0% found this document useful (0 votes)
12 views

Chapter_2

Uploaded by

Mousam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
12 views

Chapter_2

Uploaded by

Mousam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 115

Welcome to

The World of Cyber Security

Happy Learning
Chapters 2
Cyber Offense and
Cyber Crime
CYBER SECURITY & LAW
Book Authors & Editorial Team Members

Rashmi Gori Deegesh Gala

Devika Satare
Bhakti Bheda

Surbhi Desai
Dr. Nilakshi Jain Mr. Ramesh Menon

Chaitanya Gada Yash Rane


Hello!
I am Surbhi....
I am here to give a glimpse about
cyber world

4

“If you spend more on
coffee than on IT security,
you will be hacked.
What’s more, you deserve
to be hacked .”
— Richard Clarke

5
Review Questions from Chapter 1
• Explain global perspectives of cybercrime [ME-IT, Dec 2019].
• Explain in detail cyberdefamation and various types of cybercriminals.
[ME-IT, Dec 2018]
• Give a classification of cybercrime and cybercriminals. [ME-IT, Dec 2017].
• Write a short note on Indian Information Technology Act, 2000. [BE-IT, Dec
2019; ME-IT, Dec 2017].
• Write brief note on cyberterrorism [BE-IT, Dec 2019].
• Classify the cybercrimes and explain any one briefly. [BE-IT, Dec 2019].
• Compare active attack versus passive attack. [BE-IT, Dec 2019]
Learning Objectives
• Describe different types of cybercrimes
• How criminals plan attack
• The steps involved in cybercrimes

• Describe the tools used for launching attacks


• Explain the role of botnet and attack vector in cybercrime
• Discuss challenges faced by mobile and wireless devices
and their security implications

• Describe the security threats and possible attacks on


mobile and wireless devices.
• Describe organisation security policies for mobile devices.
7
Chapter
2

Topic 1

8
Introduction
to
1
Cyber Offense
&
Cyber Crime
Lecture
Topics to be covered Learning Objective
No.
Introduction with Course Outcome and Program Outcome To Discuss criminal planning attacks on Social
5 with objectve of module, How criminal plan the attacks, Engg, Cyber Stalking, Cyber café and
Social Engg, Cyber stalking, Cyber café and Cybercrimes Cybercrimes
6 Bot nets, Attack vector, Cloud Computing To Classify different types of Attacks
To Understand various mobile and wireless
7 Proliferation of Mobile and Wireless Devices devices related cybercrime and idetify supported
law.
Trends in Mobility, Credit Card Frauds in Mobile and to Understand recent trends in mobiity wireless
8
Wireless Computing Era era
To Discuss Security Challenges Posed by Mobile
Security Challenges Posed by Mobile Devices, Registry
9 Devices and explore the knowledge of Registry
Settings for Mobile Devices.
Settings for Mobile Devices.
to Explain Authentication on Service Security
Authentication Service Security, Attacks on Mobile/Cell
10 and able to Group Attacks on Mobile/Cell
Phones.
Phones.
To Document Security Implications for
11 Mobile Devices: Security Implications for Organizations.
Organizations.
To Determine Organizational Measures for
Organizational Measures for Handling Mobile, Devices-
12 Handling Mobile, Devices-Related Security
Related Security Issues.
Issues.
Organizational Security Policies and Measures in Mobile To Interpret Organizational Security Policies and
13
Computing Era, Laptops. Measures in Mobile Computing Era, Laptops.
Cyber Crime As Per IT Act 2000

Computer
system

Any illegal behaviour committed


by means of, or in relation to, a
computer system or network, including
such crimes as illegal possession and
offering or distributing information
by means of a computer system or Relation

network.
CYBER OFFENSE
Any interference by an attacker that results in damage,
alteration or compression of computer data without the
owner's permission is called Cyber offense.

