Some Most Important Group Policy Settings for Preventing Security Breaches using Domain Controller

Some Most Important Group Policy Settings for Preventing Security Breaches

1. Moderating Access to Control Panel

Setting limits on a computers’ Control Panel creates a safer business environment. Through Control Panel, you can control all aspects of your computer. So, by moderating who has access to the computer, you can keep data and other resources safe. Perform the following steps:

1.    In Group Policy Management Editor (opened for a user-created GPO), navigate to “User Configuration” “Administrative Templates” “Control Panel”.

2.    In the right pane, double-click “Prohibit access to Control Panel and PC settings” policy in to open its properties.

3.    Select “Enabled” from the three options.

4.    Click “Apply” and “OK”.

2. Prevent Windows from Storing LAN Manager Hash

Windows generates and stores user account passwords in “hashes.” Windows generates both a LAN Manager hash (LM hash) and a Windows NT hash (NT hash) of passwords. It stores them in the local Security Accounts Manager (SAM) database or Active Directory.

The LM hash is weak and prone to hacking. Therefore, you should prevent Windows from storing an LM hash of your passwords. Perform the following steps to do so:

1.    In Group Policy Management Editor window (opened for a custom GPO), go to “Computer Configuration” “Windows Settings” “Security Settings” “Local Policies” “Security Options”.

2.    In the right pane, double-click “Network security: Do not store LAN Manager hash value on next password change” policy.

3.    Select “Define this policy setting” checkbox and click “Enabled.

4.    Click “Apply” and “OK”.

3. Control Access to Command Prompt

Command Prompts can be used to run commands that give high-level access to users and evade other restrictions on the system. So, to ensure system resources’ security, it’s wise to disable Command Prompt.

After you have disabled Command Prompt and someone tries to open a command window, the system will display a message stating that some settings are preventing this action. Perform the following steps:

1.    In the window of Group Policy Management Editor (opened for a custom GPO), go to “User Configuration” “Windows Settings” “Policies” “Administrative Templates” “System”.

2.    In the right pane, double-click “Prevent access to the command prompt” policy.

3.    Click “Enabled” to apply the policy.

4.    Click “Apply” and “OK”.

4. Disable Forced System Restarts

Forced system restarts are common. For example, you may face a situation where you were working on your computer and Windows displays a message stating that your system needs to restart because of a security update.

In many cases, if you fail to notice the message or take some time to respond, the computer restarts automatically, and you lose important, unsaved work. To disable forced restart through GPO, perform the following steps:

1.    In “Group Policy Management Editor” window (opened for a custom GPO), go to “Computer Configuration” “Administrative Templates” “Windows Component” “Windows Update”.

2.    In the right pane, double-click “No auto-restart with logged on users for scheduled automatic updates installations” policy.

3.    Click “Enabled” to enable the policy.

4.    Click “Apply” and “OK”.

5. Disallow Removable Media Drives, DVDs, CDs, and Floppy Drives

Removable media drives are very prone to infection, and they may also contain a virus or malware. If a user plugs an infected drive to a network computer, it can affect the entire network. Similarly, DVDs, CDs and Floppy Drives are prone to infection.

It is therefore best to disable all these drives entirely. Perform the following steps to do so:

1.    In Group Policy Management Editor window (opened for a custom GPO), go to “User Configuration” “Policies” “Administrative Templates” “System” “Removable Storage Access”.

2.    In the right pane, double-click “All removable storage classes: Deny all accesses” policy

3.    Click “Enabled” to enable the policy.

4.    Click “Apply” and “OK”.

6. Restrict Software Installations

When you give users the freedom to install software, they may install unwanted apps that compromise your system. System admins will usually have to routinely do maintenance and cleaning of such systems. To be on the safe side, it’s advisable to prevent software installations through Group Policy:

1.    In Group Policy Management Editor (opened for a custom GPO), go to “Computer Configuration” “Administrative Templates” “Windows Component” “Windows Installer”.

