MCA-104-UNIT-II Information Technology

What is Information Security:-

Information Security is not only about securing information from
unauthorized access. Information Security is basically the practice of
preventing unauthorized access, use, disclosure, disruption, modification,
inspection, recording or destruction of information. Information can be
physical or electronic one. Information can be anything like Your details or we
can say your profile on social media, your data in mobile phone, your
biometrics etc. Thus Information Security spans so many research areas like
Cryptography, Mobile Computing, Cyber Forensics, Online Social Media etc.
During First World War, Multi-tier Classification System was developed
keeping in mind sensitivity of information. With the beginning of Second
World War formal alignment of Classification System was done. Alan Turing
was the one who successfully decrypted Enigma Machine which was used by
Germans to encrypt warfare data.

Information Security programs are build around 3 objectives, commonly

known as CIA – Confidentiality, Integrity, Availability.

1. Confidentiality – means information is not disclosed to unauthorized

individuals, entities and process. For example if we say I have a password
for my Gmail account but someone saw while I was doing a login into
Gmail account. In that case my password has been compromised and
Confidentiality has been breached.
2. Integrity – means maintaining accuracy and completeness of data. This
means data cannot be edited in an unauthorized way. For example if an
employee leaves an organisation then in that case data for that employee
in all departments like accounts, should be updated to reflect status to
JOB LEFT so that data is complete and accurate and in addition to this
only authorized person should be allowed to edit employee data.
3. Availability – means information must be available when needed. For
example if one needs to access information of a particular employee to
check whether employee has outstanded the number of leaves, in that case

MCA-104-U-II Page 1
MCA-104-UNIT-II Information Technology

it requires collaboration from different organizational teams like network

operations, development operations, incident response and policy/change
management.
Denial of service attack is one of the factors that can hamper the
availability of information.

Malware is a term used to describe a computer program responsible for

causing a disturbance in your system's working and carrying out other illicit
activities. In this chapter, we would learn what the different types of malware
are and how they get infiltrated into the system.

Types of Malware

Based on the infiltrating nature, attack type, and damage levels, malware are
broadly classified into 12 types.

1. Viruses

The virus is the oldest Malware type and one of the most common. It is a
computer program that, after infiltrating the system, replicate itself by
modifying the codes of other programs. It also has the ability to reproduce in
large numbers. A virus needs a host program to write its code on that program
and replicate. Viruses are usually spread through a word file or executable file.

2. Worms

A worm is a malicious program that uses computer networks to spread itself. It

takes advantage of the security failures of a system to target it. Once it takes
control of a device, it will scan other systems connected to it and infect them.
Unlike viruses, worms do not need a host to grow. The worms are largely
spread through emails and message services.

MCA-104-U-II Page 2
MCA-104-UNIT-II Information Technology

3. Trojans

A Trojan is a malicious program that pretends to be legitimate and attracts

users to install it by misrepresenting itself as useful software for their system.
It is one of the most dangerous malware since it can remain unnoticed by the
user and work silently in the background. Once it gets entered into the system,
the attackers behind it can gain unauthorized access to your device and steal
your private information and data. The Trojan can also install other dangerous
malware like Ransom-ware. Trojans are mainly spread through utility software,
spam email attachments.

4. Spyware

Spyware is an ill-disposed, unwanted computer program that stealthily spies

activities on your system and reports everything to its creator. Some Spyware
can install malicious programs and change system settings. It is one of the
most common malware infections since it easily enters the system when users
click on an intriguing pop-up or through bundled software.

5. Ransomware

Ransomware is one of the most dangerous malware programs. It is mainly

because, unlike other common malicious programs, there is probably no cure
for Ransomware attacks. After infiltrating your system, Ransomware locks your
files and folders with a robust encrypting algorithm. The attacker behind it
then asks you for ransom in return for a decrypting tool or key. Mostly
Ransomware is spread through drive-by downloads or phishing.