Offense
Offense against
Offense Offense
against unauthorized
against against
Private access of
government property computer
Contents
data
Chapter
2

Topic 2

13
How Do
2 Criminals Plan
The Attacks ?
HOW DO CRIMINALS PLAN THE ATTACKS ?

Active attack An attack that is beginning or


Criminals are usually attempted inside the security
use many used to alter edge of an organization
methods the system.
and tools to Passive An outside attack is attempted
locate attack by a source outside the
weakness attempt to security border, might be by
gain an insider or an outsider, who
of their information
target. is in a roundabout way
about target connected with the
organization. It takes place
Active through internet connection
attack
Criminals Inside
plan
Passive Outside
attack
Phases Involved
• This means “Information gathering “.
Reco
• This is first phase and is treated as passive attack
nnais
sance

Scan
ning • Scanning and scrutinizing the gathered information for the validity
and
gathe of the information as well as to identify vulnerabilities .
ring
infor
matio
n
Lau
nchi
ng

Gaining and maintaining system access .
an
atta
ck
Let’s learn one by one?

17
PHASE 1 : RECONNAISSANCE
In the world of hacking , reconnaissance phase begins with foot printing .

This involves accumulating (investigating) data about the target’s environment


and computer architecture.

Reconnaissance

Active attack Passive attack


Active Phase
• An active attack involves probing the network to discover individual hosts to confirm the
information gathered in passive attack phase.

• It involves the risk of detection and is also called “Rating the doorknobs” or “Active
Reconnaissance”.
Arphou
nd

.
Bing
Tools Arping

Dig

19
Passive Attack

Blogs

• A Passive attack involves gathering


information about a target without
his/her knowledge.
Medium to
• It is usually done using Internet
Newspaper gain Press Releases

searches or by Googling (i.e. Information


Searching the required information
with the help of search engine Google)
an individual or company to gain
Network
information Sniffing

20
Phase 2 : Scanning and Scrutinizing
gathered information
• Scanning is the key step to examine intelligently while gathering information about the
target.

Port Scanning Network Sniffing Vulnerability


Scanning
Understand IP addresses
Identify open/close Understand the
ports or services and related information existing weaknesses in
about computer network the system.
system

21
Scrutinizing phase

The valid user


accounts or
groups

Scrutinizing phase is always


called “enumeration” Objective
Behind
OS and this step
(mentioning number of things different
one by one) in the hacking applications Network
that are running resources
world . on the OS

22
Phase 3: Launching an Attack

After Scanning and Enumeration , the Attack is launched in following


steps :
Crack the password.
Exploit the privileges
Execute malicious commands/applications.
Hide the file
Cover the tracks(delete access logs).
23
Chapter
2

Topic 3

24
3 Social
Engineering
Social Engineering
Social engineering is a non technical strategy cyber attackers use that relies heavily
on human interaction and often involves tricking people into breaking standard
security policies.
.

26
Types of Social Engineering
• Impersonating an employee or valid user.

Human •


Posting as an important user.
Using a third person.

Based
Calling technical support.
• Shoulder surfing and Dumpster diving.

Computer • Fake Emails.


• Email attachment.

Based • Pop up windows.


How Social Engineering Attack is performed?
Chapter
2

Topic 4

29
Cyber
4
Stalking
Cyber Stalking

• They aim to start the interaction with the victim


directly with the help of internet
Online Stalker • The Stalker make sure that the victim recognizes the
attack attempted on him /her
• E.g. : Email/ChatRooms

• The stalker may begin the attack using traditional


methods such as following the victim, watching the
daily routine of the victim etc.
Offline Stalker • Searching on Newspaper, personal website etc are
most common ways to gather information about
victim using internet
Chapter
2

Topic 5

32
Cyber Cafe
5

Cyber Crimes
Cyber Cafe and Cyber Crimes
• Cyber Cafe such as stealing of bank passwords and
illegally withdrawal of money have also happened through
cyber cafes.
Risks of Cyber
Cafe
• Cyber cafes have also been used regularly for sending
absence mail to harass people.
• We do not know
what programs are
• A recent survey conducted in one of the metropolitan cities installed on the
in India reveals the following facts :
 Pirated software are installed in all the computers. computer like key
 Antivirus was not updated with latest patch. loggers or spyware.
 Several cybercafes has installed “Deep Freeze” to • Over the shoulder
protect computer which helps cyber criminals. peeping can enable
 Annual Maintenance Contract (AMC) was not found for
servicing of the compute
others to find out
 Pornographical websites were not blocked . your passwords
SECURITY TIPS FOR CYBER CAFE

