Skip to main content

L12: Cyber Security Threats | Viruses,Worms,Trojan Horse,Bombs,Trapdoors,Spoofs,E-mail Viruses

L12: Cyber Security Threats | Viruses,Worms,Trojan Horse,Bombs,Trapdoors,Spoofs,E-mail Viruses

Security threat

Whenever an individual or an organization creates a web site or has a web presence, they are vulnerable to security attacks. Security attacks are mainly aimed at stealing, altering or destroying personal and confidential information, stealing the hard drive space, illegally accessing passwords to get to the private account information from the online banking services.

In network security, the three common terms used are as follows:

 ■ Vulnerability—A weakness that is inherent in every network and device. This includes routers, switches, desktops, servers, and even security devices themselves.

Threats—The people eager, willing, and qualified to take advantage of each security weakness, and they continually search for new exploits and weaknesses.

Attacks—The threats use a variety of tools, scripts, and programs to launch attacks against networks and network devices. Typically, the network devices under attack are the endpoints, such as servers and desktops.

1.1 Vulnerabilities

 Vulnerabilities in network security can be summed up as the “soft spots” that are present in every network. The vulnerabilities are present in the network and individual devices that make up the network. Networks are typically plagued by one or all of three primary vulnerabilities or weaknesses:

 ■ Technology weaknesses

■ Configuration weaknesses

Security policy weaknesses (in unit 1notes)


1.2 Threats (cover from active attacks in unit1)


1.3Attacks Four primary classes of attacks exist:

■ Reconnaissance

■ Access

■ Denial of service

■ Worms, viruses, and Trojan horses



 Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities (see Figure 1-13). It is also known as information gathering and, in most cases, it precedes an actual access or denial-of-service (DoS) attack. Reconnaissance is somewhat analogous to a thief casing a neighborhood for vulnerable homes to break into, such as an unoccupied residence, easy-to-open doors, or open windows.


Access System:

Access is the ability for an unauthorized intruder to gain access to a device for which the intruder does not have an account or a password. Entering or accessing systems to which one does not have authority to access usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked.


Denial of Service (DoS) :

Denial of service implies that an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable. But DoS can also be as simple as deleting or corrupting information. In most cases, performing the attack simply involves running a hack or script. The attacker does not need prior access to the target because a way to access it is all that is usually required. For these reasons, DoS attacks are the most feared.                                                                                                   



A computer virus is a malicious program that self-replicates by copying itself to another program. In other words, the computer virus spreads by itself into other executable code or documents. The purpose of creating a computer virus is to infect vulnerable systems, gain admin control and steal user sensitive data. Hackers design computer viruses with malicious intent and prey on online users by tricking them.

A virus can be spread by opening an email attachment, clicking on an executable file, visiting an infected website or viewing an infected website advertisement. It can also be spread through infected removable storage devices, such USB drives. Once a virus has infected the host, it can infect other system software or resources modify or disable core functions or applications, as well as copy, delete or encrypt data. Some viruses begin replicating as soon as they infect the host, while other viruses will lie dormant until a specific trigger causes malicious code to be executed by the device or system.


Types of Computer Viruses:

computer virus is one type of malware that inserts its virus code to multiply itself by altering the programs and applications. The computer gets infected through the replication of malicious code.

Computer viruses come in different forms to infect the system in different ways. Some of the most common viruses are:

Boot Sector Virus – This type of virus infects the master boot record and it is challenging and a complex task to remove this virus and often requires the system to be formatted. Mostly it spreads through removable media.

Direct Action Virus – This is also called non-resident virus, it gets installed or stays hidden in the computer memory. It stays attached to the specific type of files that it infect. It does not affect the user experience and system’s performance.

Resident Virus – Unlike direct action viruses, resident viruses get installed on the computer. It is difficult to identify the virus and it is even difficult to remove a resident virus.

Multipartite Virus – This type of virus spreads through multiple ways. It infects both the boot sector and executable files at the same time.

Polymorphic Virus – These type of viruses are difficult to identify with a traditional anti-virus program. This is because the polymorphic viruses alters its signature pattern whenever it replicates.

Overwrite Virus – This type of virus deletes all the files that it infects. The only possible mechanism to remove is to delete the infected files and the end-user has to lose all the contents in it. Identifying the overwrite virus is difficult as it spreads through emails.

Spacefiller Virus – This is also called “Cavity Viruses”. This is called so as they fill up the empty spaces between the code and hence does not cause any damage to the file.



An Internet worm is type of malicious software (malware) that self-replicates and distributes copies of itself to its network. These independent virtual viruses spread through the Internet, break into computers, and replicate without intervention from and unbeknownst to computer users.

A computer worm is a type of malware that spreads copies of itself from computer to computer. A worm can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage.

To spread, worms either exploit vulnerability on the target system or use some kind of social engineering to trick users into executing them. A worm enters a computer through a vulnerability in the system and takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided. More advanced worms leverage encryption, wipers, and ransom ware technologies to harm their targets.


Trojan horse:

A Trojan is also known as Trojan horse. It is a type of malicious software developed by hackers to gain access to target users' systems. Users are typically tricked by some attractive social media adds who then directed to malicious website thereby loading and executing Trojans on their systems. Cyber-criminals use Trojans to spy on the victim user, gain illegal access to the system to extract sensitive data.

These actions can include:

  • Deletes Data
  • Copies data
  • Modifies Data
  • Blocks Data

Trojan horse is not able to replicate itself, nor can it propagate without an end user's assistance. This is why attackers must use social engineering tactics to trick the end user into executing the Trojan. Typically, the malware programming is hidden in an innocent-looking email attachment or free download. When the user clicks on the email attachment or downloads the free program, the malware that is hidden inside is transferred to the user's computing device. Once inside, the malicious code can execute whatever task the attacker designed it to carry out.