6. Adware

An Adware is unwanted software designed to bombard irrelevant,

untrustworthy ads on your web browser or sometimes randomly on your
screen. It usually enters through malicious web extensions or rogue software.

MCA-104-U-II Page 3
MCA-104-UNIT-II Information Technology

7. Rootkit

A Rootkit is a type of malware that provides the root privilege to the attacker. A
root privilege means getting the administrative rights of the system. It acts as a
backdoor for other malware to enter the system. Since Rootkits resides deep
inside the kernel of the operating system, it is challenging to detect and remove
them. Many times, reinstalling the OS is the only option.

8. Keylogger

A keylogger is a dangerous malware that records all your keystrokes. It sends it

to the attacker, who can analyze the keys you press and dig out the sensitive
information such as login credentials, banking details, and literally anything
private that your enter using your keyboard.

9. Browser Hijacker

Browser Hijacker, also known as Browser Virus, is a malware type that can
take control of your browser and change its settings to promote an affiliated
page or a fake search engine. By hijacking the browser's settings, the browser
hijacker can also initiate the drive-by downloads and change settings like
default search engine, homepage, new tab redirection, and more. A Browser
Hijacker can also introduce other malware like Trojans, Adware, or Keyloggers
to the system. Browser Hijacker usually gets entry through a rogue web
extension or add-ons.

10. Botnet

A Botnet is a network of infected computers controlled remotely by a

cybercriminal. Each bot acts as a Zombie and infects other systems to join it in
the Botnet. Hackers can use a Botnet for carrying out various malicious
activities like DDoS attacks, cryptojacking, keylogging, and more.

MCA-104-U-II Page 4
MCA-104-UNIT-II Information Technology

CRYPTOGRAPHY:-

Privacy

The concept of how to achieve privacy has not been changed for thousands of
years: the message cannot be encrypted. The message must be rendered as
opaque to all the unauthorized parties. A good encryption/decryption
technique is used to achieve privacy to some extent. This technique ensures
that the eavesdropper cannot understand the contents of the message.

Encryption/Decryption

Encryption: Encryption means that the sender converts the original

information into another form and sends the unintelligible message over the
network.

Decryption: Decryption reverses the Encryption process in order to transform

the message back to the original form.

The data which is to be encrypted at the sender site is known as plaintext, and
the encrypted data is known as ciphertext. The data is decrypted at the receiver
site.

There are two types of Encryption/Decryption techniques:

o Privacy with secret key Encryption/Decryption

o Privacy with public key Encryption/Decryption

MCA-104-U-II Page 5
MCA-104-UNIT-II Information Technology

Secret Key Encryption/Decryption technique

o In Secret Key Encryption/Decryption technique, the same key is used by

both the parties, i.e., the sender and receiver.

o The sender uses the secret key and encryption algorithm to encrypt the
data; the receiver uses this key and decryption algorithm to decrypt the
data.

o In Secret Key Encryption/Decryption technique, the algorithm used for

encryption is the inverse of the algorithm used for decryption. It means
that if the encryption algorithm uses a combination of addition and
multiplication, then the decryption algorithm uses a combination of
subtraction and division.

o The secret key encryption algorithm is also known as symmetric

encryption algorithm because the same secret key is used in bidirectional
communication.

MCA-104-U-II Page 6
MCA-104-UNIT-II Information Technology

o In secret key encryption/decryption algorithm, the secret code is used by

the computer to encrypt the information before it is sent over the
network to another computer.

o The secret key requires that we should know which computers are
talking to each other so that we can install the key on each computer.

Data Encryption Standard (DES)

o The Data Encryption Standard (DES) was designed by IBM and adopted
by the U.S. government as the standard encryption method for
nonmilitary and non classified use.

o The Data Encryption Standard is a standard used for encryption, and it

is a form of Secret Key Cryptography.

