If you are looking for MSE-029 IGNOU Solved Assignment solution for the subject Cyber Attack: use of Technology in Cyberspace, you have come to the right place. MSE-029 solution on this page applies to 2022-23 session students studying in MSCIS courses of IGNOU.
MSE-029 Solved Assignment Solution by Gyaniversity
Assignment Code: MSE-029/TMA/2022
Course Code: MSE-029
Assignment Name: Cyber Attack: Use of Technology in Cyberspace
Verification Status: Verified by Professor
Attempt any five questions out of seven questions. Each question carries 20 marks.
Q1) What is the classification and types of networks? Explain in detail with examples.
Ans) A network is a group of connected devices, such as computers, servers, and other electronic devices, which can communicate and share resources with one another. Networks can be classified based on their size, geographic scope, and the technologies used to connect devices. There are several types of networks, including:
Local Area Network (LAN): A LAN is a network that is confined to a small area, such as an office or building. A LAN typically uses Ethernet or Wi-Fi technologies to connect devices and is often used to share resources such as printers and files. Examples of LANs include a school computer lab, a corporate office network, or a home Wi-Fi network.
Wide Area Network (WAN): A WAN is a network that spans a large geographic area, such as a city, country, or even the world. A WAN can be used to connect multiple LANs or other networks together, and typically uses technologies such as leased lines, satellite links, or the internet. Examples of WANs include the internet, a corporate intranet, or a global private network used by a multinational corporation.
Metropolitan Area Network (MAN): A MAN is a network that covers a metropolitan area, such as a city or town. A MAN is typically used to connect LANs together or to provide high-speed internet access to a large group of users. Examples of MANs include a city-wide Wi-Fi network, a fiber-optic network connecting multiple buildings in a city center, or a cable TV network providing internet access to a suburb.
Personal Area Network (PAN): A PAN is a network that is used for connecting personal devices together, such as smartphones, laptops, and wearable devices. A PAN typically uses Bluetooth or other wireless technologies and is often used to transfer data or media between devices. Examples of PANs include a smartphone connected to a wearable fitness tracker, a laptop connected to a wireless printer, or a tablet connected to a Bluetooth speaker.
Virtual Private Network (VPN): A VPN is a type of network that is used to provide secure and private access to a larger network, such as the internet. A VPN uses encryption and other security technologies to protect data and communication between devices, and is often used by businesses and individuals to protect their privacy and security online. Examples of VPNs include a remote worker connecting to their company's network over the internet, or a user accessing a geo-restricted website through a VPN server located in another country.
In conclusion, networks can be classified into various types based on their size, geographic scope, and the technologies used to connect devices. Understanding the different types of networks can help individuals and businesses choose the appropriate network for their needs, as well as provide insight into the capabilities and limitations of each network type.
Q2) What are types of Security attacks? Explain different vulnerabilities with examples.
Ans) There are many different types of security attacks that can compromise the security of computer systems, networks, and data. Here are some of the most common types of security attacks:
Malware: Malware is a type of software that is designed to harm or exploit a computer system. Examples of malware include viruses, worms, and Trojan horses. Malware can be used to steal data, damage files, or take control of a system.
Phishing: Phishing is a type of social engineering attack that uses fraudulent emails, websites, or other means to trick users into giving away sensitive information, such as passwords, credit card numbers, or other personal data.
Denial of Service (DoS) and Distributed Denial of Service (DDoS): A DoS attack is an attempt to overwhelm a computer system or network with traffic, rendering it unusable. DDoS attacks are similar, but they use multiple computers or devices to carry out the attack, making it much more difficult to defend against.
Man-in-the-Middle (MitM): A MitM attack is an attack where an attacker intercepts communication between two parties, such as a user and a website, to steal data or carry out other malicious activities.
Password Attacks: Password attacks are a type of attack that is designed to crack or guess a user's password. This can be done through brute-force attacks, dictionary attacks, or other methods.
Injection Attacks: Injection attacks are a type of attack that takes advantage of vulnerabilities in web applications, allowing attackers to insert malicious code or commands into the application.
Cross-Site Scripting (XSS): XSS attacks are a type of attack that targets web applications, allowing attackers to inject malicious code into a website or web application, which can be used to steal data or carry out other malicious activities.
There are many different vulnerabilities that can be exploited by attackers to carry out these types of security attacks. Here are some common vulnerabilities and their examples:
Operating System Vulnerabilities: An outdated operating system or unpatched system can leave a system vulnerable to attacks, such as the WannaCry ransomware attack that exploited a vulnerability in older versions of the Windows operating system.
