Scribd
Upload
115 views52 pages

Cyber Security File

The document discusses social media data analytics for any website. It explains that social media analytics involves gathering and analyzing data from social media channels to support business decisions. The key steps involve accessing analytics tools from platforms like Facebook Insights, discovering information about followers like demographics and growth, and analyzing engagement metrics like posts, comments, shares etc. to understand what content and timings perform best. Tracking these analytics helps optimize marketing strategies.

Uploaded by

WWE OFFICAL MATCH CARDS.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
115 views52 pages

Cyber Security File

The document discusses social media data analytics for any website. It explains that social media analytics involves gathering and analyzing data from social media channels to support business decisions. The key steps involve accessing analytics tools from platforms like Facebook Insights, discovering information about followers like demographics and growth, and analyzing engagement metrics like posts, comments, shares etc. to understand what content and timings perform best. Tracking these analytics helps optimize marketing strategies.

Uploaded by

WWE OFFICAL MATCH CARDS.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 52

BTCS 603 CYBER SECURITY AND NETWORK

Cyber and Network Security (BTCS-603)

SHRI VAISHNAV VIDYAPEETH VISHWAVIDYALAYA


SHRI VAISHNAV INSTITUTE OF INFROMATION TECHNOLOGY

Department of Computer Science and Engineering

Subject: Cyber and Network Security


Subject Code: BTCS603
Class: B.Tech CSE (BDC-IMPETUS)

SUBMITTED TO: SUBMITTED BY:

Prof. Rupali Bhartiya SHRASHTI GUPTA

20100BTBDCEIM07412

CSE-BDC SECTION

1|Page
BTCS 603 CYBER SECURITY AND NETWORK

Index

S.no Experiment Date Remark


Compare the security features of at
1. least three web browsers.

2. Social media data analytics for any


website
3. Write the attacks on social network
sites
4. Case study of current IT act related
cases.
5. Case study of social networking
related crimes.
6. Finding out the vulnerable data on
Social Networking sites.
7. Find out attacks on Social networking
sites
8. Write the features of any social media
dataset used for data analytics.
9. Write features of any Social media
data analytics tools available free
online. (Likealyzer, Facebook or any
other tool)
10. Study of the features of firewall in
providing network security and to set
Firewall Security in windows.

2|Page
BTCS 603 CYBER SECURITY AND NETWORK

11. Steps to ensure Security of any one


web browser (Mozilla Firefox/Google
Chrome)
12. Study of different types of
vulnerabilities for hacking a websites /
Web Applications.
13. Analysis the Security Vulnerabilities
of E-commerce services.
14. Analysis the security vulnerabilities of
E-Mail Application
15. Encryption technique implementation
and simulation.
16. Program to check the Password
strength.

3|Page
BTCS 603 CYBER SECURITY AND NETWORK

Experiment : 1

Aim : Compare the security features of at least three web


browsers.

Theory :-
Internet security is critical for all organizations, and the main connector between end
users and harmful content on the internet is the web browser.

As such, browser security is of paramount importance, and browser privacy is a key


component of browser security. Popular browsers -- such as Chrome, Edge and, to a
lesser extent, Safari -- are provided by companies that sell user data to advertisers and
other third parties.

In addition, browsers store passwords, usernames and other account security


information that can be a significant target for hackers, even though the information is
encrypted. Much of this information is held in cookies and a user's favorite sites are
part of a saved history, which the browser providers can sell..

Firefox
Mozilla created Firefox as an open-source browser, originally built for speed and performance.
The latest versions have additional built-in security features.

Some of these features include:

Built in Phishing and Malware protection

Secure connection verification

Encryption using Extended Validation Certificates

Although the above features are not unique to Firefox, they do have the highest rating when it
comes to how well they’re enforced.

2. Microsoft Edge
Designed with security in mind, Microsoft Edge attempts to block the many holes left in Internet
Explorer’s protections. It does not support any of the legacy technologies such as Active-X or

4|Page
BTCS 603 CYBER SECURITY AND NETWORK

Browser Helper Objects. It makes it safer than its predecessors were, but it doesn’t have
backward compatibility with web applications specifically built for Internet Explorer.

Microsoft Edge uses SmartScreen to check websites’ reputation and warn users if the site could
be a phishing attempt. The browser also uses extensions to make it more secure, but approval is
slow, leaving it with fewer add-ons available than Chrome has to offer.

3. Google Chrome
Google’s Chrome is currently the most popular mainstream browser. Developed with
extendibility and web applications as part of its core philosophy, you can still argue that it is the
most secure browser. Yet because you have to set up some of the standard security features,
makes it come third in the rankings.

Chrome uses two blacklists, one for phishing sites, and one for malware delivery sites. If you
attempt to visit a site that is on one of the blacklists, you will receive a warning but can still
choose to proceed in some cases.

Web browser privacy comparison


The browser market is dominated by a few major players, with Google Chrome leading the pack.
Mozilla Firefox, Microsoft Edge and Apple Safari round out the top four in terms of market
share. There are new browsers that are more secure in many ways, including in how they keep
your privacy protected and sell your data to sponsors. These other browsers include Brave, Opera
and Vivaldi.

A comparison of the top four browsers shows very minor differences in security features. For
example, all four of these browsers offer cookie management, password storage for autofilling,
browser history and cache management, and custom site blocking.

Still, it's important to know exactly what features each browser has. Further, IT may add
extensions to supplement a browser with additional functionality.

5|Page
BTCS 603 CYBER SECURITY AND NETWORK

6|Page
BTCS 603 CYBER SECURITY AND NETWORK

Experiment : 2

Aim : Social media data analytics for any website .

Theory :
Social media can benefit businesses by enabling marketers to spot trends in consumer behavior
that are relevant to a business's industry and can influence the success of marketing efforts.

Social media analytics is the ability to gather and find meaning in data gathered from social
channels to support business decisions — and measure the performance of actions based on those
decisions through social media.

Social media analytics is broader than metrics such as likes, follows, retweets, previews, clicks,
and impressions gathered from individual channels. It also differs from reporting offered by
services that support marketing campaigns such as LinkedIn or Google Analytics.

Social media analytics uses specifically designed software platforms that work similarly to web
search tools. Data about keywords or topics is retrieved through search queries or web ‘crawlers’
that span channels. Fragments of text are returned, loaded into a database, categorized and
analyzed to derive meaningful insights.

Steps for tracking social media analytics:


Social media can benefit businesses by enabling marketers to spot trends in consumer behavior
that are relevant to a business's industry and can influence the success of marketing efforts.

Step 1: Access Social Media Analytics

We use Facebook as an example of how to view the data that each social media platform offers.
Facebook Insights is a detailed program that helps you learn about your audience’s behavior. It's
simple to understand and includes interactive visual graphics – making it easy to use, even for
beginners.

To navigate to the Insights panel, start at your business’s Facebook page and choose “Insights”
from the white menu at the top of the page.

