TYBCA-Cyber-Security-Notes-1

Unit 1: Introduction to Cyber Crime and Cyber Security

Cyber Crime

  • Meaning: Criminal activities carried out by means of computers or the internet.

  • Definition:

    • Cybercrime: A crime where a computer is the object of the crime or used as a tool to commit an offense.

    • Cybercriminals may access personal information, confidential business information, government data, or disable devices.

    • Includes manh facets such as committing fraud, trafficking in child pornography, identity theft, and violating privacy.

    • Growth of cybercrime is linked to the central role of computers in commerce, entertainment, and government.

Categories of Cyber Crime

  • Crimes targeting computer networks or devices: Includes threats like viruses and denial-of-service attacks.

  • Crimes using computer networks to commit other offenses: Includes cyber stalking, financial fraud, and identity theft.

Origin of the Term 'Cyber Crime'

  • Derived from cybernetics.

  • Refers to concepts of game theory, systems, and organizational theory.

  • Relates to governance; Greek root kubernētēs, meaning steersman.

Who are Cyber Criminals?

  • Definition: Individuals who commit cyber crimes using computers as tools or targets.

Types of Cyber Criminals

  1. Hackers: Unauthorized access to systems or networks.

  2. Organized Hackers: Form organized groups engaged in sophisticated and well-funded cyber crimes.

  3. Internet Stalkers: Monitor web activity and gather personal data.

  4. Disgruntled Employees: Use knowledge of systems to perpetrate crimes against their employers.

Classification of Cyber Crimes

  • Email Spoofing: Manipulating emails to appear as if from trusted sources.

  • Spamming: Unwanted bulk messages via email, forums, and social media.

  • Cyber Defamation: Intentionally damaging reputations through electronic media.

  • Internet Time Theft: Unauthorized use of internet hours paid for by another person.

  • Salami Attack: Small, repeated attacks designed to extract minimal amounts of money unnoticed.

  • Data Diddling: Altering data before it is entered into a system.

  • Forgery: Altering computer-stored documents or creating counterfeit items.

  • Web Jacking: Taking control of a website to steal sensitive data.

Cyber Security

  • Definition: Protecting networks, devices, and data from unauthorized access or attacks.

  • Threats:

    • Types include computer viruses, data breaches, DoS attacks.

Various Cyber Security Measures

Viruses

  • Programs that replicate and infect files, potentially causing crashes.

Malware

  • Software designed to infiltrate and damage systems unnoticed.

Ransomware

  • Threatens to block access to data unless a ransom is paid.

Vulnerability

  • Definition: Weaknesses that cybercriminals exploit for unauthorized access.

  • Categorized into Network, Operating System, Human, and Process Vulnerabilities.

CIA Triad

  • Confidentiality: Ensuring only authorized access to information.

  • Integrity: Assurance that data is accurate and reliable.

  • Availability: Ensuring access to information when needed.

Cyber Security Policies

Key Types

  1. Virus and Spyware Protection Policy: Detects and repairs security threats.

  2. Firewall Policy: Blocks unauthorized network access.

  3. Intrusion Prevention Policy: Automatically detects and blocks attacks.

  4. Application and Device Control Policies: Protect against unauthorized applications.

  5. Exceptions Policy: Defines exclusions from standard security measures.

Unit 2: Cyber Offenses and Cyber Stalking

Attack Phase

  1. Brute Force Attack: Bypassing passwords.

  2. Execution of Malicious Commands: Launching harmful applications.

  3. Covering Tracks: Deleting logs to evade detection.

Types of Cyber Attacks

  1. Reconnaissance Attacks: Gathering data to facilitate future attacks.

  2. Active vs Passive Attacks: Engaging directly with a system vs. observing it without interaction.

Social Engineering

  • Manipulation techniques that exploit human error to gain sensitive information.

  • Common Techniques: Phishing, vishing, pretexting, baiting.

Cyber Stalking

  • Threatening or harassing someone using electronic means.

  • Motives: Monitoring activities, intimidation, and revealing private information.

Real-Life Examples of Cyber Stalking

  • Placing orders in someone else's name, threatening via email, following online.

Prevention Strategies

  • Update software, strengthen privacy settings, install antivirus, avoid public Wi-Fi.

Incident Handling

  • Stages: Initial response, consolidation, recovery, and restoration.

  • Emphasis on security incident management and compliance.

Organizational Guidelines for Cyber Security

  • Establishing clear policies for internet usage and computer systems to protect information and assets.

  • Monitoring Expectations: Compliance with rules can lead to disciplinary actions.

Conclusion

  • Cyber Crime and Cyber Security impact modern society profoundly, necessitating robust measures to safeguard personal and organizational data.