Tuesday, December 16, 2014
Monday, November 24, 2014
Friday, November 21, 2014
Sunday, November 16, 2014
CLOUD COMPUTING
1. Cloud Computing
|
Cloud computing is an Internet based computing
where virtually shared servers provide software, Infrastructure , platform ,
devices and other resources and hosting to customers on a pay-as-you-use
basis.
|
2. Front end
|
The front end of the cloud computing system
comprises the client’s device and some applications are needed for accessing
the cloud computing system.
|
3. Back End
|
Back end refers to the cloud itself which may
encompass various computer machines, data store systems and servers.
|
4.Infrastructure as a service (IaaS) or Hardware as a service(HaaS)
|
A model in which an organization outsources the
equipment used to support operations including memory (storage space ) ,
hardware , virtual servers(server space) , databases and networking
components.
|
5. Platform as a Service (PaaS)
|
Platform as a Service (PaaS)supplies all the
resources required to build
applications and services over the internet, without having to download or
install software.
|
Hybrid Cloud
|
A hybrid cloud is essentially a combination of
at least two clouds , where the clouds included are a mixture of public,
private or community clouds
|
Public Cloud
|
A public cloud can be accessed by any subscriber
with an Internet connection and access to the cloud space.
|
Private cloud
|
Private cloud is the offering that arranges cloud
computing on private networks. It consists of applications or virtual
machines in a company’s own set of hosts.
|
Community cloud
|
A community cloud is shared among two or more
organizations that have similar cloud requirements.
|
Question/ Answers:
1. What is cloud computing?
Ans. Cloud computing is an Internet based computing where virtually
shared servers provide software, Infrastructure , platform , devices and other
resources and hosting to customers on a pay-as-you-use basis.
2. What are the major components of cloud computing?
Ans. Clients , data center , and distributed servers.
3. Name companies which provide services in cloud computing.
Ans. Gmail, Yahoo, Hotmail, Orkut , Amazon and Microsoft.
4. What type of cloud services are provided by Amazon to public?
Ans. Amazon offers a number of cloud services ,including Elastic Compute
Cloud (EC2) , Simple Storage Service (S3) ,Simple Queue Service (SQS) and
Simple DB.
5. State two benefits of cloud computing.
Ans. A. Increased security at
a much lesser cost. B. Easy to maintain
6. State some characteristics of cloud computing.
Ans. Characteristics :
- · On demand self service by consumers
- · Broad access via network
- · Resource pooling of physical and virtual resources
- · Rapid scaling of capacity
- · Enhanced transparency of usage via metrics
7. What do you mean by the term services in cloud computing?
Ans. The term services in cloud
computing is the concept of being able to use reusable , fine grained
components across a customer’s network these include:
- · Low barriers to entry , making them available to small businesses.
- · Large scalability
- · Resource sharing
- · Device independence, allows users to work on different hardware.
8. Name the resources that you can rent under HaaS.
Ans. The resources are server space, network equipments, memory , CPU
cycles and storage space.
9. Name two database service providers which prominently support cloud
computing.
Ans. MySQL , Oracle
10. Name three service models which are associated with cloud computing.
Ans. The three service models are:
- · Infrastructure as a service (IaaS) or Hardware as a service(HaaS)
- · Platform as a Service (PaaS)
- · Software as a Service SaaS
11. State one advantage of IaaS.
Ans. IaaS allows organization to avoid the large capital expenses
associated with Infrastructure and data centers.
12. State one advantage of SaaS.
Ans. SaaS eliminates the capital expenses of purchasing software and its
maintenance.
13. What are the major challenges in adoption cloud computing for use?
The challenges are privacy/compliance, immaturity of vendors/offerings,
legacy application.
14. what are the major threats of using cloud computing?
Ans. The threats are :
- · Spoofing Identity (Authentication, Protect Secrets, Avoid strong private information etc.)
- · Tampering with data ( Authorization , Digital Signature)
- · Repudiation (Digital signatures, Timestamps, Secure logging, Audit Trails etc.)
- · Denial of Service (Strong Authentication and authorization , Quality of Service etc.)
Wednesday, November 12, 2014
Wednesday, June 11, 2014
Sunday, January 19, 2014
Cyber Law
Cyber Law:
Introduction
In Simple way we can say that cyber crime is unlawful acts wherein
the computer is either a tool or a target or both
Cyber crimes can involve criminal activities
that are traditional in nature, such as theft, fraud, forgery, defamation and
mischief, all of which are subject to the Indian Penal Code. The abuse of
computers has also given birth to a gamut of new age crimes that are addressed
by the Information Technology Act, 2000.
