systems.
●​ Worms: Self-replicating programs that spread across networks without human intervention.
●​ Trojans: Malware that masquerades as legitimate software to trick users into installing it.
●​ Ransomware: A type of malware that locks or encrypts files and demands a ransom for their release.
●​ Spyware: Software that secretly monitors a user’s activities and sends the information to a third party.
●​ Adware: Software that displays unwanted ads, often bundled with other software.

Masquerade Attack:

In a Masquerade Attack, a hacker pretends to be someone else. They use someone else's identity to gain unauthorized
access to systems or steal information. For example:

●​ A hacker could send an email pretending to be a trusted person (like your boss) and ask you to do something
harmful, like transferring money or sharing sensitive data.

Modification of Message:

In a Modification of Message attack, a hacker intercepts a message being sent between two parties and changes it
before it reaches the recipient

4.​ Short note on DMZ

Demilitarized Zones (DMZ) are used in cybersecurity. DMZs separate internal networks from the
internet and are often found on corporate networks. A DMZ is typically created on a company’s
internal network to isolate the company from external threats. The DMZ is a network barrier
between the trusted and untrusted networks in a company’s private and public networks. The
DMZ acts as a protection layer through which outside users cannot access the company’s data.

DMZ receives requests from outside users or public networks to access the information and
website of a company. For such type of request, DMZ arranges sessions on the public network. It
cannot initiate a session on the private network. If anyone tries to perform malicious activity on
DMZ, the web pages are corrupted, but other information remains safe.​
The goal of DMZ is to provide access to the untrusted network by ensuring the security of the
private network. DMZ is not mandatory, but a better approach is to use it with a firewall.

5.​ PKI and it's working

Public key infrastructure or PKI is the governing body behind issuing digital certificates. It helps
to protect confidential data and gives unique identities to users and systems. Thus, it ensures
security in communications.

The public key infrastructure uses a pair of keys: the public key and the private key to achieve
security.

working of PKI in steps.

​Encryption:

●​ If someone wants to send you a secure message, they use your public key to "lock"
(encrypt) the message. Since your private key is the only one that can "unlock"
(decrypt) the message, only you can read it.

Digital Signatures:
 ●​ When you send a message, you use your private key to "sign" it. This proves that the
message came from you and hasn’t been tampered with.
●​ Anyone who gets the message can use your public key to verify your signature,
ensuring that it is really from you and hasn’t been altered.

6. Signature-Based IDS/IPS:

1.​ Signature-Based IDS (Intrusion Detection System):

○​ How it works: This system monitors network or system activity and compares it against a database of
known attack signatures (unique patterns of data associated with known attacks).
○​ Example: If an attack pattern (like a specific sequence of data packets or a known virus signature) is
detected in network traffic, the IDS will alert the system administrator or trigger an alarm.
○​ Limitations: It can only detect attacks that have been previously identified and included in its signature
database. It cannot detect new or unknown attacks (zero-day attacks).
2.​ Signature-Based IPS (Intrusion Prevention System):
○​ How it works: Similar to an IDS, but in addition to detecting attacks, an IPS can take action to stop them.
If an attack is detected, the IPS can block the malicious traffic in real-time, preventing further damage.
○​ Example: If a signature matches known malware trying to enter the system, the IPS will block the
connection immediately and log the event.
○​ Limitations: Like IDS, it can only detect attacks that have already been documented and may miss
newer threats.

7. Anomaly-Based Method:

Anomaly-based IDS was introduced to detect unknown malware attacks as new malware is

developed rapidly. In anomaly-based IDS there is the use of machine learning to create a trustful

activity model and anything coming is compared with that model and it is declared suspicious if

it is not found in the model. The machine learning-based method has a better-generalized

property in comparison to signature-based IDS as these models can be trained according to the

applications and hardware configurations.

8. ACL with its purpose

ACL stands for "Access Control List" and its primary purpose is to filter network traffic by defining
rules that allow or deny access to specific devices or IP addresses based on various factors like
source IP, destination IP, protocol, and port number, effectively acting as a security gatekeeper
for a network; essentially deciding which traffic can enter or leave a network depending on
predefined criteria.