Change
Stay with the Clear history
Avoid online Passwords /
computer and temporary
financial Be Alert Virtual
While surfing, files
transactions One have to be Keyboard
don’t leave the Before
One have to be alert for Keyboard–
system browsing
alert for snooping over Change
unattended for deselect AutoC
snooping over the shoulder.. password after
any period of omplete option.
the shoulder. completion of
time Delete Cookies
transaction.
Lab Experiment
To Enable Router
Encryption to
Protect Wi-Fi

36
Chapter
2

Topic 6

37
6 Bot nets
Bot net
 A Botnet is a network of
compromised computers called
Zombie Computers or Bots, under
the control of a remote attacker.
 Bots began as a useful tool. They
were originally developed as a
virtual individual that could sit on a
IRC channel and monitor network
traffic
Botnet
Terminology
 Bot Herder(Bot Master)
 Bots (Zombie
Computer)
 IRC Server
 Command and Control
Server
Ready to learn ??? Let’s start !!!
1. Bot Header
 Bot Headers (Bot Master) are the hackers
who use automated techniques to scan
specific network ranges and find
vulnerable systems, on which they can
install their bot program.
 To create an army of Zombies over
Internet, attacker typically infect
machines of home users, network
maintained by universities or small
enterprises, etc.
2. Bots (Zombie
Computers)
 Bots (also called as Zombie Computers) are
the computers that contribute to the botnet
network.
 They run using a hidden channel to
communicate to their C&C server.
 They can auto scan their environments and
propagate themselves taking advantage of
vulnerabilities and weak passwords.
 Generally , the more vulnerabilities a bot can
scan, the more valuable it becomes to the
botnet controller community .
 The process of stealing computer resources
as a result of a system being joined to a
botnet is called Scrumping
3. IRC Server
 Internet Relay Chat (IRC) is a form
of real-time Internet text messaging
(chat).
 The server listen to connections from
IRC clients enabling people to talk to
each other via the internet.
 IRC provides a simple, low latency,
widely available, and anonymous
command and control channel for
botnet communication.
4. Command and
Control Server
 C&C Infrastructure allows a bot agent to receive new instructions, malicious
capabilities, update existing infections or to instruct the infected computer to carry
out specific task as dictated by remote controller.
 The criminal actively controlling botnets must ensure that their C&C infrastructure
is sufficiently robust to manage tens-of-thousand of globally scattered bots as well
as resist attempts to hijack or shutdown the botnet.
Chapter
2

Topic 7
What is Attack
Vector??
Attack Vector
 In cyber security, an attack vector is a
method or pathway used by a hacker Viruses
to access or penetrate the target Email
system. Pop up Attachmen
windows ts
 Hackers steal information, data and
money from people and organizations Attack
vector
by investigating known attack
Instant
vectors and attempting to exploit Messaging Web
pages
vulnerabilities to gain access to the
Chat
desired system. Rooms
 Attack vectors entitle attackers to
exploit system vulnerabilities,
including human components.
How Attack vector is
launched
Hacker

Attack by Attack
Webpage By Email

Attacks

Attack
Attack by
by
Deception
Worms

Viruses
Consequences of
Attack Vector
Bad use of your Reputation loss
Losing Your mobile resources
In case your Facebook Identity Theft
Data Which means that your
account or business email
network or mobile device There can be a case of
If your mobile device
can go in overload so you account is hacked, the identity theft such as
has been hacked, or a hacker can send fake photo, name, address,
are unable to access your
virus introduced, then
all your stored data is
genuine services. In messages to your friends, credit card, etc. and the
worse scenarios, to be business partners and same can be used for a
lost and taken by the crime.
used by the hacker to other contacts. This might
attacker.
attach another machine
or network.
damage your reputation.
Chapter
2

Topic 8
Cloud
Computing
Cloud
Computing
 Cloud computing is a term which is used for storing Amazon
Web
& accessing data over the Internet. It doesn’t store Services

any data on the HD of a PC. Cloud computing


helps you to access your data from remote
servers.
Cloud Google
Microsoft
azure Services Cloud
 Cloud Computing is using Internet to access Tools Platform

someone else’s software running on someone


else’s hardware in someone else’s data centre.