You’ll be presented with a number of choices, including:

7|Page
BTCS 603 CYBER SECURITY AND NETWORK

Actions on Page

Page Views

Page Likes

Reach

Post Engagements

Page Followers

Step 2: Discover Information About Your Followers

Choose “Page Followers” to see information about your Facebook followers.

The graphs are interactive, and you can scroll over them to view specific information or click on
them to pull more details.

To view information about how many followers you have, look at the first graph, “Total
Followers.” Scrolling over it shows your total page followers on any specific date.

8|Page
BTCS 603 CYBER SECURITY AND NETWORK

The next graph is called “Net Followers.” It calculates the number of page likes minus the
number of unlikes to show overall audience growth.

Scroll over the graph to discover when people liked or unliked your pages. This is useful when
you’re ready to measure the success of your shared content. You can look at the date you
published a post and find out if you added followers – or lost them – on that day.

The third graph shows where your new followers were when they liked your page.

9|Page
BTCS 603 CYBER SECURITY AND NETWORK

In the left-hand column of your Insights dashboard, there's a menu for viewing different data.

Click on the Posts menu option to find information about when your audience is online.

Have you ever wondered when are the best times to post on social media? Here’s the data that
gives you the answers.

By scrolling through the graph, called When Your Audience is Online, you can find the days and
times your fans socialize on Facebook.

The graph above is a small sampling of the data that’s quickly available through the Facebook
Insights manager.

10 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Step 3: Set Goals to Know What Social Media Metrics to Measure

It’s fascinating to watch your audiences unfold in such detail on different social media analytics
programs. But before you get carried away, decide which numbers are important for achieving
your goals. What data will you track and measure to improve results?

A recent study of 344 social media marketers revealed that the most important metrics for
tracking the success of social media are engagement (36%) and conversion rates (35%).

The metrics you track and follow will depend on the goals you set in your social media strategy.
Be sure they’re “S.M.A.R.T.” goals:

Specific

Measurable

Attainable

Realistic

Time-bound

11 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

For example, if your purpose is to improve brand awareness, you might set a goal of 500 likes or
100 shares. To reach that goal, you’ll track metrics such as likes, shares, net followers, and
engagement.

Step 4: Use Tools to Help Analyze and Measure Your Social Data

There are software programs and apps that allow you to manage all your social media accounts
in one place to improve the effectiveness and results of your social media efforts.

For example, Sprout Social and Hootsuite are two apps that allow you to schedule posts ahead of
time and track results across a number of social media platforms.

Sprout Social

Sprout Social is a user-friendly platform that streamlines social media management for
Facebook, Instagram and other social media channels. In addition to providing detailed analytics
data, Sprout Social includes social listening tools for tracking brand mentions, consumer
sentiment and competitor activity. It also reveals how fan growth correlates with content
performance and includes historical engagement data that helps administrators optimize post-
scheduling times.

Google Analytics is another option for tracking social media results. You can learn more about
using Google for social media data from Monster Insights guide on how to analyze social media
traffic using Google Analytics.

12 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Experiment : 3

Aim : Write the attacks on social network sites


Theory :
Common attacks on social network sites:
1. Fake Profile: Cybercriminals are getting more ingenious with their tactics! By using a fake
social media profile, they are capable of copying a legitimate profile and perform small- and
large-scale attacks. Fake profiles can be used to mimic real public figure profiles to distribute
mass-malware or phishing campaigns to their followers or contacts. Through fake profiles, cyber
attackers can also copy the real social media profiles of key individuals within a target company
or business.

2. Identity theft: In this sort of assault, the assailant utilizes someone else’s identity like social
security number, mobile, number, and address, without their permission to commit attackers.
With the help of these details, the attacker can easily gain access to a victim's friend list and
demand confidential information from them using different social engineering techniques. Since
the attacker impersonates a legitimate user, he can utilize that profile in any conceivable way
which could seriously affect authentic clients.

3. Spam attack: Spam is the term used for unsolicited bulk electronic messages. Although email
is the conventional way to spread spam, social networking platform is more successful in
spreading spam. The communication details of legitimate users can easily be obtained from
company websites, blogs, and newsgroup. It is not difficult to convince the targeted client to read
spam messages and trust it to be protected. Most of the spams are commercial advertisements but
they can also be used to collect sensitive information from users or may contain viruses, malware
or scams.

4. Phishing: Phishing is the most common type of social engineering attack. At a high level,
most phishing scams aim to accomplish three things:

Obtain personal information such as names, addresses, and Social Security Numbers;
Use shortened or misleading links that redirect users to suspicious websites that host
phishing landing pages; and
Leverage fear and a sense of urgency to manipulate the user into responding quickly.

An invader can impersonate an authentic user and may use his/her identity to send fake messages
to other users via a social networking platform which contains malicious URL. That URL might
readdress a consumer to the phony website where it asks for personal information

13 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

5. Social engineering. An attacker might call employees to trick them into sending private data,
proving credentials or wiring the attacker money. In a complex attack, the attacker can pretend to
be a high-level executive to trick the targeted user into transferring money to the attacker’s
account.

6. Brand impersonation. Using brand employee names, the attacker can trick customers into
thinking requests are from the legitimate brand. This could be used to trick users into divulging
personal information or account credentials.

7. Malicious Links and Content: Instead of posting malicious content directly to a social media
platform, cybercriminals usually use malicious links to lure a victim into clicking through to a
data that is hosted on third-party sites. Like brand impersonation, an attacker could create
domains and websites that claim to be the legitimate business and trick users into downloading
malware or providing credentials.

8. Pretexting: Here an attacker obtains information through a series of cleverly crafted lies. The
scam is often initiated by a perpetrator pretending to need sensitive information from a victim so
as to perform a critical task.

The attacker usually starts by establishing trust with their victim by impersonating co-workers,
police, bank and tax officials, or other persons who have right-to-know authority. The pretexter
asks questions that are ostensibly required to confirm the victim’s identity, through which they
gather important personal data.

9. Reconnaissance:

More social media users nowadays are open to sharing a lot of personal details about themselves,
making them easy targets of a reconnaissance attack. Cyber-attackers or threat actors can collate
and analyse users’ profiles, relationships, behaviours, hobbies, and more, then use that
information to craft enticing messages and other lures. A reconnaissance attack can be performed
passively on social media and is difficult to detect. Users wouldn’t know that threat actors are
already using their information to authenticate or access other services or accounts, such as
online banking.

14 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Experiment : 4

Aim : Case study of current IT act related cases.

