Internet Threats & Cyber Security

Q1.  Whilst Modern technology allows us to carry out many day-do-day tasks online and the Internet is a fantastic place for communication and information, there are many network security threats you may need to encounter along the way.

a)  Identify six  Security threats  you may encounter while using Internet.

1. Brute force attacks.
2. Data interception.
3. Distributed Denial of Service (DDoS) attacks.
4. Hacking.
5. Malware (Viruses, Worms, Trojan horse, Spyware, Adware and Ransomware).
6. Phishing.
7. Pharming.
8. Social engineering.

b)  Give five  security measures  that can help to protect a computer system from online security threats.

⇒  Install an Anti-virus software in your system and keep it updated.

⇒  Enable Firewall protection and enhance your browser's Privacy Settings.

⇒  Make use of Proxy Server.

⇒  Make use of Strong Complex Password [by mixing characters (small and caps), numbers and symbols].

⇒  Be cautious with emails links and attachments.

Q2. a)  Describe what is meant by  Brute force attack. 

⇒  Brute force attack is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys.

⇒  The attacker systematically submits and checks all possible combinations of letters, numbers and other symbols which he could guess until the correct one is found.

⇒  It can be done manually or automatically by software.

b)  Describe two ways to mitigate the risk of Brute force attack.

1. Use strong complex password by mixing numbers, symbols, uppercase and lowercase characters as longer as possible.
2. Limit the login attempts, block their IP address, once they exceed the number of attempts.
3. Use Two-factor authentication that requires to key-in a OTP sent to your mobile number or email.

Q3. a)  Describe what is meant by  Data interception. 

⇒  Data interception refers to the process of stealing confidential data by tapping into a wired or wireless communication links.

⇒  In wired network, data interception can be done by using a Packet sniffer (software), which examines data packets being sent over a network, gathers information and sent back to the hacker to obtain the confidential data.

⇒  In wireless network (WiFi), data interception can be done by using Wardriving (also called Access Point Mapping). A laptop or smartphone with antenna and GPS device, together with software is used to intercept Wi-Fi signal to obtain the confidential data.

b)  Describe two ways to prevent data interception and theft.

1. Encrypt confidential data to make it incomprehensible to the hacker even if it is intercepted.
2. To safeguard data against Wardriving, use Wired Equivalency Privacy (WEP) encryption protocol, together with a Firewall.
3. Use strong complex password to protect the use of wireless router.

Q4. a)  Describe what is meant by  Wardriving. 

✬  Wardriving is an act of gaining unauthorized access to a Wireless (WiFi) network using laptop or smartphone.

✬  It requires Wardriving Software and Hardware like, laptop, a wireless network card and an antenna to pick up the wireless signals.

b)  Give two  harmful effects of Wardriving. 

1. It is possible to hack into wireless network and steal people’s confidential details.
2. It is possible to steal a user’s internet data usage and time to download large files like movies.

c)  Give two  ways to prevent Wardriving. 

1. Use Firewall to prevent outside user from gaining access to the wireless network.
2. Protect wireless device with strong complex password.
3. Use Wired Equivalent Privacy (WEP) encryption protocol.

Q5. a)  Describe what is meant by  Denial Of Service attack (DoS). 

✬  DoS is an attempt to make computer resource unavailable to its intended user by sending a large number of requests all at a time to the network or web-server.

✬  In DoS attack, the spam traffic originates from individual computers.

✬  Network or web servers can only handle a finite number of requests, so it is unable or struggles to respond to all the requests.

✬  The server fails or produces times out as a result.

✬  Such attack can prevent a user from accessing their emails, websites, interrupt business operations and make an organization unavailable to its customer.

b)  Describe  what signs would indicate to users that they had become victims of denial of service attacks. 

⇒  Slowdown of network performance (opening files or accessing certain websites).

⇒  Inability to access certain websites.

⇒  Large amount of spam email reaching the user's email account.

c)  Describe ways to  mitigate the risk  of  DoS attack. 

1. Setting up a Firewall to filter and restrict the incoming traffic from malicious bots.
2. Use Proxy server either to filter and block traffic from malicious bots, or to cache frequently visited web pages for faster retrieval upon request.
3. Use an up-to-date malware checker or Anti-virus software.
4. Applying email filters to filter out unwanted traffic (for example, spam).

d)  Describe how  spam message  could be used for  DoS attack  over any user’s email account?