2.    In the right pane, double-click “Prohibit User Install” policy.

3.    Click “Enabled” to enable the policy

4.    Click “Apply” and “OK”.

7. Disable Guest Account

Through a Guest Account, users can get access to sensitive data. Such accounts grant access to a Windows computer and do not require a password. Enabling this account means anyone can misuse and abuse access to your systems.

Thankfully, these accounts are disabled by default. It’s best to check that this is the case in your IT environment as, if this account is enabled in your domain, disabling it will prevent people from abusing access:

1.    In Group Policy Management Editor (opened for a custom GPO), go to “Computer Configuration” “Windows Settings” “Security Settings” “Local Policies” “Security Options”.

2.    In the right pane, double-click “Accounts: Guest Account Status” policy.

3.    Select “Define this policy setting” checkbox and click “Disabled”.

4.    Click “Apply” and “OK”.

8. Set Minimum Password Length to Higher Limits

Set the minimum password length to higher limits. For example, for elevated accounts, passwords should be set to at least 15 characters, and for regular accounts at least 12 characters. Setting a lower value for minimum password length creates unnecessary risk. The default setting is “zero” characters, so you will have to specify a number:

1.    In Group Policy Management Editor window (opened for a custom GPO), go to “Computer Configuration” “Windows Settings” “Security Settings” “Account Policies” “Password Policy”.

2.    In the right pane, double-click “Minimum password length” policy, select “Define this policy setting” checkbox.

3.    Specify a value for the password length.

4.    Click “Apply” and “OK”.

9. Set Maximum Password Age to Lower Limits

If you set the password expiration age to a lengthy period of time, users will not have to change it very frequently, which means it’s more likely a password could get stolen. Shorter password expiration periods are always preferred.

Windows’ default maximum password age is set to 42 days. The following screenshot shows the policy setting used for configuring “Maximum Password Age”. Perform the following steps:

1.    In Group Policy Management Editor window (opened for a custom GPO), go to “Computer Configuration” “Windows Settings” “Security Settings” “Account Policies” “Password Policy”.

2.    In the right pane, double-click “Maximum password age” policy.

3.    Select “Define this policy setting” checkbox and specify a value.

4.    Click “Apply” and “OK”.

Create a New User Account in Active Directory (Server 2008)

This is a task we want to do from a Domain Controller, and you should have the Administrative Tools in your Start menu next to the Control Panel link. We’ll choose the Active Directory Users and Computers snap-in.

 

Once we’re inside the Active Directory Users and Computers snap-in, we’ll need to expand the domain in which we want to create the user, and right-click on the Users folder. We’ll then select  New|User.

 

The New Object – User box will pop up and require you to put in the user’s name and create the user logon. You’ll need to use a standard method of creating user logon names, as this will cause much less confusion in the future. If you have a small network, you may want to just stick to using the first initial and last name because it’s shorter. If you anticipate that your network will grow quite large, the standard advice is to use the full first and last name separated by a period, as we’ve done below.

 

Next we’ll give the user an initial password, and make sure to have them change it as soon as they first logon.

 

When we’re finished, we’ll get a nice summary of our work.

 

When we go back to the Users folder in the domain, we can see our newly created user.

 

Once we’ve created a user, there are many things that we’ll need to do with them in order for them to be useful, like adding permissions and security groups, but at least the operation for spawning them is simple and straightforward.

Installing Active Directory Domain Services (AD-DS) In Win Server 2008

In Windows Server 2008, unlike previous server operating Systems, there is an additional step that needs to be taken before running DCPROMO to promote the server to Domain Controller and installing Active Directory on it. This step is the installation of Active Directory Domain Services (AD-DS) role on the server. In fact, the AD-DS role is what enables the server to act as a Domain Controller, but you will still need to run DCPROMO the regular way.

Server Manager/Initial Configuration Tasks

Roles can and should be added from Server Manager (but they can also be initiated from the Initial Configuration Tasks wizard that auto-opens the first time you log on to the server).