Unsecured Network Connections: An unsecured network connection can allow attackers to eavesdrop on communication and steal sensitive information. For example, an attacker could intercept traffic on an unsecured Wi-Fi network.
Weak Passwords: Weak or easily guessable passwords can be easily cracked or guessed by attackers, allowing them to gain access to sensitive data or systems. For example, the LinkedIn data breach was the result of a password attack that exploited weak and easily guessable passwords.
Phishing: Users who fall for phishing scams can unwittingly give away sensitive information to attackers. For example, a phishing email might look like it came from a legitimate bank, but instead, it is a fraudulent email designed to trick the user into giving away their login credentials.
Social Engineering: Social engineering attacks rely on the manipulation of human behavior to trick users into giving away sensitive information. For example, an attacker might call a user and pretend to be a customer service representative, asking the user to verify their account information.
In conclusion, there are many different types of security attacks, and they can exploit a wide range of vulnerabilities in computer systems, networks, and data. Understanding these vulnerabilities can help individuals and businesses take steps to protect their systems and data from these types of attacks.
Q3) Explain triad’s components of Cybersecurity in detail.
Ans) The "triad" is a widely accepted framework for understanding the key components of cybersecurity. It is made up of three essential components: confidentiality, integrity, and availability.
Confidentiality refers to the protection of sensitive or confidential information from unauthorized access or disclosure. This is a critical component of cybersecurity, as unauthorized access to sensitive information can result in significant harm, such as identity theft, financial loss, or damage to an organization's reputation. Confidentiality is often achieved using access controls, encryption, and other security measures that limit access to sensitive information only to authorized individuals.
Access controls limit who can access information and what they can do with it. For example, access controls might require a user to enter a username and password to access a system or require two-factor authentication to gain access to sensitive information. Encryption is a method of encoding information so that it can only be read by authorized parties. Encryption can protect information in transit or at rest, such as data stored on a hard drive.
Integrity refers to the protection of information from unauthorized modification or destruction. This includes ensuring that information is accurate, complete, and consistent, and that it has not been tampered with or altered in any way. Ensuring the integrity of information is critical, as it ensures that information is trustworthy and can be relied upon.
Integrity is often achieved using cryptographic mechanisms, such as digital signatures or checksums, that allow the recipient to verify that the information has not been altered. Digital signatures are used to ensure the authenticity of electronic documents, such as contracts or legal agreements. A checksum is a value that is calculated from a data set, and if the data set is changed in any way, the checksum value will also change. This allows the recipient to verify that the data set has not been altered.
Availability refers to the ability of a system or network to function properly and provide access to information and services when needed. This includes ensuring that systems and networks are accessible and reliable, and that they are not subject to disruptions or denial-of-service attacks. Ensuring availability is critical, as downtime or disruptions can have significant consequences, such as lost revenue, reputational damage, or the inability to provide critical services.
Availability is often achieved using redundancy, backup systems, and other measures that ensure that critical systems and data are always available. Redundancy involves duplicating critical systems or components to ensure that there is always a backup in the event of a failure. Backup systems involve creating copies of critical data or systems, which can be used to restore services in the event of a disruption.
In conclusion, the triad components of cybersecurity are essential for protecting against a wide range of threats and attacks. By understanding these key components of cybersecurity, organizations can develop effective security strategies that protect their systems and data from unauthorized access, modification, or destruction. The components of confidentiality, integrity, and availability are interdependent and must be addressed together to ensure a comprehensive and effective cybersecurity program. Organizations must ensure that their systems and data are protected by implementing appropriate security controls and regularly monitoring and updating them to ensure that they remain effective against new and emerging threats.
Q4) List out the Cybercrimes groups and describe the primary categories of Cybercrime with examples.
Ans) There are many ways to categorize cybercrimes, but one common way is to group them by the type of crime or the target of the crime. Here are some examples of the primary categories of cybercrime:
Hacking: Hacking involves gaining unauthorized access to a computer system or network. This can include stealing sensitive information, modifying data, or disrupting services. Examples of hacking include a hacker breaking into a company's database to steal customer information, or a group of Hackers Launching a Distributed Denial-Of-Service Attack To Take Down A Website.
Malware: Malware is software that is designed to harm computer systems or networks. This can include viruses, worms, Trojan horses, and other types of malicious software. Malware can be used to steal information, disrupt services, or take control of a system. Examples of malware include a virus that deletes important files on a computer, or a Trojan horse that installs a backdoor on a system to allow a hacker to access it remotely.