Characteristics of a Trojan horse          


When a Trojan horse becomes active, it puts sensitive user data at risk and can negatively impact performance. Once a Trojan has been transferred, it can:

  • Give the attacker backdoor control over the computing device.
  • Record keyboard strokes to steal the user's account data and browsing history.
  • Download and install a virus or worm to exploit vulnerability in another program.
  • Install ransomwareto encrypt the user's data and extort money for the decryption key.
  • Activate the computing device's camera and recording capabilities.



A logic bomb is a piece of code inserted into an operating system or software application that implements a malicious function after a certain amount of time, or specific conditions are met. Logicbombs are often used with viruses, worms, and trojan horses to time them to do maximum damage before being noticed.

Some logic bombs can be detected and eliminated before they execute through a periodic scan of all computer files, including compressed files, with an up-to-date anti-virus program.



A computer trapdoor, also known as a back door, provides a secret -- or at least undocumented -- method of gaining access to an application, operating system or online service. Programmers write trapdoors into programs for a variety of reasons. Left in place, trapdoors can facilitate a range of activities from benign troubleshooting to illegal access.

TrapDoor does not spread automatically using its own means. It needs the attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Spoofing mean?

Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security.

Email spoofing is one of the best known spoofs. Since core SMTP fails to offer authentication, it is simple to forge and impersonate emails. Spoofed emails may request personal information and may appear to be from a known sender. Such emails request the recipient to reply with an account number for verification. The email spoofer then uses this account number for identity theft purposes, such as accessing the victim's bank account, details changing contact etc.

The attacker (or spoofer) knows that if the recipient receives a spoofed email that appears to be from a known source, it is likely to be opened and acted upon. So a spoofed email may also contain additional threats like Trojans or other viruses. These programs can cause significant computer damage by triggering unexpected activities, remote access, deletion of files and more.


Email virus:

An email virus is a virus that is sent with or attached to email communications. While many different types of email viruses work in different ways, there also are a variety of methods used to counteract such challenging cyber attacks.

Email viruses are often connected with phishing attacks in which hackers send out malicious email messages that look as if they are originated from legitimate sources, including the victim's bank, social media, internet search sites or even friends and co-workers. The attacker's goal, in these cases, is to trick users into revealing personal information, such as the victim's usernames, full names and addresses, passwords, Social Security numbers or payment card numbers.


Macro Virus:

A macro virus is a computer virus that replaces a macro, which is what enables a program to work and instigates a designated group of actions and commands. When these actions and commands are replaced by a virus, this can cause significant harm to a computer. 

Malicious Software (Malware):

Malicious software, commonly known as malware, is any software that brings harm to a computer system. Malware can be in the form of worms, viruses, Trojans, spyware, adware and rootkits, etc., which steal protected data, delete documents or add software not approved by a user.

Malicious software (malware) is any software that gives partial to full control of your computer to do whatever the malware creator wants. Malware can be a virus, worm, trojan, adware, spyware, root kit, etc. The damage done can vary from something slight as changing the author's name on a document to full control of your machine without your ability to easily find out. Most malware requires the user to initiate it's operation. Some vectors of attack include attachments in e-mails, browsing a malicious website that installs software after the user clicks ok on a pop-up, and from vulnerabilities in the operating system or programs. Malware is not limited to one operating system.



Spam is electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited email. However, if a long-lost brother finds your email address and sends you a message, this could hardly be called spam, even though it is unsolicited. Real spam is generally email advertising for some product sent to a mailing list or newsgroup.

Spam refers to the use of electronic messaging systems to send out unrequested or unwanted messages in bulk.

In addition to wasting people's time with unwanted email, spam also eats up a lot of network bandwidth. Consequently, there are many organizations, as well as individuals, who have taken it upon themselves to fight spam with a variety of techniques. But because the Internet is public, there is really little that can be done to prevent spam, just as it is impossible to prevent junk mail. However, some online services have instituted policies to prevent spammers from spamming their subscribers.


Denial-of-Service Attack (DoS)

A denial-of-service attack is a security event that occurs when an attacker takes action that prevents legitimate users from accessing targeted computer systems, devices or other network resources.

In a DoS attack, the attacker usually sends excessive messages asking the network or server to authenticate requests that have invalid return addresses. The network or server will not be able to find the return address of the attacker when sending the authentication approval, causing the server to wait before closing the connection. When the server closes the connection, the attacker sends more authentication messages with invalid return addresses. Hence, the process of authentication and server wait will begin again, keeping the network or server busy.

A DoS attack can be done in a several ways. The basic types of DoS attack include:

  1. Flooding the network to prevent legitimate network traffic
  2. Disrupting the connections between two machines, thus preventing access to a service
  3. Preventing a particular individual from accessing a service.
  4. Disrupting a service to a specific system or individual
  5. Disrupting the state of information, such resetting of TCP sessions

Difference between Hackers & attackers:               

A computer hacker is any skilled computer expert that uses their technical knowledge to overcome a problem. While "hacker" can refer to any skilled computer programmer, the term has become associated in popular culture with a "security hacker", someone who, with their technical knowledge, uses bugs or exploits to break into computer systems.

An attacker is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. Thus an attacker is the individual or organization performing these malicious activities.



E-Commerce Threats:

The exchange or buying and selling of commodities on a large scale involving transportation from place to place is known as commerce. E-Commerce is the application of technology toward the automation of business transaction and workflows, delivery of information, products or services, buying and selling of products over internet.

