Post-Graduate Diploma in Cyber Security Cyber Security Techniques (PGDCS-02) Title Cyber Security Techniques Advisors Mr. R. Thyagarajan, Head, Admn. & Finance and Acting Director, CEMCA Dr. Manas Ranjan Panigrahi, Program Officer (Education), CEMCA Prof. Durgesh Pant, Director- SCS&IT, UOU Editor Dr. Jeetendra Pande, Assistant Professor- School of CS & IT, Uttarakhand Open University, Haldwani Authors Block I> Unit I, Unit II, Unit III & Unit IV Mr. Mukesh Kumar Verma, Cyber Security Professional, Chandigarh Block II> Unit I, Unit II, Unit III & Unit IV Mr. Ashutosh Bahuguna, Scientist- Indian Computer Emergency Response Team (CERT- In), Department of Electronics & IT, Ministry of Communication & IT, Government of India & Block III> Unit I, Unit II, Unit III & Unit IV Mr. Sani Abhilash, Scientist- Indian Computer Emergency Response Team (CERT-In), Department of Electronics & IT, Ministry of Communication & IT, Government of India ISBN: 978-93-84813-89-5 Acknowledgement The University acknowledges with thanks the expertise and financial support provided by Commonwealth Educational Media Centre for Asia (CEMCA), New Delhi, for the preparation of this study material. Cover page image courtesy: https://upload.wikimedia.org/wikipedia/commons/0/00/Orange_blue_digital_signature_en.svg and http://molosyndicate.com/3/computerworld Uttarakhand Open University, 2016 © Uttarakhand Open University, 2016. Cyber Security Techniques is made available under a Creative Commons Attribution Share-Alike 4.0 Licence (international): http://creativecommons.org/licenses/by-sa/4.0/ It is attributed to the sources marked in the References, Article Sources and Contributors section. Published By: Uttarakhand Open University Expert Panel S. No. Name 1 Dr. Jeetendra Pande, School of Computer Science & IT, Uttarakhand Open University, Haldwani 2 Prof. Ashok Panjwani, Professor, MDI, Gurgoan 3 Group Captain Ashok Katariya, Ministry of Defense, New Delhi 4 Mr. Ashutosh Bahuguna, Scientist-CERT-In, Department of Electronics & Information Technology, Government of India 5 Mr. Sani Abhilash, Scientist-CERT-In, Department of Electronics & Information Technology, Government of India 6 Wing Commander C.S. Chawla, Ministry of Defense, New Delhi 7 Mr. Mukesh Kumar Verma, IT Consultant, Chandigarh 8 Mr. Pritam Dutt Gautam, IT Consultant, New Delhi Contents 1.1 LEARNING OBJECTIVES .......................................................................................................... 1 1.2 INTRODUCTION .......................................................................................................................... 1 1.2.1 Glossary.................................................................................................................................... 1 1.3 DETAILED DESCRIPTION OF IT SECURITY POLICIES..................................................... 2 1.3.1 Security Policy ......................................................................................................................... 2 1.3.2 Why policies are important? ................................................................................................... 3 1.3.3 Ways to make policies more effective ................................................................................... 4 1.4 TYPES OF INFORMATION SECURITY POLICIES ............................................................... 5 1.4.1 Examples of Information Security Policies ........................................................................... 5 1.5 IT SECURITY PROCEDURES .................................................................................................... 5 1.6 DIFFERENCES BETWEEN POLICIES AND PROCEDURES ............................................... 5 1.7 ASPECTS OF ORGANIZATIONAL SECURITY ..................................................................... 6 1.7.1 Physical Security ..................................................................................................................... 6 1.7.1.1. Examples of Controls for Physical security which you can easily see in your daily life .................................................................................................................................................. 7 1.7.2 Financial Security .................................................................................................................... 8 1.7.3 Online Security ........................................................................................................................ 8 1.7.4 Security Token ....................................................................................................................... 10 1.7.5 Electronic Mail Security ....................................................................................................... 10 1.7.6 Pretty Good Privacy (PGP) ................................................................................................... 11 1.7.7 Multipurpose Internet Mail Extensions (MIME) ................................................................ 12 1.7.8 Message Authentication Code .............................................................................................. 12 1.7.9 Firewall .................................................................................................................................. 12 1.7.10 Malicious Software ............................................................................................................. 12 1.7.11 Denial of Service Attack ..................................................................................................... 13 1.7.12 Phishing ................................................................................................................................ 13 1.7.13 Application Vulnerabilities ................................................................................................. 13 1.8 SUMMARY .................................................................................................................................. 13 1.9. CHECK YOUR PROGRESS ..................................................................................................... 14 1.10 ANSWERS TO CHECK YOUR PROGRESS......................................................................... 15 1.11 MODEL QUESTIONS .............................................................................................................. 15 2.1 LEARNING OBJECTIVES ........................................................................................................ 16 2.2 INTRODUCTION ........................................................................................................................ 16 2.2.1 Glossary.................................................................................................................................. 17 2.3 TYPES OF ATTACKS ................................................................................................................ 17 2.3.1 Insider Attack......................................................................................................................... 19 2.3.1.1 Types of Insider Attack ................................................................................................. 19 2.3.1.2 How to prevent Insider Attack ...................................................................................... 20 2.3.2 Outsider Attack ...................................................................................................................... 22 2.3.2.1 Types of Outsider Attack .............................................................................................. 22 2.3.2.2 How to prevent Outsider Attack ................................................................................... 23 2.4 CYBER CRIME ........................................................................................................................... 24 2.4.1 Overview of Cyber Crime ..................................................................................................... 25 2.4.2 Categories of Cyber Crime ................................................................................................... 25 2.4.3 Challenges of Cyber Crime................................................................................................... 26 2.4.4 Complexities of Cybercrime ................................................................................................. 27 2.4.5 Effects of Cyber Crime ......................................................................................................... 28 2.4.6 Solutions to cybercrime......................................................................................................... 28 2.5 HOW TO REPORT AN INCIDENT .......................................................................................... 30 2.6 SUMMARY .................................................................................................................................. 31 2.7 CHECK YOUR PROGRESS ...................................................................................................... 32 2.8 ANSWERS TO CHECK YOUR PROGRESS ........................................................................... 32 2.9 MODEL QUESTIONS ................................................................................................................ 32 3.1 LEARNING OBJECTIVES ........................................................................................................ 34 3.2 INTRODUCTION .......................................................................................................................