Theory :
Section 66D – Punishment for cheating by impersonation by using computer
resource
Relevant Case: Sandeep Vaghese v/s State of Kerala
A complaint filed by the representative of a Company, which was engaged in the
business of trading and distribution of petrochemicals in India and overseas, a crime was
registered against nine persons, alleging offenses under Sections 65, 66, 66A, C and D of
the Information Technology Act along with Sections 419 and 420 of the Indian Penal
Code.
The company has a web-site in the name and and style `www.jaypolychem.com’ but,
another web site `www.jayplychem.org’ was set up in the internet by first accused
Samdeep Varghese @ Sam, (who was dismissed from the company) in conspiracy with
other accused, including Preeti and Charanjeet Singh, who are the sister and brother-in-
law of `Sam’
Defamatory and malicious matters about the company and its directors were made
available in that website. The accused sister and brother-in-law were based in Cochin and
they had been acting in collusion known and unknown persons, who have collectively
cheated the company and committed acts of forgery, impersonation etc.
Two of the accused, Amardeep Singh and Rahul had visited Delhi and Cochin. The first
accused and others sent e-mails from fake e-mail accounts of many of the customers,
suppliers, Bank etc. to malign the name and image of the Company and its Directors. The
defamation campaign run by all the said persons named above has caused immense
damage to the name and reputation of the Company.
The Company suffered losses of several crores of Rupees from producers, suppliers and
customers and were unable to do business.

Section 66E – Punishment for violation of privacy


Relevant Cases: Jawaharlal Nehru University MMS scandal In a severe shock to the
prestigious and renowned institute – Jawaharlal Nehru University, a pornographic MMS
clip was apparently made in the campus and transmitted outside the university.Some
media reports claimed that the two accused students initially tried to extort money from
the girl in the video but when they failed the culprits put the video out on mobile phones,
on the internet and even sold it as a CD in the blue film market.

Nagpur Congress leader’s son MMS scandal On January 05, 2012 Nagpur Police arrested
two engineering students, one of them a son of a Congress leader, for harassing a 16-

15 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

year-old girl by circulating an MMS clip of their sexual acts. According to the Nagpur
(rural) police, the girl was in a relationship with Mithilesh Gajbhiye, 19, son of Yashodha
Dhanraj Gajbhiye, a zila parishad member and an influential Congress leader of Saoner
region in Nagpur district.

16 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Experiment : 5

Aim : Case study of social networking related crimes .

Theory :
Case study 1 :
A businessperson actuated internet banking for him, after some days he found that all his record
balance Rs. 7,50,000 has been moved to a record through internet banking.
After the examination guilty party admitted his offense when showed up in the court and advised
to the court that he was really a companion of the victim. One day the victim's house cleaner was
dumping some paper pieces at dump yard through dumpster diving he found an envelope having
information in regards to the affirmation of enactment of internet banking likewise notice that the
new user ID and secret phrase has been sent to your enlisted email account. That envelope was
stolen by the charged. Through shoulder surfing he saw that the victim uses to spare his everything
ID and passwords in his drama program. In his first endeavour to get the ID and secret key he
found that the victim's workstation was ensured with a secret phrase and a clue proclamation for
that secret word, which was "include jay after your senior sibling's closest companion's name".
Here he had exploited social networking site called facebook; initially, he opened victim's profile
then he gone to his senior sibling's profile where he checked the rundown of dear companions and
found just one name 'Surya'. He endeavoured commonly with various secret word like 'Suryajay,
Surajjay, Prabhakarjay and so forth." finally he got the secret key as Sunjay from that point he had
stolen the mail id password word and from that point he moved cash by login in internet banking
site of the bank and moved all the cash to another record.
Variables of this case: Dumpster diving, shoulder surfing, Facebook profiles, Hit and trial
method.
As in above case social networking sites are additionally useful to assemble sensitive information
like phone no., address, photographs, companions and so forth particularly when victim is a
female.

17 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Case study: 2
An officer of a steel plant named Akash shrivastava of Jabalpur was browsing on his PC in his
office a popup of 'Facebook notification' came. He enthusiastically tapped on that connect to join
the visit or see the new post in his profile yet he found that it is a promotion of another social
networking site he declined it and went to break room to take his lunch. When he returned, he
found that his everything arrangements and all information identified with organization working
and marketing strategies are erased and, thusly, he was in loss of Rs 5, 00,000.
While examination it is discovered that the popup of 'Facebook talk' was containing a contaminated
connection that have a fix record covered up in it of a software considered net transport through
which the representative of a similar organization affronted this crime, with the assistance of this
software he hacked his manager's computer and carried out this crime
Variables of this case: fake link ‘facebook’, netbus tool.
In this case the enthusiasm of Mr. Akash Shrivastava in facebook which is a social networking site
made him an unfortunate casualty, thus numerous social networking sites and their fake pages with
popup are accessible on internet which may supportive to the crackers or hackers.

Case study 3
One day an MMS went to a girl to be specific Divya Kapoor, containing her vulgar photo pursued
by a SMS inside a moment. The charged was blackmailing the girl for money in lieu of publically
showing the photo through web.
The exploring group found that the photograph was altered by utilizing tool trick photography and
the photo of that girl was downloaded from her unsecured face book profile.
Variables of this case: Facebook profile, Photo editor software, Mobile phone.
In this manner, uploading her photo on the internet particularly in social networking sites made
her victim.

18 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Experiment : 6

Aim : Finding out the vulnerable data on Social Networking


sites.
Theory:
With fast-growing technology, online social networks (OSNs) have exploded in popularity over
the past few years. The pivotal reason behind this phenomenon happens to be the ability of OSNs
to provide a platform for users to connect with their family, friends, and colleagues.

Social media offers an outlet for people to connect, share life experiences, pictures and video.
But too much sharing—or a lack of attention to impostors—can lead to a compromise of
business and personal accounts. There are numerous security and privacy issues related to the
user’s shared information especially when a user uploads personal content such as photos,
videos, and audios. The attacker can maliciously use shared information for illegitimate
purposes. The risks are even higher if children are targeted.

Vulnerable data on Social Networking sites:


What information are you sharing when you use social networks?

The kinds of information that you may be sharing on a social network includes:

Your profile. Most social networks allow users to create detailed online profiles and connect
with other users in some way. This may involve users sharing information with other users, such
as one’s gender, age, familial information, interests, educational background and employment.

Your status. Most social networks also allow users to post status updates in order to
communicate with other users quickly. Though there may be privacy settings to restrict access to
status updates, these networks are frequently designed to broadcast information quickly and
publicly.

Your location. Many social networks are designed to broadcast your real-time location, either
as public information or as an update viewable to authorized contacts. This might allow users to
“check in” to a local event or business, or share one’s location with contacts within their
network.

Shared content. Many social networks encourage users to share content, such as music,
photographs, videos and links to other webpages.

19 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

All of this sharing reveals information about you, including contextual information you may not
even be aware of. By sharing this information online, you may be providing enough information
to allow advertisers to track you or hackers to take advantage of your online identity. Therefore,
it is important to be aware of the information that you are providing and to be conscious of the
choices you can make to protect your privacy.

How may your social networking information be used and shared?

Publicly available information: Every social network allows you to post some information that
is completely publicly accessible. This can be anything from your username to individual posts,
to your entire account. These kind of “public” posts are not blocked behind any kind of access
restriction. Anyone, including strangers, can view whatever is posted as “public.” However,
there may be other data that you share publicly without realizing it, and there are less obvious
ways that your information may be treated as public without your permission, including:

Certain information may be publicly visible by default. In some situations, a user may be able to
change the privacy settings to make the information “private” -- so that only approved users can
view it. Other information must remain public; the user does not have an option to restrict access
to it (frequently such information includes your account name).