Key points about ACLs:

​ Filtering mechanism:​
ACLs examine incoming and outgoing network packets and compare them against a set of
rules to determine whether to allow or block the traffic.
​ Types of ACLs:
●​ Standard ACL: Only considers the source IP address for filtering.
●​ Extended ACL: Offers more granular control by considering additional parameters like
destination IP, protocol, and port number.
​ Implementation:​
ACLs are typically configured on network devices like routers and firewalls to manage
network acces

9. Honeypot based IDS

10 .SET
Secure Electronic Transaction or SET is a security protocol designed to ensure the security and
integrity of electronic transactions conducted using credit cards. Unlike a payment system, SET
operates as a security protocol applied to those payments. It uses different encryption and
hashing techniques to secure payments over the internet done through credit cards. SET
protocol restricts the revealing of credit card details to merchants thus keeping hackers and
thieves at bay.

Steps in a SET Transaction:

Step 1: Cardholder Starts the Purchase

 ●​ The cardholder picks products and goes to the checkout on the merchant’s website.
●​ The cardholder’s browser securely connects with the merchant using a public key.

Step 2: Encrypting Credit Card Info

●​ The cardholder enters their credit card details and encrypts them using a secret key.
●​ They also sign the payment request with their private key to prove it’s really them.

Step 3: Payment Gateway Checks the Info

●​ The merchant sends the encrypted payment info to the payment gateway.
●​ The payment gateway checks the signature to verify the cardholder’s identity using their digital certificate.

Step 4: Bank Validates the Payment

●​ The bank (issuer) checks the cardholder’s details, like card balance and validity.
●​ If everything’s good, the bank sends an approval message to the payment gateway.

Step 5: Confirmation and Finalization

●​ The payment gateway sends the approval to the merchant.

●​ The merchant ships the product to the cardholder, completing the transaction.

11. Alerts and Audit trails

Audit trail is a detailed record that tracks all changes and activities within a system, helping
ensure transparency and accountability. It logs who did what and when, making it easier to
detect and resolve issues. This is crucial for security, compliance, and troubleshooting
As per the definition of the National Institute of Standards and Technology (NIST), an audit trail
is: “A set of records that collectively provide documentary evidence of processing used to aid
in tracing from original transactions forward to related records and reports, and/or backward
from records and reports to their component source transactions.”

Therefore, the audit trail records:

●​ Who: User or the application program and a transaction number.

●​ When: Date and time

●​ Where: Location of user or terminal

●​ What: Data that is being worked upon or is modified.

Example: When checkout from the counter of a market after shopping, the receipt (bill) that we
get is a type of audit trail, we (Who/customer) can find all the necessary information on it like
the date and time (when) of checkout, location of the mall and counter number (Where), and
the items purchased (What/data).
1. Cloud Service Models

There are three main cloud service models, each offering different levels of control, flexibility, and management:

a) Infrastructure as a Service (IaaS):

●​ Provides virtualized computing resources over the internet.

●​ Users manage operating systems, applications, and data.
●​ Examples: Amazon EC2, Google Compute Engine, Microsoft Azure Virtual Machines.

b) Platform as a Service (PaaS):

●​ Offers hardware and software tools over the internet.

●​ Users manage applications and data; providers manage runtime, OS, and infrastructure.
●​ Examples: Google App Engine, Heroku, Microsoft Azure App Services.

c) Software as a Service (SaaS):

●​ Delivers software applications over the internet.

●​ Users only use the software without managing infrastructure or platform.
●​ Examples: Google Workspace, Microsoft 365, Dropbox.

2. Cloud Storage Vulnerabilities

Cloud storage, while convenient, is susceptible to several vulnerabilities:

●​ Data Breaches: Unauthorized access to sensitive data stored in the cloud.

●​ Data Loss: Accidental deletion, overwriting, or corruption of data.
●​ Insecure APIs: Weak or unprotected APIs can expose cloud services to attacks.
●​ Account Hijacking: Credential theft leading to unauthorized access.
●​ Insider Threats: Employees or contractors misusing access rights.
●​ Insufficient Due Diligence: Poor understanding of cloud provider policies or controls.
●​ Shared Technology Risks: Multi-tenancy can cause data leakage if isolation fails.