⇒  ISPs or Email providers only allows a limited number of emails for each user.

⇒  If the attacker sends out very large number of spam emails to the user’s account, it will quickly attain the limit to get blocked up and the user will not be able to receive legitimate emails.

Q6. a)  Describe what is meant by  Distributed Denial Of Service attack (DDoS). 

✬  DDoS attack is carried out by multiple compromised systems used as bots, under the control of the attacker.

✬  They flood a server with lots of requests all at the same time.

✬  A Server can only handle a finite number of requests, so it struggles or fails to respond and produces time out as a result.

✬  The aim of DDoS attack is to disrupt the normal functioning of a system, by denying access to the legitimate users.

✬  The spam traffic originates from many different computers, so it is hard to block the attack.

b)  State two  aims of carrying out  a  DDoS attack. 

1. To make online resource unavailable to its intended user.
2. To disrupt critical infrastructure or destabilize government organization as part of their cyber warfare campaign.
3. To gain competitive advantage by targeting the websites or online services of competitors.
4. Security researchers or ethical hackers conduct DDoS attack to evaluate the resilience and effectiveness of a system’s defenses.

c)  Describe ways to  mitigate the risk  of  DDoS attack. 

1. Setting up a Firewall to filter and restrict the incoming traffic from malicious bots.
2. Use Proxy server to filter and block traffic from malicious bots, and to cache frequently visited web pages for faster retrieval upon request.
3. Use an up-to-date malware checker or Anti-virus software.
4. Use Intrusion Detection and Preventing System (IDPS) that can detect and mitigate DDoS attacks.
5. Applying email filters to filter out unwanted traffic (for example, spam).

Q7. a)  Describe what is meant by  Hacking. 

✬  Hacking is the act of gaining illegal or unauthorized access to a computer system with the intension of viewing, modifying or stealing data without causing damage to the system.

✬  This is done through cracking of passwords and security codes which gives access to the system.

b)  Give two ways to  prevent Hacking. 

1. Use Firewall protection to block unauthorized access to the system.
2. Use Two-step Authentication security system. (i.e. Username and Password, a two distinct forms of identification.)
3. Use Strong Complex Password such as random characters (small and caps), numbers and symbols and change password frequently.
4. Use Anti-hacking and Intrusion-detection software to fight against hacking.
5. Use Bio-metrics such as fingerprints, retina scan and voice recognition.

c)  Hackers can be classified into different categories based on their intent of hacking a system. Describe the following three types of Hackers.

(i)   White Hat Hackers :

• White Hat hackers are also known as Ethical Hackers. They never intent to harm a system, rather they try to find out weaknesses in a computer or a network system as a part of penetration testing and vulnerability assessments.
• Ethical hacking is not illegal and it is one of the demanding jobs available in the IT industry.

(ii)  Black Hat Hackers :

• Black Hat hackers are also known as Crackers. They are those who hack in order to gain unauthorized access to a system and harm its operations or steal sensitive information.
• Black Hat hacking is always illegal because of its bad intension which includes stealing data, violating privacy, damaging the system, blocking network communication, etc.

(iii) Grey Hat Hackers :

• Grey hat hackers are a combination of both black hat and white hat hackers.
• They act for fun without harmful intent, they exploit a security weakness in a computer system or network without the owner’s permission or knowledge.
• Their intent is to bring the weakness to the attention of the owners and get appreciation or a some money from the owners.

Q8. a)  Describe what is meant by  Cracking. 

✬  Cracking is the act of breaking into a computer or network system, modifying the software to remove or disable its security features, like password or license of computer programs.

✬  Cracking is done with the intension to use the copyrighted software illegally or to hack a computer or network to steal confidential data.

✬  A Cracking and a Hacking are considered synonyms to each other, as they both involving breaking into locked systems.

b)  Give three ways to  prevent Software Piracy (cracking software to use illegally). 

1. Legal Protection : Make sure the software is protected legally by copyright law and a user agreement to warn the consumers that making unauthorized copies is against the law.
2. Product Key : Provide a unique product-key, which is a combination of letters and numbers used to differentiate copies of the software. A product key ensures that only one user can use the software per purchase.
3. Tamper proofing : Design the software with built-in protocols to shut down and stop working if the source code is modified.