A social network can change its privacy policy at any time without a user’s permission. Content
that was posted with restrictive privacy settings may become visible when a privacy policy is
altered.

Approved contacts (people on your “Friends list” or people that “follow” you) may copy and
repost information – including photos or personal information – without a user’s permission,
potentially bypassing privacy settings.

Third-party applications that have been granted access may be able to view information that a
user or a user’s contacts post privately.

Social networks themselves do not necessarily guarantee the security of the information that has
been uploaded to a profile, even when those posts are set to be private. While security flaws and
breaches are usually quickly fixed, there is potential for taking advantage of leaked information.

Advertising: Your own publicly posted content isn’t the only way that you can be tracked, and
advertisers are very interested in the information that can be gathered by tracking your online
activity. This may include:

Tracking which websites, a user has viewed

Storing information associated with specific websites (such as items in a shopping cart)

20 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Analysing aggregated data for marketing purposes

Behavioural advertising is the term used to describe the practice of tailoring advertisements to
an individual’s personal interests. Social networks that provide their services without user fees
make a profit by selling advertising. This is often done through behavioural advertising, also
known as targeting. This practice is appealing to marketers because targeted advertisements are
more likely to result in a purchase by a viewer than comparable non-targeted advertisements.
They are valuable to social networks as they can be sold at a higher price than regular ads.

Third-party applications are programs that interact with a social network without actually
being part of that social network. These applications take many forms but some typical and
popular forms include games that you may play with contacts, online polls or quizzes, or third-
party interfaces with the social network. To make these applications useful, social networks may
allow developers automatic access to public information of users, and may even access some
private information, when a user grants the application permission. You may inadvertently grant
an application access to your profile without realizing the extent of the permissions being
granted. Some facts to keep in mind when considering using third-party applications:

They may not be covered by the social network’s privacy policy. Most social networks do not
take responsibility for the third-party applications that interact with their sites

They may not be guaranteed to be secure.

They may gain access to more information than is necessary to perform their functions.

They may contain malware designed to attack the user’s device.

Third-party developers may report users’ actions back to the social networking platform.

A social network may have agreements with certain websites and applications that allow them
access to public information of all users of the social network.

Privacy policies: Most people skip over the privacy policy when joining a social network.
However, users can learn a lot of useful information by reviewing a privacy policy before
signing up for service. A social network’s privacy policy will explain how the social network
will collect and use information about people who visit the site. When reviewing a privacy
policy, remember:

Privacy policies can change – sometimes dramatically-- after a user creates an account.

21 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Terms of service may have information just as important as the privacy policy, so always review
those as well.

The privacy policy only covers the social network. It does not, for example, cover third-party
applications that interact with the website.

Privacy tips for using social networks:


There are many ways that information on social networks can be used for purposes other than
what the user intended. Any time you choose to engage with social networking sites, you are
taking certain risks. However, these practical tips may help you minimize the risks of social
networks.

When registering an account:

Use a strong password different from the passwords you use to access other sites. Ideally, use a
password manager to generate and store your passwords.

If you are asked to provide security questions, use information that others would not know about
you, or, even better, don't use accurate information at all. If you are using a password manager,
record the false questions and answers and refer to your password manager if you need to
recover your account.

Consider creating a new email address to use only with our social media profile(s).

Provide the minimum amount of personal information necessary, or that you feel comfortable
providing.

Review the privacy policy and terms of service.

During the registration process, social networks often solicit you to provide an email account
password so that they can access your address book. If you consider using this feature, make
sure to read all terms so that you understand what will be done with this information.

General privacy tips for using social networks

Become familiar with the privacy settings available on any social network you use, and review
your privacy settings frequently. On Facebook, for example, you may want to make sure that
your default privacy setting is "Friends Only". Alternatively, use the "Custom" setting and
configure the setting to achieve maximum privacy.

22 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Be careful sharing your birthday, age, or place of birth. This information could be useful to
identity thieves and to data mining companies. If you do consider posting your birthday, age or
place of birth, restrict who has access to this information using the site’s privacy settings.

Try to stay aware of changes to a social network’s terms of service and privacy policy. Consider
subscribing to an RSS feed for (or following) Tosback, a project of the Electronic Frontier
Foundation, to track changes in website policies (which covers some, but not all social
networks).

Use caution when using third-party applications. For the highest level of safety and privacy,
avoid them completely. If you consider using one, review the privacy policy and terms of service
for the application.

If you receive a connection request from a stranger, the safest thing to do is to reject the request.
If you decide to accept the request, use privacy settings to limit what information is viewable to
the stranger and be cautious of posting personal information to your account, such as your
current location as well as personally identifiable information.

Take additional precautions if you are the victim of stalking, harassment or domestic violence.

Consider pruning your "friends" list on a regular basis. It's easy to forget who you've connected
to over time, and therefore who you are sharing information with.

Log off from social networking sites when you no longer need to be connected.

23 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Experiment : 7

Aim : Find out attacks on Social networking sites.

Theory :
Likejacking/clickjacking
Likejacking is sneakier than it is damaging, as it tricks the user into clicking items on a webpage
and liking something without their knowledge. How do you like things by accident?
The scam operates on two layers. The back layer comes with a ‘Like’ button that will follow you
round the screen – you won’t see it. The front shows a post that’s meant to be alluring. Maybe
it’s a crazy video or a post about someone’s amazing body transformation.

Many likejacking scams are no longer a concern as Facebook released a bookmarklet that avoids
the possibility of likejacking. However, likejacking in 2017 is a concern as pages you may have
previously liked are often bought and sold. Once safe pages are now loaded with malware or
suspicious links so be careful about anything you click.

Fake giveaways
In the last few years, marketers in big brands have used competitions as a cheap way to earn
likes, clicks, and traffic. You’ll see competitions all over social media.

For example, chocolate conglomerate Mondolez International ran a competition on Snapchat


asking users to submit a drawn-on photo of a TimeOut bar for the chance of winning €10,000.
On Instagram, designer Marc Jacobs scouted for new models via a social media casting call with
the hashtag #castmemarc.

Fake friends or followers


If you search ‘buy followers’, you’ll soon see that just about anyone can buy thousands of
followers for the princely sum of a tenner. You can do it across the board for social media.

Why would anyone buy fake followers? Likely to massage their egos.

However, it’s not all about ego-massaging as sometimes fake accounts will friend or add you
only to send you a dangerous phishing message. Followers are great, but just make sure they are
more friend than foe!

Phishing attempts with fake links


Phishing happens when someone sends a message pretending to be a reputable company/contact
in order to get their victim to reveal personal info like passwords or credit card numbers.

Phishing is particularly potent as the emails can often look very real. In some cases, the emails
even link to a spoof version of a website (a bank or online store, for example), and users will

24 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

input their details. On the other end of the screen, a hacker could then have access to a person’s
credit card information or personal information to set up identity theft.