3. Security concepts are applied in the cloud.

Cloud computing provides customers with highly scalable and on-mend computing resources. NIST specified three
cloud service models:
Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructural as a Service (IaaS), each service models
target a specific need of customers.
Software as a Service offers applications that were provided by the cloud service providers and hosted by the cloud
provider.
Platform as a Service offers hosting environment for developers to develop and publish their applications.
Infrastructural as a Service offers visualised computing resources such as virtual desktop, virtual storage, etc. Various
cloud services and cloud service providers are beneficial for customers who seek specific
computing resource, it creates some security challenges to the customers seeking different cloud services however.
1. Cloud service providers request customers to store their account information in the cloud and they have the access to
this information. This presents a privacy issue to the customer’s privacy information
.2. When a customer decides to use multiple cloud service, the customer will have to store the password in multiple
cloud. As the user takes cloud subscription of any cloud service that much number of copies of the users information
are created. This is a security issue for the customers and the cloud service providers.
3. The multiple copies of account will lead to multiple authentication processes. For every cloud service, the customer
needs to exchange their authentication information.

4. Mention Security indicators in Cellular VoIP Services.

Following are the 12 security indicators in CellularVoIP Services
●​ Secure user credentials with a strong password and two-factor authentication.
●​ Perform regular call log reviews for unusual call activity.
●​ Disable international calling / enable geo-fencing.
●​ Outsource to a SaaS provider for VoIP calls.
●​ Update firmware on VoIP phones.
●​ Use a router with a firewall.
●​ Limit physical access to networking equipment.
●​ Restrict user access to parts of the phone system.
●​ Ensure data encryption through your VoIP provider.
●​ Educate users on VoIP security best practices.
●​ Prevent ghost calls on IP phones.
●​ Implement intrusion prevention systems.
5. Algorithms For User Authentication. (pg. 82,83)
1.RSA Algorithm: RSA encryption algorithm is used for making the communication safe. Usually the users' requests are
encrypted while sending to the cloud service provider system. RSA algorithm using the system's public key is used for
the encryption. Whenever the user requests for a file the system sends it by encrypting it via RSA encryption algorithm
using the user’s public key. Same process is also applied about the user password requests, while logging in the system
later.
2.AES Algorithm & MD5 Hashing Algorithm: When a file is uploaded by an user the system server encrypts the file
using AES encryption algorithm. In this 128, 192, 256 bit key can be used. The key is generated randomly by the
system server. A single key is used only once. That particular key is used for encrypting and decrypting a file of a user
for that instance. This key is not further used in any instance later. The key is kept in the database table of the system
server along with the user account name. Before inserting the user account name it is also hashed using md5 hashing.
This insures thatunauthorized person cannot retrieve the key to decrypt a particular file for a particular user by simply
gaining access and observing the database table of the system serve
3.OTP Password Algorithm: In this algorithm one time password has been used for authenticating the user. The
password is used to keep the user account secure and secret from the unauthorized user. But the user
defined password can be compromised. To overcome this difficulty one time password is used in the proposed security
model. Thus whenever a user logs in the system, he will be provided with a new password for using it in the next
login.This is usually provided by the system itself. This password will be generated randomly
4.Data Encryption Standard Algorithm: Data Encryption Standard algorithm is a type of symmetric-key encipherment
algorithms. Symmetric-key encryption is a type of cryptosystem in which encryption and decryption are performed using
a single (secret) key.
5.Rijndael encryption Algorithm: Rijndael is the standard symmetric key encryption algorithm to be used to encrypt
sensitive information. Rijndael is an iterated block cipher, the encryption or decryption of a block of data is accomplished
by the iteration (a round) of a specific transformation (a round function).
6. Virtualization System Vulnerabilities. (pg. 91,92)
1. VM sprawl: VMs are easy to deploy, and many organizations view them as hardware-like tools that don’t merit formal
policies.This has led to VM sprawl, which is the unplanned proliferation of VMs.Attackers can take advantage of poorly
monitored resources.More deployments also mean more failure points, so sprawl can cause problems even if no malice
is involved.
2. Hyperjacking: Hyperjacking takes control of the hypervisor to gain access to the VMs and their data. It is typically
launched against type 2 hypervisors that run over a host OS although type 1 attacks are theoretically possible. In reality,
hyperjackings are rare due to the difficulty of directly accessing hypervisors.However, hyperjacking is considered a
real-world threat, and administrators should take the offensive and plan for it.
3. VM escape: A guest OS escapes from its VM encapsulation to interact directly with the hypervisor.This gives the
attacker access to all VMs and, if guest privileges are high enough, the host machine as well. Although few if any
instances are known, experts consider VM escape to be the most serious threat to VM security.
4. Denial of service: These attacks exploit many hypervisor platforms and range from flooding a network with traffic to
sophisticated leveraging of a host’s own resources.The availability of botnets continues to make it easier for attackers to
carry out campaigns againstspecific servers and applications with the goal of derailing the target’s online services.
5. Incorrect VM isolation: To remain secure and correctly share resources,VMs must be isolated from each other.Poor
control over VM deployments can lead to isolation breaches in which VMs communicate.Attackers can exploit this
virtual drawbridge to gain access to multiple guests and possibly the host.
7.Notes on ESX and ESXi Security