Advantage

Efficient: The secret key algorithms are more efficient as it takes less time to
encrypt the message than to encrypt the message by using a public key
encryption algorithm. The reason for this is that the size of the key is small.
Due to this reason, Secret Key Algorithms are mainly used for encryption and
decryption.

Disadvantages of Secret Key Encryption

The Secret Key Encryption/Decryption has the following disadvantages:

o Each pair of users must have a secret key. If the number of people wants
to use this method in the world is N, then there are N(N-1)/2 secret keys.
For example, for one million people, then there are half billion secret
keys.

o The distribution of keys among different parties can be very difficult. This
problem can be resolved by combining the Secret Key

MCA-104-U-II Page 7
MCA-104-UNIT-II Information Technology

Encryption/Decryption with the Public Key Encryption/Decryption

algorithm.

Public Key Encryption/Decryption technique

o There are two keys in public key encryption: a private key and a public
key.

o The private key is given to the receiver while the public key is provided to
the public.

In the above figure, we see that A is sending the message to user B. 'A' uses the
public key to encrypt the data while 'B' uses the private key to decrypt the
data.

o In public key Encryption/Decryption, the public key used by the sender

is different from the private key used by the receiver.

o The public key is available to the public while the private key is kept by
each individual.

o The most commonly used public key algorithm is known as RSA.

MCA-104-U-II Page 8
MCA-104-UNIT-II Information Technology

Advantages of Public Key Encryption

o The main restriction of private key encryption is the sharing of a secret

key. A third party cannot use this key. In public key encryption, each
entity creates a pair of keys, and they keep the private one and distribute
the public key.

o The number of keys in public key encryption is reduced tremendously.

For example, for one million users to communicate, only two million keys
are required, not a half-billion keys as in the case of secret key
encryption.

Disadvantages of Public Key Encryption

o Speed: One of the major disadvantage of the public-key encryption is

that it is slower than secret-key encryption. In secret key encryption, a
single shared key is used to encrypt and decrypt the message which
speeds up the process while in public key encryption, different two keys
are used, both related to each other by a complex mathematical process.
Therefore, we can say that encryption and decryption take more time in
public key encryption.

o Authentication: A public key encryption does not have a built-in

authentication. Without authentication, the message can be interpreted
or intercepted without the user's knowledge.

o Inefficient: The main disadvantage of the public key is its complexity. If

we want the method to be effective, large numbers are needed. But in
public key encryption, converting the plaintext into ciphertext using long
keys takes a lot of time. Therefore, the public key encryption algorithms
are efficient for short messages not for long messages.

MCA-104-U-II Page 9
MCA-104-UNIT-II Information Technology

Digital Signature

The Digital Signature is a technique which is used to validate the authenticity

and integrity of the message. We know that there are four aspects of security:
privacy, authentication, integrity, and non-repudiation. We have already
discussed the first aspect of security and other three aspects can be achieved
by using a digital signature.

The basic idea behind the Digital Signature is to sign a document. When we
send a document electronically, we can also sign it. We can sign a document in
two ways: to sign a whole document and to sign a digest.

Signing the Whole Document

o In Digital Signature, a public key encryption technique is used to sign a

document. However, the roles of a public key and private key are
different here. The sender uses a private key to encrypt the message
while the receiver uses the public key of the sender to decrypt the
message.

o In Digital Signature, the private key is used for encryption while the
public key is used for decryption.

o Digital Signature cannot be achieved by using secret key encryption.

MCA-104-U-II Page 10
MCA-104-UNIT-II Information Technology

Digital Signature is used to achieve the following three aspects:

o Integrity: The Digital Signature preserves the integrity of a message

because, if any malicious attack intercepts a message and partially or
totally changes it, then the decrypted message would be impossible.

o Authentication: We can use the following reasoning to show how the

message is authenticated. If an intruder (user X) sends a message
pretending that it is coming from someone else (user A), user X uses her
own private key to encrypt the message. The message is decrypted by
using the public key of user A. Therefore this makes the message
unreadable. Encryption with X's private key and decryption with A's
public key results in garbage value.

o Non-Repudiation: Digital Signature also provides non-repudiation. If the

sender denies sending the message, then her private key corresponding
to her public key is tested on the plaintext. If the decrypted message is
the same as the original message, then we know that the sender has sent
the message.