IBM
Cloud
Cloud Computing
Services
A public cloud offers services to anybody on the
Internet.
Services provided by
A private cloud resembles a restrictive network or
cloud computing are : data centre that provisions the hosted service to a
limited number of users

Public
Cloud
Computing
Services
Private
Cloud Computing
Services (continued)
 Infrastructure-as-a-Service(IaaS) : It is
like Amazon Web service that provides
virtual servers with unique IP addresses
and blocks of storage on demand.
 Platform-as-a-Service (Paas): It is a set
of Software development tools hosted on
the provided server. Developers can
Create applications using the provider's
API. Google apps is one of the most
famous Paas providers.
 Software - as-a-Service (Saas) : In this
case the provider allows the customer
only to use its applications. The software
interacts with the user interface.
Security Issue
Lab Experiment
To Study Remote
Access Tool
(Study purpose
only)
57
Chapter
2

Topic 9
Proliferation of Mobile
and Wireless Devices
 A simple hand held mobile phone
gives enough processing capacity to
run little applications, mess around and
music and make voice calls.

 A smart phone is defined as a mobile


phone that performs many of the
functions of a computer ,typically
having a touch screen interface,
internet access and an operating
system capable of running downloaded
apps.
 MD – Mobile Device
 WD – Wireless Device
 HD – Handheld Device
 Portable Computer : General purpose computer
that can be easily moved starting from one spot
onto another.
 Tablet PC : It lacks a keyboard , shaped like
slate or paper journal and has highlights of a Types of Mobile Computers
touch screen with styles and handwriting
recognition software.
 Internet Tablet : Unlike Tablet, the internet
Tablet does not have much computing power
and its application suite is limited. The Internet
tablets typically feature on MP3 and video
player, a web browser, chat application and
picture viewer.
 Personal Digital Assistant(PDA): It is a small,
pocket sized computer with limited functionality.
It is intended to synchronize with desktop
computers, giving access to contacts, address,
books, notes, E-mail and other features.
 Ultra Mobile PC: It is a full featured, PDA-
sized computer running a general purpose
operating system(OS).
 Smart phone : It is a PDA with an integrated
cell phone functionality.
 Carputer : It is a computing device installed in
an automobile. It operates as a wireless
computer, sound system, GPS and DVD player.
It also contains word processing software and
Bluetooth compatible.
Chapter
2

Topic 10
Have you ever
browsed about
Trends in mobility
wireless era ????
Trends in Mobility
 Mobile computing is
moving into a new era
(2G,3G,4G and
beyond )where we have UsertheMobility
It refers to users who approach equivalent telecomm administrations
numerous applications, at better places. i.e users can be portable and administrations can follow
improved ease of use and him/her.
higher data rates.
 The various types of
mobility and their
implications are as follows:
Device Mobility
It refers to the physical movement of the device. It can also be called
Device Portability.(small size, battery driven).

Service Mobilty
An user should be able to move from one service to another. E.g. A user
writes an email and to complete the email , the user needs to refer to some
other information.
Attacks on
Mobile Devices
Skull Trojan Mosquito Overbilling
Lasco worm Attack
Trojan
Overbilling involves
• It targets series 60 • It affects the • It targets PDA
an attacker hijacking a
phones equipped series 60 smart and mobile
with mobile OS. phones and is a phones running subscriber's IP address
cracked version the symbian OS. and then using it to
of mosquitos Lasco replicates initiate downloads or
mobile phone over Bluetooth use it for its own use.
game. connection. In this, the legitimate
user is charged for the
activity.
Chapter
2

Topic 11
Many people use
credit cards
nowadays
Have you ever wondered
How it works???
Is it safe ???
Let’s Have a look
Online Environment for Credit Card Transaction
 The customer places an order and swipes the
card .
 The card details are known through magnetic
strip data .
 Magnetic strip also known as swipe card or
magstrip is a card capable of storing data
modifying the iron based magnetic particles on
band of magnetic material on card.
 The security control module reads the magnetic
strip and acquires the pin.
 The order is managed , accounting is done by
the merchant server .
 Host security module checks pin inside
encrypted pin block with optional pin offset
data.
 The transaction is then routed to the issuing
bank to request transaction authorization.
 The transaction is accepted or declined by the
issuing bank.
 The acquiring bank credits the merchant’s
account.
Closed loop Environment
for wireless
 Merchant sends a transaction to the
bank.
 The bank transmits the request to the
authorised card holder
 The cardholder approval or rejects
(password protected)
 The bank (if NO)/ merchant (if YES) is
notified.
 The credit card transaction is
completed.
Types and Techniques of
Credit Card Fraud

Credit Card Frauds are The traditional and first


divided into two: type of credit card fraud
is paper based fraud.
Modern Fraud includes
Hacking , Cracking
Passwords etc.