ESX and ESXi are virtualization platforms by VMware. While ESX includes a Linux-based Service Console, ESXi is a
more secure, lightweight version without a Service Console.

a) Security Features:

●​ Locked-down Mode (ESXi): Restricts access to the host for increased security.
●​ Role-Based Access Control (RBAC): Controls who can perform what actions.
●​ Firewall and Ports: Built-in firewall restricts incoming and outgoing traffic.
●​ Secure Boot: Ensures only signed and trusted code runs during boot-up.
●​ Logging and Auditing: Tracks changes and access to improve monitoring and incident response.
●​ Patch Management: Regular updates to fix security vulnerabilities.

b) Best Practices:

●​ Disable unnecessary services.

●​ Use strong authentication methods (e.g., Smart Cards, MFA).
●​ Keep software up to date with patches.
●​ Use vSphere's native encryption and key management tools.
●​ Limit physical access to the host machines.

8. Access Control/ Types (pg. 102-105)

Access Control in cloud security is a system with which a company can
regulate and monitor permissions, or access to their business data by
formulating various policies suited chosen by the company.
1. Discretionary Access Control (DAC) –
DAC is a type of access control system that assigns access rights based on rules specified by users. The principle
behind DAC is that subjects can determine who has access to their objects. The DAC model takes advantage of using
access control lists (ACLs) and capability tables. Capability tables contain rows with ‘subject’ and columns containing
‘object’. The security kernel within the operating system checks the tables to determine if access is allowed. Sometimes
a subject/program may only have access to read a file; the security kernel makes sure no unauthorized changes occur.
2. Role-Based Access Control (RBAC) –
RBAC, also known as a non-discretionary access control, is used when system administrators need to assign rights
based on organizational roles instead of individual user accounts within an organization. It presents an opportunity for
the organization to address the principle of ‘least privilege’. This gives an individual only the access needed to do their
job, since access is connected to their job.
3. Mandatory Access Control (MAC) –
The design and implementation of MAC is commonly used by the government. It uses a hierarchical approach to control
access to files/resources. Under a MAC environment, access to resource objects is controlled by the settings defined by
a system administrator. This means access to resource objects is controlled by the operating system based on what the
system administrator configured in the settings. It is not possible for users to change access control of a resource. MAC
uses “security labels” to assign resource objects on a system. There are two pieces of information connected to these
security labels: classification (high, medium, low) and category (specific department or project – provides “need to
know”). Each user account is also assigned classification and category properties. This system provides users access
to an object if both properties match. If a user has high classification but is not part of the category of the object, then
the user cannot access the object. MAC is the most secure access control but requires a considerable amount of
planning and requires a high system management due to the constant updating of objects and account
labels
9. How Secure Data Storage is Achieved in the Cloud. (pg. 106, 107)

To keep data safe, organizations follow these practices:

●​ Data Encryption: Turning data into a secret code so that only authorized people can read it.
●​ Access Control: Setting rules about who can view or change the data on each device or software.
●​ Protection from Viruses: Using antivirus software to stop viruses, worms, and other threats that can damage
data.
●​ Physical Security: Locking up storage devices and making sure only trusted people can access them.
●​ Layered Security: Using multiple layers of protection to keep data extra safe.

