INDIAN CYBER LAW Section with Penalties and Offenses


Section under IT Act, 2000
Offense
Penalty
Sec.43
Damage to computer,
computer system, etc.
Compensation not exceeding one core rupees to the person so affected
Sec.43A
Body corporate failure
to protect data
Compensation not exceeding five core rupees to the person so
affected
Sec.44(a)
Failure to furnish document, return or
report to the Controller or the Certifying Authority
Penalty not exceeding one lakh and fifty thousand rupees for each such failure
Sec.44(b)
Failure to file any
return or furnish any
information, books or
other documents
within the time specified
Penalty not exceeding five thousand rupees for every day during which such failure continues
Sec.44(c)
Failure to maintain
books of account or
records
Penalty not exceeding ten thousand rupees for every day during which the failure continues
Sec.45
Where no penalty has
been separately
provided
Compensation not exceeding
twenty-five thousand rupees to the person affected by such
contravention or a penalty not
exceeding twenty-five thousand
rupees
Sec.65
Tampering with Computer source
documents
Imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both
Sec.66
 Hacking with Computer systems, Data alteration etc.
Imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both
Sec.66A
Sending offensive messages through
communication
service etc.
Imprisonment for a term which may extend to three years and with fine
Sec.66B
Retains any stolen
computer resource or
communication device
Imprisonment for a term which may extend to three years or with fine which may extend to rupees one lakh or with both
Sec.66C
Fraudulent use of
electronic signature
Imprisonment for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh
Sec.66D
Cheats by personating
by using computer
resource		 Imprisonment for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees
Sec.66E
Publishing obscene
images
Imprisonment which may extend to three years or with fine not
exceeding two lakh rupees, or with both
Sec.66F
 Cyber terrorism Imprisonment which may extend to imprisonment for life
Sec.67
Publishes or transmits
unwanted material		 Imprisonment for a term which may extend to three years and with fine which may extend to five lakh rupees & in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees
Sec.67A
Publishes or transmits
sexually explicit material		 Imprisonment for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees
Sec.67B
Abusing children
online		 Imprisonment for a term which may extend to five years and with a fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees
Sec.67C
 Preservation of information by intermediary Imprisonment for a term which may extend to three years and shall also be liable to fine
Sec.70
Un-authorised access
to protected system		 Imprisonment for a term which may extend to ten years and shall also be liable to fine
Sec.71
Misrepresentation to
the Controller or the
Certifying Authority
for obtaining license
or Electronic Signature Certificate
Imprisonment for a term which may
extend to two years, or with fine
which may extend to one lakh
Rupees, or with both.
Sec.72
 Breach of Confidentiality and Privacy Imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both
Sec.72A
Disclosure of
information in breach
of contract		 Imprisonment for a term which may extend to three years, or with a fine which may extend to five lakh rupees, or with both
Sec.73 &
74
Publishing false digital
signature certificates		 Imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both


References – (1) THE GAZETTE OF INDIA EXTRAORDINARY
                      (2) THE INFORMATION TECHNOLOGY ACT, 2000
Posted by No comments:

Security Certification Organizations

You’ll find a breakdown of 13 cyber security certification bodies and notes on some of their most popular accreditations below. These organizations are also listed on the website of the National Initiative for Cybersecurity Education (NICE)
The big ones – 
  • CompTIA
  • EC Council 
  • GIAC 
  • ISACA
  • (ISC)²
These are members of the Cybersecurity Credentials Collaborative (C3), an effort to promote the benefits of certifications in the skills development of information security professionals around the world.

The Department of Defense, for instance, has developed a separate SPēD Certification program run through the Center for Development of Security Excellence.

If you’re confused about which certification is right for your experience level and interests, reach out to your network. Your professors, employer and/or senior-level colleagues will have a strong sense of which qualifications are worth the investment
 
CERT Programs -

SEI(Software Engineering Institute)offers two security-focused certifications:
CISCO Programs

 Cisco has tiered its security accreditations into four levels of experience:
CWNP Programs
 
The most relevant security qualifications are:
ComPTIA Programs
 
Notable security accreditations include:
DRI International Programs
 
DRII certification is the intermediate-level:  

EC-Council’s flagship course is: 
GIAC Programs

If you’re interested in a GIAC credential, you might wish to investigate:
IACRB Programs
 
IACRB, Competitors to EC-Council’s CEH qualification include:
ISACA Programs
 
The organization offers certifications in 
Like CompTIA and CISSP, CISM was named to Ed Tittel’s list of Best Information Security Certifications for 2015.
 