At the Sender site:-

MCA-104-U-II Page 11
MCA-104-UNIT-II Information Technology

At the Receiver site:-

Types of Digital Signature

Different document processing platform supports different types of digital

signature. They are described below:

MCA-104-U-II Page 12
MCA-104-UNIT-II Information Technology

Certified Signatures

The certified digital signature documents display a unique blue ribbon across
the top of the document. The certified signature contains the name of the
document signer and the certificate issuer which indicate the authorship and
authenticity of the document.

Approval Signatures

The approval digital signatures on a document can be used in the

organization's business workflow. They help to optimize the organization's
approval procedure. The procedure involves capturing approvals made by us
and other individuals and embedding them within the PDF document. The
approval signatures to include details such as an image of our physical
signature, location, date, and official seal.

Visible Digital Signature

The visible digital signature allows a user to sign a single document digitally.
This signature appears on a document in the same way as signatures are
signed on a physical document.

Invisible Digital Signature

The invisible digital signatures carry a visual indication of a blue ribbon within
a document in the taskbar. We can use invisible digital signatures when we do
not have or do not want to display our signature but need to provide the
authenticity of the document, its integrity, and its origin.

What is a Firewall:-

A firewall can be defined as a special type of network security device or a

software program that monitors and filters incoming and outgoing network

MCA-104-U-II Page 13
MCA-104-UNIT-II Information Technology

traffic based on a defined set of security rules. It acts as a barrier between

internal private networks and external sources (such as the public Internet).

The primary purpose of a firewall is to allow non-threatening traffic and

prevent malicious or unwanted data traffic for protecting the computer from
viruses and attacks. A firewall is a cybersecurity tool that filters network traffic
and helps users block malicious software from accessing the Internet in
infected computers.

How does a firewall work

MCA-104-U-II Page 14
MCA-104-UNIT-II Information Technology

Functions of Firewall

Firewalls have become so powerful, and include a variety of functions and

capabilities with built-in features:

o Network Threat Prevention

o Application and Identity-Based Control

o Hybrid Cloud Support

o Scalable Performance

o Network Traffic Management and Control

o Access Validation

o Record and Report on Events

Limitations of Firewall

The importance of using firewalls as a security system is obvious; however,

firewalls have some limitations:

o Firewalls cannot stop users from accessing malicious websites, making it

vulnerable to internal threats or attacks.

o Firewalls cannot protect against the transfer of virus-infected files or

software.

o Firewalls cannot prevent misuse of passwords.

o Firewalls cannot protect if security rules are misconfigured.

o Firewalls cannot protect against non-technical security risks, such as

social engineering.

o Firewalls cannot stop or prevent attackers with modems from dialing in

to or out of the internal network.

o Firewalls cannot secure the system which is already infected.

MCA-104-U-II Page 15
MCA-104-UNIT-II Information Technology

Types of Firewall

Depending on their structure and functionality, there are different types of

firewalls. The following is a list of some common types of firewalls:

o Proxy Firewall

o Packet-filtering firewalls

o Stateful Multi-layer Inspection (SMLI) Firewall

o Unified threat management (UTM) firewall

o Next-generation firewall (NGFW)

o Network address translation (NAT) firewalls

What is mobile commerce?

Mobile commerce, also known as mCommerce for short, refers to the buying
and selling of goods and services among buyers and sellers via wireless devices,
such as tablets or mobiles. Thus, online shopping via a desktop computer will
not be counted as mobile commerce.