1. Open Server Manager by clicking the icon in the Quick Launch toolbar, or from the Administrative Tools folder.
2. Wait till it finishes loading, then click on Roles > Add Roles link.
3. In the Before you begin window, click Next.
4. In the Select Server Roles window, click to select Active Directory Domain Services, and then click Next.
5. In the Active Directory Domain Services window read the provided information if you want to, and then click Next.
6. In the Confirm Installation Selections, read the provided information if you want to, and then click Next.
7. Wait till the process completes.
8. When it ends, click Close.

Now you have to configure you Active Directory Domain Service.

1. To run DCPROMO, enter the command in the Run command, or click on the DCPROMO link from Server Manager > Roles > Active Directory Domain Services.
2. Depending upon the question if AD-DS was previously installed or not, the Active Directory Domain Services Installation Wizard will appear immediately or after a short while. Click Next.  Note: The Advanced features of DCPROMO will be discussed in a future article.
3. In the Operating System Compatibility window, read the provided information and click Next.
4. In the Choosing Deployment Configuration window, click on “Create a new domain in a new forest” and click Next.
5. Enter an appropriate name for the new domain. Make sure you pick the right domain name, as renaming domains is a task you will not wish to perform on a daily basis. Click Next. Note: Do NOT use single label domain names such as “gmcdc” or similar. You MUST pick a full domain name such as “gmcdc.local” or “gmcdc.com” and so on.
6. The wizard will perform checks to see if the domain name is not already in use on the local network.
7. Pick the right forest function level. Windows 2000 mode is the default, and it allows the addition of Windows 2000, Windows Server 2003 and Windows Server 2008 Domain Controllers to the forest you’re creating. 
8. Pick the right domain function level. Windows 2000 Native mode is the default, and it allows the addition of Windows 2000, Windows Server 2003 and Windows Server 2008 Domain Controllers to the domain you’re creating. Note: If you select “Windows Server 2008” for the forest function level, you will Not be prompted to pick a domain function level. 
9. The next wizard will perform checks to see if DNS is properly configured on the local network. In this case, no DNS server has been configured, therefore, the wizard will offer to automatically install DNS on this server. Note: The first DCs must also be a Global Catalog. Also, the first DCs in a forest cannot be a Read Only Domain controller.
10. It’s most likely that you’ll get a warning telling you that the server has one or more dynamic IP Addresses. Running IPCONFIG /all will show that this is not the case. we did not manually configure the IPv6 Address, hence the warning. In a network where IPv6 is not used, you can safely ignore this warning. 
11. You’ll probably get a warning about DNS delegation. Since no DNS has been configured yet, you can ignore the message and click Yes.
12. Next, change the paths for the AD database, log files and SYSVOL folder. For large deployments, carefully plan your DC configuration to get the maximum performance. When satisfied, click Next.
13. Enter the password for the Active Directory Recovery Mode. This password must be kept confidential, and because it stays constant while regular domain user passwords expire (based upon the password policy configured for the domain, the default is 42 days), it does not. This password should be complex and at least 7 characters long. I strongly suggest that you do NOT use the regular administrator’s password, and that you write it down and securely store it. Click Next.
14. In the Summary window review your selections, and when satisfied, click Next. The wizard will begin creating the Active Directory domain, and when finished, you will need to press Finish and reboot your computer.

Note: You can automate the rebooting process by checking the Reboot on Completion checkbox.

Your server now acts as a Domain Controller. Make sure you properly back it up. You can test functionality by using AD management tools such as Active Directory Users and Computers, examine the Event Logs, services and folders and shares that have been created.