E-commerce is taking advantage of distance selling the great advantages offered by new information technologies, such as the extension of the offer , the interactivity and immediacy of purchase, with the difference that you can buy and sell to whom you want , and where and when they want. There are increased opportunities to enhancing the business efficiency and reducing the incurred costs by the computer applications of e-commerce as it enables a tighter integration with the several linkages.

The medium of electronic that is referred as the internet has the power and tendency for reducing actual time of transactions and the overall processing time radically. One of the critical issues in e-commerce success is security. Security is directly related to the issue of trust and confidence between buyer and seller and extremely sensitive personal information.

Security is the component that affects e-commerce which includes Computer Security, Data Security and other areas. Security is one of the concern which is affecting customer and organizations trade. Web application which is offering online payment system (net banking, credit card, debit card, PayPal or other token) are at more risk from being targeted and there is big loss if data is being hacked. The e-commerce website those offering online payment are giving guidelines for securing systems and networks available for the ecommerce system


There are various types of e-commerce threats. Some are accidental, some are purposeful, and some of them are due to human error. The most common security threats are phishing attacks, money thefts, data misuse, hacking, credit card frauds and unprotected services.

Malicious code threats-These code threats typically involve viruses, worms, Trojan horses.

Inaccurate management-One of the main reason to e-commerce threats is poor management. When security is not up to the mark it poses a very dangerous threat to the networks and systems. Also security threats occur when there are no proper budgets are allocated for purchase of anti-virus software licenses.

Price Manipulation-Modern e-commerce systems often face price manipulation problems. These systems are fully automated; right from the first visit to the final payment getaway. Stealing is the most common intention of price manipulation. It allows an intruder to slide or install a lower price into the URL and get away with all the data.

Wi-Fi Eavesdropping-It is also one of the easiest ways in e-commerce to steal personal data. It is like a “virtual listening” of information which is shared over a Wi-Fi network which is not encrypted. It can happen on public as well as on personal computers.


Ways to prevent e-commerce threats

Encryption-It is the process of converting a normal text into an encoded text which cannot be read by anyone except by the one who sends or receives the message.

Having digital certificates

It is a digital certificate which is issued by a reliable third party company. A digital certificate contains the following things the name of the company, the most important digital certificate serial number, expiry date and date of issue.

Perform a security audit-a routine examination of the security procedures of the firm.

L11: Data Security Technology and Tools| Firewall and VPN|Intrusion Detection System| Access Control

L11: Data Security Technology and Tools| Firewall and VPN|Intrusion Detection System| Access Control

Network Security

Information security is a critical need for individuals as well as society and all countries around the world. Since invented, computer network has brought along tremendous effectiveness in every aspect of life. Besides that users also have to face threats from all kinds of attack from hackers. Network security includes protection methods for all information that is stored and transferred through a system network. This is also a special field of interest and a difficult and complex work at the same time.

Network Security Methods

Due to a lack of absolute security solutions a network should be contemporarily constructed with multilayers to form a barrier against violating activities. The act of information security in the network focuses on protecting data stored on computers, especially on servers.

Network servers commonly have many security layers in order to enhance the ability to protect data and information. The innermost layer of protection is Access Right. This layer controls network resources (information) and rights (what users can do with those resources). This control applies to partitions, folders and files. The next layer restricts account access including usernames and passwords (Password/Login). This is a commonly used method of protection due to its simplicity, economical and highly effective. The administrator has full responsibility to control and manage the activities of other users. The third layer uses a data encryption method (Data Encryption). Data is encrypted with a certain algorithm so that even in case of data loss, hackers will not be able to read it without an encryption key. The outermost layer (Firewall) prevents intrusions, filters unwanted outgoing or incoming information packets.


Firewalls can be understood as a piece of software running on an individual’s PC, notebook or host. It is designed to allow or restrict data transferred on a network based on a set of rules. A firewall is used to protect a network from intrusions and concurrently allow legitimate data pass through. Usually a firewall should have at least two network traffics, one for private network and one for public network activities such as the Internet. At that time it acts as a gate controlling outgoing/incoming data streams of an intranet.

Firewall Characteristics

Lists the following design goals for a firewall:

  1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the local network except via the firewall. Various configurations are possible, as explained later in this chapter.
  2. Only authorized traffic, as defined by the local security policy, will be allowed to pass. Various types of firewalls are used, which implement various types of security policies, as explained later in this chapter. 3. The firewall itself is immune to penetration. This implies the use of a hardened system with a secured operating system. Trusted computer systems are suitable for hosting a firewall and often required in government applications.

Lists four general techniques that firewalls use to control access and enforce the site’s security policy. Originally, firewalls focused primarily on service control, but they have since evolved to provide all four:

  • Service control: Determines the types of Internet services that can be accessed, inbound or outbound. The firewall may filter traffic on the basis of IP address, protocol, or port number; may provide proxy software that receives and interprets each service request before passing it on; or may host the server software itself, such as a Web or mail service.
  • Direction control: Determines the direction in which particular service requests may be initiated and allowed to flow through the firewall.
  • User control: Controls access to a service according to which user is attempting to access it. This feature is typically applied to users inside the firewall perimeter (local users). It may also be applied to incoming traffic from external users; the latter requires some form of secure authentication technology, such as is provided in IPsec.
  • Behavior control: Controls how particular services are used. For example, the firewall may filter e-mail to eliminate spam, or it may enable external access to only a portion of the information on a local Web server.



