Page 135 - DCAP516_COMPUTER_SECURITY
P. 135
Unit 11: Threats in Network
11.1 Types of Network Threats Notes
For any individual or organisation that uses computer technology, security threats are evolving
and becoming increasingly dangerous. Computer users are involved in an arms race with
hackers and virus writers. This makes it imperative to understand the types of computer threats
that may affect a computer system or a network of computers. Let us discuss in detail the
potential threats to a computer system in network.
1. Hacking: Section 66 of the Information Technology Act, 2000 defines the offence of hacking.
The Act has taken a unique approach to defining the term ‘hacking’. Hacking is usually
understood to be unauthorized access of computer systems and networks. Indian law has,
however, given a different connotation to the term hacking, so we cannot use the term
“unauthorized access” interchangeably with the term “hacking”. However, as per Indian
law, unauthorized access does occur, if hacking has taken place. Indian law has chosen to
define hacking in relation to information. Section 66(1) of the Information Technology Act
states, “Whoever with the intent to cause or knowing that he is likely to cause wrongful
loss or damage to the public or any person destroys or deletes or alters any information
residing in a computer resource or diminishes its value or utility or affects it injuriously
by any means, commits hacking”. And Section 66(2) states, “Whoever commits hacking
shall be punished with imprisonment up to three years, or with fine which may extend up
to two lakh rupees, or with both”.
Firstly, there must be either an intention to cause wrongful loss or damage to any person,
or knowledge that wrongful loss or damage will be caused to any person. Wrongful loss/
damage is the loss/damage caused by unlawful means. Secondly, information residing in
a computer resource must be destroyed. Destroying information also includes acts that
render the information useless for the purpose for which it had been created.
Section 66(2) of the IT Act provides for imprisonment up to 3 years and/or fine up to ` 2
lakh as a punishment for hacking. The definition of hacking is so wide that numerous
cyber crimes can be included under the ambit of hacking. Some of these are virus attacks
leading to loss of information, data diddling, salami attacks, Internet time theft, etc.
2. Unauthorized Access: “Access” is defined in Section 2(1)(a) of the Information Technology
Act as “gaining entry into, instructing or communicating with the logical, arithmetical, or
memory function resources of a computer, computer system or computer network”.
Therefore, unauthorized access means any kind of access without the permission of either
the rightful owner or the person in charge of a computer, computer system or computer
network. Thus, not only accessing a server by cracking its password authentication system
is unauthorized access, switching on a computer system without the permission of the
person in charge is also unauthorized access. Packet sniffing, tempest attack, password
cracking and buffer overflow are common techniques used for unauthorized access.
3. Packet Sniffing: Packet Sniffing is a technology used by hackers to intercept and decrypt
the data packets flowing on a computer network. We know that data travels in the form of
packets on networks. These packets, also referred to as data-grams, are of various sizes
depending on the network bandwidth as well as amount of data being carried in the
packet in the measure of bytes. Each packet has an identification label also called a ‘header’.
The header carries information of the source, destination, protocol, size of packet, total
number of packets in sequence and the unique number of the packet.
The data carried by the packet is in an encrypted format for the sake of convenience in
transmitting the data. This cipher text (encrypted form) is also known as the hex of the
LOVELY PROFESSIONAL UNIVERSITY 129