Creating a bootable Linux Fedora USB stick from Windows OS

Installing and running Fedora Media Writer

On Windows

1. Download the latest Windows Installer file from GetFedora.org. The server automatically detects the running system and offers you the correct installation file for your Windows version.
2. Run the installation by double clicking the installer, and then continue through the set-up wizard. The Wizard lets you customize the software’s installation if you choose to.
3. Run the application by clicking on a launcher.
   In Windows 8 and 10, the Fedora Media Writer launcher will be placed in the All apps menu under F. In Windows 10, you can just type Fedora Media Writer in the search box on the task bar.

4. Writing the ISO image to the USB Media.

   1. Select the Fedora Edition you wish to make a bootable USB drive for.
      

      Figure 1. Fedora Media Writer Main Screen: Choose your Edition of Fedora
      The main selection lets you choose one of the default Fedora editions, Fedora Workstation or Server. Fedora Media Writer displays more details about the edition before you can proceed with downloading the image and the USB creation. You can choose a different architecture, if you select Other variants.
   2. Select "Create Live USB" to proceed.
      

      Figure 2. Fedora Media Writer Distribution Information
      Fedora Media Writer will automatically download the ISO for you. If you have downloaded the ISO before and placed it in the Downloadsdirectory, it will be immediately available to use.
      

      Figure 3. Fedora Media Writer Automatic Download
   3. Plug in a USB drive on which you want to create the bootable media.
   4. To write the image onto the media, click the red Write to diskbutton.
      

      Figure 4. Fedora Media Writer Write to USB Device
   5. Click on ''Write to Disk'' option and process will be completed. 

Linux Ubuntu OS Installation

1. Overview

The Ubuntu desktop is easy to use, easy to install and includes everything you need to run your organisation, school, home or enterprise. It's also open source, secure, accessible and free to download.

2. Requirements

You'll need to consider the following before starting the installation:

• Connect your laptop to a power source.
• Ensure you have at least 25GB of free storage space, or 5GB for a minimal installation.
• Have access to either a DVD or a USB flash drive containing the version of Ubuntu you want to install.
• Make sure you have a recent backup of your data. While it's unlikely that anything will go wrong, you can never be too prepared.

3. Boot from DVD

It's easy to install Ubuntu from a DVD. Here's what you need to do:

1. Put the Ubuntu DVD into your optical/DVD drive.
2. Restart your computer.

As soon as your computer boots you'll see the welcome window.

From here, you can select your language from a list on the left and choose between either installing Ubuntu directly, or trying the desktop first (if you like what you see, you can also install Ubuntu from this mode too).

Depending on your computer's configuration, you may instead see an alternative boot menu showing a large language selection pane. Use your mouse or cursor keys to select a language and you'll be presented with a simple menu.

Select the second option, ‘Install Ubuntu', and press return to launch the desktop installer automatically. Alternatively, select the first option, ‘Try Ubuntu without installing', to test Ubuntu (as before, you can also install Ubuntu from this mode too).

A few moments later, after the desktop has loaded, you'll see the welcome window. From here, you can select your language from a list on the left and choose between either installing Ubuntu directly, or trying the desktop first.

4. Boot from USB flash drive

Most computers will boot from USB automatically. Simply insert the USB flash drive and either power on your computer or restart it. You should see the same welcome window we saw in the previous ‘Install from DVD' step, prompting you to choose your language and either install or try the Ubuntu desktop.

If your computer doesn't automatically boot from USB, try holding F12 when your computer first starts. With most machines, this will allow you to select the USB device from a system-specific boot menu.

5. Prepare to install Ubuntu

You will first be asked to select your keyboard layout. If the installer doesn't guess the default layout correctly, use the ‘Detect Keyboard Layout' button to run through a brief configuration procedure.

After selecting Continue you will be asked What apps would you like to install to start with? The two options are ‘Normal installation' and ‘Minimal installation'. The first is the equivalent to the old default bundle of utilities, applications, games and media players - a great launchpad for any Linux installation. The second takes considerably less storage space and allows you to install only what you need.

Beneath the installation-type question are two check boxes; one to enable updates while installing and another to enable third-party software.