A Virtual Private Network is a connection method used to add security and privacy to private and public networks, like WiFi Hotspots and the Internet. Virtual Private Networks are most often used by corporations to protect sensitive data. However, using a personal VPN is increasingly becoming more popular as more interactions that were previously face-to-face transition to the Internet. Privacy is increased with a Virtual Private Network because the user's initial IP address is replaced with one from the Virtual Private Network provider. Subscribers can obtain an IP address from any gateway city the VPN service provides

A virtual private network (VPN) allows the provisioning of private network services for an organization or organizations over a public or shared infrastructure such as the Internet or service provider backbone network. The shared service provider backbone network is known as the VPN backbone and is used to transport traffic for multiple VPNs, as well as possibly non-VPN traffic.


VPN (Virtual Private Network) is a generic term used to describe a communication network that uses any combination of technologies to secure a connection tunneled through an otherwise unsecured or untrusted network. Instead of using a dedicated connection, such as leased line, a "virtual" connection is made between geographically dispersed users and networks over a shared or public network, like the Internet. Data is transmitted as if it were passing through private connections.


VPN Devices

Before describing the various VPN technologies and models, it is useful to first describe the various customer and provider network devices that are relevant to the discussion.

Devices in the customer network fall into one of two categories:

  • Customer (C) devices—C devices are simply devices such as routers and switches located within the customer network. These devices do not have direct connectivity to the service provider network. C devices are not aware of the VPN.
  • Customer Edge (CE) devices—CE devices, as the name suggests, are located at the edge of the customer network and connect to the provider network.
  • Service Provider (P) devices—P devices are devices such as routers and switches within the provider network that do not directly connect to customer networks. P devices are unaware of customer VPNs.
  • Service Provider Edge (PE) devices—PE devices connect directly to customer networks via CE devices. PE devices are aware of the VPN in PE-based VPNs, but are unaware of the VPN in CE-based VPNs.

There are three types of PE device:

— Provider Edge routers

— Provider Edge switches

— Provider Edge devices that are capable of both routing and switching        

Why do I need a VPN?

  • Hide your IP address

Connecting to a Virtual Private Network often conceals your real IP address.

  • Change your IP address

Using a VPN will almost certainly result in getting a different IP address.

  • Encrypt data transfers

A Virtual Private Network will protect the data you transfer over public WiFi.

  • Mask your location

With a Virtual Private Network, users can choose the country of origin for their Internet connection.

  • Access blocked websites

Get around website blocked by governments with a VPN.


Intrusion detection:

An intrusion detection system (IDS) is a type of security software designed to automatically alert administrators when someone or something is trying to compromise information system through malicious activities or through security policy violations. 

An IDS works by monitoring system activity through examining vulnerabilities in the system, the integrity of files and conducting an analysis of patterns based on already known attacks. It also automatically monitors the Internet to search for any of the latest threats which could result in a future attack.

Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents.

Different types of intrusion detection systems      

Intrusion detection systems come in different flavors and detect suspicious activities using different methods, including the following:

  • A network intrusion detection system (NIDS) is deployed at a strategic point or points within the network, where it can monitor inbound and outbound traffic to and from all the devices on the network.
  • Host intrusion detection systems (HIDS) run on all computers or devices in the network with direct access to both the internet and the enterprise internal network. HIDS have an advantage over NIDS in that they may be able to detect anomalous network packets that originate from inside the organization or malicious traffic that a NIDS has failed to detect. HIDS may also be able to identify malicious traffic that originates from the host itself, as when the host has been infected with malware and is attempting to spread to other systems.
  • Signature-based intrusion detection systems monitor all the packets traversing the network and compares them against a database of signatures or attributes of known malicious threats, much like antivirus software.


Access control:

Access control is a security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization.

To secure a facility, organizations use electronic access control systems that rely on user credentials, access card readers, auditing and reports to track employee access to restricted business locations and proprietary areas, such as data centers. Some of these systems incorporate access control panels to restrict entry to rooms and buildings as well as alarms and lockdown capabilities to prevent unauthorized access or operations.

Access control systems perform identification authentication and authorization of users and entities by evaluating required login credentials that can include passwords, personal identification numbers (PINs), biometric scans, security tokens or other authentication factors. Multifactor authentication, which requires two or more authentication factors, is often an important part of layered defense to protect access control systems.

Types of access control

The main types of access control are:

  • Mandatory access control(MAC): A security model in which access rights are regulated by a central authority based on multiple levels of security. Often used in government and military environments, classifications are assigned to system resources and the operating system or security kernel, grants or denies access to those resource objects based on the information security clearance of the user or device.
  • Discretionary access control (DAC):An access control method in which owners or administrators of the protected system, data or resource set the policies defining who or what is authorized to access the resource. Many of these systems enable administrators to limit the propagation of access rights. A common criticism of DAC systems is a lack of centralized control.
  • Role-based access control(RBAC): A widely used access control mechanism that restricts access to computer resources based on individuals or groups with defined business functions -- executive level, engineer level 1 -- rather than the identities of individual users. The role-based security model relies on a complex structure of role assignments, role authorizations and role permissions developed using role engineering to regulate employee access to systems. RBAC systems can be used to enforce MAC and DAC frameworks.
  • Rule-based access control:A security model in which the system administrator defines the rules that to govern access to resource objects. Often these rules are based on conditions, such as time of day or location. It is not uncommon to use some form of both rule-based access control and role-based access control to enforce access policies and procedures.
  • Attribute-based access control (ABAC):A methodology that manages access rights by evaluating a set of rules, policies and relationships using the attributes of users, systems and environmental conditions.

L10: Data Security Consideration| Data Backup Rules| Data Archive Storage| Data Disposal in Hindi

L10: Data Security Consideration| Data Backup Rules| Data Archive Storage| Data Disposal in Hindi

Internet Security:

The internet is a network of networks, connecting billions of computers located at various points. Networking helps users to gain a way to information resources like database and to other users.