Q9. a)  Describe what is meant by  Malware. 

✬  Malware is short for malicious software.

✬  Malware is the name given to any software that could harm a computer system, interfere with a user's data, or make the computer perform actions without the owner's knowledge or permission.

b)  Describe the following  types of malware. 

(i)   Viruses

• Computer Viruses are self-replicating and self-executing programs written specifically to change the way a computer works.
• It could delete files, modify or corrupt data and programs by inserting its own code into an active host program on target computer to perform malicious actions.
• Viruses are often sent as email attachments, reside on infected website or an infected software downloaded to the user's computer.

(ii)  Worms

• Worm is a standalone malware that replicates itself in order to spread to other computers and corrupt whole network.
• Unlike viruses, they don't need an active host program to get executed and cause any damage.
• It does not corrupt data or manipulate files, instead it simply replicates itself to fillup the memory and slow down or halt other tasks.
• Worms often arrives as email attachments, and only one user opening a worm-infected email could end up infecting the whole network.

(iii) Trojan horse

• Trojan horse is a program that disguise itself as legitimate software, but includes some malicious instructions to carry out some harm to the user's computer.
• Trojan horse could also bind itself to a non-executable files, such as text, image, audio and video files.
• When destructive program is executed or file is opened, it act like any computer virus, deleting and corrupting other files.
• Unlike viruses, Trojan horses do not replicate themselves.
• Spyware and ransomware are often installed on a user's computer via. Trojan horse that gives cyber criminals access to the user's personal confidential data.

(iv)  Spyware

• Spyware is a software that records user's activities, collects confidential personal details from the computer.
• And then send it to the spyware's author without user's knowledge.
• Keylogger is often the part of spyware which records every keystroke the user's makes on his computer keyboard and send it to its author.

(v)   Adware

• Adware is a type of malware that hides on your computer and automatically generates online advertisements through pop-up windows of certain product or web-sites.
• Adware is primarily not dangerous or harmful. But very inconvenient because it can change the browser's home page, bringing unwanted advertising on the screen.
• Some adware comes with integrated spyware that monitors your behavior online so it can target you with specific Ads.

(vi)  Ransomware

• Ransomware is a malware that blocks you from accessing your own data.
• It encrypts data on the computer and "hold the data hostage" with a key which is unknown to the user.
• It displays a messages demanding a fee to be paid in-order to access your blocked data and your system to work again.
• Once the amount is paid, the victim can retrieve the blocked data and resume using his/her system.
• It can be installed on a user's computer by way of Torjan horse or through social engineering.

c)  Give three  security measures that can help to protect from any kind of Malware. 

1. Install an Anti-virus software in your system and keep it updated.
2. Do not use disks or software from unknown source.
3. Install and use only reputed software from trusted sources.
4. Be cautious, don't click on suspicious links or download attachments from unknown sources.

Q10. a)  Describe what is meant by  Phishing. 

✬  Phishing is done by sending legitimate looking Emails with Hyperlinks to gain their trust.

✬  The recipient is then tricked into clicking a malicious link, which re-directs the user to the fake web-sites to give up their personal confidential details.

Another term connected to phishing is Spear phishing; this is where the cybercriminal targets specific individuals or companies to gain access to sensitive financial information - regular phishing is not specific regarding who the victims are.

b)  Give three  ways to prevent Phishing  attack.

1. Keep informed about Phishing Techniques.
2. Don’t click on any link inside unknown emails.
3. Don’t answer to spam. (Spam is any kind of unwanted, junk emails that get sent out in bulk).
4. Use anti-phishing toolbars on browsers which will alert the user to malicious websites contained in an email.
5. Be very wary of pop-ups and use the browser to block them. Don't click on "Cancel" since this can ultimately lead to phishing or pharming sites, the best option is to select small (X) in the top right-hand corner of the pop-up window.

Q11. a)  Describe what is meant by  Pharming. 

✬  Pharming is a practice of installing malicious software on user’s computer or server.

✬  The malware re-directs the user to the fake web-sites to give up their personal confidential details.

✬  The malicious code manipulates the DNS server software which converts the domain names into IP addresses.

b)  Give three  ways to prevent Pharming  attack.

1. Install and use Anti-virus software and keep it up to date.
2. Be alert and look for clues of redirecting to unknown website.
3. Don’t download or open any unknown email attachments.
4. Use a VPN service that has reputable DNS servers.

