Cyber Security

Gazy Abbas, Cyber Security Trainer

Introduction of Cyber Crime Investigation

Heena Karbhari
 Firewall
• A Firewall is a software or hardware system designed to prevent
unauthorized access to an individual computer or network of computers.
• Firewalls can be implemented as both hardware and software, or a
combination of both. It’s a part of almost all operating systems.
• At its core, firewall examines traffic on a network interface to determine
whether packets should be allowed to enter or leave the interface.
• Thus, firewall software blocks inbound connections to a system’s services
that shouldn’t be exposed to other systems on a public network and can also
be used to block outbound traffic from a system to a network.
• Firewalls block traffic to known malware sites to try and limit the potential
damage of downloading an infectedHeena file.
Karbhari
Cont....
• Two common network security software components that can be part of firewall are
• 1. Personal firewalls -
These firewalls primarily protect a system’s services or file sharing from unauthorized
access.
• 2. Parental control software -
Parental control software blocks outbound traffic (usually web) to sites excluded from
access based on appropriateness (e.g., porn), ideology (e.g., politics), safety (e.g.,
malware), or other reasons. This requires a privileged account (such as root or
Administrator) to define the controls for a lower-privilege account.
• Other filtering software tools such as spam blockers and virus scanners are similar to
firewalls in the sense that they accept or deny traffic based on content inspection.
Heena Karbhari
Packet Filter
• Data travels on the internet in small pieces; these are called packets.
Each packet has certain metadata attached, like where it is coming from
(source IP), where it should be sent to (destination IP) on which port it
should be connected etc.
• A packet filter examines each datagram in isolation, determining
whether the datagram should be allowed to pass or should be dropped
based on administrator-specific rules.
• Packet filtering is a firewall technique used to control network access by
monitoring outgoing and incoming packets and allowing them to pass
or halt based on the source and destination Internet Protocol (IP)
addresses, protocols and ports. Heena Karbhari
What is Packet Filtering Firewall?
A packet filtering firewall is a network security feature that regulates
the flow of incoming and outgoing network data. Each packet
containing user data and control information is examined and tested by
the firewall using a set of pre-defined rules. If the packet passes the
test, the firewall allows it to proceed to its destination. Those who fail
the test are disqualified. Firewalls inspect packets by looking at rule
sets, protocols, ports, and destination addresses.

Heena Karbhari
How does Packet Filtering Firewall work?
• Packets are structured data units. Because they divide communications into small bits
and transport them independently across the network, these networks are fault-
tolerant.
• In order to display accurate information, packages are reordered after passing through
the firewall and arriving at their destination.
• Packet switching, when done correctly, increases network channel capacity and
decreases transmission delay and communication efficiency. Packets include two
essential components:
• Data is directed to the correct location using packet headers. They include internet
protocol (IP) elements, addressing, and any other data needed to deliver packets to
their destination.
• The user data contained within the packet is referred to as the payload. This is the
Heena Karbhari
data that is trying to get somewhere.
 Cont...
Packet filtering firewalls allow or deny network packets based on the following
criteria:
• The source IP address is where the packet is being sent from.
• The packet’s address is the destination IP address.
• Protocols: Protocols include data transfer protocols such as session and
application protocols (TCP, UDP, ICMP).
• Ports include source and destination ports, as well as ICMP types and codes.
• Flags include TCP header flags such as whether the packet is a connect
request.
• The physical interface (NIC) that the packet is passing through (incoming or
Heena Karbhari
outgoing).
Password Cracking

Heena Karbhari
Password cracking
• Password Cracking is a process of recovering passwords from data
that have been stored in or transmitted by a computer system.
• The purpose of password cracking is as follows:
⮚ To recover a forgotten password.
⮚ As a preventive measure by system administrators to check for easily
crackable passwords.
⮚ To gain unauthorized access to a system.