Internet security is a catch-all term for a very broad issue covering security for transactions made over the Internet. Generally, Internet security encompasses browser security, the security of data entered through a Web form, and overall authentication and protection of data sent via Internet Protocol.

Internet security relies on specific resources and standards for protecting data that gets sent through the Internet. This includes a secure Web setup includes firewalls, which block unwanted traffic, and anti-malware, anti-spyware and anti-virus programs that work from specific networks or devices to monitor Internet traffic for dangerous attachments.

Internet security is generally becoming a top priority for both businesses and governments. Good Internet security protects financial details and much more of what is handled by a business or agency’s servers and network hardware. Insufficient Internet security can threaten to collapse an e-commerce business or any other operation where data gets routed over the Web.

Security and Network Security Goals

Networked systems (simple apps, complex networks, complete IT infrastructures) operate in environments involving different interconnected parties each with their own goals, which may not match with the goals of other parties of the system as whole. As such it is essential to consider, in addition to the functional requirements of systems (i.e. what the systems should achieve) also its security requirements.

Security requirements are expressed in terms of security attributes that express goals that one may want to achieve to call a system ‘secure’. The most commonly used and widely accepted security attributes are Confidentiality, i.e. ‘my information stays secret’, Integrity, i.e. ‘my information stays correct’, and Availability, i.e. ‘I can get at my information’ (sometimes called the C-I-A triad.)



Having a backup these days is mandatory for any organization concerned with their information and data. A file backup is a copy of a file that is stored in a separate location from the original. Backing up is making copies of data which may be used to restore the original after a data loss event. This new copy of data is the Backup. You can have multiple backups of a file if you want to track changes to the file.

Why we Backup?

There are many reasons why your organization may want to back up their data. The primary reason is to recover data after its loss. The loss can occur by accidental deletion, a virus attack, or a software or hardware failure. If any of those things occur and your files are backed up, you can easily restore those files. Preventing events that result in loss of data is most desired, but backing up data provides the protection for data after a system failure. Individual computers being backed up are different than servers being backed up. Individual computer users can back up their own information when desired and using methods they desire, whereas data on organization servers need more formal backup procedures.


Types of backup:

Full Backup

Full backup is a method of backup where all the files and folders selected for the backup will be backed up. The advantage of this backup is restores are fast and easy as the complete list of files are stored each time. The disadvantage is that each backup run is time consuming as the entire list of files is copied again. 

FTP Backup

This is a kind of backup where the backup is done via FTP (File Transfer Protocol) over the Internet to an FTP Server. Typically the FTP Server is located in a commercial data centre away from the source data being backed up. 

Cloud Backup

This term is often used interchangeably with Online Backup and Remote Backup.  It is where data is backed up to a service or storage facility connected over the Internet. 

Offsite Backup

When the backup storage media is kept at a different geographic location from the source, this is known as an offsite backup. The backup may be done locally at first but once the storage medium is brought to another location, it becomes an offsite backup.  Examples of offsite backup include taking the backup media or hard drive home, to another office building or to a bank safe deposit box.

Remote Backup

Remote backups are a form of offsite backup with a difference being that you can access, restore or administer the backups while located at your source location or other location. You do not need to be physically present at the backup storage facility to access the backups.

Archival storage of data:

This identifies the different steps involved in the data creation process, from data creation & retention for reuse or archiving. The decisions to retain data include:

  • Effective use of storage resources for data which has long term value.
  • Reduced volume of data making it easier to manage & maintain descriptive metadata records.
  • Reduced storage costs.
  • Efficient & effective file organization for quick use.

The data must be retain in order to satisfy:

  • Needs in the present day
  • Future need
  • Compliance with policies


Disposal of data:

Confidential electronic and paper information must be disposed of securely to minimise the risk of unwanted disclosure. Confidential information is information which if improperly disclosed or lost could cause harm or distress. This includes personal data as defined by the Data Protection act, i.e. information about a living individual where that individual could be identified, and other valuable or sensitive information not in the public domain.

Disposal is an important part of records management. Properly done, it ensures that the organization retains records for as long as they are needed and then, when they are no longer needed, destroys them in an appropriate manner or disposes of them in some other way, e.g. by transfer to an archives service. A managed disposal process has several benefits:

  • it avoids unnecessary storage costs incurred by using office or server space to maintain records no longer needed by the organization
  • it supports compliance with the 5th data protection principle if records contain personal information (this principle requires organizations not to keep personal information for longer than necessary)1
  • finding and retrieving information is quicker and easier because there is less to search
  • responding to Freedom of Information (FOI) requests is more efficient.

Making disposal decisions

Making disposal decisions is about deciding two things:

  • how long records should be kept, i.e. their retention period
  • what should happen at the end of that period

Implementing disposal decisions

Making a disposal decision is an important first step but to realize the benefits identified above you need to implement the decisions in a timely and effective way. This means monitoring retention periods and taking appropriate disposal action when they come to an end. This disposal action will be one of the following:

  • destruction of records
  • transfer of records to an in-house or external archives service
  • a further review of records (if necessary)
  • transfer of records to a successor body (if applicable).