(ISC)² Programs
 
(ISC)²’s banner certification is the globally-recognized  
 Mile2 has set itself up in direct competition to the EC-Council’s CEH and IACRB’s CPT. Its hacking certifications include:
Offensive Security Programs

If you’re a Pen Tester looking for a top-notch certification, you should seriously consider

Offensive Security offers other information security certifications, including the more advanced OSCE: Offensive Security Certified Expert, but OSCP is the one we’ve heard infosec experts mention the most. View a full list of their community projects.
Posted by No comments:

Security Certification Resources

Cybersecurity Education and Training Catalog
NICCS maintains an up-to-date listing of all cyber security and cyber security-related education and training courses offered in the U.S. The catalog currently contains more than 1,300 courses. You can search by proficiency level, delivery method, specialty area and keyword.

Josh More’s Blog Series on Security Certification
It’s a few years old, but Josh More’s insider’s view on the pros and cons of certification makes for interesting reading. He has even developed a mathematical method for assessing the overall learning value of a qualification.

Tom’s IT Pro Security Certification Section
Tom’s IT Pro has scores of articles and blog posts on security certification. We’re particular fans of Ed Tittel’s advice column, where he gives career guidance to security professionals around the world.

Cybrary.it
Cybrary.it, founded by Ralph Sita, Jr. and Ryan Corey, is an online cyber security community offering dozens of free training courses. For example, students interested in earning CompTIA Certification can prepare by enrolling in Cybrary’s free CompTIA A+ Certification Training course. Browse courses by skill level or topic, connect with others in the online forum, and browse listings of cyber security jobs.
Posted by No comments:

Cyber Security Certification

Which Certification to Choose

When it comes to entry-level training, you might start by considering certifications such as:
Once you’re through the initial hoops, certification will depend on your level of expertise and your field of interest. For example, a Penetration Tester would probably want to take a look at GPEN

Popular industry certifications include:
Posted by No comments:

Non-Security IT Certifications

Cisco Certified Network Associate (CCNA) Routing and Switching

A “go-to” certification for entry-level network engineers and specialists working with Cisco routers and network systems. CCNA certificate holders have proven their ability to install, configure, operate and troubleshoot medium-size routed and switched networks.This qualification is on par with CCNA Security, which emphasizes core security technologies, confidentiality, the availability of data/devices and competency in the technologies that Cisco uses in its security structure. Experienced Cisco engineers can aim for the higher level Professional and Expert levels.

CompTIA A+

CompTIA A+ is one of the most common baseline certifications for IT professionals, especially IT support specialists and technicians. The exams cover the maintenance of PCs, mobile devices, laptops, operating systems and printers.
A+ is required for Dell, Lenovo and Intel service technicians and recognized by the U.S. Department of Defense. Many folks follow it up with Network+ and Security+.

  

CompTIA Network+

The second in CompTIA’s trinity of qualifications (which includes A+ and Security+). Network+ is an ISO-17024 compliant certification that tests a professional’s knowledge of data networks. This includes building, installing, operating, maintaining and protecting networking systems.Network+ fulfills U.S. DoD Directive 8570.01-M and is held by nearly half a million people worldwide. It’s often recommended for network administrators, technicians and installers.

Information Technology Infrastructure Library (ITIL) Foundation

ITIL certifications focus on ITIL best practices. Foundation is the basic level and the ITIL credential most frequently seen on job requirements.The exam tests candidates in key elements, concepts and terminology used in the ITIL service lifecycle, including the links between lifecycle stages, the processes used and their contribution to service management practices. If your company is using ITIL processes to handle their services to internal/external customers, then Foundation is worth considering.

Microsoft Certified Solutions Expert (MCSE)

Anyone working with Microsoft technologies should take a close look at the Microsoft Certificate Solutions Associate (MCSA) and the expert MCSE. You must complete the MCSA before tackling the MCSE.Widely respected in the industry, MCSE demonstrates a professional’s ability to build, deploy, operate, maintain and optimize Microsoft-based systems. For the MCSE, you can choose one of nine certification paths, including Server Infrastructure, Private Cloud, SharePoint and more.

Project Management Professional (PMP)

PMP is aimed at mid-level project managers. Candidates without a bachelor’s degree must have at least five years of project management experience (7,500 hours leading and directing projects); bachelor’s degree holders must have at least three years (4,500 hours leading and directing projects).Successful PMP holders have demonstrated they have the experience, education and competency to handle project teams. It’s not a “must-have” by any means, but it can certainly help you zip through the résumé screening process and proceed into discussions about salary.

Red Hat Certified Architect (RHCA)

Interested in becoming a Linux expert? Take a look at RHCA, probably the most challenging qualification in the Red Hat certification program. To attain RHCA status, Red Hat Certified Engineers (RHCEs) must pass at least 5 exams and demonstrate their skills in performance-based tasks. Beginners should consider the RHCAS and the CompTIA Linux+ certification.