Heena Karbhari
Cont..
Manual password cracking is to attempt to logon with different passwords.
• The attacker follows the following steps:
• Find a valid user account such as Administrator or Guest;
• Create a list of possible passwords;
• Rank the passwords from high to low probability;
• Key-in each password;
• Try again until a successful password is found.
Passwords can be guessed sometimes with knowledge of the user’s
personal information. Heena Karbhari
 Cont..
Examples of guessable passwords include:
• Blank(none);
• The words like “password”, ”passcode” and “admin”;
• Series of letters from the “QWERTY” keyboard, for example, qwerty,
• asdf or qwertyuiop;
• User’s name or login name;
• Names of user’s friend/relative/pet;
• User’s birthplace or date of birth, or a relative’s or a friend’s;
• User’s vehicle number, office number, residence number or mobile
• number; Heena Karbhari
Types of Password cracking
1. Online attacks
• The most popular online attack is man-in-the-middle (MITM) attack also termed as bucket-
brigade attack.
• Man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly
alters the communication between two parties who believe they are directly communicating
with each other.
• This type of attack is used to obtain the passwords for E-Mail accounts on public websites
such as Yahoo, Hotmail and Gmail and can also get the passwords for financial websites that
would like to gain the access to banking websites.

Heena Karbhari
Types of Password cracking

Heena Karbhari
Types of Password cracking
2. Offline attacks
• Offline attacks require physical access to the computer and copying the
password file from the system on to removable media.
• Different types of offline password attacks are
a) Dictionary attack
b) Hybrid attack
c) Brute force attack

Heena Karbhari
Types of Password cracking
Brute-force attack: This is the most basic and straightforward method of password cracking. It involves
trying every possible combination of characters until the correct password is found. This method can be
very time-consuming, but it is also very effective for cracking short and weak passwords.

Heena Karbhari
Types of Password cracking
• Dictionary attack: This method uses a dictionary of common words and phrases to try to guess the
password. This method is more effective than brute-force attacks for cracking longer passwords, as it
is more likely that the password will be a word or phrase from the dictionary.

Heena Karbhari
Types of Password cracking
• Rainbow table attack: This method uses a precomputed table of hashes to quickly crack passwords.
Rainbow tables are created by taking a list of common passwords and hashing them with a one-way
function. When a password is cracked, its hash is compared to the hashes in the rainbow table. If a
match is found, the password is immediately known.

Heena Karbhari
Types of Password cracking
3. Non-electronic attacks
a) Social engineering: Social engineering is a method of using psychology to gain access to the computer
systems and tricking the victims into giving out sensitive and personal information such as passwords and
other credentials.The most common social engineering techniques are Phishing, Vishing, etc.
b) Shoulder surfing: It is a technique of gathering information such as username and passwords by watching
over a person’s shoulder while he/she logs into the system, thereby helping an attacker to gain access to the
system.
c) Dumpster diving : In the IT world, dumpster diving refers to using various methods to get information
about a technology user. In general, dumpster diving involves looking in the trash for information written on
pieces of paper or computer printouts. This is often done to uncover useful information that may help an
individual get access to a particularnetwork.