Q12.  Give  one Similarity  and  two Differences  between  Phishing  and  Pharming. 

Similarities :

• Both are designed to steal personal data.
• Both are scamming practice to draw money using user's confidential details.

Difference-1 :

• Phishing is a practice of sending legitimate looking emails.
  Pharming installs a malicious code in user's computer.

Difference-2 :

• Phishing requires user to follow a link, whereas
  Pharming uses malicious code to redirect the user to fake websites to give up their confidential details.

Q13.  Social engineering is an effective method used by cybercriminals to introduce malware.

a)  Describe what is meant by  Social engineering attack. 

✬  Social engineering is a cyber-attack that relies on human interaction, psychological manipulation, to trick people into installing malware in their system by compromising with their security features.

✬  It is done by exploiting human emotions, invoke fear, urgency, curiosity, empathy and trust in the victim, leading to promptly reveal sensitive information, click a malicious link, or open a malicious file.

✬  The most common form of social engineering attack are phishing, ransomware, scareware (Trojan horse), baiting, etc.

Fear of immediate danger to their computer, curious to win fake lucky prize, a car, etc., making people to believe that all genuine sounding companies can be trusted.

b)  Describe how the following form of social engineering attacks are used to introduce malware.

1)	Instant messaging	:	Malicious links are embedded into instant message; for example, an important software update. It relies on user's curiosity.
2)	Scareware	:	A message pops-up which claims that the user's computer is infected with a virus, and they need to download the fake anti-virus immediately. It relies on user's fear.
3)	Phishing	:	A legitimate looking email with embedded links is sent. When the user opens the link, the browser redirects to a fake website to give up their confidential details. It relies on user's curiosity.
4)	Baiting	:	The cybercriminal leaves a malware-infected memory stick somewhere where it can be found; the finder picks up the memory stick and plugs it into their computer (just to see who it belongs to) and unwittingly downloads malicious malware. It relies on user's curiosity.
5)	Phone calls	:	Cybercriminal calls the user on their mobile pretending to be an IT-professional, claiming their device has been compromised in some way, the user is advised to download some special software that allows hacker to take over the user's device giving them access to personal information. It relies on fear.

c)  Describe how the following human emotions are exploited to introduce malware.

✬   Fear : 

⇒  The user is panicked into believing their computer is in immediate danger and isn't given time to logically decide if the danger is genuine or not.

✬   Curiosity : 

⇒  The user can be tricked into believing they have won a lucky-draw/car or they find an infected memory stick lying around; their curiosity gets the better to give their confidential details willingly to win the lucky-draw/car or they are curious to know who the memory stick belongs to by plugging it into the computer.

✬   Empathy and trust : 

⇒  A real belief that all genuine sounding companies can be trusted, therefore emails or phone calls coming from such companies must be safe.

d)  Describe the steps taken by a cyber criminal when targeting their victim through social engineering.

1. The perpetrator / attacker's first move is to gain the victim's trust by posing themselves as an executive, such as CEO.
2. Create fear of immediate danger to the system and asks victim to take urgent action without giving time to logically decide if the danger is genuine or not.
3. Or create curiosity, tricking the victim to believe they have won a lucky prize or encouraging a victim to open their infected email or links by falsely offering new information.

e)  Why do cyber criminals use social engineering attacks?

✬  It is often easier to exploit people than it is to find a network or software vulnerability.

✬  There is no hacking involved, since the user is willingly allowing the cyber criminal to have access to their computer.

Q14.  Describe  Access levels  security to keep data safe.

✬  Access level is the hierarchy of levels of privileges or rights provided to the user account of each member of the system or network to access vital data.

✬  It provides control over the type of data an user can and cannot access.

✬  It determines who has the right to access, read, write and delete data.

Q15.  An airport uses a computer system to control security, flight bookings, passenger lists, administration and customer services.

a)  Describe how it is possible to ensure the safety of the data on the system so that senior staff can see all the data, while customers can only access flight times (arrivals and departures) and duty-free offers.

⇒  Use Access level security, which provides different level of privileges or rights for each user account of the system or network to access vital data.

⇒  It determines the type of data an user can access, and who has the right to read, write and delete data.

