Unit3 - Subjective Questions
CSE121 • Practice Questions with Detailed Answers
Define Cybersecurity and explain its importance in the modern digital era.
Definition:
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information, extorting money from users, or interrupting normal business processes.
Importance in the Digital Era:
- Data Protection: With the exponential growth of data, protecting sensitive information (PII, PHI, intellectual property) is critical.
- Economic Stability: Cyberattacks can cause massive financial losses to businesses and global economies.
- National Security: Critical infrastructure (power grids, hospitals, defense systems) relies on digital systems.
- Trust: Maintaining customer trust is essential for digital businesses; a breach can destroy reputation.
- Regulatory Compliance: Laws like GDPR and HIPAA mandate strict data security measures.
Elaborate on the CIA Triad. How does it form the foundation of information security?
The CIA Triad is a model designed to guide policies for information security within an organization.
- Confidentiality:
- Ensures that sensitive information is accessed only by an authorized person.
- Measures: Encryption, Access Control Lists (ACLs), Two-Factor Authentication.
- Integrity:
- Ensures that data is trustworthy and accurate. It maintains that data has not been tampered with during transit or storage.
- Measures: Hashing (e.g., SHA-256), Checksums, Version Control.
- Availability:
- Ensures that data and systems are available to authorized users when needed.
- Measures: Redundancy (RAID), Backups, Disaster Recovery Plans, protecting against DoS attacks.
Foundation: It provides a balanced approach to security. Overemphasizing one (e.g., making a system so secure/confidential that no one can access it) hurts another (Availability).
Distinguish between Insider Threats and External Threats in the context of the Cyber Threat Landscape.
| Feature | Insider Threats | External Threats |
|---|---|---|
| Origin | Originate from within the organization (employees, contractors). | Originate from outside the organization (hackers, state actors). |
| Access | Have authorized access to systems, making detection harder. | Must bypass perimeter defenses to gain access. |
| Knowledge | Often have knowledge of network structure and vulnerabilities. | Must perform reconnaissance to find vulnerabilities. |
| Intent | Malicious (sabotage, theft) or Accidental (negligence, human error). | Usually malicious (financial gain, espionage, disruption). |
| Example | An employee leaking trade secrets or clicking a phishing link. | A hacker performing a DDoS attack or SQL injection. |
What is Malware? Describe three common types of malware.
Malware (Malicious Software) is any software intentionally designed to cause damage to a computer, server, client, or computer network.
Common Types:
- Virus: A program that attaches itself to legitimate code or documents and spreads from host to host. It requires human action (like opening a file) to propagate.
- Worm: A standalone malware that replicates itself to spread to other computers. unlike a virus, it does not need to attach to an existing program or require human intervention.
- Trojan Horse: Malware disguised as legitimate software. Users are tricked into loading and executing it on their systems. Once activated, it can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.
Explain the concept of Phishing and Social Engineering attacks with examples.
Social Engineering:
This is the psychological manipulation of people into performing actions or divulging confidential information. It relies on human error rather than technical vulnerabilities.
Phishing:
Phishing is a specific type of social engineering where attackers send fraudulent communications (usually email) that appear to come from a reputable source.
- Goal: To steal sensitive data like credit card numbers and login information or to install malware.
- Example: You receive an email appearing to be from your bank stating, "Your account has been compromised. Click here to reset your password." The link leads to a fake website that harvests your credentials.
- Spear Phishing: A highly targeted phishing attempt customized for a specific individual or organization.
Discuss Password Attacks and Brute-force Attacks. How can they be mitigated?
Password Attacks:
Methods used by hackers to crack user passwords.
Brute-force Attack:
- Mechanism: An attacker submits many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords until the correct one is found.
- Mathematical Context: If a password has length and the character set size is , the search space is . A brute force tries every combination.
Dictionary Attack:
- Uses a pre-arranged list of likely passwords (dictionary words, common combinations like "123456").
Mitigation:
- Account Lockout: Lock account after failed attempts.
- Complexity: Enforce long passwords with mixed characters.
- MFA: Use Multi-Factor Authentication.
- Throttling: Slow down the response time for failed login attempts.
What is a Denial of Service (DoS) attack? How does it differ from a DDoS attack?
Denial of Service (DoS):
An attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.
Distributed Denial of Service (DDoS):
- Difference: In a DoS attack, the malicious traffic comes from a single source. In a DDoS attack, the traffic comes from many different sources (often thousands of compromised devices known as a botnet).