We can categorize Cyber
crimes in two ways
The Computer as a Target :-using a computer to attack other computers.
The Computer as a Target :-using a computer to attack other computers.
e.g. Hacking, Virus/Worm
attacks, DOS attack etc.
The computer as a weapon
:-using a computer to commit real world crimes.
e.g. Cyber Terrorism,
IPR violations, Credit card frauds, EFT frauds, Pornography etc.
Cyber Crime regulated by Cyber Laws or Internet Laws.
Cyber Crime regulated by Cyber Laws or Internet Laws.
Technical Aspects
Technological advancements have created new possibilities for criminal activity, in particular the criminal misuse of information technologies such as
Technological advancements have created new possibilities for criminal activity, in particular the criminal misuse of information technologies such as
a. Unauthorized access
& Hacking:-
Access means gaining entry into, instructing or communicating with
the logical, arithmetical, or memory function resources of a computer, computer
system or computer network.
Unauthorized access would therefore mean any kind of access
without the permission of either the rightful owner or the person in charge of
a computer, computer system or computer network.
Every act committed towards breaking into a computer and/or
network is hacking. Hackers write or use ready-made computer programs to attack
the target computer. They possess the desire to destruct and they get the kick
out of such destruction. Some hackers hack for personal monetary gains, such as
to stealing the credit card information, transferring money from various bank
accounts to their own account followed by withdrawal of money.
By hacking web server
taking control on another persons website called as web hijacking
b. Trojan Attack:-
The program that act
like something useful but do the things that are quiet damping. The programs of
this kind are called as Trojans.
The name Trojan Horse is
popular.
Trojans come in two
parts, a Client part and a Server part. When the victim (unknowingly) runs the
server on its machine, the attacker will then use the Client to connect to the
Server and start using the trojan.
TCP/IP protocol is the
usual protocol type used for communications, but some functions of the trojans
use the UDP protocol as well.
c. Virus and Worm
attack:-
A program that has
capability to infect other programs and make copies of itself and spread into
other programs is called virus.
Programs that multiply
like viruses but spread from computer to computer are called as worms.
d. E-mail & IRC
related crimes:-
1. Email spoofing
Email spoofing refers to
email that appears to have been originated from one source when it was actually
sent from another source. Please Read
2. Email Spamming
Email
"spamming" refers to sending email to thousands and thousands of
users - similar to a chain letter.
3 Sending malicious
codes through email
E-mails are used to send
viruses, Trojans etc through emails as an attachment or by sending a link of
website which on visiting downloads malicious code.
4. Email bombing
E-mail
"bombing" is characterized by abusers repeatedly sending an identical
email message to a particular address.
5. Sending threatening
emails
6. Defamatory emails
7. Email frauds
8. IRC related
Three main ways to
attack IRC are: "verbalâ⦣8218;?Ŧ#8220; attacks, clone attacks, and flood attacks.
e. Denial of Service
attacks:-
Flooding a computer
resource with more requests than it can handle. This causes the resource to
crash thereby denying access of service to authorized users.
Examples include
attempts to
"flood" a network, thereby preventing legitimate network traffic
attempts to disrupt
connections between two machines, thereby preventing access to a service
attempts to prevent a
particular individual from accessing a service
attempts to disrupt
service to a specific system or person.
Distributed
DOSA distributed denial of service (DoS) attack is accomplished by using the Internet to break into computers and using them to attack a network.
Hundreds or thousands of computer systems across the Internet can be turned into “zombies” and used to attack another system or website.
Types of DOS
There are three basic types of attack:
a. Consumption of scarce, limited, or non-renewable resources like NW bandwith, RAM, CPU time. Even power, cool air, or water can affect.
b. Destruction or Alteration of Configuration Information
c. Physical Destruction or Alteration of Network Components
d. Forgery:-
Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners.
Also impersonate another person is considered forgery.
e. IPR Violations:-
These include software piracy, copyright infringement, trademarks violations, theft of computer source code, patent violations. etc.
Cyber Squatting- Domain names are also trademarks and protected by ICANN’s domain dispute resolution policy and also under trademark laws.