⇒  Senior staff should be given higher level of access to view all data, while customers should have access level privilege to only view the flight times and duty-free offers.

b)  Describe how the airport can guard against malware attacks from outside and also from customers using the airport services.

1. Install an all-in-one Anti-malware software in and keep it updated.
2. Install and use only reputed licensed software.
3. Restrict customers from using off-line storage devices.
4. Be cautious, don't click on suspicious links or download attachments from unknown sources.

Q16. a)  Describe how  Anti-virus software  helps to protect from computer virus. 

1. Anti-virus software scans the computer for virus.
2. It checks for the virus against the list of known virus whose details are stored in its database.
3. It removes or quarantines any virus that are found based on user's choice.
4. Checks data for virus and alert the user before it is downloaded.

b)  Describe two  other different ways to protect computer from virus. 

✬  Do not use disks or software from unknown source.

✬  Install and use only reputed software from trusted sources.

✬  Never "double click" on email attachments which are executable, i.e. file name with extension like *.exe, *.com or *.vbs.

Q17. a)  Describe how  Anti-spyware software  detects and removes spyware program installed illegally on a user's computer. 

⇒  Anti-spyware software scans the computer to detect the spyware programs based on either "rules" or "file structure" associated with files on the computer.

⇒  Rule based anti-spyware analyses the codes of all of your programs and files, and compare it with the rules of known spyware stored in its database to identify the spyware.

⇒  Anti-spyware also scans the computer for certain file structures associated with the spyware to search and identify the spyware.

⇒  If found then it either removes the spyware or blocks the spyware from accessing confidential data stored in the computer.

b)  Give three  general features of anti-spyware. 

1. Detects and removes the spyware already installed on a device.
2. Prevent a user from downloading spyware.
3. It encrypts the files to make the data more secure in case it is 'spied' on.
4. It encrypts the keyboard strokes to help remove the risk posed by the keylogging aspects of some spyware.
5. It warns the user if the user's personal information has been stolen.

Q18. a)  Describe  Firewall  used to protect computer system from security issues.

⇒  A firewall can be either software or hardware.

⇒  It sits between the user's computer and an external network and filters the incoming and outgoing traffic to the computer.

⇒  It allows the user to set criteria or rules to access to the computer or external network resources.

b)  Why do we need to use firewall ?

✬  To protect your computer from cyber threats like - hacking, malware, phishing and pharming by shielding it from malicious or unnecessary network traffic.

c)  Give four of the tasks carried out by a firewall.

1. To examine the traffic between user's computer and a public network (for example, the internet).
2. To check whether incoming or outgoing data meets the set of criteria.
3. If the data fails the criteria, the firewall will block the traffic and warns the user about the security issue.
4. It can keep a log of all incoming and outgoing traffics to the computer, for later investigation by the user.

Q19. a)  Describe  Proxy server  and state its purpose.

⇒  A proxy server is located between the client (user) and the web-server where it acts as an intermediary (security guard) between a Web browser and a Web server.

⇒  It filters the internet traffic against set criteria to allow or block access to a website.

⇒  Keeps user's identity (IP address) secret; access internet via the proxy identity.

⇒  It protects direct attack on web-server by hackers.

⇒  It improve web performance by storing a copy of frequently used web-pages in its cache.

⇒  Proxy servers can also act as firewalls.

b)  How  proxy server help to prevent hacking and DoS attack on webserver. 

✬  It prevents direct access to web server by sitting between the user and the webserver.

✬  If an attack is launched, it hits the proxy server instead; blocks invalid traffic to webserver.

c)  How  proxy server helps to improve web performance. 

✬  When the website is first visited, the home page is stored on the proxy server cache.

✬  And when the user next visits the website, it is served from proxy server cache instead of webserver, giving much faster access.

Q20.   Proxy-server  and  Firewalls  have some similar functions.

Identify the  similarities  and  differences  between proxy-servers and firewalls.

✬   Similarities : 

⇒  Both checks incoming and outgoing traffics.

⇒  Both helps to block access to incoming traffics.

⇒  Both helps to block unauthorised access to the network.

⇒  Both keeps a log of all traffics for later investigation.

⇒  Both allows to set criteria to approve (whitelist) or deny (blacklist) a list of certain network requests.

✬   Differences : 

⇒  Proxy server can hide user's IP-address, Firewall can't hide.

⇒  Proxy server diverts away attack from a website or server, Firewall blocks unauthorised access.