Types of mobile commerce

There are 3 types of mobile commerce, including:

 Mobile shopping

These are optimized eCommerce platforms that allow users to conveniently

shop on mobile devices without having to zoom in. In addition, shopping
applications and social media platforms, such as Facebook, Twitter, Pinterest,
and Instagram, also use mobile commerce technology for the same purpose.

MCA-104-U-II Page 16
MCA-104-UNIT-II Information Technology

 Mobile banking

Now, transferring and receiving money over the internet has never been easier
and more compact. Most banks have developed this service for mobile phones.

 Mobile payment

The cashless needs of users have been met with diverse mobile payment
options.

4 Main mobile commerce technologies

(a)SMS

SMS, or text messaging, is familiar to everyone. It is the oldest mobile

commerce technology, supporting two-way interactive messaging. It is so easy
to use that anyone can access it no matter what type of mobile device they are
using.

With this mobile commerce technology, users will receive one-way push
notifications, such as news, alerts, offers, and other data. In addition, two-way
interactive messaging is also supported, allowing users to message call centers
to look up personal information, such as bank accounts.

MCA-104-U-II Page 17
MCA-104-UNIT-II Information Technology

(b)USSD

USSD is a mobile commerce technology that is only popular in a few markets

like parts of Africa, Europe, Central America, Southeast Asia, and India.
Similar to SMS, users appreciate USSD’s ubiquitous availability and ease of
use. It is accessible from almost any phone. However, what USSD does better
than SMS is that it is encrypted so that it can incorporate secure password or
mobile PIN protection. Thus, the messages that users send will not be stored
on their mobile devices.

(C)WAP/Mobile Web

It is suitable for users who do not use smartphones but still want to use mobile
web access services. Compared to the original WAP standards, WAP 2.0 is a
step further, providing them much closer to a desktop and laptop Web
experience. It is a variation of HTML, which most smartphones are supporting
for their users to use. However, WAP does not have access to the features of
users’ mobile phones like every app does.

(d)STK

STK stands for SIM Toolkit, which is used by appearing in the menus of mobile
devices as a permanent application through being stored on the Subscriber
Identity Module (SIM) card. This mobile commerce technology uses the SIM to
receive requests from the application, then sends the information to give
commands to the mobile device. What makes STK so highly regarded also
includes its security capabilities in the form of identity verification and
encryption, making it ideal for financial or mobile commerce deployments.

Digital Marketing

In simple terms, digital marketing is the promotion of products or

brands via one or more forms of electronic media. Digital marketing

MCA-104-U-II Page 18
MCA-104-UNIT-II Information Technology

is often referred to as online marketing, internet

marketing or web marketing.

Digital marketing has been around for quite some time but it
hasn’t been very well defined. We tend to think that digital
marketing encompasses banner advertising, search engine
optimization (SEO) and pay per click. Yet, this is too narrow a
definition, because digital marketing also includes e-mail,
RSS(Really Simple Syndication), voice broadcast, fax broadcast,
blogging, podcasting, video streams, wireless text messaging, and
instant messaging. Yes! digital marketing has a very wide scope.

Digital-Marketing-Statistics

MCA-104-U-II Page 19
 MCA-104-UNIT-II Information Technology

The primary reason for digital marketing to click is because it is very cost
effective. Earlier it used to cost a lot of money to promote the product using
traditional mediums. Today with digital marketing, a brand can reach more
people with less than a quarter of budget utilized for traditional mediums.
In 2016, Social media marketing topped the digital marketing list, followed
by email marketing and search engine marketing. We will look at how each
and individual medium works in our subsequent posts.