VMWare Certified Professional 5 – Data Center Virtualization (VCP5-DCV)

VCP5-DCV is expensive, but probably worth it if you’re interested in virtualization. To obtain this foundation-level certification, candidates must demonstrate hands-on experience with VMware technologies, complete a VMware-authorized training course and pass an exam. This proves a certificate holder’s ability to install, deploy, monitor, scale and manage VMware vSphere environments.Once you have the VCP5-DCV, you might wish to consider more advanced levels of VMWare DCV certification. In addition to data centers, VMWare also offers credentials in the cloud, end user computing and network virtualization.


Posted by No comments:

Hard IT Skills to Cultivate

Since technology is always subject to change, we also recommend you consult your colleagues, mentors and/or professors for the most up-to-date advice.

Operating Systems & Database Management

  • Windows, UNIX and Linux operating systems
  • MySQL/SQLlite environments

Programming & Coding

  • C, C++, C# and Java
  • Python, Ruby, PHP, Perl and/or shell
  • Assembly language & disassemblers
  • Regular Expression (regex) skills
  • Linux/MAC Bash shell scripting
 

Networks

  • System/network configuration
  • TCP/IP, computer networking, routing and switching
  • Network protocols and packet analysis tools
  • Firewall and intrusion detection/prevention protocols
  • Packet Shaper, Load Balancer and Proxy Server knowledge
  • VPNs
 

Specializations

Thanks to the nature of their job and industry, security experts usually end up specializing in a specific area of interest. For example:
  • Cisco networks
  • Cloud computing
  • Microsoft technologies
  • Wireless
  • Database modeling
  • Open source applications
  • Cryptography
Posted by No comments:

INFORMATION AND TECHNOLOGY


Information Technology courses are outstanding choice to help advance your career .Information Technology is a specialized field of Computer Engineering. It is a technical domain in which the student learns how to design and develop computer software, programmes and hardware such as personal computers , networking equipment and much more. There are various academic institutes located around the world offering IT courses through ONLINE AND OFFLINE programs. It became popular among students by creating numerous job opportunities with decent pay packages!
Information technology courses cover a wide range of topics like:
  • Data Structure
  • Database Management System
  • Logic Design and Structure
  • File Structure
  • Operating System
  • Programming in C Language
  • Business Information Systems
  • Object Oriented Programming using C++
  • Data Communication
  • Networking
  • Programming using Java
  • Computer Graphics and Multimedia
  • Computer Networks
  • Software Engineering
  • Information Management
  • E-Commerce
  • Web Scripting and Technology
  • Data Mining
  • RDBMS
  • Project Management
  • Management
  • Data Compression
  • Java (Advanced)
  • Algorithm Design
  • Electronics
Scope
IT sector is rapidly evolving and is directly or indirectly influencing the working of various other sectors and industries. IT sector is a great supporter for various sectors such as health-care, aviation, education, manufacturing sector, telecommunications sector, various Government Departments etc.
Following job posts in the above mentioned sectors-
  • Web Developer and Designer
  • Data Security Officer
  • Database Manager
  • Software Developer
  • Information Technology Engineer

Posted by No comments:

IT jobs that can lead to cyber security

IT jobs that can lead to cyber security careers include -

  • Computer Programmer

  • Computer Software Engineer

  • Computer Support Specialist

  • Computer Systems Analyst

  • Database Administrator

  • IT Technician

  • IT Technical Support

  • IT Customer Service

  • Network Administrator

  • Network Engineer

  • Network Systems & Data Analyst

  • System Administrator

  • Web Administrator

     

Posted by No comments:

TOOL List used in Cyber Security


   Osint
                   TheHarvester 

   Vulnerability Assessment 
            Information Gathering
                    arp-scan
                    fierce
                    knock scan
                    nmap
                    sslscan
                    WafWOOF
                    Dirbuster
            Network Scanner
                    Davtest
                    Nikto
                    OpenVas
            Privilege Escalation
                    crunch
                    fcrackzip
                    Hydra
                    John the ripper
                    ophcrack
                    pdfcrack
            Sniffing
                    Driftnet
                    dsniff
                    tcpdump
                    ettercap
                    urlsnarf
                    wireshark    
            Spoffing  
                    arpscanspoof
                    arpspoof
                    scapy
   
 Web Application
                    joomscan
                    w3af
                    wpscan
                    zaproxy
  
Social Engineering
                Setoolkit
            Exploitation
                msf_console
                sqlmap
            Maintening Access
                Weevely
            Incident Handling
                p0f
                suricata
                tcpflow