While phishing is largely popular in email, private messages on social media can also contain
phishing links. Never open a link in an unsolicited email unless you requested the link and/or
know exactly where the link is going.

Identity theft
Identity theft affects millions of people a year. A lack of knowledge, increased trust in social
media, and a lack of data standards around data collected on social media are a huge part of this.
The boom of social advertising plays a part too, as people give away huge amounts of personal
information – often without particularly meaning to.

Criminals and hackers trawl social media for information: ticket stubs to duplicate barcodes,
holiday posts to facilitate burglary, and personal information to crack passwords or steal
identities.

Never publicly post any of the following on your social accounts:


• Full name
• Date of birth
• Hometown
• Relationship status
• Pet names

Everything you like, share, and comment on says something about you – so have a good think
before you hit the ‘post’ button.

25 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Experiment : 8

Aim : Write the features of any social media dataset used for
data analytics.

Theory :
Social media can benefit businesses by enabling marketers to spot trends in consumer behavior
that are relevant to a business's industry and can influence the success of marketing efforts.

Social media analytics is the ability to gather and find meaning in data gathered from social
channels to support business decisions — and measure the performance of actions based on those
decisions through social media.

Social media analytics is broader than metrics such as likes, follows, retweets, previews, clicks,
and impressions gathered from individual channels. It also differs from reporting offered by
services that support marketing campaigns such as LinkedIn or Google Analytics.

Social media analytics uses specifically designed software platforms that work similarly to web
search tools. Data about keywords or topics is retrieved through search queries or web ‘crawlers’
that span channels. Fragments of text are returned, loaded into a database, categorized and
analyzed to derive meaningful insights.

Steps for tracking social media analytics:

Social media can benefit businesses by enabling marketers to spot trends in consumer behavior
that are relevant to a business's industry and can influence the success of marketing efforts.

Step 1: Access Social Media Analytics

We use Facebook as an example of how to view the data that each social media platform offers.
Facebook Insights is a detailed program that helps you learn about your audience’s behavior. It's
simple to understand and includes interactive visual graphics – making it easy to use, even for
beginners.

To navigate to the Insights panel, start at your business’s Facebook page and choose “Insights”
from the white menu at the top of the page.

26 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

You’ll be presented with a number of choices, including:

• Actions on Page
• Page Views
• Page Likes
• Reach
• Post Engagements
• Page Followers

Step 2: Discover Information About Your Followers

Choose “Page Followers” to see information about your Facebook followers.

The graphs are interactive, and you can scroll over them to view specific information or click on
them to pull more details.

To view information about how many followers you have, look at the first graph, “Total
Followers.” Scrolling over it shows your total page followers on any specific date.

27 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

The next graph is called “Net Followers.” It calculates the number of page likes minus the
number of unlikes to show overall audience growth.

Scroll over the graph to discover when people liked or unliked your pages. This is useful when
you’re ready to measure the success of your shared content. You can look at the date you
published a post and find out if you added followers – or lost them – on that day.

The third graph shows where your new followers were when they liked your page.

28 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

In the left-hand column of your Insights dashboard, there's a menu for viewing different data.

Click on the Posts menu option to find information about when your audience is online.

Have you ever wondered when are the best times to post on social media? Here’s the data that
gives you the answers.

By scrolling through the graph, called When Your Audience is Online, you can find the days and
times your fans socialize on Facebook.

The graph above is a small sampling of the data that’s quickly available through the Facebook
Insights manager.

29 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Step 3: Set Goals to Know What Social Media Metrics to Measure

It’s fascinating to watch your audiences unfold in such detail on different social media analytics
programs. But before you get carried away, decide which numbers are important for achieving
your goals. What data will you track and measure to improve results?

A recent study of 344 social media marketers revealed that the most important metrics for
tracking the success of social media are engagement (36%) and conversion rates (35%).

The metrics you track and follow will depend on the goals you set in your social media strategy.
Be sure they’re “S.M.A.R.T.” goals:

• Specific
• Measurable
• Attainable
• Realistic
• Time-bound
For example, if your purpose is to improve brand awareness, you might set a goal of 500 likes or
100 shares. To reach that goal, you’ll track metrics such as likes, shares, net followers, and
engagement.

30 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Step 4: Use Tools to Help Analyze and Measure Your Social Data

There are software programs and apps that allow you to manage all your social media accounts
in one place to improve the effectiveness and results of your social media efforts.

For example, Sprout Social and Hootsuite are two apps that allow you to schedule posts ahead of
time and track results across a number of social media platforms.

Sprout Social

Sprout Social is a user-friendly platform that streamlines social media management for
Facebook, Instagram and other social media channels. In addition to providing detailed analytics
data, Sprout Social includes social listening tools for tracking brand mentions, consumer
sentiment and competitor activity. It also reveals how fan growth correlates with content
performance and includes historical engagement data that helps administrators optimize post-
scheduling times.

Google Analytics is another option for tracking social media results. You can learn more about
using Google for social media data from Monster Insights guide on how to analyze social media
traffic using Google Analytics

31 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Experiment : 9

Aim : Write features of any Social media data analytics tools


available free online. (Likealyzer, Facebook or any other
tool)

Theory :
Sprout Social is a user-friendly platform that streamlines social media management for Facebook,
Instagram and other social media channels. In addition to providing detailed analytics data, Sprout
Social includes social listening tools for tracking brand mentions, consumer sentiment and
competitor activity. It also reveals how fan growth correlates with content performance and
includes historical engagement data that helps administrators optimize post-scheduling times.

Features of Sprout Social:

1. Create posts tailored to each social platform

Scheduling to Facebook, Instagram and Twitter all at once saves time, but you may want to change
the content to fit the platform. On Instagram, you may want to add your hashtags, but on Facebook
and Twitter, you may want to include links to your website.

You don’t need to repeatedly copy and paste content to create customized posts for each network.
This Sprout feature provides a more streamlined solution: Schedule + Duplicate.

You can create your post for Instagram with hashtags, then click Schedule + Duplicate to see the
post automatically reopen in your Compose window with any text and attachments. From there,
select your Facebook Page, edit the post as you’d like and send it out! This will also allow you to
quickly schedule the same message across multiple Twitter profiles.

32 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

2. Preview your Instagram grid on mobile

When publishing to Instagram, you can preview your grid by using Sprout’s mobile app. This
Sprout feature allows you to envision how all of your posts will look together once published.

33 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

3. Receive notifications for failed messages and repost

While we hope that post failures do not happen often, we also know that temporary server errors
or formatting issues may cause a post to be rejected by the native networks. To make sure that you
do not lose any of your carefully curated content, enable failed message push notifications in the
Sprout mobile app.

4. Schedule directly from your browser with Sprout’s extensions

When working from Google Chrome and Firefox, you can install Sprout’s extension to share a
link any time you come across interesting content.