- Impact: DDoS attacks are much harder to block because blocking a single IP address won't stop the traffic flow, as it comes from a distributed network of devices globally.
Explain the concept of a Zero-day Attack.
Zero-day Attack:
A zero-day attack takes place when hackers exploit a flaw (vulnerability) in software or hardware before the developers have had a chance to create a patch to fix it.
- "Zero-day": The term refers to the fact that the vendor or developer has zero days to fix the flaw because they just learned about it (or haven't learned about it yet), while the attack is already happening.
- Lifecycle:
- Vulnerability Introduction: Code is released with a bug.
- Exploit Released: Hackers discover the bug and create code to exploit it.
- Attack: Hackers use the exploit against targets.
- Discovery/Patch: The vendor finds out and releases a fix.
- Risk: These are highly dangerous because standard antivirus signatures may not detect them immediately.
Analyze a recent cyber incident case study (e.g., WannaCry Ransomware) and discuss its impact.
Case Study: WannaCry Ransomware (2017)
- The Incident: WannaCry was a global ransomware attack that targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in Bitcoin.
- Mechanism: It utilized the EternalBlue exploit (a vulnerability in the SMB protocol) to spread automatically across networks without user interaction (making it a worm-like ransomware).
- Impact:
- Scale: Affected over 200,000 computers across 150 countries.
- Healthcare: The UK's National Health Service (NHS) was severely hit, leading to cancelled surgeries and diverted ambulances.
- Economic: Estimated global financial loss was around $4 billion.
- Lesson Learned: Highlights the critical importance of keeping operating systems patched and up-to-date.
List and explain best practices for Secure Web Browsing.
To ensure safety while browsing the internet:
- HTTPS: Always ensure the website uses HTTPS (Hypertext Transfer Protocol Secure). Look for the padlock icon in the address bar. This ensures traffic between the browser and server is encrypted via SSL/TLS.
- Update Browsers: Keep web browsers and plugins updated to patch security vulnerabilities.
- Avoid Suspicious Links: Do not click on pop-up ads or unsolicited links.
- Privacy Settings: Configure browser privacy settings to block third-party cookies and trackers.
- Public Wi-Fi: Avoid performing sensitive transactions (banking) on public Wi-Fi unless using a VPN (Virtual Private Network).
- Password Management: Do not let browsers save passwords for sensitive sites; use a dedicated password manager.
How can one ensure Social Media and Email Security?
Email Security:
- Sender Verification: Check the actual email address, not just the display name.
- Attachments: Never open attachments from unknown sources (potential malware vectors).
- Spam Filters: Utilize email spam filtering tools.
- Encryption: Use encrypted email services or PGP (Pretty Good Privacy) for sensitive comms.
Social Media Security:
- Privacy Settings: Restrict who can see your posts and personal details (DOB, location).
- Oversharing: Avoid posting information that is used in security questions (e.g., mother's maiden name, first pet).
- 2FA: Enable Two-Factor Authentication on all social accounts.
- App Permissions: Review which third-party apps have access to your social media data.
What are Digital Footprints? Differentiate between active and passive digital footprints.
Digital Footprint:
The trail of data you create while using the Internet. It includes the websites you visit, emails you send, and information you submit to online services.
- Active Digital Footprints:
- Data that you intentionally submit online.
- Examples: Posting on Facebook, sending an email, filling out an online form, uploading a video to YouTube.
- Passive Digital Footprints:
- Data collected about you without your direct intent or sometimes knowledge.
- Examples: Websites tracking your IP address, cookies analyzing your browsing history, search engines logging your search queries, location data from mobile apps.
Describe the role of Nmap and Wireshark in cybersecurity.
Nmap (Network Mapper):
- Function: An open-source tool for network discovery and security auditing.
- Use: It sends specially crafted packets to the target host and analyzes the response.
- Key Features: It detects live hosts on a network, open ports, operating system (OS detection), and running services/versions.
Wireshark:
- Function: A network protocol analyzer (Packet Sniffer).
- Use: It captures data packets moving through a network interface in real-time.
- Key Features: It allows security professionals to inspect the content of traffic (microscopic level) to detect malicious activity, troubleshoot network performance, or analyze how protocols work. It can filter traffic by IP, protocol, or port.
How are AI-based threat detection systems changing the landscape of cybersecurity?