⇒  Proxy server protects a server/network, Firewall protects network/individual computer.

⇒  Proxy server block traffics from a websites, Firewall blocks the ports of incoming traffics.

SSL (Secure Socket Layer) Security

Q21. a)  Describe  SSL (Secure Socket Layer)  used for online transactions, securely over Internet.

⇒  Secure Socket Layer (SSL) is a security protocol used for establishing encrypted link between a web-server and web-browser.

⇒  It uses asymmetric encryption to encrypt data.

⇒  It uses 'https' protocol that ensures the exchange of data to remain confidential.

⇒  It activates a small pad-lock to be displayed at the top-left of the address bar of the browser.

⇒  It uses digital SSL Certificates, which is sent by the web-server to the web-browser when it is requested to validate the authenticity of webserver.

b)  State what is meant by  SSL Certificate. 

⇒  SSL Certificate is a small data file that digitally binds the web-site's public key to it's organizational detail that identifies the owner of the web-site or company.

⇒  It is send by the web-server to the web-browser to allow encrypted secure connection between web-server and web-browser.

⇒  An SSL certificate is used to validate the authenticity of the web-server. It is like an ID card that proves someone who claims to be.

c)  Give three  examples  of  where SSL would be used. 

1. Online banking and all online financial transactions.
2. Online shopping / ecommerce.
3. When sending software out to a restricted list of users.
4. Sending and receiving emails.
5. Using cloud storage facilities.
6. Voice over Internet Protocols (VoIP) when carrying out video chatting or audio chatting over the internet.
7. Used in instant messaging.
8. When making use of social networking site.

Q22.  Describe  what happens between web browser and web server  when a user wishes  to access a website which uses SSL certification. 

1. The web-browser attempts to connect to a website which is secured by SSL.
2. The web-browser requests the web-server to identify itself.
3. The web-server sends a copy of its SSL Certificate to the web-browser.
4. The web-browser checks whether the SSL certificate is trustworthy or not.
5. If it is trustworthy then the web-browser sends a positive message to the web-server.
6. The web-server will then send back some form of acknowledgement to allow the SSL encrypted session to begin.
7. The encrypted data is then shared securely between the web-browser and the web-server.

Protect System from cyber threats

Q23.  State the  Privacy settings of web browser  that could help to  protect against cyber threats. 

1. Enable "Do not track" in your browser - it stops websites collecting and using browsing data which leads to improved security.
2. Clear your web browser cache and cookies - it clears browsing history, stored data (like payment details) from cache and unwanted cookies, thereby reducing the risk of data interception.
3. Switch OFF Pop-ups - its stops browser windows to push annoying adverts which could contains malicious links and inappropriate contents.
4. Turn ON private browsing - protects your private information and blocks websites from tracking your search and browsing data.
5. Use a VPN (Virtual Proxy Network) - it encrypts data before sending to the VPN server which decrypts the requests before sending them to the online destination.

Q24. a)  State the  benefits  to a user of allowing  Automatic updates  to software on, for example, a smartphone.

1. Security patches are installed automatically keeping your system secure against malware.
2. You get all the new features as soon as they are released.
3. Improves the software performance by fixing the bugs of previous updates.
4. Eliminates the hassles of downloading and installing updates manually.

b)  State two  drawbacks  of allowing  Automatic updates. 

1. You might get into a situation where you don't know when the update is downloading or installing and this might interfere with the work you are doing on your computer.
2. A broken driver or software might get installed, this may stop your computer or hardware from working.

c)  What would you do if Auto-update fails or disrupted (breaks) ?

✬  Use System recovery tool that allows you to reverse the changes made to your system or software.

✬  It allows to reverse the clock time to an earlier date before the updates were made.

✬  System Restore is turned ON by default.

Authentication & Authorization (Biometrics)

Q25. a)  Describe what is meant by  Authentication. 

⇒  Authentication refers to the ability of user to prove who they are.

⇒  It is a process of verifying that the data is coming from a trusted source or person.

⇒  It is a process of verifying that whether the data is true, genuine or valid without any change or alteration.

b)  What are the  three types or common factors  used in authentication.

1. Something you know - like a password or personal identification number (PIN).
2. Something you have - like magnetic ID-card, credit/debit card or mobile phone.
3. Something which is unique to you - like biometics such as fingerprints, retina or voice.

c)  Describe three  ways of authentication. 