5. Automatically target your Optimal Send Times in Compose

Identifying the best times to post for your target niche or social network isn’t always a simple task,
and it can take up a lot of your planning time if you don’t have any help in optimizing your
schedule.

Sprout’s ViralPost is here to make scheduling much easier by highlighting Optimal Send
Times (available in Professional and Advanced Plans) right within the Compose window.

34 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

6. Moderate ad comments in the Smart Inbox

Many social media marketers are creating ad content to engage their audiences. Once you’ve
created your ads, you can also respond to incoming comments on these posts for Facebook and
Instagram.

You can connect your Facebook Ad Account in Sprout (which does not count as additional
profiles) to begin interacting with your ad comments alongside your organic content.

7. Delete or hide comments from the Inbox

While scrolling through your Smart Inbox, you may find a spam comment on your Facebook Page.
You can delete or hide this right from your Inbox with this Sprout feature, which was
recently released for Instagram as well!

8. Tag messages to track message performance by type

Message Tagging is a Sprout feature on Sprout’s Professional and Advanced Plans. With Tagging,
you can customize your outgoing and incoming message tracking to best fit your social media
goals.

For example, you can track how many negative comments compared with positive comments you
received on a particular post. You can also track how many incoming comments a campaign
generates.

35 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

36 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Experiment : 10

Aim : Study of the features of firewall in providing network


security and to set Firewall Security in windows.

Theory :
Firewall & network protection in Windows Security lets you view the status of Microsoft
Defender Firewall and see what networks your device is connected to. You can turn Microsoft
Defender Firewall on or off and access advanced Microsoft Defender Firewall options for the
following network types:

▪ Domain (workplace) networks


▪ Private (discoverable) networks
▪ Public (non-discoverable) networks

If you want to change a setting select the network type you want to change it on.

Network settings

When you select one of the three network types you'll get the settings page for it. Here Windows
Security will tell you which, if any, networks of that type you're currently connected to. Usually
your computer will only be connected to one network at a time

37 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Firewall & network protection page:

▪ Allow an app through firewall - If the firewall is blocking an app you really need,
you can add an exception for that app, or open a specific port. Learn more about that
process (and why you might not want to) at Risks of allowing apps through
Microsoft Defender Firewall.
▪ Network and Internet troubleshooter - If you're having general network
connectivity issues you can use this troubleshooter to try and automatically diagnose
and fix them.
▪ Firewall notification settings - Want more notifications when your firewall blocks
something? Fewer? Here's where you can configure that.
▪ Advanced settings - If you're knowledgeable about firewall settings this will open
the classic Windows Defender Firewall tool which lets you create inbound or
outbound rules, connection security rules, and see monitoring logs for the firewall.
Most users won't want to dig into it that deeply; adding, changing, or deleting rules
incorrectly can cause your system to be more vulnerable or can cause some apps not
to work.
▪ Restore firewalls to default - If someone, or something, has made changes to your
Windows Firewall settings that is causing things not to work properly you're just two
clicks away from resetting the settings back to the way they were when you first got
the computer. If your organization has applied any policies to configure the firewall
those will be reapplied.

38 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Experiment : 11

Aim : Steps to ensure Security of any one web browser


(Mozilla Firefox/Google Chrome)

Theory :
As Chrome's popularity has grown over the past decade, third-party associations in the form of
extensions, apps, and software have also increased. These integrations can help you be more
productive, but they can also put you and your data at risk.

Luckily, Chrome is one of the most secure browsers available. It comes with many built-in features
to ensure your online safety, but you might not be familiar with all of them. To help protect your
browser, here are eight tips to make the browser more secure.

Steps to Secure your Google Chrome browser

1. Limit synced items: We use Google Chrome across all our devices, and so, to keep us updated
we often sync all our devices so that all the information (logins and passwords, bookmarks, etc.)
is available to us at all times. However, this continuous sending of data can put your security at
risk, so limit the synchronization.

To do this, click the three dots on the upper right side of Chrome and then Settings > Advanced
> Sync and other Google Services.

39 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

As you see in the above image, Synchronize everything is set by default. We recommend
deactivating the options you use less frequently.

2. Shifting to Chrome's Enhanced Protection

Safe browsing, a security service by Google to protect users from malicious websites, offers two
types of protection; Standard and Enhanced. Unless you've changed it previously, your browser is
set to Standard protection by default. Standard protection warns you about unsafe websites before
you visit them and helps you avoid potentially harmful files and extensions.

Enhanced protection offers much more, however. It's a must-have security setting with features
such as warning users to change passwords if exposed during a breach, improving the security on
other Google apps you use, and predicting harmful events before they happen.

Here is how you can shift your browser's protection from Standard to Enhanced to improve your
security:

1. Navigate to Chrome's Settings by tapping the three vertical dots in the top-right corner.
2. Click on Privacy and Security in the left sidebar and navigate to Security.
3. Enable Enhanced protection under Safe Browsing.

3. Encrypt synchronized data: In the same menu, i.e. Settings > Advanced > Sync and other
Google Services, there is another options to encrypt your synchronized data. Select the
option Encrypt synced data with your own sync passphrase. Next, choose a password that you
can remember (different from your Google account password).

40 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

This will add an extra layer of security by asking for the password every time Google Chrome
wants to synchronize your data.

4. Using Chrome's Safety Check: Chrome has a built-in tool that allows you to test how secure
your browser is. This tool helps you identify any data breaches, available browser updates,
malicious extensions, the strength of your saved passwords, and the type of protection you are
using in your browser.
To run a security check, follow these steps:
1. Navigate to Chrome's Settings.
2. Under Safety check, tap on Check Now.

Chrome will alert you about your weak security areas in a few seconds. Regularly running safety
checks will ensure your safety.

5. Change your Password settings: Under Settings > Advance > Passwords ensure that Offer
to save passwords and Auto Sign-in are both unchecked. Even though this would mean you will
have to remember your passwords, and will need to sign in every time you go to a particular
website.

41 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

6. Change the System settings within Google Chrome: For the very concerned for online
privacy, I would highly recommend unchecking Continue Running Background Apps When
Google Chrome Is Closed. This will close all apps when you exit Chrome and prevent
notifications (such as Gmail, Facebook, etc.) from having access to your desktop. You would
find this setting under Settings > Advanced > System.

7. Turn off Google Activity Control: Google Chrome not only saves your browsing data, but so
does Google itself every time you're logged in to your Google account. This option, activated by
default, can be easily deactivated. To do this, access the option Activity controls of your account
from this link, and deactivate the switch.

8. Setup 2-Step Verification: To enable 2-step verification, sign in to your Google account from
the usual web page. On the left-hand side, click on Security, then under Signing in to Google,
click on 2-Step Verification. If you be disabled by default. Enable it and set it up by clicking on
the Get Started button.

42 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Experiment : 12

Aim : Study of different types of vulnerabilities for hacking


a websites / Web Applications.