• We advise enabling both Download updates and Install third-party software.
• Stay connected to the internet so you can get the latest updates while you install Ubuntu.
• If you are not connected to the internet, you will be asked to select a wireless network, if available. We advise you to connect during the installation so we can ensure your machine is up to date

6. Allocate drive space

Use the checkboxes to choose whether you'd like to install Ubuntu alongside another operating system, delete your existing operating system and replace it with Ubuntu, or — if you're an advanced user — choose the 'Something else' option.

7. Begin installation

After configuring storage, click on the ‘Install Now' button. A small pane will appear with an overview of the storage options you've chosen, with the chance to go back if the details are incorrect.

Click Continue to fix those changes in place and start the installation process.

8. Select your location

If you are connected to the internet, your location will be detected automatically. Check your location is correct and click 'Forward' to proceed.

If you're unsure of your time zone, type the name of a local town or city or use the map to select your location.

9. Login details

Enter your name and the installer will automatically suggest a computer name and username. These can easily be changed if you prefer. The computer name is how your computer will appear on the network, while your username will be your login and account name.

Next, enter a strong password. The installer will let you know if it's too weak.

You can also choose to enable automatic login and home folder encryption. If your machine is portable, we recommend keeping automatic login disabled and enabling encryption. This should stop people accessing your personal files if the machine is lost or stolen.

If you enable home folder encryption and you forget your password, you won't be able to retrieve any personal data stored in your home folder.

10. Background installation

The installer will now complete in the background while the installation window teaches you a little about how awesome Ubuntu is. Depending on the speed of your machine and network connection, installation should only take a few minutes.

11. Installation complete

After everything has been installed and configured, a small window will appear asking you to restart your machine. Click on Restart Now and remove either the DVD or USB flash drive when prompted. If you initiated the installation while testing the desktop, you also get the option to continue testing.

Congratulations! You have successfully installed the world's most popular Linux operating system!

Creating a bootable Ubuntu USB stick from Windows OS

1. Overview

With a bootable Ubuntu USB stick, you can:

• Install or upgrade Ubuntu
• Test out the Ubuntu desktop experience without touching your PC configuration
• Boot into Ubuntu on a borrowed machine or from an internet cafe
• Use tools installed by default on the USB stick to repair or fix a broken
  configuration

Creating a bootable Ubuntu USB stick from Microsoft Windows is very simple and we're going to cover the process in the next few steps.

2. Requirements

You will need:

• A 4GB or larger USB stick/flash drive
• Microsoft Windows XP or later
• Rufus, a free and open source USB stick writing tool
• An Ubuntu ISO file. See Get Ubuntu for download links

3. USB selection

Perform the following to configure your USB device in Rufus:

1. Launch Rufus
2. Insert your USB stick
3. Rufus will update to set the device within the Device field
4. If the Device selected is incorrect (perhaps you have multiple USB storage devices), select the correct one from the device field's drop-down menu

4. Boot selection and Partition scheme

Now choose the Boot selection. Choices will be Non bootable and FreeDOS. Since you are creating a bootable Ubuntu device select FreeDOS.

The default selections for Partition scheme (MBR) and Target system (BIOS (or UEFI-CSM)) are appropriate (and are the only options available).

5. Select the Ubuntu ISO file

To select the Ubuntu ISO file you downloaded previously, click the SELECT to the right of "Boot selection". If this is the only ISO file present in the Downloads folder you will only see one file listed.

Select the appropriate ISO file and click on Open.

6. Write the ISO

The Volume label will be updated to reflect the ISO selected.

Leave all other parameters with their default values and click START to initiate the write process.

7. Additional downloads

You may be alerted that Rufus requires additional files to complete writing the ISO. If this dialog box appears, select Yes to continue.

8. Write warnings

You will then be alerted that Rufus has detected that the Ubuntu ISO is an ISOHybrid image. This means the same image file can be used as the source for both a DVD and a USB stick without requiring conversion.

Keep Write in ISO Image mode selected and click on OK to continue.