Heena Karbhari
 KEY LOGGERS
• Keystroke logging, often called keylogging, is the practice of noting or logging the keys struck on a keyboard, typically in a
covert manner so that the person using the keyboard is unaware that such actions are being monitored.
• A keylogger is a program that runs in the background or hardware, recording all the keystrokes.
• Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker.
• Attacker checks files carefully in the hopes of either finding passwords, or possibly other useful information.
• Keyloggers, as a surveillance tool, are often used by employers to ensure employees use computers for business purposes only.
• This method is highly useful for law enforcement and for the practice of spying. Typically by governments to obtain political
and military information.
• Besides being used for legitimate (authenticated) purposes, keyloggers can be used to collect sensitive information.
• The types of sensitive information include:
• 1) Usernames & Passwords
• 2) Credit Card Numbers
Heena Karbhari
• 3) Personal Information such as Name, Address, etc.
 Types of Keyloggers
1) Software Keyloggers: Software keyloggers are software programs installed on the computer systems which usually are located
between the OS and the keyboard hardware, and every keystroke is recorded.
• Cybercriminals always install such tools on the insecure computer systems available in public places and can obtain the
required information about the victim very easily.
• Software keyloggers track system, collect keystroke data within the target operating system, store them on disk or in remote
location, and send them to the attacker who installed the keyloggers.
• A keylogger usually consists of two files that get installed in the same directory: a dynamic link library (DLL) file and an
EXEcutable (EXE) file that installs the DLL file and triggers it to work. DLL does all the recording of keystrokes.
• Some of the examples of software keyloggers are
1. All in One Keylogger
2. Perfect Keylogger
3. KGB Spy
Heena Karbhari
4. Elite Keylogger
 Types of Keyloggers
2) Hardware Keyloggers: To install these keyloggers, physical access to the computer system is required.
• Hardware keyloggers are small hardware devices.
• These are connected to the PC and/or to the keyboard and save every keystroke into a file or in the memory of the hardware
device.
• Cybercriminals install such devices on ATM machines to capture ATM Cards PINs.
• Each keypress on the keyboard of the ATM gets registered by these keyloggers.
• These keyloggers look like an integrated part of such systems; hence, bank customers are unaware of their presence.
• Some of the hardware keyloggers can be found from the following websites.
1. www.keyghost.com
2. www.keelog.com
3. www.keydevil.com
4. www.keykatcher.com Heena Karbhari
 Antikeylogger
• An anti-keylogger is a tool that can detect the keylogger installed on the computer system and also can remove the tool. In
comparison to most anti-virus or anti-spyware software, the primary difference is that an anti-keylogger does not make a
distinction between a legitimate keystroke-logging program and an illegitimate keystroke-logging program (such as malware).
• Advantages of using anti-keylogger are as follows:
• Firewalls cannot detect the installations of keyloggers on the systems. Hence, anti-keyloggers can detect installation of
• keylogger.
• This software does not require regular updates of signatures bases to work effectively such as other anti-virus programs.
• Prevents Internet banking frauds. Passwords can be easily gained with the help of installing keyloggers.
• It prevents ID theft.
• It secures E-Mail and instant messaging/chatting.

Heena Karbhari
 Spyware
• Spyware is a type of malicious software (malware) that is installed on a computer without the user’s knowledge.
• It monitors user activity and transmits it to another computer.
• It is one of the most common threats on the internet.
• It is a threat to businesses and individual users, because it can steal sensitive information and harm the network.
• Spyware monitors our internet activity, tracking our login and password information (eg: credit card or bank account information), and spying
on our sensitive personal information.
• Many spyware programs are set to monitor what websites we visit generally for advertising/marketing purposes.
• Some types of spyware can install additional software and change the settings on our device.
• Spyware may also have an ability to change computer settings, which may result in slowing of the Internet connection speedsand slowing of
response time.
• Various popular spywares available in the market are
1. 007 Spy
2. Spector Pro
Heena Karbhari
3. eBlaster
Virus
• Viruses are malicious programs that attaches itself to another executable program.
• Whenever the host program is executed, virus code is also executed and it can make a copy of itself and infect
other executable files found in your memory or hard drive.
• A virus cannot be spread without a human action. That means it cannot spread unless you run infected
application or click on infected attachment.
• A computer virus passes from computer to computer in a similar manner as a biological virus passes from
person to person.
• A true virus can only spread from one system to another when a user sent it over the internet or a network, or
carried it on a removable media such as CD, DVD, or USB drives.
• Present viruses spread as attachments through E-mail, and they will mail themselves to people from our
address book.
• Viruses are sometimes confused with computer worms and Trojan Horses, which are technically different.
Heena Karbhari
Types of Viruses
Computer viruses can be categorized based on attacks on various elements of the system and can put the
system and personal data on the system in danger.
1) Boot sector virus : It infects the storage media on which OS is stored. This virus targets specifically a boot
sector on the host’s hard drive.
Boot sector viruses often spread to other systems when shared infected disks and pirated software(s) are used.
2) Program virus: These viruses become active when the program file usually with
extensions .bin, .com, .exe, .ovl, .drv is executed.
Once these program files gets infected, the virus makes copies of itself and infects the other programs on the
computer system.
3) Multipartite virus : It is a hybrid of a boot sector and program viruses.It infects program files along with the
boot record when the infected program is active. When the victim starts the computer system next time, it will
infect the local drive and other programs on the victim’s computer system.
Heena Karbhari
Types of Viruses
4) Stealth virus: It masks itself very well and so detecting this type of virus is very difficult. It can disguise itself
such a way that antivirus software also cannot detect it. It alters its file size and conceals itself in the computer
memory. The first computer virus, names as Brain, was a stealth virus.
5) Polymorphic virus: It acts like a “chameleon” that changes its virus signature every time it spreads through
the system. These viruses hide themselves in various cycles of encryption and decryption Polymorphic
generators are the small programs which are not viruses, but hide actual viruses under the cloak of
polymorphism.
6) Macro virus: Many applications, such as Microsoft Word and Microsoft Excel, support MACROs. These macros
are programmed as a macro embedded in a document. Once a macro virus gets onto a victim’s computer then
every document he/she produces will become infected.
7) Over write virus: This virus overwrites the content of a file, losing the original content.It infect folders, files,
and even programs. To delete this virus, we need to get rid of our file. Therefore, it is important to back up our
data.
Heena Karbhari
Types of Viruses
8) Resident virus: These are permanent viruses which live in our RAM memory. When
executed this type of virus actively seeks targets for infections - either on local, removable or
network locations.
9) Directory virus: Directory viruses change file paths. When we run programs and software
that are infected with directory viruses, the virus program also runs in the background.
Further, it may be difficult for us to locate the original app or software once infected with
directory viruses.
10) Web Scripting virus: This virus lives in certain links, ads, images, videos, and layout of a
website. These may carry malicious codes in which when we click, the viruses will be
automatically downloaded or will directus to malicious websites.