Frauds Traditional

Modern
Types and Techniques of Credit Card Fraud
(Contd)
ID Theft is a term used to
Credit Card refer to fraud that involves
someone pretending to be
Frauds are someone else to steal
divided into two: money or get other
Sophisticated techniques
benefits.
enable criminals to produce
fake credit cards. Where an individual gives
false information about
his/her financial status to
acquire credit.
Skimming is where the
information held on either a Traditional
magnetic strip or back of a ID Theft
credit card or data stored on a
smart card on smart are copied
from one card to another.
Financial fraud
Site cloning and false merchant
site on internet are becoming a
popular method of fraud and to
Modern direct user to bogus fake sites is
called Phishing
Fraud
Chapter
2

Topic 12
Security Challenges Faced
By Mobile Phones
Different Attacks on Mobile Phones
• Loopholes in OS • Poor coding and
make inappropriate
vulnerabilities that advancement
are available to makes loopholes
attack. Merchants and bargains
attempt to tackle security.
these with
patches.
Mobile App
Os Attacks
attacks

Communicati
on Network Malware
Attack Attacks
• There has been a
• Communications
steady ascent in
for example, malware for cell
Bluetooth and Wi- phones. The
Fi associations attention is on
make gadgets erasing documents
powerless. and making chaos.
Security Challenges Faced by Mobile
Phones
• As easy as Bluetooth is to use, it can be just as easy for attackers to gain access to one’s phone
Blue and everything stored within. It’s fairly simple for a hacker to run a program to locate available
toot Bluetooth connections and Bingo – they’re in. It’s important to remember to disable the Bluetooth
h functionality when not in use.
Atta
cks

• Updates and patches designed to fix issues in mobile devices are not quite as cut and dry as with
Syst PCs. Mobile devices vendors often release updates and patches, but unfortunately carriers don’t
em always stream them due to commercial or bureaucratic reasons.
Upd
ates

• Mobile phones need good file encrypting for strong security. After all, who wants sensitive
Secu corporate data to end up in the wrong hands? Without the proper encryption, not only are personal
re documents up for grabs, but also passwords to bank, credit card and even business apps.
Data Encrypting sensitive data ensures would-be thieves gain a whole lot of nothing .
Stor
age
• Perhaps one of the best features of mobile devices is the ability to browse the web on the go, but
Mobi this also opens up the mobile phones to security risks. The problem is that users cannot see the
le whole URL or link, much less verify whether the link or URL is safe. That means that users could
Bro easily browse their way into a phishing-related attack.
wsin
g
Chapter
2

Topic 13
Registry Setting
For Mobile Logo For Windows Registry

Devices
Registry settings for mobile
devices: example
 Microsoft Active Sync :
synchronize PCs and MS Outlook
 Gateway between Windows-
Powered PC and Windows
mobile-Powered device
 Enables transfer of Outlook
information, MS Office
documents, pictures, music,
videos and applications
 Active sync can synchronize
directly with MS Exchange Sever
so that the user can keep their E-
Mails, calendar, notes and
contacts updated wirelessly.
Managing the registry setting and
configuration
 If you use an Active Directory®
environment to administer the
computers in your network, Group
Policy provides a comprehensive set
of policy settings to manage
Windows® Internet Explorer® 8
after you have deployed it to your
users' computers.

 You can use the Administrative


Template policy settings to establish
and lock registry-based policies for
hundreds of Internet Explorer 8
options, including security options.

