Академический Документы
Профессиональный Документы
Культура Документы
THE NEED
Number of Adults exposed to Cyber Crimes in 2010-11 = 431 Million Number of Adults exposed to Cyber Crimes Daily = More than 1 Million Number of Adults exposed to Cyber Crimes Per Second = 14 69% people have been victims of Cyber Crimes Increase in mobile vulnerability by 42%
Cost of ineffective online security by online adults in 24 countries in 2011=USD 338 Billion 114 Billion Directly lost by victims 274 Billion - Victims valued at the time they lost to cyber crimes The global black market in marijuana, cocaine and heroin combined ($288bn) and approaching the value of all global drug trafficking ($411bn) The 2011 bill for cybercrime is more than 100 times the global annual expenditure of UNICEF ($3.65bn)
o o
Situation in India
In 2011, 1791 Cyber crime cases were registered with the National Crime Records Bureau (NCRB)
% out of 1791 cases with NCRB Rajasthan Karnataka Kerela Maharashtra Andhra Pradesh 7%
8.40%
13.70% 17.10% 19.50%
In 2011, cases registered under the Indian Penal Code = 422 18.5% more than those registered in 2010 (356)
Percentage of registered cases
Delhi
11.6
Chattisgarh
18
Maharashtra
20.6
53 mega cities have reported 858 cases under the IT Act 2000, 147% higher than that in 2009 (347)
Victims of cybercrime
15%
Victims of cybercrime
44%
According to the (Amended) IT Act 2008, Cert-In (Indian Computer Emergency Response Team) is designated to serve as the national agency for cyber security. Cert-Ins 2010 Annual report claims 6.9 million bot-infected systems 14348 website defacements Between January-September 2011 6850 .in and 4150 .com domains were defaced Norton cybercrime report says 30 million people were cyber crime victims in 2010, 4 billion direct financial losses and 3.6 billion in time spent in solving the cases.
- A partnership between the National White Collar Crime Center and the Federal bureau of Investigation.
Malicious Code
Viruses: computer program that as ability to replicate and spread to other files; most also deliver a payload of some sort (may be destructive or benign); include macro viruses, file-infecting viruses and script viruses Worms: designed to spread from computer to computer Trojan horse: appears to be benign, but then does something other than expected
Bad applets (malicious mobile code): malicious Java applets or ActiveX controls that may be downloaded onto client and activated merely by surfing to a Web site
Hacker: Individual who intends to gain unauthorized access to a computer systems Cracker: Used to denote hacker with criminal intent (two terms often used interchangeably) Cyber vandalism: Intentionally disrupting, defacing or destroying a Web site Types of hackers include: White hats Members of tiger teams used by corporate security departments to test their own security measures Black hats Act with the intention of causing harm Grey hats Believe they are pursuing some greater good by breaking in and revealing system flaws
Fear that credit card information will be stolen deters online purchases Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity One solution: New identity verification mechanisms
Electronic Signatures in Global and National Commerce Act (E-Sign Law): Went into effect October 2001 Gives as much legal weight to electronic signature as to traditional version Thus far not much impact Companies such as Silanis and others still moving ahead with new esignature options
Spoofing: Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else Denial of service (DoS) attack: Hackers flood Web site with useless traffic to inundate and overwhelm network Distributed denial of service (dDoS) attack: hackers use numerous computers to attack target network from numerous launch points Sniffing: type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network Insider jobs:single largest financial threat
Technology Solutions
Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the receiver.
Purpose of Encryption:
1.
Symmetric Key Encryption: Both the sender and the receiver use the same key to encrypt and decrypt the message. Used extensively throughout world war Ancient means of encryption can be broken quickly in the digital age. Symmetric key encryption requires both the parties share the same key. In commercial use, secret key for transaction with every party is required.
2. Public Key Encryption: Solves the problem of exchanging keys. Two mathematically related digital keys are used:
No authentication of the sender No assurance the message was altered in transit Potential lack of integrity in the system
Hash Function: Algorithm that produces a fixed-length number called a hash or message digest. Digital Signature: signed cipher text that can be sent over the internet.
4. Digital Envelopes: A technique that uses symmetric encryption for large documents, but public key encryption to encrypt and send the symmetric key 5. Digital certificates: digital document issued by a certification authority that contains the name of the subject, company , the subjects public key, a digital certificate serial number and other identifying information. 6. Public Key Infrastructure: refers to the CAs and digital certificate procedures that are accepted by all parties.
Secure Sockets Layer(SSL): Provides data encryption, server authentication, optional client authentication and message integrity for TCP/IP connections. Secure Hypertext transfer Protocol(S-HTTP): A secure message-oriented communications protocol designed for use in conjunction with HTTP.
Virtual private networks: Allows remote users to securely access internal networks via the internet, using the point-to-point tuneling protocol.
Protecting Networks:
Firewall: Refers to either hardware or software that filters communication packets and prevents some packets from entering the network based on a security policy. Proxy servers: Software server that handles all communications originating from or being sent to the Internet, acting as a spokesperson or bodyguard for the organization.
Operating System Security enhancements: Automatic computer security upgrades provided by the Microsoft Windows and Apples OS. Anti-virus Software: Inexpensive tools to identify and eradicate the most common types of malicious codes. E.g: McAfee, Symantec etc.
Online Gateway
A payment gateway is an e-commerce application service provider service that authorizes payments for
e-businesses online retailers
Payment gateways protect credit card details by encrypting sensitive information, such as credit card numbers, to ensure that information is passed securely between the customer and the merchant and also between merchant and the payment processor.
Integrity Nonrepudiation
Authenticity
Confidentiality Privacy Availability
.Thank you
Siddhart Lahoti Yash Ambegaokar Abhinav Rege Anuj Dayama Ankit Gupta