Heena Karbhari
Worms
• A worm is similar to view by design and is considered to be a sub-classof a virus. It is an
independent program that does not modify other programs, but reproduces itself over and
over again until it slows down or shuts down a computer system or network.
• Worms spread from one computer to another and it has the capability to travel without any
human action.
• It uses computer network to spread itself. Unlike a virus, it does not need to attach itself to
an existing program.
• It consumes too much system memory.
• It infects the environment rather than specific objects.
• Worms send a copy of itself to everyone listed on your email address book.
Heena Karbhari
Worms
• Worms are dangerous because:
 They spread extremely fast.
 They are silent.
 Once they are out, they cannot be recalled.
 They usually install malicious code in the system like DDoS tool, Backdoor etc.
 It make the network in jammed condition.

Heena Karbhari
Worms
• Example 1 (Morris Worm): Robert Tappan Morris is an American computer scientist and entrepreneur. He is
best known for creating the Morris Worm in 1988 from MIT, considered the first computer worm on
theInternet.
• It is also known as “Great Worm” or Internet Worm.
• At that time Internet was small and consist of 60,000 computers.
• Morris Worm infected around 6,000 major Unix machines and the total cost of the damage calculated was US
$ 10-100 millions.
• Example 2 (ILOVEYOU): It is also known as Loveletter or Love Bug Worm.
• It successfully attacked tens of millions of Windows computers in 2000. The E-Mail was sent with the subject
line as “ILOVEYOU” and an attachment “LOVE-LETTER-FOR-YOU.TXT.vbs.”
• The file extension “vbs” was hidden, hence the receiver downloads the attachment and opens it to see the
contents.
Heena Karbhari
Differences between Virus and Worms

Heena Karbhari
Trojan/Trojan horse
• Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless
programming or data in such a way that it can get control and cause harm.
• A Trojan horse may get widely redistributed as part of computer virus.
• The term Trojan horse comes from Greek mythology about the Trojan War.
• Trojans can get into the system in a number of ways, including from a web browser, via E-mail or in a bundle
with other software downloaded from the Internet.
• It can also possibly transfer malware through a USB flash drive or other portable media.
• Unlike viruses and worms, Trojans do not replicate themselves, but they can be equally destructive.
• On the surface, Trojans appear benign and harmless, but once the infected code is executed, Trojans kick in
and perform malicious functions to harm the computer system without the user’s knowledge.