1. Password authentication : to conform the identity of the person and authorize him to use the system by comparing the password entered against its stored hash value.
2. Two factor authentication : it uses two separate authentication process (like password and OTP) one after another to identify and authorize the person to use the system.
3. Smart card authentication - it uses an electronic card to store user's public key credentials and a personal identification number (PIN) as the secret key to authenticate the user of the smartcard.
4. Biometric authentication - it scans the unique characteristic human body (like fingerprint, retina, voice and face) and compare it with stored data to identify and authorize the person to use the system.

Q26. a)  Authentication and authorization are two strong pillars of data cybersecurity that protect data from potential cyberattacks.

Give difference between  Authentication  and  Authorization. 

Authentication	Authorization
Confirms the identity of a person, device or system.	Granting access to the system.
The process of verifying that the data is coming from a trusted source or person.	The process of verifying whether you are allowed to access the system or not.
The process of verifying that whether the data is true, genuine or valid without any change.	It determines what user can and cannot access.

b)  Which comes first Authentication or Authorization ?

Authentication is the first step of authorization. Authorization is done after successful authentication.

c)  Describe the use of  User-ID  and  Password  to authenticate and authorize a person to access the system.

⇒  User-ID and Password are un-spaced sequence of characters used to determine the person's identity and his rights to use the system.

⇒  The system authenticate the user by comparing the user-id and password input against its stored hash values.

⇒  User-ID is used to identify the person requesting to access a system is really that particular person.

⇒  Password is used to authenticate and authorize the person and grant access to the system.

Q27.  What is meant by  Two-factor Authentication  or  Two-step Verification  ?

✬  Two-step verification is a process that involves two different authentication methods performed one after the other, to verify who you are.

✬  The first method rely on user providing user-id with password and the second method commonly includes providing OTP code (One Time Password) sent to your mobile phone, or providing unique user credentials through Smartcard or providing unique human characteristic through biometrics authentication.

✬  An additional extra layer of security is used to make it harder for hackers to gain access to a person's devices or online accounts in case your password is stolen.

Q28.  Describe  Biometric Authentication. 

✬  Biometric authentication is a security system that relies on the unique biological characteristics of individuals to verify the identity of a person.

✬  It scans unique features of human body like, finger print, patterns of blood vessels in retina, wave patterns of voice, or facial feature using appropriate biometric device.

✬  And then compares it with the stored biometric data to authenticate a person.

Q29. a)  Describe how  Fingerprint  is used in biometric authentication.

⇒  An Optical Fingerprint scanner takes the photo of the finger.

⇒  The image of the fingerprint is sent to the software that identifies the print patterns of ridges and valleys, and converts it into digital format.

⇒  A Capacitive Fingerprint scanner (in Smart phone or Tablets) measures the electrical signals sent from the finger and converts the ridges that directly touches the surface and valleys between two ridges into digital format.

⇒  The digital print patterns is then compared with the stored biometric data, which are fairly unique.

⇒  If it matches then the person is authenticated to allow to access the data or system.

b)  Give two  benefits of fingerprint scanning. 

1. Fingerprints are unique and difficult to replicate, therefore this technique can improve security.
2. Fingerprints can't be misplaced; a person always has them.
3. Other security devices like magnetic card can be lost or even stolen.

c)  Give two  drawbacks of fingerprint scanning. 

1. If a person's fingers are damaged through injury, then it can affect the scanning accuracy.
2. Fingerprints scanning is relatively expensive to install and setup.
3. Some people may regard any biometric device as an infringement of civil liberties.

Q30. a)  Describe how  Retina scan  is used in biometric authentication.

⇒  Retina scanner uses Infra-red light to illuminate the blood vessels of the retina and takes its image.

⇒  The image of the retina is sent to the software that identifies the patterns of blood vessels, and converts it into digital format.

⇒  The digital print patterns is then compared with the stored biometric data, which are fairly unique.

⇒  If it matches then the person is authenticated to allow to access the data or system.

b)  Give two  benefits of Retina scan. 

1. Retina scan are highly accurate.
2. There is no known way to replicate a person's retina, so it improves the security.
3. Other security devices like magnetic card can be lost or even stolen.

c)  Give two  drawbacks of Regina scan. 