Cyber Squatters registers domain name identical to popular service provider’s domain so as to attract their users and get benefit from it.
f. Cyber Terrorism:-
Targeted attacks on military installations, power plants, air traffic control, banks, trail traffic control, telecommunication networks are the most likely targets. Others like police, medical, fire and rescue systems etc.
Cyber terrorism is an attractive option for modern terrorists for several reasons.
1.It is cheaper than traditional terrorist methods.
2.Cyberterrorism is more anonymous than traditional terrorist methods.
3.The variety and number of targets are enormous.
4.Cyberterrorism can be conducted remotely, a feature that isespecially appealing to terrorists.
5.Cyberterrorism has the potential to affect directly a larger number of people.
g. Banking/Credit card Related crimes:-
In the corporate world, Internet hackers are continually looking for opportunities to compromise a company’s security in order to gain access to confidential banking and financial information.
Use of stolen card information or fake credit/debit cards are common.
Bank employee can grab money using programs to deduce small amount of money from all customer accounts and adding it to own account also called as salami.
h. E-commerce/ Investment Frauds:-
Sales and Investment frauds. An offering that uses false or fraudulent claims to solicit investments or loans, or that provides for the purchase, use, or trade of forged or counterfeit securities.
Merchandise or services that were purchased or contracted by individuals online are never delivered.
The fraud attributable to the misrepresentation of a product advertised for sale through an Internet auction site or the non-delivery of products purchased through an Internet auction site.
Investors are enticed to invest in this fraudulent scheme by the promises of abnormally high profits.
i. Sale of illegal articles:-
This would include trade of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication.
Research shows that number of people employed in this criminal area. Daily peoples receiving so many emails with offer of banned or illegal products for sale.
i. Online gambling:-
There are millions of websites hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering.
j. Defamation: -
Defamation can be understood as the intentional infringement of another person's right to his good name.
Cyber
Defamation occurs when defamation takes place with the help of computers and /
or the Internet. E.g. someone publishes defamatory matter about someone on a
website or sends e-mails containing defamatory information to all of that
person's friends. Information posted to a bulletin board can be accessed by
anyone. This means that anyone can place
Cyber
defamation is also called as Cyber smearing.Cyber Stacking:-
Cyber stalking involves following a persons movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.
In general, the harasser intends to cause emotional distress and has no legitimate purpose to his communications.
p. Pedophiles:-
Also there are persons who intentionally prey upon children. Specially with a teen they will let the teen know that fully understand the feelings towards adult and in particular teen parents.
They earns teens trust and gradually seduce them into sexual or indecent acts.
Pedophiles lure the children by distributing pornographic material, then they try to meet them for sex or to take their nude photographs including their engagement in sexual positions.
k. Identity Theft :-
Identity theft is the fastest growing crime in countries like America.
Identity theft occurs when someone appropriates another's personal information without their knowledge to commit theft or fraud.
Identity theft is a vehicle for perpetrating other types of fraud schemes.
l. Theft of Internet Hours:-
Unauthorized use of Internet hours paid for by another person.
By gaining access to an organisation's telephone switchboard (PBX) individuals or criminal organizations can obtain access to dial-in/dial-out circuits and then make their own calls or sell call time to third parties.
Additional forms of service theft include capturing 'calling card' details and on-selling calls charged to the calling card account, and counterfeiting or illicit reprogramming of stored value telephone cards.
m. Theft of computer system (Hardware):-
This type of offence involves the theft of a computer, some part(s) of a computer or a peripheral attached to the computer.
n. Physically damaging a computer system:-
Physically damaging a computer or its peripheralseither by shock, fire or excess electric supply etc.
o. Breach of Privacy and Confidentiality
Privacy
Privacy refers to the right of an individual/s to determine when, how and to what extent his or her personal data will be shared with others.
Breach of privacy means unauthorized use or distribution or disclosure of personal information like medical records, sexual preferences, financial status etc.
Confidentiality
It means non disclosure of information to unauthorized or unwanted persons.
In addition to Personal information some other type of information which useful for business and leakage of such information to other persons may cause damage to business or person, such information should be protected.
Generally for protecting secrecy of such information, parties while sharing information forms an agreement about he procedure of handling of information and to not to disclose such information to third parties or use it in such a way that it will be disclosed to third parties.
Many times party or their employees leak such valuable information for monitory gains and causes breach of contract of confidentiality.