Artificial Intelligence (AI) and Machine Learning (ML) are enhancing cybersecurity by automating threat detection.
- Pattern Recognition: Traditional security relies on signatures (knowing what a virus looks like). AI can recognize behavior patterns.
- Anomaly Detection: AI establishes a baseline of "normal" network behavior. If a user suddenly downloads gigabytes of data at 3 AM, AI flags it as an anomaly.
- Speed: AI can analyze massive volumes of log data faster than human analysts, allowing for real-time response to attacks.
- Zero-Day Detection: Because AI looks for unusual behavior rather than specific code signatures, it is better at detecting zero-day attacks that have never been seen before.
Explain the concept of Cybersecurity Compliance.
Cybersecurity Compliance involves adhering to standards, regulations, and laws set by governments or industry bodies to protect data and privacy.
- Purpose: To ensure organizations meet a minimum standard of security to protect user data and avoid legal penalties.
- Examples:
- GDPR (General Data Protection Regulation): EU law for data privacy.
- HIPAA: US law for protecting medical information.
- PCI-DSS: Standard for handling credit card information.
- Process: Involves regular audits, risk assessments, and reporting to ensure that security policies align with legal requirements.
List various Job Roles in the cybersecurity domain and the required Skill Sets.
Job Roles:
- Security Analyst: Monitors networks for security breaches.
- Penetration Tester (Ethical Hacker): Simulates attacks to find vulnerabilities.
- Security Architect: Designs secure network infrastructures.
- CISO (Chief Information Security Officer): Executive responsible for an organization's information security.
- Forensic Analyst: Investigates cybercrimes to recover evidence.
Required Skill Sets:
- Technical: Knowledge of Operating Systems (Linux/Windows), Networking (TCP/IP), Coding (Python/Scripting), and tools like Nmap/Metasploit.
- Analytical: Problem-solving and ability to interpret logs.
- Soft Skills: Communication (explaining risks to management), ethics, and continuous learning.
Explain the mechanics of a Malware-based attack involving Ransomware.
Ransomware is a specific type of malware-based attack designed to block access to a computer system until a sum of money is paid.
Mechanics:
- Infection: The user downloads a malicious attachment (phishing) or visits a compromised site (drive-by download).
- Execution: The malware runs on the system and establishes communication with the attacker's Command and Control (C2) server.
- Encryption: The malware searches for specific file types (documents, images, databases) and encrypts them using strong cryptographic algorithms (e.g., AES + RSA). .
- Extortion: A ransom note is displayed on the screen, demanding payment (usually in cryptocurrency) for the decryption key.
- Deadline: A timer is often used to create urgency, threatening to delete the key if payment is not made.
Why is Personal Data Protection crucial, and what steps can individuals take to protect their data?
Importance:
Personal data (PII) allows criminals to commit identity theft, financial fraud, and stalking. In the aggregate, it allows corporations to profile and manipulate user behavior.
Steps for Protection:
- Data Minimization: Only share necessary information.
- Read Privacy Policies: Understand how data is used before signing up.
- Encryption: Use encrypted storage and communication tools.
- Regular Audits: Check bank statements and credit reports for unauthorized activity.
- Device Security: Use passcodes, biometrics, and remote wipe features on mobile devices.
Compare Phishing, Vishing, and Smishing.
All three are forms of social engineering attacks, but they use different communication channels.
- Phishing:
- Medium: Email.
- Method: Sending fraudulent emails that look like they come from legitimate sources (banks, Google, etc.).
- Vishing (Voice Phishing):
- Medium: Telephone/VoIP.
- Method: Attackers call victims pretending to be tech support or IRS agents to steal personal info or money.
- Smishing (SMS Phishing):
- Medium: SMS / Text Messages.
- Method: Sending text messages with malicious links (e.g., "Your package delivery failed, click here to reschedule").
What is the Man-in-the-Middle (MitM) attack? (Note: While not explicitly in the short list, it is a fundamental 'Common Cyber Attack' concept related to secure browsing).
Man-in-the-Middle (MitM) Attack:
An attack where the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other.
- Scenario: User A connects to a bank website. Attacker B intercepts the traffic.
- User A Attacker B Bank.
- Execution: Often happens on unsecured public Wi-Fi. The attacker can capture login credentials, modify transaction details, or spy on conversation.
- Prevention: Use of VPNs and ensuring HTTPS is active, which encrypts the data pipe, making intercepted data unreadable to the attacker.