Heena Karbhari
Backdoors
• A backdoor is a means of access to a computer program that bypasses security mechanisms.
• A backdoor works in background and hides from the user. It is very similar to a virus and, therefore, is quite
difficult to detect and completely disable.
• A backdoor is one of the most dangerous parasite, as it allows a malicious person to perform any possible
action on a compromised system.
• Most backdoors are autonomic malicious programs that must be somehow installed to a computer.
• Some parasites do not require installation, as their parts are already integrated into particular software
running on a remote host.
• In Programmer point of view he may sometimes install a backdoor so that program can be accessed for
troubleshootingpurposes.
• In hackers point of view he often use backdoors as part of an exploit.
• Few examples of backdoor Trojans are Back Orifice, Bifrost,
Heena Karbhari SAP backdoors, etc.
Functions of Backdoors
1) It allows an attacker to create, delete, rename, copy or edit any file, execute various commands, change any
system settings, alter the windows registry, run, control and terminate applications, install arbitrary software
and parasites.
2) It allows an attacker to control computer hardware devices, modify related settings, shutdown or restart a
computer without asking for user permission.
3) It steals sensitive personal information, valuable documents, passwords, login names, ID details, logs, user
activity and tracks web browsing habits.
4) It records keystrokes that a user types on a computer’s keyboard and captures screenshots.
5) It sends all gathered data to a predefined E-Mail address, uploads it to a predetermined FTP server or
transfers it through a background Internet connection to a remote host.
6) It infects files, corrupts installed applications and damages the entire system.
7) It installs hidden FTP server that can be used by malicious persons for various illegal purposes.
Heena Karbhari
STEGANOGRAPHY
Steganography is a greek word that means means "covered writing” or “sheltered writing”.
It is a method that attempts to hide the existence of a message or communication.
The word “steganography” comes from the two Greek words. “steganos" meaning "covered" and "graphein"
meaning "writing".
Steganography is the art and science of writing hidden messages in such a way that no one apart from the
intended recipient knows the existence of the message.
Steganography can be used to make a digital watermark to detect illegal copying of digital images.
It is said that terrorists use steganography techniques to hide their communication in images on the internet.
The term “cover” or “cover medium” is used to describe the original, innocent message, data, audio, video and
so on.
The data to be hidden can be hidden inside almost any other typeof digital content. The content to be concealed
throughteganography is called hidden text or secretHeena
message.
Karbhari
STEGANOGRAPHY

• Some of the steganography
tools are MP3Stego,
Invisible Secrets,DiSi-
Steganograph, DriveCrypt
Plus (DCPP), MSU Stego
Video.

Heena Karbhari
Steganalysis
• Steganalysis is the art and science of detecting messages that are hidden in images,
audio/video files using steganography.
• The goal of steganalysis is to identify suspected packages and to determine whether
or not they have a payload encoded into them, and if possible recover it.
• Automated tools are used to detect such steganographed data/information hidden in
the image and audio and/or video files.

Heena Karbhari
Difference between Steganography and Cryptography

Heena Karbhari
Denial-of-Service (DoS) Attacks​
• A denial-of-service (DoS) attack is an attempt to make a computer resource unavailable to its intended users.
This can be accomplished by overwhelming the target system with traffic, such as sending it many requests
or packets. DoS attacks can be launched from a single computer or from a network of computers.​
• Types of DOS ttack:
• Volume-based DoS attacks: These attacks overwhelm the target system with a large volume of traffic, such
as sending it many SYN packets or HTTP requests. This can cause the target system to crash or become
unresponsive.​
• Protocol attacks: These attacks exploit vulnerabilities in network protocols to disrupt the target system's
ability to communicate. For example, a Smurf attack exploits a vulnerability in the ICMP protocol to send
large number of packets to the target system, overwhelming its resources.​
• Application-layer attacks: These attacks target specific applications or services on the target system. For
example, a Slowloris attack sends many slow, low-rate HTTP requests to the target system, causing it to
consume excessive resources and become unresponsive
Heena Karbhari
Denial-of-Service (DoS) Attacks​
• Impact of DOS Attack:
• DoS attacks can have a significant impact on organizations, including:​
• Loss of revenue:
If a website or online service is unavailable, businesses can lose revenue.​
• Damage to reputation:
A DoS attack can damage a company's reputation and make it difficult to attract and retain
customers.​
• Increased costs:
Organizations may incur additional costs to mitigate DoS attacks and recover from them.​
Heena Karbhari
 DDoS Attacks​​
• A distributed denial-of-service (DDoS) attack is a DoS attack that is launched from a distributed
network of computers. This makes DDoS attacks more difficult to defend against than DoS
attacks, as the traffic is coming from multiple sources.​
• DDos Attacks Methods:
• Reflector attacks: These attacks exploit vulnerabilities in network protocols to reflect traffic
from large number of sources to the target system. For example, a DNS reflection attack
exploits a vulnerability in the Domain Name System (DNS) protocol to send large number of
UDP packets to the target system.​
• Amplification attacks: These attacks exploit vulnerabilities in network protocols to amplify the
amount of traffic sent to the target system. For example, a UDP fragmentation attack exploits a
vulnerability in the UDP protocol to send many small UDP packets to the target system, which
are then reassembled into much larger packets.​
Heena Karbhari
 ATTACK ON WIRELESS NETWORKS
What is a wireless network?
•  Wireless technologies have become increasingly popular in day-to_x0002_day business and personal lives.
Hand-held devices such as the PDAs allow individuals to access calendars, E-Mail addresses, phone number lists
and the Internet.
•  Wireless networks extend the range of traditional wired networks by using radio waves to transmit data to
wireless_x0002_enabled devices such as laptops and PDAs.
•  Wireless networks are generally composed of two basic elements
a) Access points (APs)
b) Other wireless-enabled devices, such as laptops, radio transmitters and receivers to communicate or “connect”
with each other.
•  Wireless access to networks has become very common in India both for organizations and for individuals.