Benefits of disposal schedules

The main benefits of disposal schedules are:

  • clear instructions on what happens to records when they are no longer needed to support the business
  • definitive periods of time for which records should be kept and remain accessible
  • consistency in retention of records across the organization
  • evidence of compliance with legal and regulatory requirements for the retention of records

Contents of disposal schedules

The disposal schedule should provide sufficient information for the records covered by each disposal class to be identified and the disposal decision put into effect. What details should be included will vary from organization to organization and will depend on factors such as:

  • Technology – whether the records are in physical or digital format or a hybrid of both (this will determine whether the format of each disposal class needs to be specified in the schedule)
  • Location – if records are held on several sites or in several systems it may be necessary precisely to specify where they are stored
  • Storage arrangements – if records are moved off-site or off-line, it may be necessary to specify when this should take place
  • The size of the organization – if the organization is large enough to be broken down into separate business units, the creating business unit or, alternatively, the function should be specified.

L9: Application Security | Database Security| Email Security| Internet Security in hindi

L9: Application Security | Database Security| Email Security| Internet Security in hindi

Application security:

Application security is the use of software, hardware, and procedural methods to protect applications from external threats. Security is becoming an increasingly important concern during development as applications become more frequently accessible over networks.Actions taken to ensure application security are sometimes called countermeasures.

Database Security:

Database security is the protection of the database against intentional and unintentional threats that may be computer-based or non-computer-based. Database security is the business of the entire organization as all people use the data held in the organization's database and any loss or corruption to data would affect the day-to-day operation of the organization and the performance of the people. Therefore, database security encompasses hardware, software, infrastructure, people and data of the organization. 

  1. Threats to a Database:

A threat is any situation or event, either intentional or unintentional that may affect a system and organization. Whether the threat is intentional or unintentional, the impact may be the same. The threats may be caused by a situation or event that involves a person, action or circumstance that is likely to produce harm to someone or to an organization. The harm may be tangible like loss of hardware, software or data. The harm may also be intangible like loss of credibility or client confidence and trust. Threats to data security may be a direct and intentional threat to the database.

Those who gain unauthorized access to a database like computer hackers may steal or change the data in the database. And they would have to have special knowledge in order to do so.

2.     Data Tampering 

Privacy of communications is essential to ensure that data cannot be modified or viewed in transit. The chances of data tampering are high in case of distributed environments as data moves between sites. In a data modification attack, an unauthorized party on the network intercepts data in transit and changes that data before retransmitting it.

3.     Falsifying User Identities

In a distributed environment, it becomes more feasible for a user to falsify an identity to gain access to sensitive and important information. Criminals attempt to steal users' credit card numbers, and then make purc~1ases against the accounts. Or they steal other personal data, such as bank account numbers and driver's license numbers etc.

4.     Password-Related Threats

In large systems, users must remember multiple passwords for the different applications and services that they use. Users typically respond to the problem of managing multiple passwords in several ways:

  • They may select easy-to-guess password
  • They may also choose to standardize passwords so that they are the same on all machines or websites.

Security Levels

To protect the database, we must take security measures at several levels:

  • Physical:The sites containing the computer systems must be secured against armed or surreptitious entry by intruders.
  • Human:Users must be authorized carefully to reduce the chance of any such user giving access to an intruder in exchange for a bribe or other favors .
  • Operating System: No matter how secure the database system is, weakness in operating system security may serve as a means of unauthorized access to the database.
  • Network:Since almost all database systems allow remote access through terminals or networks, software-level security within the network software is as important as physical security, both on the Internet and in networks private to an enterprise.


Data Security methods


A secure system ensures the confidentiality of data. This means that it allows individuals to see only the data they are supposed to see. Confidentiality has several aspects like privacy of communications, secure storage of sensitive data, authenticated users and authorization of users.

Privacy of Communications

The DBMS should be capable of controlling the spread of confidential personal information such as health, employment, and credit records. It should also keep the corporate data such as trade secrets, proprietary information about products and processes, competitive analyses, as well as marketing and sales plans secure and away from the unauthorized people.


One of the most basic concepts in database security is authentication, which is quite simply the process by which it system verifies a user's identity, A user can respond to a request to authenticate by providing a proof of identity, or an authentication token

Eg: If you have ever been asked to show a photo ID (for example, when opening a bank account), you have been presented with a request for authentication. You proved your identity by showing your driver's license (or other photo ID). In this case, your driver's license served as your authentication token.


An authenticated user goes through the second layer of security, authorization. Authorization is the process through which system obtains information about the authenticated user, including which database operations that user may perform and which data objects that user may access. Example: an authorization document.

E-mail Security:

Email security describes various techniques for keeping sensitive information in email communication and accounts secure against unauthorized access, loss, or compromise. Email is a popular medium for the spread of malware, spam, and phishing attacks, using sensitive information, open attachments or click on hyperlinks that install malware on the device.

Email security refers to the collective measures used to secure the access and content of an email account or service. It allows an individual or organization to protect the overall access to one or more email addresses/accounts.An email service provider implements email security to secure subscriber email accounts and data from hackers - at rest and in transit.

The Need for Email Security:

Email security is a broad term that encompasses multiple techniques used to secure an email service. From an individual/end user standpoint, proactive email security measures include:

  • Strong passwords
  • Password rotations
  • Spam filters
  • Desktop-based anti-virus/anti-spam applications

Similarly, a service provider ensures email security by using strong password and access control mechanisms on an email server; encrypting and digitally signing email messages when in the inbox or in transit to or from a subscriber email address. It also implements firewall and software-based spam filtering applications to restrict unsolicited, untrustworthy and malicious email messages from delivery to a user’s inbox.

It is very easy to spoof an e-mail message and alter the name in the form field. All attacker requires to modify information within the preference section of his/her mail & restart the application. This is the act of sending spoofed messages that pretend to originate from a source the user trusts and has a business relation with such as a bank.