Theory :
The Common Web Application Vulnerabilities :

1: SQL Injection : Many hackers start with an attempt to gain access to the database through
SQL injection attacks. This is when the attacker inserts malicious SQL statements into form
fields and other injection points, with the intention of gathering information from and controlling
the database. They can use this information to access and modify or even destroy the
information, and to attack the underlying system.

Attackers typically use these attacks to collect vital customer information such as their contact
information, passwords, or even credit card info. They may even exploit these web security
vulnerabilities to change the price of a product, for instance. Advanced attacks can even allow
them to control the database server and the operating system.

2: Cross-Site Scripting (XSS) : As mentioned earlier, cross-site scripting or XSS is one of the
most popular web application vulnerabilities that could put your users’ security at risk. These
attacks inject malicious code into the running application and executes it on the client-side.

The goal of XSS attacks is to send this malicious code to other users, sometimes infecting their
devices with malware or stealing sensitive information. This type of website application
vulnerability can give the attacker full control of the user’s browser and can be extremely
dangerous to any website.

3 : Authentication Failure : Authentication-related web application vulnerabilities occur when


there’s an improper implementation of adequate user authentication controls. This puts user
accounts at risk of being breached. Attackers may exploit these web security vulnerabilities to
gain control over any user account or even over the entire system.

One of these vulnerabilities is Credential Stuffing, where an attacker will test a list of valid
passwords and usernames gleaned from another breach or attack until they manage to find a
valid combination and gain access.

Another common vulnerability is a Brute Force attack, in which the attacker tries every possible
character combination until they find a valid one.

43 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Session hijacking is another common attack that can occur as a result of authentication failure.
This is when there is a failure to properly invalidate session IDs, allowing attackers to exploit an
authenticated session of a legitimate user.

4 .XML External Entities : An XML external entity attack, also known as an XXE, or an XML
injection attack, is another class of vulnerabilities you should watch out for. These types of
attacks occur when attackers exploit a weakly-configured XML parser. Through such attacks,
attackers can inject additional data, access confidential data, and execute applications and create
remote tunnels (shells).

XML external entity attacks can also result in remote code execution, Server Side Request
Forgery (SSRF), and more. By default, most XML parsers are prone to these attacks. This leaves
it up to the developers to ensure that their web application is free from these web application
vulnerabilities.

5. Broken Access Control (Authorization Failure) : Access control helps you control what
sections of a website and what application data different visitors can access.

For instance, if your website is a platform for different sellers to list their products, they will
need some kind of access to add new products and manage their sales. However, not every
visitor will need that level of access since most of them are visiting your site to buy products.

As such, having a broken access control opens up your site to web application vulnerabilities,
which attackers can exploit to access sensitive information or unauthorized functionality. They
might even use these attacks to make modifications to access rights and user data.

6. Local File Inclusion (LFI)


An LFI attack exploits the dynamic file inclusion mechanisms in a web application. It may occur
when a web application takes user input, such as a parameter value or URL, and passes it to a file
inclusion command. An attacker can use this mechanism to trick the app into including a remote
file containing malicious code.

Most web application frameworks enable file inclusion, which is useful primarily to package
shared code into different files for later reference by the application’s main modules. If a web
app references a file for inclusion, it might execute the code in the file explicitly or implicitly
(i.e., by calling a specific procedure). The application could be vulnerable to LFI attacks if the
module-to-load choice is based on HTTP request elements.

44 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Experiment : 13

Aim : Analysis the Security Vulnerabilities of E-commerce


services.

Theory :
In the eCommerce industry, security vulnerability stands for the weak points of the system that
can be easily attacked by scammers or prone to various fraudulent activities for getting money,
products, and personal information from clients’ bases for the purpose of profit.

Security risks have always existed for e-commerce businesses as attackers attempt to exploit
vulnerabilities to gain access to customers’ personal and financial data. E-commerce is such a hot
target for hackers that online retailers saw a 50% jump in cybercrime in 2020. Leaving security
vulnerabilities in e-commerce unaddressed can cause significant damage to a company and its
customers, erode customer trust, harm the bottom line, and even potentially put an organization in
legal insecurity.

Common Security Vulnerabilities in E-commerce:


• Financial Frauds or Payment Frauds: This type is one of the most typical for
eCommerce and dates back to the very first attempts of the businesses going online. Often,
scammers used to make unauthorized transactions and immediately wipe out the trails. Or
else, they can use the fake emails, accounts, and names, and even IP addresses to look like
the real customer.
After they have requested a refund with, for instance, a fake screenshot, most eCommerce
platforms basically give them money for nothing, especially if they’re not aware of this
financial trick.

• SQL Injection: SQL injection is a web security vulnerability that allows an attacker to
interfere with the queries that an application makes to its database. It generally allows an
attacker to view data that they are not normally able to retrieve. This might include data
belonging to other users, or any other data that the application itself is able to access. In
many cases, an attacker can modify or delete this data, causing persistent changes to the
application's content or behaviour.
The results from an SQL injection attack on a vulnerable site may range from a detailed
error message, which discloses the back-end technology being used, or allowing the
attacker to access restricted areas of the site because he manipulated the query to an always-
true Boolean value, or it may even allow the execution of operating system commands.

45 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

• Bot Attack: Some criminals also attack eCommerce sites with bots, that basically act like
real users and can hardly be detected by the security system. This is why bot attack is
considered to be one of the common security vulnerabilities you should always keep in
mind.
However, bots are not just fake users that can boost your traffic to slow down the site’s
speed. Instead, they can also steal the personal information of your customers, record their
log-in credentials and bank information, manipulate the products’ prices and randomly
block them, thus making your eCommerce platform less secure and user-friendly.

• Price Manipulation: This is a vulnerability that is almost completely unique to online


shopping carts and payment gateways. In the most common occurrence of this
vulnerability, the total payable price of the purchased goods is stored in a hidden HTML
field of a dynamically generated web page. An attacker can use a web application proxy
such as Achilles to simply modify the amount that is payable, when this information flows
from the user's browser to the web server.
This information is eventually sent to the payment gateway with whom the online merchant
has partnered. If the number of transactions is very high, the price manipulation may go
completely unnoticed. Repeated attacks of this nature could destroy the number of users to
the website

• Weak Authentication and Authorization: Authentication mechanisms that do not


prohibit multiple failed logins can be attacked using tools such as Brutus. Similarly, if the
web site uses HTTP Basic Authentication or does not pass session IDs over SSL (Secure
Sockets Layer), an attacker can sniff the traffic to discover user's authentication and/or
authorization credentials.
Since HTTP is a stateless protocol, web applications commonly maintain state using
session IDs or transaction IDs stored in a cookie on the user’s system. Thus, session ID is
the only way that the web application can determine the online identity of the user.
If the session ID is stolen (say through XSS), or it can be predicted, then an attacker can
take over a genuine user’s online identity. Hence, we need to take care of the session id by
providing the necessary algorithms.

• Cross-site scripting: The Cross-site Scripting (XSS) attack are targeted against the end
user and leverages two factors:
1. The lack of input and output validation being done by the web application
2. The trust placed by the end-user in a URL that carries the vulnerable web site’s
name.