1. It is relatively slow to verify retina scan with stored data.
2. Retina scan is relatively expensive to install and setup.
3. Some people may regard any biometric device as an infringement of civil liberties.

Q31.  In the biometric application example, retina scans were used to control entry to a secure research building.

Describe how the system might change if  Face recognition  was used instead of retina scanners. The system is triggered automatically if a motion sensor detects the presence of a person.

⇒  Face recognition uses Digital camera to take photo of the person and send it to the Face Recognition software.

⇒  The face recognition software compares its facial key features like width of the nose, distance between the eyes, shape of the cheek bones etc.

⇒  If it matches, then the person is identified and the motion sensor is activated.

⇒  Motion sensor captures the movement of the person and send it to the microprocessor..

⇒  ADC is used to convert sensor's analogue signal to digital.

⇒  Microprocessor compares the input signal with the stored values.

⇒  If the input values are beyond the stored limit, then microprocessor sends signal to the actuator to open the door.

⇒  DAC is used to convert digital signal to analogue for the actuator.

Q32.  The diagram shows the use of voice control in a car. A microphone picks up the voice of the driver and carries out their commands. For added security, the system only responds to people authorised to drive the car.

Explain how the microphone and microprocessor are used to control the following functions using verbal input from the driver :

• operation of the satellite navigation system
• media (radio, streaming and telephone)
• security (windows and door control).

⇒  Microphone picks up the verbal command and send it to the microprocessor.

⇒  ADC is used to convert the analogue signal to digital.

⇒  Microprocessor compares the input voice with the stored wave patterns using voice recognition software to authenticate and authorise the person to drive the car.

⇒  If the person is authorised, then microprocessor compares the input verbal command with the stored commands in database using speech recognition software.

⇒  If the command matches and seeks the direction to a destination, then microprocessor transmits the signal to the satellite and the route is planned in real time by the Satellite Navigation software, and produces output over the screen or speaker.

⇒  If the command is to play music or make a call on telephone, then the microprocessor sends signal to the concerned multimedia system to respond to the driver's request.

⇒  If the command is to close/open the door or window, then the microprocessor sends signal to the Actuator through DAC to close or open the door or window.

⇒  If the verbal command does not match with stored data, then an error message is produced on screen or speaker.

Q33.  Describe five  ways to check the authenticity of  emails and website links  to identify the potential threats . Include examples where ever possible in your answer.

1. Check the spelling mistakes in URL : domain name should spell correctly, scammer could use deceptive words that look similar to legitimate domain name, like - wallrnart.com instead of wallmart.com ('m' is replaced with 'rn'). This is known as typo squatting.
2. Check the email header for email-id after the '@' symbol : which should match the company's name, like, xyz@amazon.com. No legitimate company will use public domain email address such as xyz@gmail.com.
3. Check whether embedded links redirect to unexpected websites : hover your cursor over the link to display the URL and make sure that destination address matches with the webpage written in the email.
4. Check out the spellings in the email message : professional and genuine organisations will not send out emails which contain spelling or major grammatical errors.
5. Carefully check the tone used in the email message : check if the language used seems fishy, pushy, or urgent and is rushing you into doing something emotionally in shock, panic, or curiosity.

Q34. a)  Describe three things you should look out for when deciding whether or not an email is a potential phishing scam.

1. Check the email header for email-id after the '@' symbol : which should match the company's name, like, xyz@amazon.com. No legitimate company will use public domain email address such as xyz@gmail.com.
2. Check out the spellings in the email message : professional and genuine organisations will not send out emails which contain spelling or major grammatical errors.
3. Carefully check the tone used in the email message : check if it is rushing you into doing something emotionally in shock, panic, or curiosity, then it could be a phishing email or worse.

b)  Identify at least three potential problems with this email from a company called Watson, Williams and Co :

1. Domain name 'customer_nr_012305555' after '@' symbol does not match with company's name in 'From' address of email header.
2. Email-Id don't have domain extension, like - '.com', which is associated with domain name.
3. Grammatical errors in the message, such as : 'We not able to...'.
4. Rushing tone is used in the email - 're-submit account details immediatly...'

An email like this should be regarded as phishing; by clicking on the 'Customer accounts link' button, you will divulge your confidential bank account details and other key information since you will be sent to a fake 'Watson, Williams and Co' website.