 1700 settings in a standard group


policy
Example
 When using Pick-IT ASP in Internet Explorer, the
SIP (software input panel, or virtual keyboard) will
pop up when a textbox is activated. We cannot
control this panel through Pick-IT.
 The method disables this SIP, depending on your
mobile device model and operating system.
Chapter
2

Topic 14
Authentication
Service Security
Authentication
Service Security
 Involves mutual authentication
between the device and the base
station/ servers. Components
 Ensures that only authenticated Of Security
devices can be connected to the
network
 Hence, no malicious code can
impersonate the service provider Security of Security in
to trick the device devices Network
Eminent kinds of attacks on
mobile devices

Push Pull Crash War


Smishing
Attack Attack Attack Driving
Process Of Authentication
Server
Chapter
2

Topic 14
In Today’s World
Everyone is unaware how dangerous
Mobile Phones can be
Attacks on Mobile
Phones

Mobile
Mobile Hacking
Phone Mishing Vishing Smishing
Viruses Bluetooth
Theft

Let’s learn One by One


Mobile Phone Theft
• First mobile virus in 2004 :- Mosquito – this virus
Enou sent SMS text messages to the
gh
Target organization(Ojam)
Termi
nals

• Office functionality, critical data and applications


Enou protected insufficiently or not at all expanded
gh
functi functionality increases the probability of malware
onalit
y

Enou
• SMS, MMS, Synchronization, bluetooth,
gh infrared(IR) and WLAN connections
conn
ectivi
ty
Mobile Viruses
40 virus families
300+ mobile viruses
identified
First mobile virus : june
2004
Spread through dominant
communication protocols
 Bluetooth, MMS
Mishing
 'Mishing' is a combination of the words
mobile phone and phishing.
 Mishing is very similar to phishing—the
only difference is the technology.
 Phishing involves the use of emails to trick
you into providing your personal details,
whereas mishing involves mobile phones.
 If you use your mobile phone for
purchasing goods and services and
convenient banking, you could be more
vulnerable to a mishing scam.
Variants of
Mishing
• Mishing attacker
Smishing makes call for
phishing

• Mishing attacker
Vishing sends SMS for
phishing
Vishing
 The term "vishing" is a socially
engineered technique for stealing
information or money from
consumers using the telephone
network.
 Vishing is very similar to phishing—
the only difference is the technology. Voice
 Vishing involves voice or telephone
services. If you use a Voice over
Internet Protocol (VoIP) phone
service, you are particularly
vulnerable to a vishing scam.
Vishing
 Vishing is usually used to steal credit
card numbers or other related data
used in ID theft schemes from Phishing
individuals.
Smishing
 Short for SMS Phishing, smishing is a variant of
phishing email scams that instead utilizes Short
Message Service (SMS) systems to send bogus
text messages.
 Also written as Smishing, SMS phishing made
recent headlines when a vulnerability in the
iPhone's SMS text messaging system was
discovered that made smishing on the mobile
device possible.

SMS

Smishing

Phishing
Hacking
Bluetooth
 Bluetooth hacking is a technique used to
get information from another Bluetooth
enabled device without any permissions
from the host.
 This event takes place due to security
flaws in the Bluetooth technology.
 It is also known as Bluesnarfing.
 Bluetooth hacking is not limited to cell
phones, but is also used to hack PDAs,
Laptops and desktop computers.
 Bluetooth hacking is illegal and can lead
to serious consequences.
Common Attacks
• Bluejacking is the sending of unsolicited messages over Bluetooth to

Bluejacking Bluetooth-enabled devices such as mobile phones, PDAs or laptop


computers
• It is harmless

• Bluebugging manipulates a target phone into compromising its security,


this to create a backdoor attack before returning control of the phone to its

Bluebugging owner.
• Not only can a hacker receive calls intended for the target phone, he can
send messages, read phonebooks, and examine calendars

• Bluesnarfing is the unauthorized access of information from a wireless


device through a Bluetooth connection, often between phones, desktops,
Bluesnarfing laptops, and PDAs (personal digital assistant.).
• While Bluejacking is essentially harmless as it only transmits data to the
target device

• Software that intercepts a hands-free Bluetooth conversation in a car.


Car wishper
Chapter
2

Topic 15
Security
Implications for
Organization
Security risks within an
organization
Processing of Physical Theft or
fraudulent damage of
transactions equipment

Unauthorized
access to data and
program files
Fraud

Fraud

Security
Risks

Unauthorized Sabotage
data access and theft
Most Common
Fraud Tactics
Entering fictitious(Fake)
transactions

Modification of Computer files

Unauthorized changes to
program
Unauthorized
data access
 Password protection is the most common
method of protecting corporate data .
 Fraudulent transaction are often carried out by
unauthorized users who manage to gain
access to the corporate network by using the
login details of another user.
 One way of achieving this is through a terminal
soof-a simple yet effective approach to finding
other user’s passwords.
 Other dangers of which managers should be
aware include the Trojan horse in which code
is added to a program, which will activate
under certain condition.
Sabotage and
Theft
 Another form of theft relates to
copying of programs and data in an
organization.
 Theft of software is the major
problem in the pc world where
users often make illegal copies of
the programs rather than purchase
the package themselves –this
practice is known as software
piracy.
Chapter
2

Topic 16
Organizational measures for
handling Mobile, device related
security issues
Security features used to protect
mobile assets
• Whenever any cell phone is associated with an
Enforced Authentication organization’s network, user should enter
verification details.