Why is this important?​

Because organizations that work with important or private data need to keep it safe from theft or loss. Also, secure data
helps avoid business interruptions.

Storage Vulnerabilities – What Can Go Wrong

Sometimes, storage systems have weaknesses. These include:

●​ No Encryption: Some devices don’t automatically protect data with encryption. That means extra software or
hardware is needed to keep the data safe.​

●​ Cloud Storage Risks: More companies are storing data in the cloud. While it can be secure, it’s also more
complex and requires new tools and skills to manage safely.​

●​ Not Deleting Data Properly: Simply deleting files isn’t enough. If not fully erased, data can still be recovered by
someone with bad intentions. It must be overwritten to be truly gone.​

●​ Poor Physical Security: Sometimes, people forget to lock up storage devices. This allows insiders (like staff or
cleaners) to access data directly, even if network protections are in place.​
10. Best practices for cloud data security for firms. (pg. 108,109)

1. Data storage security policies

Organizations should have written rules about how to protect different types of data. For example, public data doesn’t
need as much protection as private or confidential data. These rules should explain what kind of security each type of
data needs and what tools or steps to use on storage devices to keep the data safe.

2. Access control

Only the right people should have access to certain data. Role-based access means people can only see or change the
data they need for their job. It’s also important to use strong passwords and change any default passwords. Sometimes,
using two-step verification (like a code sent to your phone) adds extra protection.

3. Encryption

Data should be turned into secret code (encrypted) when it's stored and when it's being sent over the network. Admins
must also have a safe way to keep track of the keys used to lock and unlock this data.

4. Data loss prevention

Just encrypting data is not enough. Companies should also use DLP (Data Loss Prevention) tools that watch for signs
of attacks and try to stop them before any data is stolen or damaged.

5. Strong network security

Storage systems are part of the bigger network, so the whole network needs protection. Tools like firewalls, antivirus
software, and security gateways should be used to keep the storage and the network safe from threats.

6. Redundancy

Redundancy means having extra copies of your data or using systems like RAID. This helps make sure the data is
always available, and in some cases, it can help recover from security issues quickly.

7. Backup and recovery

If a virus or ransomware attack hits the system, sometimes the only way to fix it is by restoring data from a backup. It’s
very important to have good backup systems that are also well-protected—just like your main storage.

11. Discuss about the Security Concerns with Virtualization Systems.

1. Resource distribution

When virtualization divides up system resources, some parts may run very well, while others might not get enough
resources to work properly. These issues often show up during the transition to virtualization. Working with your service
provider to plan capacity ahead of time can help fix this problem.
2. VM Sprawl

VM sprawl happens when too many virtual machines are created without proper control. It can cause serious issues like
running out of resources. It’s important to plan how VMs will be managed, decide who will handle them, and what tools
will be used. The best time to do this planning is during the testing phase, before full setup.

3. Backward compatibility

Older systems don’t always work well with new virtualized software, leading to compatibility problems. These can take
time to fix. A good service provider can help by suggesting updates or workarounds to make sure everything works
smoothly.

4. Performance monitoring

Unlike traditional hardware, virtual systems are harder to monitor for performance. You can use special tools like
VMmark to test how well the virtual system is working and keep an eye on how much of the resources are being used.

5. Backup

In virtualization, there’s no physical hard drive for backing up data, which can make things tricky—especially during
frequent updates. Backup tools like Windows Server Backup can help by keeping all backups in one place, making
them easier to manage and restore when needed.

6. Security

If users don’t follow safety rules—like using strong passwords or being careful with downloads—virtual systems can
become risky. But the good thing is, virtual machines are separated from each other, which helps reduce the chances of
one machine affecting the others if a security issue happens.

12. Mobile Security Architecture

Mobile security architecture is the overall structure and strategy used to protect mobile devices (like smartphones and
tablets), the data they handle, and the apps they run. It ensures that mobile devices are safe from threats like hacking,
data theft, and malware.

Key Components:

1.​ Device Security​

○​ Lock screen with password, fingerprint, or face recognition.