1. Website
2. Social Media Marketing
3. Emailer Marketing
4. Search Engine Optimization (SEO)
5. Search Advertising
6. Mobile Marketing
7. Video Marketing
(1) Website:-
A website is essentially a gateway for the brand to its visitors. Today,
because of the internet it is very easy for users to search for any
brand/product/service they are interested in just a click. A website also
marks as an initial introduction for the brand to its visitor. E.g.: I may not
know any particular information about a brand. Instead of asking many
people around I can simply visit the brands’ website and check that
particular information. Having a website makes 70% of digital marketing
easy and effective. For brands, having a website presence is a must as it an
easier way to share a company’s vision, mission, goals, objectives etc.
Website architecture basically contains of 5 – 7 pages. A generic structure
usually has Home, About, Product/services, gallery/portfolio and contact
page. Websites also acts as a huge content sharing platform. Marketers,
entrepreneur’s, top website development companies and search

MCA-104-U-II Page 20
MCA-104-UNIT-II Information Technology

optimization companies use blog as a medium to promote their product or

services.
(2)Social Media Marketing :-
The most commonly used tool on the digital platform is without any second
thoughts is Social Media marketing. Today in India, almost all the brands
have an active presence on at least one of the social media platforms viz a
viz: Facebook, Twitter, YouTube, Instagram, Snapchat, LinkedIn, Google +
or even WhatsApp to name a few. In a survey conducted by Octane
Research, it was found that the best performing digital marketing tool
was social media updates. It accounted for 40% of the total marketing tools.
The reason marketers should choose Social Media and Social media
marketing services in their digital marketing plan is that it helps increase
Brand awareness, driving engagement, increase traffic on landing
pages/websites, generates leads, develops fan following, improves search
results, which leads in increasing sales results. Social updates also help in
increasing business partnership/alliances.
(3)Email Marketing:-
In totality, each and every email sent or received is a part of email
marketing. Emails are usually sent to promote business/service, request
business, send advertisements, and request to participate. In India, email
marketing comprises 56% of the digital marketing activities carried out by
the marketers. Best email marketing companies know that email
marketing is a very great tool to acquire new customers and retain the old
ones. Best email marketing services also provides marketers a platform to
experiment with content, visuals, creatives and multimedia assets that to at
very lower costs compared to print or television. It also benefits marketers to
calculate effective ROI even for a single email sent.

MCA-104-U-II Page 21
MCA-104-UNIT-II Information Technology

(3)Search Engine Optimization:-

SEO stands for Search Engine Optimization. SEO is the process, through
which brands can increase their websites visibility, visitors and creating
awareness on the search engines. The results are achieved are commonly
referred as completely organic/unpaid. In layman’s term, SEO means
analyzing users behavior on search engines and leveraging that to the
benefits of the brands. SEO targets components when interacting with the
search engines, for e.g.: image search, video search, and content search et
al. SEO also target industry specific keywords in search engines, exact
specific keywords and search engines preferred by the consumers.
(4)Search Advertising:-
Search advertising as the term suggests is a method of putting up online
advertising using search engine channels like Google, Yahoo, and Bing.
Through search advertising, brands can choose to advertise on the search
portals or other content publishing websites in the search engines network.
Search advertising mainly works with ‘Keywords’. Search engine portals
keep a tab on the most popular and exact keywords users search on the
portal.
(5) Mobile Marketing:-
Mobile marketing is the most recent form of marketing through mobile. With
ample of mobile data available and user dependability on their mobile
phones, it has opened multiple channels for brands to connect with its
target users. Mobile marketing is an extended form of the above-mentioned
tools. It takes place over the mobile phone with additional modes of
marketing.

(6)Video Advertising:-

Video advertising in the digital scenario is an online advertisement with

video in its format. It comes in multiple formats like pre-roll, mid-roll, post-

MCA-104-U-II Page 22
MCA-104-UNIT-II Information Technology

roll. These ads are smartly placed in between videos on YouTube, Facebook
and many video sharing sites. Video advertisements are used to increase
audience engagement with high impact videos. Digital videos are generally
more than 2-3 minutes long as opposed to a television commercial which is
approximately a 30 seconder.

****UNIT-II FINISH****

MCA-104-U-II Page 23