L8: Security Risk Analysis | Steps in Security Analysis| Types of Risk Analysis in hindi

L8: Security Risk Analysis | Steps in Security Analysis| Types of Risk Analysis in hindi

Security Risk Analysis.

security risk analysis is a procedure for estimating the risk to computer related assets and loss because of manifested threats. The procedure first determines an asset's level of vulnerability by identifying and evaluating the effect of in-place countermeasures. An asset's level of vulnerability to the threat population is determined solely by countermeasures [controls/safeguards] that are in-place at the time the risk analysis is done.

A security risk analysis defines the current environment and makes recommended corrective actions if the residual risk is unacceptable. Risk analysis is a vital part of any ongoing security and risk management program. The risk analysis process should be conducted with sufficient regularity to ensure that each agency's approach to risk management is a realistic response to the current risks associated with its information assets. Management must then decide on whether to accept the residual risk or to implement the recommended actions.

Risk Analysis Terminology :

Asset - Anything with value and in need of protection.

Threat - An action or potential action with the propensity to cause damage.

Vulnerability - A condition of weakness. If there were no vulnerabilities, there would be no concern for threat activity.

Countermeasure - Any device or action with the ability to reduce vulnerability.

Expected Loss - The anticipated negative impact to assets due to threat manifestation.

Impact - Losses as a result of threat activity are normally expressed in one or more impact areas.


Security Risk Assessments:

Risk assessment – the process of identifying, analyzing and evaluating risk – is the only way to ensure that the cyber security controls you choose are appropriate to the risks your organization faces.

Without a risk assessment to inform your cyber security choices, you could waste time, effort and resources – there is, after all, little point implementing measures to defend against events that are unlikely to occur or won’t have much material impact on your organization.

A cyber security risk assessment identifies the various information assets that could be affected by a cyber-attack (such as hardware, systems, laptops, customer data and intellectual property), and then identifies the various risks that could affect those assets.

A risk estimation and evaluation is usually performed, followed by the selection of controls to treat the identified risks. It is important to continually monitor and review the risk environment to detect any changes in the context of the organization, and to maintain an overview of the complete risk management process.

When going through the process it’s important to keep in mind that there are different categories of risk that may affect organization. Here’s what they are:

Strategic risk is related to adverse business decisions, or the failure to implement appropriate business decisions in a manner that is consistent with the institution’s strategic goals.

Reputational risk is related to negative public opinion.

Operational risk is related to loss resulting from inadequate or failed internal processes, people, and systems, or from external events.

Transactional risk is related to problems with service or product delivery.

Compliance risk is related to violations of laws, rules, or regulations, or from noncompliance with internal policies or procedures or business standards.

L7: Information Assurance in Cyber Security | Integrity | Availability|Authentication| in Hindi

L7: Information Assurance in Cyber Security  | Integrity | Availability|Authentication| in Hindi

Information Assurance (IA): Information Read More

L6: Threat to Information System | Accidental Threat| Intentional Threat| Passive and Active Attack

L6: Threat to Information System | Accidental Threat| Intentional Threat| Passive and Active Attack

Security attacks may be divided into these two main categories:

  • Passive attacks.
  • Active attacks.

Passive attacks:

Passive attacks attempt to learn or make use of information from the system but do not affect system resources. A passive attack is one where the attacker only monitors the communication channel. A passive attacker only threatens the confidentiality of data. Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted.

Two types of passive attacks are related to message contents and traffic analysis:

  • Eavesdropping. In general, the majority of network communications occur in an unsecured or "cleartext" format, which allows an attacker who has gained access to data paths in the network to "listen in" or interpret (read) the data exchanged over the network. The ability of an eavesdropper to monitor the network is generally the biggest security problem that administrators face in an enterprise. Without strong encryption services that are based on cryptography, the data can be read by others as it traverses the network.
  • Traffic analysis. It refers to the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and stored, the more can be inferred from the traffic.

Active attacks:

Active attacks attempt to alter system resources or affect their operation. This type of attack is one where the adversary attempts to delete, add, or in some other way alter the transmission on the channel. An active attacker threatens data integrity and authentication as well as confidentiality.

Active attacks involve some modification of the data stream or the creation of a false stream and can be divided into six categories:

  • Masquerade. It is a type of attack where the attacker pretends to be an authorized user of a system in order to gain access to it or to gain greater privileges than they are authorized for.
  • Replay. In this kind of attack, valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits them, possibly as part of a masquerade attack.
  • Modification of messages. The attacker removes a message from the network traffic, alters it, and reinserts it.
  • Man in the Middle (MitM). In this kind of attacks, an intruder intercepts communications between two parties, usually an end user and a website. The attacker can use the information accessed to commit identity theft or other types of fraud.
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS). Denial of service implies that an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable. But DoS can also be as simple as deleting or corrupting information. In most cases, performing the attack simply involves running a hack or script. The attacker does not need prior access to the target because a way to access it is all that is usually required. For these reasons, DoS attacks are the most feared.
  • Advanced Persistent Threat (APT). It is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than cause damage to the network or organization. APT attacks target organizations in sectors with high-value information, such as national defense, manufacturing and the financial industry.

From the point of view of the attacker’s location, there exist two different kinds of attackers:

  • Inside attacker or insider,
  • Outside attacker or outsider.

An Insider is, in general, a person who has access to the internal computer network, and is therefore a legitimate user, but attempts to obtain unauthorized access to the data, system resources and services or misuses any authorized data.

An Outsider is generally a person who does not have authorized access to the internal computer network and wishes to enter into that network by using any vulnerable locations or security holes.


Threat: an object, person, or other entity that represents a constant danger to an asset

Management must be informed of the different threats facing the organization

By examining each threat category, management effectively protects information through policy, education, training, and technology controls

There are four primary classes of threats to network security.

