International Journal <strong>of</strong> Advanced Computer Technology (IJACT)ISSN:2319-7900obtaining property or services from any cyberspace unjustlythrough deception or trickery.Theft <strong>of</strong> confidential or proprietary dataCases involving theft <strong>of</strong> confidential or proprietary information,in which current or former customer or contractors intentionallyexceeded or misused an authorized level <strong>of</strong>access to confidential or proprietary information from theany cyberspace [11].Theft/modification <strong>of</strong> information forfinancial gainTheft <strong>of</strong> information for business advantageBesides these attacks there may be some other thwarts possiblethat are not convenient to the above scenarios. Some<strong>pre</strong>dictions can be made for those: Reading executive emails for entertainment. Providing organizational (cyberspace) informationto <strong>law</strong>yers in <strong>law</strong>suit against organization (ideological). Transmitting organization‟s IP to hacker groups. Unauthorized access to information to locate a personas accessory to murder. Though there may bemore different issues but these are found in the casestudies by CERT Program-s<strong>of</strong>tware engineeringteam <strong>of</strong> Carnegie Mellon University. The <strong>pre</strong>vioustwo types <strong>of</strong> thwart may not be mutually exclusivefor a certain case.Pre<strong>vention</strong> <strong>of</strong> <strong>Cyber</strong> CrimePre<strong>vention</strong> [8] is always better than cure. It is always betterto take certain <strong>pre</strong>caution while operating the net. The 5Pmantra for online security: Precaution, Pre<strong>vention</strong>, Protection,Preservation <strong>and</strong> Perseverance. One should keep inmind the following things-1. To <strong>pre</strong>vent cyber stalking avoid disclosing any informationpertaining to oneself. This is as good as disclosing youridentity to strangers in public place.2. Always avoid sending any photograph online particularlyto strangers <strong>and</strong> chat friends as there have been incidents <strong>of</strong>misuse <strong>of</strong> the photographs.3. Always use latest <strong>and</strong> update antivirus s<strong>of</strong>tware to guardagainst virus attacks.4. Always keep back up volumes so that one may not sufferdata loss in case <strong>of</strong> virus contamination5. Never send your credit card number to any site that is notsecured, to guard against frauds.6. Always keep a watch on the sites that your children areaccessing to <strong>pre</strong>vent any kind <strong>of</strong> harassment or depravationin children.7. it is better to use a security programmed that gives controlover the cookies <strong>and</strong> send information back to the site asleaving the cookies unguarded might prove fatal.8. Web site owners should watch traffic <strong>and</strong> check any irregularityon the site. Putting host-based intrusion detectiondevices on servers may do this.9. Use <strong>of</strong> firewalls may be beneficial.10. Web servers running public sites must be physically separateprotected from internal corporate network. Adjudication<strong>of</strong> a <strong>Cyber</strong> Crime - On the directions <strong>of</strong> the BombayHigh Court the Central Government has by a notificationdated 25.03.03 has decided that the Secretary to the InformationTechnology Department in each state by designationwould be appointed as the AO for each state.Security measuresA state <strong>of</strong> computer "security" is the conceptual ideal, attainedby the use <strong>of</strong> the three processes:1. Pre<strong>vention</strong>,2. Detection, <strong>and</strong>3. Response.* User account access controls <strong>and</strong> cryptography can protectsystems files <strong>and</strong> data, respectively.INTERNATIONAL JOURNAL OF ADVANCED COMPUTER TECHNOLOGY | VOLUME 1, NUMBER 2, 51
International Journal <strong>of</strong> Advanced Computer Technology (IJACT)ISSN:2319-7900* Firewalls are by far the most common <strong>pre</strong><strong>vention</strong> systemsfrom a network security perspective as they can (if properlyconfigured) shield access to internal network services, <strong>and</strong>block certain kinds <strong>of</strong> attacks through packet filtering.* Intrusion Detection Systems (IDS's) [9] are designed todetect network attacks in progress <strong>and</strong> assist in post-attackforensics, while audit trails <strong>and</strong> logs serve a similar functionfor individual systems.