   Forensic
            Acquisition
                        dcfldd
                        dd
                        ddrescue
                        guymager
            Analysis
                        autopsy
                        BulkExtractor
                        dumpzilla
                        Pasco
                        raw2vmdk
                        RegRipper
                        scanfolder
                        vinetto
                        volatility
            Data Carving
                        Foremost
                        Scalpel
            Delete Secure
                        sdmem
                        wipe
            Network forensic
                        pcaparse
                        tcpxtractor
                        xplico

   Malware Analysis
                    avsubmit
                    chkrootkit
                    clamscan
                    exiftool
                    GHex
                    googlegeoip
                    pdfid
                    pdf-parser
                    PEframe
                    ssdeep
                    yara

   Miscellaneus
                    aircrack-ng
                    GParted
                    ncat
                    proxychain
                    macchanger

( Reference :- http://www.certtoolkit.org/ )
Posted by No comments:

LINUX BOOTING SEQUENCE

The following are the 6 high level stages of a typical Linux boot process-

Top To Bottom Order

1. BIOS
  • BIOS stands for Basic Input/Output System
  • Performs some system integrity checks
  • Searches, loads, and executes the boot loader program.
  • It looks for boot loader in floppy, cd-rom, or hard drive. You can press a key (typically F12 of F2, but it depends on your system) during the BIOS startup to change the boot sequence.
  • Once the boot loader program is detected and loaded into the memory, BIOS gives the control to it.
  • So, in simple terms BIOS loads and executes the MBR boot loader.
2. MBR
  • MBR stands for Master Boot Record.
  • It is located in the 1st sector of the bootable disk. Typically /dev/hda, or /dev/sda
  • MBR is less than 512 bytes in size. This has three components 1) primary boot loader info in 1st 446 bytes 2) partition table info in next 64 bytes 3) mbr validation check in last 2 bytes.
  • It contains information about GRUB (or LILO in old systems).
  • So, in simple terms MBR loads and executes the GRUB boot loader.
3. GRUB
  • GRUB stands for Grand Unified Bootloader.
  • If you have multiple kernel images installed on your system, you can choose which one to be executed.
  • GRUB displays a splash screen, waits for few seconds, if you don’t enter anything, it loads the default kernel image as specified in the grub configuration file.
  • GRUB has the knowledge of the filesystem (the older Linux loader LILO didn’t understand filesystem).
  • Grub configuration file is /boot/grub/grub.conf (/etc/grub.conf is a link to this). The following is sample grub.conf of CentOS.
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-194.el5PAE)
          root (hd0,0)
          kernel /boot/vmlinuz-2.6.18-194.el5PAE ro root=LABEL=/
          initrd /boot/initrd-2.6.18-194.el5PAE.img
  • As you notice from the above info, it contains kernel and initrd image.
  • So, in simple terms GRUB just loads and executes Kernel and initrd images.
4. Kernel
  • Mounts the root file system as specified in the “root=” in grub.conf
  • Kernel executes the /sbin/init program
  • Since init was the 1st program to be executed by Linux Kernel, it has the process id (PID) of 1. Do a ‘ps -ef | grep init’ and check the pid.
  • initrd stands for Initial RAM Disk.
  • initrd is used by kernel as temporary root file system until kernel is booted and the real root file system is mounted. It also contains necessary drivers compiled inside, which helps it to access the hard drive partitions, and other hardware.
5. Init
  • Looks at the /etc/inittab file to decide the Linux run level.
  • Following are the available run levels
    • 0 – halt
    • 1 – Single user mode
    • 2 – Multiuser, without NFS
    • 3 – Full multiuser mode
    • 4 – unused
    • 5 – X11
    • 6 – reboot
  • Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate program.
  • Execute ‘grep initdefault /etc/inittab’ on your system to identify the default run level
  • If you want to get into trouble, you can set the default run level to 0 or 6. Since you know what 0 and 6 means, probably you might not do that.
  • Typically you would set the default run level to either 3 or 5.
6. Run level programs
  • When the Linux system is booting up, you might see various services getting started. For example, it might say “starting sendmail …. OK”. Those are the runlevel programs, executed from the run level directory as defined by your run level.
  • Depending on your default init level setting, the system will execute the programs from one of the following directories.
    • Run level 0 – /etc/rc.d/rc0.d/
    • Run level 1 – /etc/rc.d/rc1.d/
    • Run level 2 – /etc/rc.d/rc2.d/
    • Run level 3 – /etc/rc.d/rc3.d/
    • Run level 4 – /etc/rc.d/rc4.d/
    • Run level 5 – /etc/rc.d/rc5.d/
    • Run level 6 – /etc/rc.d/rc6.d/
  • Please note that there are also symbolic links available for these directory under /etc directly. So, /etc/rc0.d is linked to /etc/rc.d/rc0.d.

Posted by No comments:
Subscribe to: Posts (Atom)