Heena Karbhari
 Traditional Techniques of attacks on wireless networks
1) Sniffing
It is eavesdropping on the network and is the simplest of all attacks. Sniffing is the simple process of intercepting
wireless data that is being broadcasted on an unsecured network. Also termed as reconnaissance technique, it
gathers the required information about the active/available Wi-Fi networks. The attacker usually installs the
sniffers remotely on the victim’s systems and conducts activities such as
•  Passive scanning of wireless networks;
•  detection of SSID;
•  collecting the MAC address;
•  collecting the frames to crack WEP.

Heena Karbhari
 Traditional Techniques of attacks on wireless networks
2) Spoofing
The primary objective of this attack is to successfully masquerade the identity by falsifying data and thereby
gaining an illegitimate advantage. The attacker often launches an attack on a wireless network by simply creating a
new network with a stronger wireless signal and a copied SSID in the same area as a legitimate network.
• MAC Address Spoofing: It is technique of changing an assigned media access control (MAC) address of a
networked device to a different one.
• IP Spoofing: It is a process of creating IP packets with a forged source IP address, with the purpose of concealing
the identity of the sender or impersonating another computing system.

Heena Karbhari
 Traditional Techniques of attacks on wireless networks
3) Denial of Service (DoS)
• A denial-of-service attack (DoS attack) or distributed denial_x0002_of-service attack (DDoS attack) is an attempt
to make a computer resource unavailable to its intended users.
• In this type of attack, the attacker floods the bandwidth of the victim’s network of fills his E-Mail box with spam
mail depriving him of the services he is entitled to access or provide.
• The attackers typically target sites or services hosted on high-profile web servers such as banks, credit card
payment gateways, mobile phone networks and even root name servers (i.e., domain name servers).
4)Man-in-the-middle attack (MITM)
• Man-in-the-middle attack happens when a hacker manipulates the traffic by being in between the client and
server.
• This is an active eavesdrop attack where the attacker independently connects with the victim and relays
messages
• between them. Heena Karbhari
 How to secure the wireless networks
1) Change the default settings of all the equipments/components of wireless network (e.g.,IP address/userIDs/administrator
passwords, etc).
2) Enable WPA/WEP encryption.
3) Change the default SSID.
4) Enable MAC address filtering.
5) Disable remote login.
6) Disable SSID broadcast.
7) Disable the features that are not used in the AP (e.g., printing/music support).
8) Avoid providing the network a name which can be easily identified (e.g., My_Home_Wifi).
9) Connect only to secured wireless network (i.e., do not auto connectto open Wi-Fi hotspots).
10) Upgrade router’s firmware periodically.
11) Assign static IP addresses to devices.
Heena Karbhari
 How to secure the wireless networks
Some of the tools used to protect wireless network are
•  Zamzom Wireless Network Tool
•  AirDefense Guard
•  Wireless Intrusion Detection System (WIDZ)
•  BSD-Airtools
•  Google Secure Access

Heena Karbhari
www.paruluniversity.ac.in
Heena Karbhari