Special techniques such as Social Engineering are commonly used to obtain confidential information.
Why Cyberlaw in India ?
When Internet was developed, the founding fathers of Internet hardly had any inclination that Internet could transform itself into an all pervading revolution which could be misused for criminal activities and which required regulation. Today, there are many disturbing things happening in cyberspace. Due to the anonymous nature of the Internet, it is possible to engage into a variety of criminal activities with impunity and people with intelligence, have been grossly misusing this aspect of the Internet to perpetuate criminal activities in cyberspace. Hence the need for Cyberlaws in India.
What is the importance of Cyberlaw ?
Cyberlaw
is important because it touches almost all aspects of transactions and
activities on and concerning the Internet, the World Wide Web and Cyberspace.
Initially it may seem that Cyberlaws is a very technical field and that it does
not have any bearing to most activities in Cyberspace. But the actual truth is
that nothing could be further than the truth. Whether we realize it or not,
every action and every reaction in Cyberspace has some legal and Cyber legal
perspectives.
Does Cyberlaw concern me ?
Yes,
Cyberlaw does concern you. As the nature of Internet is changing and this new
medium is being seen as the ultimate medium ever evolved in human history,
every activity of yours in Cyberspace can and will have a Cyber legal
perspective. From the time you register your Domain Name, to the time you set
up your web site, to the time you promote your website, to the time when you
send and receive emails , to the time you conduct electronic commerce
transactions on the said site, at every point of time, there are various
Cyberlaw issues involved. You may not be bothered about these issues today
because you may feel that they are very distant from you and that they do not
have an impact on your Cyber activities. But sooner or later, you will have to
tighten your belts and take note of Cyberlaw for your own benefit.
Cyberlaw Awareness program
Are
your electronic transactions legally binding and authentic? Are you verifying
your customers' identities to prevent identity theft? Does your online terms
and conditions have binding effect? Are you providing appropriate information
and clear steps for forming and concluding your online transactions? How are
you ensuring data protection and information security on your web site? Are you
recognising the rights of your data subjects?
Transacting
on the Internet has wide legal implications as it alters the conventional
methods of doing business. To build enduring relationships with your online
customers the legal issues of e-transactions need to be addressed from the
onset.
Advantages
of Cyber Laws
The IT Act 2000 attempts to change
outdated laws and provides ways to deal with cyber crimes. We need such laws so
that people can perform purchase transactions over the Net through credit cards
without fear of misuse. The Act offers the much-needed legal framework so that
information is not denied legal effect, validity or enforceability, solely on
the ground that it is in the form of electronic records.
In
view of the growth in transactions and communications carried out through
electronic records, the Act seeks to empower government departments to accept
filing, creating and retention of official documents in the digital format. The
Act has also proposed a legal framework for the authentication and origin of
electronic records / communications through digital signature.
*
From the perspective of e-commerce in India, the IT Act 2000 and its provisions
contain many positive aspects. Firstly, the implications of these provisions
for the e-businesses would be that email would now be a valid and legal form of
communication in our country that can be duly produced and approved in a court
of law.
*
Companies shall now be able to carry out electronic commerce using the legal
infrastructure provided by the Act.
*
Digital signatures have been given legal validity and sanction in the Act.
*
The Act throws open the doors for the entry of corporate companies in the
business of being Certifying Authorities for issuing Digital Signatures
Certificates.
*
The Act now allows Government to issue notification on the web thus heralding
e-governance.
*
The Act enables the companies to file any form, application or any other
document with any office, authority, body or agency owned or controlled by the
appropriate Government in electronic form by means of such electronic form as
may be prescribed by the appropriate Government.
*
The IT Act also addresses the important issues of security, which are so
critical to the success of electronic transactions. The Act has given a legal
definition to the concept of secure digital signatures that would be required
to have been passed through a system of a security procedure, as stipulated by
the Government at a later date.
*
Under the IT Act, 2000, it shall now be possible for corporates to have a
statutory remedy in case if anyone breaks into their computer systems or
network and cause loss.
Internet
Crime
Internet crime is crime committed on the Internet, using the Internet and by means of the Internet.
Internet crime is crime committed on the Internet, using the Internet and by means of the Internet.