• An organization should force the utilization of


Over-the-air data Secure Sockets Layer (SSL) while trading data
encryption wirelessly over cell phones.

• There should be an arrangement to clear all data


Remote wipe and data remotely and change the settings on a lost or
fading stolen PDA, cell phone , or tablet.

Separation of personal • There should be an facility to secure, control,


and enterprise and eradicate corporate data and applications
without affecting a users individual photographs,
information music, or games
Key Enquires addressed when
building a mobile security strategy

How do we deny access What is our plan if a How do we remove


to unauthorized users? personal device gets lost or corporate data from a
stolen? personal device whose
• Train employees to set a solid owner is leaving the
password on their cell phone • This, first, lets you freeze a company?
and to transform it every three device, which is helpful if there • Management devices can be
to a half year. Mobile is a decent possibility that it utilized to segregate enterprise
management systems can will turn up once more. On the and personal data. At the point
robotize implementation off chance that it is away for when an employee leaves, IT
acceptable, remote wipe lets can wipe the enterprise data
you permanently delete stored while leaving individual
data information unaffected. This
ability secures the association
without inconveniencing the
user.
Chapter
2

Topic 16
Security Policy and
Measures in Mobile
Computing Era
3 Vectors of
Attacks
Damages
Microphone Tracking Taking Stealing
Recording Location Crack Stealing
Password Photos Emails Contact List
Mobile Device
Management
• Normal review ought to be done in the
Identify all mobile association to distinguish servers and
devices on the network other mobile systems to ensure that
there are no unapproved devices.

• Mobile phones ought to have the


Consider separating
option to store endeavor information in
personal data from one zone of the device and encrypt
business data: and password protect only that area.

• Suitable user gatherings have to be


Formalise user types made and severe administration
and set policies strategies should be set for every one
of the user gathering.
Security
Implications
for Laptops
Security Rules
Choose a secure operating system and lock it down
• To think about your information, you should pick an OS that is secure.
Windows 2000 Professional and Windows XP Professional both offer secure
sign in, document level security, and the capacity to encrypt information.

Enable a strong BIOS(Basic Input/Output System) password


• Security begins right from the start by password protecting the BIOS. Some of the
manufacturers use stronger BIOS protection schemes than others. So you can find out
from your laptop manufacturer what the procedure is for resetting the password. If they
absolutely demand that you send the laptop back into the factory, do not give you a
"workaround", you have a better chance of recovering the machine and maybe even
catching the thief(both IBM and Dell provide this feature).

Use a docking station


• Practically 40% of laptop theft happens in the workplace. Inadequately screened
housekeeping staff, temporary workers, and displeased representatives are the typical
suspects. you can help forestall this by utilizing a docking station that is forever fastened
to your work area and has a component which secures the laptop safely.
Security Rules (Contd)
Use tracking software to have your laptop call home
• There are a few sellers that offer secretive programming
arrangements that empower you PC to register to a following
community intermittently utilizing a recognizable sign. In the event
your PC is lost or taken, these organizations work with the police,
telephone, organization and Internet specialist organizations to follow
and recuperate your PC. CompuTrace, SecureIT, stealth Signal, and
ZTrace give following administrations to organizations and people .

Get a cable lock and use it


• Over 80% of the workstations in the market are outfitted with a
Universal Security Services (USS) that permits them to be joined to a
link lock or laptop alert. In spite of the fact that this may not stop
criminals with bolt cutters, it can viably maintain the thieves away who
for the most part exploit you while you're dozing in an anteroom,
leaving it on a table to go to the restroom , and so on.
THANKS!
Any questions?
You can find me at:
[email protected]
▸ https://www.linkedin.com/in/s
urbhi-desai-541a651b1/

You might also like