○​ Remote wipe feature to delete data if the device is lost or stolen.
2.​ Application Security​

○​ Apps should be from trusted sources only (like Google Play Store or App Store).
○​ Use of secure coding practices to avoid app vulnerabilities.
3.​ Data Security​

○​ Data should be encrypted (both stored data and data sent over the internet).
 ○​ Use secure storage and avoid saving sensitive info in plain text.
4.​ Network Security​

○​ Avoid public Wi-Fi for sensitive activities.

○​ Use VPNs and secure network protocols like HTTPS.
5.​ User Authentication​

○​ Use multi-factor authentication (like password + OTP) for app access.

○​ Session timeouts for inactivity.
6.​ Mobile Device Management (MDM)​

○​ Companies use MDM tools to control, update, and protect mobile devices used for work.
○​ Allows blocking of harmful apps and enforcing security settings.
7.​ Operating System Security​

○​ Keep the OS up-to-date with the latest security patches.

○​ Use secure boot and runtime protections.

13. Overview of Wireless Networks. (pg 124,125)

Wireless networks are computer networks that are not wired together. The majority of the time, radio waves are used for
communication between network nodes. They enable network connections for devices as they are
moving throughout the network's coverage area.
Types of Wireless Networks
Wireless LANs − Connects two or more network devices using wireless distribution techniques.
Wireless MANs − Connects two or more wireless LANs spreading over a metropolitan area.
Wireless WANs − Connects large areas comprising LANs, MANs and personal networks.
Due to the lack of wires and cables, it offers workspaces that are clutter-free.As there is no requirement for connecting
devices to one another, it promotes the mobility of network devices attached to the system.Since there is no need to put
out wires, accessing network devices from any area that is covered by the network or a Wi-Fi hotspot becomes
convenient.Wireless networks are simpler to install and configure.Since new devices don't require wiring to the existing
configuration, they can be linked to it with ease. The amount of equipment that can be added to or withdrawn from the
system can also vary greatly because they are not constrained by the cable capacity. Because of this, wireless networks
are immensely scalable.Wireless networks don't or only use a few cables. This lowers the expense of the setup and
equipment.
14. GSM and UMTS Security & Attacks (pg 115-118)

GSM Security

GSM (Global System for Mobile Communications) is one of the most secure mobile communication systems today. Its
security features are designed to:

●​ Keep calls private.

●​ Protect user identity.

How GSM does this:

●​ It uses temporary identification numbers instead of the actual mobile number to keep your identity safe.
 ●​ It uses encryption and frequency hopping (changing channels during calls) to prevent others from listening to
your conversations.

UMTS Security

UMTS (Universal Mobile Telecommunications System) improves on GSM and includes four main security areas:

1.​ Network access security​

a.​ Protects users when they connect to 3G networks.

b.​ Especially secures the radio link between the user and the network.
2.​ Network domain security​

a.​ Protects the communication between network parts inside the service provider’s system.
b.​ Keeps internal data safe from attacks.
3.​ User domain security​

a.​ Makes sure only the authorized person can access the mobile phone or SIM.
4.​ Application domain security​

a.​ Allows apps (both in the phone and in the network) to exchange data securely.

GSM and UMTS Attacks

1.​ SIM-based attacks​

○​ SIM cards were made to be hard to hack.

○​ But hackers found ways to clone SIMs using tools like SIM Scan.
○​ Earlier, it took hours to clone a SIM, but now it can take just minutes or even seconds.
2.​ SMS attacks​

○​ SMS (text messages) are widely used, even for sensitive tasks like banking.
○​ Many users trust SMS for passwords and reports, but hackers can predict and manipulate the SMS
system because it follows a set format.
○​ This makes it easier to trick users or steal information.
3.​ Signaling attacks​

○​ Calls and data between the phone and the tower are encrypted (protected) using A5 algorithms.
○​ But once the call enters the mobile company’s system, it often travels in plain text, making it easier for
attackers with access to the system to listen in.
○​ If hackers get into the SS7 signaling system, they can even track locations, listen to calls, and steal
encryption keys.