Computer
crime is a general term that embraces such crimes as phishing, credit card
frauds, bank robbery, illegal downloading, industrial espionage, child
pornography, kidnapping children via chat rooms, scams, cyber terrorism,
creation and/or distribution of viruses, Spam and so on. All such crimes are
computer related and facilitated crimes.
With
the evolution of the Internet, along came another revolution of crime where the
perpetrators commit acts of crime and wrongdoing on the World Wide Web.
Internet crime takes many faces and is committed in diverse fashions. The
number of users and their diversity in their makeup has exposed the Internet to
everyone. Some criminals in the Internet have grown up understanding this
superhighway of information, unlike the older generation of users. This is why
Internet crime has now become a growing problem in the United States. Some
crimes committed on the Internet have been exposed to the world and some remain
a mystery up until they are perpetrated against someone or some company.
The
different types of Internet crime vary in their design and how easily they are
able to be committed. Internet crimes can be separated into two different
categories. There are crimes that are only committed while being on the
Internet and are created exclusively because of the World Wide Web. The typical
crimes in criminal history are now being brought to a whole different level of
innovation and ingenuity. Such new crimes devoted to the Internet are email
“phishing”, hijacking domain names, virus immistion, and cyber vandalism. A
couple of these crimes are activities that have been exposed and introduced
into the world. People have been trying to solve virus problems by installing
virus protection software and other software that can protect their computers.
Other crimes such as email “phishing” are not as known to the public until an
individual receives one of these fraudulent emails. These emails are cover
faced by the illusion that the email is from your bank or another bank. When a
person reads the email he/she is informed of a problem with he/she personal
account or another individual wants to send the person some of their money and
deposit it directly into their account. The email asks for your personal
account information and when a person gives this information away, they are
financing the work of a criminal
Phishing
Main article: Phishing
Main article: Phishing
"Phishing"
is the act of attempting to fraudulently acquire sensitive information, such as
passwords and credit card details, by masquerading as a trustworthy person or
business with a real need for such information in a seemingly official
electronic notification or message (most often an email, or an instant
message). It is a form of social engineering attack.
The
term was coined in the mid 1990s by crackers attempting to steal AOL accounts.
An attacker would pose as an AOL staff member and send an instant message to a
potential victim. The message would ask the victim to reveal his or her
password, for instance to "verify your account" or to "confirm
billing information". Once the victim gave over the password, the attacker
could access the victim's account and use it for criminal purposes, such as
spamming.
Phishing
has been widely used by fraudsters using spam messages masquerading as large
banks (Citibank, Bank of America) or PayPal. These fraudsters can copy the code
and graphics from legitimate websites and use them on their own sites to create
a legitimate-looking scam web pages. They can also link to the graphics on the
legitimate sites to use on their own scam site. These pages are so well done
that most people cannot tell that they have navigated to a scam site.
Fraudsters will also put the text of a link to a legitimate site in an e-mail
but use the source code to links to own fake site. This can be revealed by
using the "view source" feature in the e-mail application to look at
the destination of the link or putting the cursor over the link and looking at
the code in the status bar of the browser. Although many people don't fall for
it, the small percentage of people that do fall for it, multiplied by the sheer
numbers of spam messages sent, presents the fraudster with a substantial
incentive to keep doing it.
Anti-phishing technologies are now
available.
Pharming
Pharming is the exploitation of a vulnerability in the DNS server software that allows a hacker to acquire the domain name for a site, and to redirect that website's traffic to another web site. DNS servers are the machines responsible for resolving internet names into their real addresses - the "signposts" of the internet.
Pharming is the exploitation of a vulnerability in the DNS server software that allows a hacker to acquire the domain name for a site, and to redirect that website's traffic to another web site. DNS servers are the machines responsible for resolving internet names into their real addresses - the "signposts" of the internet.
If the web site receiving the
traffic is a fake web site, such as a copy of a bank's website, it can be used
to "phish" or steal a computer user's passwords, PIN or account
number. Note that this is only possible when the original site was not SSL
protected, or when the user is ignoring warnings about invalid server
certificates.
For example, in January 2005, the
domain name for a large New York ISP, Panix, was hijacked to a site in
Australia. In 2004 a German teenager hijacked the eBay.de domain name.
Secure
e-mail provider Hushmail was also caught by this attack on 24th of April 2005
when the attacker rang up the domain registrar and gained enough information to
redirect users to a defaced webpage.
Anti-pharming technologies are now
available.
Subscribe to:
Posts (Atom)