46 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Experiment : 14

Aim : Analysis the security vulnerabilities of E-Mail


Application

Theory :
1. Spoofing: E-mail spoofing happens when a cybercriminal sends an e-mail to a user
masquerading as someone the user knows. E-mail spoofing to the original sender is easy to
accomplish and extremely difficult to trace. For example, the scammer can spoof the email of
someone in your organization to obtain vital information. They may even ask for money from your
employees. Due diligence is the best way of thwarting spoofing attacks. However, businesses
should also acquire software that improves their email security.

2. Phishing: Phishing is another type of attack cybercriminals use to steal user data. Such data
often includes credit card numbers and login credentials. It occurs when the attacker masquerades
as a trusted entity and dupes the victim into opening an email.

3. Malware: Increasingly, attackers are taking advantage of e-mail to deliver a variety of attacks
to organizations through the use of malware, or “malicious software,” that include viruses, worms,
Trojan horses, and spyware. These attacks, if successful, may give the malicious entity control
over workstations and servers, which can then be exploited to change privileges, gain access to
sensitive information, monitor users’ activities, and perform other malicious actions.

4. Domain Squatting: The act of registering, selling, or using a domain name with the intent of
profiting from someone else's trademark is known as domain squatting. As a result, domain
squatting and targeted spear phishing attacks will affect both businesses and their customers.

5. Client-Side Attacks: The number of attack vectors available to internet users is growing every
day. A single link containing malicious content may be enough to infect a device. The protection
of the e-mail service components must be improved, and necessary anti-phishing solutions, such
as employee training or email threat simulating, must be implemented to combat threats.

6. Ransomware: Ransomware is a vicious malware that attacks your entire computer system. and
blocks you from accessing your data until you pay the ransom demanded by the attacker. One way
in which cyber attackers launch this malware is through emails. Ransomware has led to businesses
losing billions of dollars over the years.

7. Configuration Errors: This is a pervasive security problem. A poorly configured e-mail service
may lead to a big issue by enabling e-mail to be delivered without authentication.

47 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

For example, a cybercriminal without authentication access to your e-mail service may send a
random e-mail to one of your employees. A cybercriminal who embodies the CEO may be more
likely to succeed.

8. File Format Exploits: File format vulnerabilities are quickly becoming one of the most serious
information security risks that face many businesses. Attackers who take advantage of these flaws
build carefully designed malicious files that trigger program flaws (such as buffer overflows).
These vulnerabilities are particularly dangerous because they often affect several platforms.

9. Browser Exploit Kit: Emails with internet browser vulnerabilities can lead to data leakage,
identity theft, and access issues in your accounts. Sometimes a link in your browser kit may contain
an abused code that cybercriminals can use to exploit your email. To avoid this threat, you should
ensure that your email service and the security components have fool proof protective measures.

10. Business Email Compromise (BEC) and Spear-Phishing Attacks: Another important point
is that a cyber attacker who bypasses all security protocols attacks a device by exploiting the end
user's unawareness since most people are unable to recognize a sophisticated phishing email.
Phishing assessments, exams, questionnaires, and games can be used to educate users about how
to recognize threats on a regular basis.

Limitations exist in currently used protocols


Any Network service like email system must provide following five services for security reasons

Message Confidentiality: It promotes privacy that is the message transfer between sender and
receiver is secure and no one can read or track the message while transferring.

Message Integrity: It says that the same message/data should arrive at receiver end as it can be
sent by sender. No alteration intentionally or accidentally takes place during transfer.

Message Authentication: It ensures that message can be received from the sender only or from
the trusted source. In this receiver must be sure about the identity of sender.

Message Non-repudiation: It ensures that anytime sender should not be able to deny sending of
message which originally sends by him/her.

Entity Authentication: It ensures identification of user; the user must be verified before accessing
the resources and services. This is done by asking login-id and password.

SMTP: SMTP does not encrypt messages. So, the communication between SMTP servers is in
plain text so eavesdropping takes place. If you are login to SMTP server using your username and
password that is also pass in plain text so again anyone stole your information during transfer.
Messages sent through SMTP also contains information about sending computer and software used
which when capture can be used for malicious intent. So, SMTP lacks privacy concern.

48 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Experiment : 15

Aim : Encryption technique implementation and simulation.

Theory :
Ciphertext is encrypted text transformed from plaintext using an encryption algorithm. Ciphertext
can't be read until it has been converted into plaintext (decrypted) with a key. The decryption
cipher is an algorithm that transforms the ciphertext back into plaintext.

Ciphertext is the result of encryption performed on plaintext using an algorithm, called a cipher.
Ciphertext is also known as encrypted or encoded information because it contains a form of the
original plaintext that is unreadable by a human or computer without the proper cipher to decrypt
it. This process prevents the loss of sensitive information via hacking. Decryption, the inverse of
encryption, is the process of turning ciphertext into readable plaintext.

The Caesar Cipher technique is one of the earliest and simplest method of encryption technique.
It’s simply a type of substitution cipher, i.e., each letter of a given text is replaced by a letter some
fixed number of positions down the alphabet. For example, with a shift of 1, A would be replaced
by B, B would become C, and so on. The method is apparently named after Julius Caesar, who
apparently used it to communicate with his officials.

49 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Program:
1. public class Main
2. {
3. public static void main(String[] args) {
4. System.out.println(encrypt("NiKhIl"));
5. }
6. public static String encrypt(String str){
7. String result = "";
8. char temp;
9. for(int i = 0; i < str.length(); i++){
10. temp = (char)(str.charAt(i) + 2);
11. if(temp > 122)
12. temp = (char)(temp % 123 + 97);
13. else if(temp > 90 && temp < 93)
14. temp = (char)(temp % 91 + 65);
15. result += temp;
16. }
17. return result;
18. }
19. }

Output:

50 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

Experiment : 16

Aim : Program to check the Password strength.

Theory :
1. public class Main
2. {
3. public static void main(String[] args) {
4. System.out.println(checkPassStrength("Shrashti@676"));
5. }
6. public static String checkPassStrength(String passwd){
7. int n = passwd.length();
8. boolean hasLower = false, hasUpper = false, hasDigit = false, specialChar = false;
9. for(int i = 0; i < passwd.length(); i++){
10. if (Character.isLowerCase(passwd.charAt(i)))
11. hasLower = true;
12. else if (Character.isUpperCase(passwd.charAt(i)))
13. hasUpper = true;
14. else if (Character.isDigit(passwd.charAt(i)))
15. hasDigit = true;
16. else
17. specialChar = true;
18. }
19. if (hasDigit && hasLower && hasUpper && specialChar && (n >= 8))
20. return "Strong";
21. else if ((hasLower || hasUpper || specialChar) && (n >= 6))
22. return "Moderate";
23. else
24. return "Weak";
25. }
26. }
Output:
• "Shrashti@676"

51 | P a g e
BTCS 603 CYBER SECURITY AND NETWORK

• "shrashti"

52 | P a g e

You might also like