* "Response" is necessarily defined by the assessed securityrequirements <strong>of</strong> an individual system <strong>and</strong> may cover therange from simple upgrade <strong>of</strong> protections to notification <strong>of</strong>legal authorities, counter-attacks, <strong>and</strong> the like. In some specialcases, a complete destruction <strong>of</strong> the compromised systemis favored.Today, computer security comprises mainly "<strong>pre</strong>ventive"measures, like firewalls or an Exit Procedure. A firewall [10]can be defined as a way <strong>of</strong> filtering network data between ahost or a network <strong>and</strong> another network, such as the Internet,<strong>and</strong> is normally implemented as s<strong>of</strong>tware running on themachine, hooking into the network stack (or, in the case <strong>of</strong>most UNIX-based operating systems such as Linux, builtinto the operating system kernel) to provide real-time filtering<strong>and</strong> blocking. Another implementation is a so calledphysical firewall which consists <strong>of</strong> a separate machine filteringnetwork traffic. Firewalls are common amongst machinesthat are permanently connected to the Internet(though not universal, as demonstrated by the large numbers<strong>of</strong> machines "cracked" by worms like the Code Red wormwhich would have been protected by a properly configuredfirewall). However, relatively few organizations maintaincomputer systems with effective detection systems, <strong>and</strong> fewerstill have organized response mechanisms in place.Proposed PracticeA good practice is always „find the reasons behind the diseases‟i.e. there are reasons behind theft that some customeror other are dissatisfied with something related with organization‟s(cyberspace)behavior <strong>and</strong> that drives him to dosome anomalous behavior against the particular cyberspace.Some ideas <strong>and</strong> technologies are proposed below that maybe used to <strong>pre</strong>vent insider threats.Social EngineeringActually it is being now days applied in many industries forsecurity. Social engineering is the act <strong>of</strong> manipulating a personto take an action that may or may not be in the “target‟s”best interest. This may include obtaining information, gainingaccess, or getting the target to take certain action. It is ahuge application <strong>of</strong> Psychology, behavioral study, cognitiveanalysis <strong>of</strong> human behavior. Based on the study, a group <strong>of</strong>people always be active to motivate the employed guys to dowhat they should do. They investigate the corner <strong>of</strong> the user‟smind to find suspicious something.Secret TeamA secret team is the team who act as customer or other outsideuser within organizations (cyberspace) but they haveanother purpose that investigate, monitor or audit the activity<strong>of</strong> the users. It is like a team <strong>of</strong> private investigators in disguise.Implementing s<strong>of</strong>twareSuch s<strong>of</strong>tware should install in each system for every cyberspacethat maintain a database <strong>of</strong> each user or customer.Mainly user or customer details <strong>and</strong> one unique identificationpro<strong>of</strong> issue by government .This s<strong>of</strong>tware will be maintainby system administer <strong>and</strong> also invisible with respect toany user or customer. For this <strong>approach</strong> need extra storagesdevices. And as per the condition administer will decidedhow many day‟s keep information.Monitoring the usersThough somebody is newer or recent user, the monitoring ismust be needed. It may be by some s<strong>of</strong>tware (used by systemadministrator or network administrator) <strong>and</strong>/or by thesecurity cameras. That means if someone has to steal, thenhe must overcome a lot <strong>of</strong> risks i.e. he has to throw dust inthe eye <strong>of</strong> many expertise before flies away.Important contents <strong>of</strong> IT act <strong>of</strong> Indiaor Information TechnologyAct 2000PreliminaryWith the rapid pace, internet usage in India is increasing. Sothe rule <strong>of</strong> government is to provide a legal framework forinternet <strong>and</strong> e-commerce.Electronic GovernanceThe filling up <strong>of</strong> a form, issue <strong>of</strong> a license or payment <strong>of</strong> feemay be in an electronic form. Secured digital signatures enablethe growth <strong>of</strong> e-commerce.A <strong>survey</strong> <strong>of</strong> <strong>Indian</strong> <strong>Cyber</strong> <strong>crime</strong> <strong>and</strong> <strong>law</strong> <strong>and</strong> <strong>its</strong> <strong>pre</strong><strong>vention</strong> <strong>approach</strong> 52