15. Four security feature groups in the UMTS specification (pg 116)

UMTS (Universal Mobile Telecommunications System) improves on GSM and includes four main security areas:

1.​ Network access security

 a.​ Protects users when they connect to 3G networks.
b.​ Especially secures the radio link between the user and the network.
2.​ Network domain security
a.​ Protects the communication between network parts inside the service provider’s system.
b.​ Keeps internal data safe from attacks.
3.​ User domain security
a.​ Makes sure only the authorized person can access the mobile phone or SIM.
4.​ Application domain security
a.​ Allows apps (both in the phone and in the network) to exchange data securely.

16. Bluetooth Reconnaissance (pg. 128-130)

Bluetooth reconnaissance is the process of scanning and identifying nearby Bluetooth-enabled devices to collect
information about them. It is usually the first step in Bluetooth security testing or attacks, where an attacker tries to find
out:

●​ What Bluetooth devices are nearby

●​ What type of device they are
●​ What services they offer
●​ How to connect or exploit them

Bluetooth reconnaissance can be done using three main methods:

1. Active Device Discovery

●​ How it works: The scanning device actively sends out Bluetooth signals (called inquiry messages) to detect
nearby devices that are in discoverable mode.
●​ What it finds:
○​ Device name
○​ Bluetooth MAC address
○​ Device class/type (like phone, speaker, etc.)
●​ Pros: Finds all devices that are set to be discoverable.
●​ Cons: Can be easily detected by the target devices or monitored by Bluetooth security tools.

Example tools: hcitool scan, Bluetooth scanners on mobile apps.

2. Passive Device Discovery

●​ How it works: The scanning device just listens to Bluetooth signals that are already being broadcast by nearby
devices — it does not send any signals itself.
●​ What it finds:
○​ Bluetooth addresses
○​ Signals being broadcast
○​ May detect non-discoverable devices if they are already communicating
●​ Pros: Stealthy — hard to detect by the target.
●​ Cons: May miss some devices that are not actively transmitting.
Example tools: Kismet, BlueMaho, Ubertooth One.

3. Hybrid Device Discovery

●​ How it works: Combines both active and passive techniques. First, it passively listens, then actively scans to
gather more details.
●​ Pros: Provides a more complete list of nearby devices and their details.
●​ Cons: May still be detected during the active scan part.

Example usage: Security audits, penetration testing using Kali Linux with Bluetooth tools.

17. VoIP Vulnerabilities.

1. Eavesdropping

●​ What it is: Hackers can listen in on VoIP calls if the data is not properly encrypted.
●​ Why it’s dangerous: Sensitive information like passwords, personal conversations, or business secrets can be
stolen.

2. Caller ID Spoofing

●​ What it is: An attacker can fake the caller’s number to trick the recipient.
●​ Why it’s dangerous: It can be used for scams, phishing, or impersonation.

3. Denial of Service (DoS) Attacks

●​ What it is: Hackers flood the VoIP server with traffic, making the service slow or unavailable.
●​ Why it’s dangerous: It can interrupt communication, especially during important business or emergency calls.

4. Voicemail Hacking

●​ What it is: Attackers guess or crack weak voicemail PINs and access private messages.
●​ Why it’s dangerous: Voicemails may contain personal or confidential data.

5. SIP Attacks (Session Initiation Protocol)

●​ What it is: SIP is used to start VoIP calls. If it’s not secure, attackers can manipulate or hijack calls.
●​ Why it’s dangerous: They can redirect calls or cause call failures.

6. Toll Fraud

●​ What it is: Hackers gain access to a VoIP system and make international or premium-rate calls at the
company’s expense.
●​ Why it’s dangerous: It leads to high financial loss.

7. Malware and Viruses

●​ What it is: VoIP phones and systems can be infected with malicious software.
●​ Why it’s dangerous: It can steal data or take control of the system.
8. Insecure Networks

●​ What it is: If the VoIP system runs on an unprotected or public Wi-Fi, it’s easier to attack.
●​ Why it’s dangerous: It opens the door to multiple types of cyberattacks.

