A survey of Indian Cyber crime and law and its pre- vention approach

More documents

Recommendations

Info

International Journal of Advanced Computer Technology (IJACT)ISSN:2319-7900obtaining property or services from any cyberspace unjustlythrough deception or trickery.Theft of confidential or proprietary dataCases involving theft of confidential or proprietary information,in which current or former customer or contractors intentionallyexceeded or misused an authorized level ofaccess to confidential or proprietary information from theany cyberspace [11].Theft/modification of information forfinancial gainTheft of information for business advantageBesides these attacks there may be some other thwarts possiblethat are not convenient to the above scenarios. Somepredictions can be made for those: Reading executive emails for entertainment. Providing organizational (cyberspace) informationto lawyers in lawsuit against organization (ideological). Transmitting organization‟s IP to hacker groups. Unauthorized access to information to locate a personas accessory to murder. Though there may bemore different issues but these are found in the casestudies by CERT Program-software engineeringteam of Carnegie Mellon University. The previoustwo types of thwart may not be mutually exclusivefor a certain case.Prevention of Cyber CrimePrevention [8] is always better than cure. It is always betterto take certain precaution while operating the net. The 5Pmantra for online security: Precaution, Prevention, Protection,Preservation and Perseverance. One should keep inmind the following things-1. To prevent cyber stalking avoid disclosing any informationpertaining to oneself. This is as good as disclosing youridentity to strangers in public place.2. Always avoid sending any photograph online particularlyto strangers and chat friends as there have been incidents ofmisuse of the photographs.3. Always use latest and update antivirus software to guardagainst virus attacks.4. Always keep back up volumes so that one may not sufferdata loss in case of virus contamination5. Never send your credit card number to any site that is notsecured, to guard against frauds.6. Always keep a watch on the sites that your children areaccessing to prevent any kind of harassment or depravationin children.7. it is better to use a security programmed that gives controlover the cookies and send information back to the site asleaving the cookies unguarded might prove fatal.8. Web site owners should watch traffic and check any irregularityon the site. Putting host-based intrusion detectiondevices on servers may do this.9. Use of firewalls may be beneficial.10. Web servers running public sites must be physically separateprotected from internal corporate network. Adjudicationof a Cyber Crime - On the directions of the BombayHigh Court the Central Government has by a notificationdated 25.03.03 has decided that the Secretary to the InformationTechnology Department in each state by designationwould be appointed as the AO for each state.Security measuresA state of computer "security" is the conceptual ideal, attainedby the use of the three processes:1. Prevention,2. Detection, and3. Response.* User account access controls and cryptography can protectsystems files and data, respectively.INTERNATIONAL JOURNAL OF ADVANCED COMPUTER TECHNOLOGY | VOLUME 1, NUMBER 2, 51
International Journal of Advanced Computer Technology (IJACT)ISSN:2319-7900* Firewalls are by far the most common prevention systemsfrom a network security perspective as they can (if properlyconfigured) shield access to internal network services, andblock certain kinds of attacks through packet filtering.* Intrusion Detection Systems (IDS's) [9] are designed todetect network attacks in progress and assist in post-attackforensics, while audit trails and logs serve a similar functionfor individual systems.* "Response" is necessarily defined by the assessed securityrequirements of an individual system and may cover therange from simple upgrade of protections to notification oflegal authorities, counter-attacks, and the like. In some specialcases, a complete destruction of the compromised systemis favored.Today, computer security comprises mainly "preventive"measures, like firewalls or an Exit Procedure. A firewall [10]can be defined as a way of filtering network data between ahost or a network and another network, such as the Internet,and is normally implemented as software running on themachine, hooking into the network stack (or, in the case ofmost UNIX-based operating systems such as Linux, builtinto the operating system kernel) to provide real-time filteringand blocking. Another implementation is a so calledphysical firewall which consists of a separate machine filteringnetwork traffic. Firewalls are common amongst machinesthat are permanently connected to the Internet(though not universal, as demonstrated by the large numbersof machines "cracked" by worms like the Code Red wormwhich would have been protected by a properly configuredfirewall). However, relatively few organizations maintaincomputer systems with effective detection systems, and fewerstill have organized response mechanisms in place.Proposed PracticeA good practice is always „find the reasons behind the diseases‟i.e. there are reasons behind theft that some customeror other are dissatisfied with something related with organization‟s(cyberspace)behavior and that drives him to dosome anomalous behavior against the particular cyberspace.Some ideas and technologies are proposed below that maybe used to prevent insider threats.Social EngineeringActually it is being now days applied in many industries forsecurity. Social engineering is the act of manipulating a personto take an action that may or may not be in the “target‟s”best interest. This may include obtaining information, gainingaccess, or getting the target to take certain action. It is ahuge application of Psychology, behavioral study, cognitiveanalysis of human behavior. Based on the study, a group ofpeople always be active to motivate the employed guys to dowhat they should do. They investigate the corner of the user‟smind to find suspicious something.Secret TeamA secret team is the team who act as customer or other outsideuser within organizations (cyberspace) but they haveanother purpose that investigate, monitor or audit the activityof the users. It is like a team of private investigators in disguise.Implementing softwareSuch software should install in each system for every cyberspacethat maintain a database of each user or customer.Mainly user or customer details and one unique identificationproof issue by government .This software will be maintainby system administer and also invisible with respect toany user or customer. For this approach need extra storagesdevices. And as per the condition administer will decidedhow many day‟s keep information.Monitoring the usersThough somebody is newer or recent user, the monitoring ismust be needed. It may be by some software (used by systemadministrator or network administrator) and/or by thesecurity cameras. That means if someone has to steal, thenhe must overcome a lot of risks i.e. he has to throw dust inthe eye of many expertise before flies away.Important contents of IT act of Indiaor Information TechnologyAct 2000PreliminaryWith the rapid pace, internet usage in India is increasing. Sothe rule of government is to provide a legal framework forinternet and e-commerce.Electronic GovernanceThe filling up of a form, issue of a license or payment of feemay be in an electronic form. Secured digital signatures enablethe growth of e-commerce.A survey of Indian Cyber crime and law and its prevention approach 52
Page 1 and 2: International Journal of Advanced C
Page 3: International Journal of Advanced C
Page 7 and 8: International Journal of Advanced C

A survey of Indian Cyber crime and law and its pre- vention approach

Create successful ePaper yourself

Delete template?

Save as template?