Phishing: Phishing is a type of social engineering attack that involves tricking people into providing sensitive information, such as login credentials or credit card numbers. This is often done by sending fraudulent emails or creating fake websites that mimic legitimate ones. Examples of phishing include an email that appears to be from a bank, asking the recipient to provide their login credentials, or a website that looks like a social media site, asking users to enter their personal information.
Identity Theft: Identity theft involves stealing someone's personal information, such as their name, address, social security number, or credit card information. This information can be used to open credit accounts, make purchases, or commit other crimes. Examples of identity theft include a hacker stealing a person's credit card information and using it to make fraudulent purchases, or a thief stealing a person's identity to open new credit accounts.
Cyberstalking: Cyberstalking involves using the internet or other digital communications to harass, intimidate, or threaten someone. This can include sending unwanted messages, posting personal information online, or using social media to track someone's activities. Examples of cyberstalking include a person sending threatening messages to their ex-partner via social media, or a group of people posting personal information about someone online to embarrass or intimidate them.
Cyberbullying: Cyberbullying involves using the internet or other digital communications to bully, harass, or intimidate someone. This can include sending threatening messages, spreading rumors or gossip, or posting humiliating photos or videos. Examples of cyberbullying include a group of students creating a fake social media account to bully a classmate, or a person posting derogatory comments on someone's blog or social media page.
These are just a few examples of the primary categories of cybercrime. As technology continues to evolve, new types of cybercrimes are emerging, and it is important for individuals and organizations to be aware of these threats and take steps to protect themselves from them.
Q5) What do you mean by Penetration testing? Describe Pen Testing Process and Penetration testing methods.
Ans) Penetration testing, commonly referred to as pen testing, is a cybersecurity testing technique used to identify vulnerabilities and weaknesses in an organization's computer systems, networks, and applications. The aim of pen testing is to simulate a real-world cyberattack and identify vulnerabilities that could be exploited by attackers to gain unauthorized access to sensitive information, disrupt business operations, or cause damage to the organization. The pen testing process can be divided into several stages, including:
Planning: In this stage, the pen tester defines the scope and objectives of the testing engagement and determines the tools and techniques that will be used.
Information Gathering: This stage involves collecting information about the target systems, such as IP addresses, software versions, and other relevant data. This information is used to identify potential vulnerabilities and weaknesses in the target system.
Vulnerability Scanning: In this stage, the pen tester uses automated tools to scan the target systems for known vulnerabilities and weaknesses. This stage helps identify the vulnerabilities that could be exploited by attackers to gain unauthorized access to the target system.
Exploitation: In this stage, the pen tester attempts to exploit the identified vulnerabilities and weaknesses to gain unauthorized access to the target system. This stage involves using various techniques, such as password cracking, social engineering, or exploiting vulnerabilities.
Post-Exploitation: Once the pen tester has gained access to the target system, they will attempt to escalate their privileges, maintain that access, and gather additional information or perform further attacks.
Reporting: Finally, the pen tester will document their findings and provide a detailed report to the organization. This report will highlight the vulnerabilities and weaknesses that were identified and provide recommendations for improving the security posture of the organization.
There are various methods that can be used in a pen testing engagement, including:
Network Penetration Testing: This method involves testing the security of the organization's network infrastructure, such as firewalls, routers, and switches.
Web Application Penetration Testing: This method involves testing the security of the organization's web applications, such as websites and online portals.
Wireless Network Penetration Testing: This method involves testing the security of the organization's wireless network, such as Wi-Fi.
Social Engineering: This method involves attempting to trick employees or users into giving away sensitive information or access to systems.
Physical Penetration Testing: This method involves attempting to physically break into the organization's facilities, such as offices or data centers.
Overall, pen testing is a critical component of an organization's cybersecurity strategy. It helps identify vulnerabilities and weaknesses in the organization's systems, which can be addressed before they are exploited by attackers. By proactively identifying and addressing these vulnerabilities, organizations can improve their security posture, reduce the risk of a cyberattack, and protect their sensitive information and critical assets.
100% Verified solved assignments from ₹ 40 written in our own words so that you get the best marks!
Don't have time to write your assignment neatly? Get it written by experts and get free home delivery
Get Guidebooks and Help books to pass your exams easily. Get home delivery or download instantly!
Download IGNOU's official study material combined into a single PDF file absolutely free!
Download latest Assignment Question Papers for free in PDF format at the click of a button!
Download Previous year Question Papers for reference and Exam Preparation for free!