19. Eavesdropping attack (pg. 134)

Because a significant number of ZigBee networks do not employ encryption, eavesdropping attacks are very useful for
an attacker. Even in the cases when the ZigBee network does use encryption, an attacker can make use of unencrypted
ZigBee frame information, such as the MAC header, to identify the presence of ZigBee networks and other important
characteristics, such as the configuration of the network, node addresses, and the PAN ID. A handful of tools provide
the ability to capture ZigBee network traffic, ranging from inexpensive to tremendously expensive, though we’ll provide
some assistance in maximizing your investment.

20. Common Bluetooth Attacks and How They Exploit Vulnerabilities

Bluetooth technology is widely used to connect devices wirelessly, but it has certain vulnerabilities that attackers can
exploit. Here are some common Bluetooth attacks and how they work:

1. Bluejacking

●​ What it does: Sends unsolicited messages (like text or images) to nearby Bluetooth-enabled devices.
●​ Exploits: Devices that are in "discoverable" mode.
●​ Impact: Mostly annoying, but it can be used for phishing or spreading fake information.

2. Bluesnarfing

●​ What it does: Steals data (like contacts, emails, messages) from a Bluetooth device without permission.
●​ Exploits: Weak or misconfigured Bluetooth security settings.
●​ Impact: Confidential data can be stolen without the user even noticing.

3. Bluebugging

●​ What it does: Gives attackers control over a Bluetooth device—letting them make calls, send messages, or
eavesdrop.
●​ Exploits: Vulnerabilities in the Bluetooth implementation of certain devices.
●​ Impact: High risk—attackers can spy, steal data, or misuse the device.

4. Bluetooth Impersonation Attacks (BIAS)

●​ What it does: The attacker impersonates a trusted device and connects without re-authentication.
●​ Exploits: Flaws in how devices handle stored authentication keys.
●​ Impact: Can lead to data leakage or unauthorized access.

5. Blueborne

●​ What it does: Allows attackers to take control of a device without pairing.

●​ Exploits: Unpatched vulnerabilities in Bluetooth software stacks.
 ●​ Impact: Full control over the device—without any user interaction.

6. Denial of Service (DoS) via Bluetooth

●​ What it does: Overloads the Bluetooth service or crashes it by sending a large number of requests.
●​ Exploits: Lack of rate-limiting or poor handling of connections.
●​ Impact: Disrupts normal device functions.

7. Bluetooth Sniffing

●​ What it does: Listens to Bluetooth communication to capture data packets.

●​ Exploits: Lack of encryption or poor key management.
●​ Impact: Sensitive data like passwords can be captured.

How to Protect Against Bluetooth Attacks:

●​ Keep Bluetooth off when not in use.

●​ Set device to non-discoverable mode unless pairing.
●​ Use strong PINs during pairing.
●​ Update your device firmware regularly.
●​ Avoid pairing in public or crowded places.

21. Zigbee Attack (pg. 133,134)

ZigBee is a wireless communication technology used in smart devices like smart bulbs, door sensors, alarms, and other
home or industrial automation systems. It helps these devices talk to each other using low power and short-range
signals. It is based on a standard called IEEE 802.15.4.

ZigBee attacks are ways in which hackers or researchers try to break into or disrupt ZigBee-based networks. These
attacks can:

●​ Intercept or steal data being sent between devices.

●​ Stop devices from communicating (denial of service).
●​ Take control of smart devices (like lights or locks).

Why Are These Attacks Important?

Even though ZigBee is used in many smart systems, very few studies have been done to understand how to attack it
or protect it. This makes ZigBee networks potentially unsafe, as they may have hidden weaknesses that no one has
fixed yet.

22. Zigbee Security with Standard and High Security Mode. (pg.133)
Standard security mode Formerly known as residential security mode, standard security mode provides authentication
of ZigBee nodes using a single shared key where the Trust Center authorizes devices through the use of an Access
Control List (ACL). This mode is less resource-intensive for devices, since each device on the network is not required to
maintain a list of all device authentication credentials.
High security mode Formerly known as commercial security mode, high security mode requires that a single device in
the ZigBee network, known as the Trust Center, keep track of all the encryption and authentication keys used on the
network, enforcing policies for network authentication and key updates. The Trust Center device must have sufficient
resources to keep track of the authentication credentials used on the network and represents a single point of
failure for the entire ZigBee network, since, if it fails, no devices will be permitted to join the network.