■ Unstructured threats—Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers. Even unstructured threats that are only executed with the intent of testing and challenging a hacker’s skills can still do serious damage to a company. For example, if an external company website is hacked, the integrity of the company is damaged. Even if the external website is separate from the internal information that sits behind a protective firewall, the public does not know that. All the public knows is that the site is not a safe environment to conduct business.

■ Structured threats— Structured threats come from hackers who are more highly motivated and technically competent. These people know system vulnerabilities and can understand and develop exploit code and scripts. They understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses. These groups are often involved with the major fraud and theft cases reported to law enforcement agencies.

■ External threats—External threats can arise from individuals or organizations working outside of a company. They do not have authorized access to the computer systems or network. They work their way into a network mainly from the Internet or dialup access servers.

■ Internal threats—Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the network

As the types of threats, attacks, and exploits have evolved, various terms have been coined to describe different groups of individuals. Some of the most common terms are as follows:

■ Hacker—Hacker is a general term that has historically been used to describe a computer programming expert. More recently, this term is commonly used in a negative way to describe an individual who attempts to gain unauthorized access to network resources with malicious intent.

■ Cracker—Cracker is the term that is generally regarded as the more accurate word that is used to describe an individual who attempts to gain unauthorized access to network resources with malicious intent.

■ Phreaker—A phreaker is an individual who manipulates the phone network to cause it to perform a function that is normally not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long-distance calls.

■ Spammer—A spammer is an individual who sends large numbers of unsolicited e-mail messages. Spammers often use viruses to take control of home computers to use these computers to send out their bulk messages.

■ Phisher—A phisher uses e-mail or other means in an attempt to trick others into providing sensitive information, such as credit card numbers or passwords. The phisher masquerades as a trusted party that would have a legitimate need for the sensitive information.

■ White hat—White hat is a term used to describe individuals who use their abilities to find vulnerabilities in systems or networks and then report these vulnerabilities to the owners of the system so that they can be fixed.

■ Black hat—Black hat is another term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use

L5: Development of Information System |Prototype Model| Spiral Model | Incremental Model In Hindi

L5: Development of Information System |Prototype Model| Spiral Model | Incremental Model In Hindi

Development of Information Systems

The first development methodology we are going to review is the systems-development life cycle (SDLC). This methodology was first developed in the 1960s to manage the large software projects associated with corporate systems running on mainframes. It is a very structured and risk-averse methodology designed to manage large projects that included multiple programmers and systems that would have a large impact on the organization.

Various definitions of the SDLC methodology exist, but most contain the following phases.

Preliminary Analysis. In this phase, a review is done of the request. Is creating a solution possible? What alternatives exist? What is currently being done about it? Is this project a good fit for our organization? A key part of this step is a feasibility analysis, which includes an analysis of the technical feasibility (is it possible to create this?), the economic feasibility (can we afford to do this?), and the legal feasibility (are we allowed to do this?). This step is important in determining if the project should even get started.

System Analysis. In this phase, one or more system analysts work with different stakeholder groups to determine the specific requirements for the new system. No programming is done in this step. Instead, procedures are documented, key players are interviewed, and data requirements are developed in order to get an overall picture of exactly what the system is supposed to do. The result of this phase is a system-requirements document.

System Design. In this phase, a designer takes the system-requirements document created in the previous phase and develops the specific technical details required for the system. It is in this phase that the business requirements are translated into specific technical requirements. The design for the user interface, database, data inputs and outputs, and reporting are developed here. The result of this phase is a system-design document. This document will have everything a programmer will need to actually create the system.

Programming. The code finally gets written in the programming phase. Using the system-design document as a guide, a programmer (or team of programmers) develop the program. The result of this phase is an initial working program that meets the requirements laid out in the system-analysis phase and the design developed in the system-design phase.

Testing. In the testing phase, the software program developed in the previous phase is put through a series of structured tests. The first is a unit test, which tests individual parts of the code for errors or bugs. Next is a system test, where the different components of the system are tested to ensure that they work together properly. Finally, the user-acceptance test allows those that will be using the software to test the system to ensure that it meets their standards. Any bugs, errors, or problems found during testing are addressed and then tested again.

Implementation. Once the new system is developed and tested, it has to be implemented in the organization. This phase includes training the users, providing documentation, and conversion from any previous system to the new system. Implementation can take many forms, depending on the type of system, the number and type of users, and how urgent it is that the system become operational. These different forms of implementation are covered later in the chapter.

Maintenance. This final phase takes place once the implementation phase is complete. In this phase, the system has a structured support process in place: reported bugs are fixed and requests for new features are evaluated and implemented; system updates and backups are performed on a regular basis.

The SDLC methodology is sometimes referred to as the waterfall methodology to represent how each step is a separate part of the process; only when one step is completed can another step begin. After each step, an organization must decide whether to move to the next step or not.

Project 7: Big Data challenges for the e-Mobility

Project 7: Big Data challenges for the e-Mobility

An EV user must be assured that power will be available when needed especially in an unfamiliar area. A route optimization approach based on Machine Learning needs to be considered to ensure that vehicle drivers are led to the nearest or their preferred e-Station.

Project 6: Online Adaptive Assessment Platform

Project 6: Online Adaptive Assessment Platform

Aspirants/Students can be assessed on different fields using this website. Fields can be Reasoning, Aptitude, Technical MCQ, Coding etc.  This will be an online platform with questions at different levels (Difficulty).  Candidate would start at assessment with a medium difficulty question and depending on its response, the platform should decide the next level of questions to be shown (level would increase or decrease as per response). Each question would be assigned a weightage and time duratio

NewsletterFor latest information