9. Writing the ISO

The ISO will now be written to your USB stick, and the progress bar in Rufus will give you some indication of where you are in the process. With a reasonably modern machine, this should take around 10 minutes. Total elapsed time is shown in the lower right corner of the Rufus window.

10. Installation complete

When Rufus has finished writing the USB device, the Status bar will be green filled and the word READY will appear in the center. Select CLOSE to complete the write process.

Congratulations! You now have Ubuntu on a USB stick, bootable and ready to go.

Introduction to Disk Cleanup Utilities of Windows

Windows Disk Cleanup Tool

Disk Cleanup tool, part of Windows, will perform a search on the hard disk for files that can be deleted from your computer without affecting its functionality or your personal files:

• Temporary Internet Explorer files (related: How To Clear Internet Explorer 6-to-11 Cache)
• Java applets or ActiveX controls
• Files from Recycle Bin if Recycle Bin has not been emptied
• Windows temporary files

How to Run Disk Cleanup Utility 

1. Press Windows + R Button.
2. Type cleanmgr
3. Click OK or  press Enter

Internet Security Management Concepts / इंटरनेट सुरक्षा और साइबर क्राइम

Internet Security (इंटरनेट सुरक्षा) और  साइबर क्राइम  (Cyber Crime) 

Internet Security Management Concepts

यह ऐसा कार्य है जो गैर कानूनी है, तथा जिसमें सूचना तकनीक या कंप्यूटर/Internet का उपयोग किया जाता है| आधुनिक युग में बहुत से गैरकानूनी काम या अपराध करने के लिए कंप्यूटर का प्रयोग किया जाता है, जैसे data चोरी online धोखाधड़ी जालसाजी आदि| सूचना तकनीकी प्रगति ने अपराधिक गतिविधियों के लिए नई संभावनाएं भी बनाए हैं, इस प्रकार के अपराधों से निपटने के लिए साइबर लॉ बनाया गया है| साइबर क्राइम को दो तरीकों में बांटा जा सकता है।
साइबर क्राइम के अंतर्गत आते हैं:

• Unauthorized access of computer/network and Hacking
• Data data Theft (डाटा चोरी करना)
• Identity theft (पहचान चुराना)
• Virus Trojan or worms attack (कंप्यूटर वायरस)

Unauthorized access of computer/network and hacking

किसी भी कंप्यूटर या कंप्यूटर नेटवर्क में बिना अनुमति के प्रवेश करने को unauthorized access यह hacking कहा जाता है। अनाधिकृत व्यक्ति द्वारा कंप्यूटर नेटवर्क में किया गया कोई भी कार्य इस अपराध की श्रेणी में आता है। जो व्यक्ति किसी नेटवर्क में अनाधिकृत तरीके से प्रवेश करता है उसे हैकर कहा जाता है। हैकर ऐसे प्रोग्राम बनाते हैं जो वांछित नेटवर्क पर आक्रमण कर सकें। इस प्रकार की कार्य साधारणता वित्तीय अपराधों में बहुताय होते हैं। जैसे किसी बैंक के नेटवर्क में अनाधिकृत तरीके से प्रवेश कर उनके खाताधारकों के अकाउंट से दूसरे अकाउंट में पैसे स्थानांतरित करना।
किसी व्यक्ति के क्रेडिट कार्ड की जानकारी चुरा कर उसका दुरूपयोग करना आदि।
किसी वेबसाइट के घटक अनाधिकृत तरीके से बदलने की क्रिया को web हैकिंग कहा जाता है।
भारत देश में हैकिंग क्रिया को गैरकानूनी माना जाता है तथा इनफार्मेशन टेक्नोलॉजी एक्ट 2008 के अंतर्गत 3 साल तक सजा एवं जुर्माने का प्रावधान है।

Data data theft (डाटा चोरी करना)

किसी संस्था या व्यक्ति या कंप्यूटर नेटवर्क में अधिकृत व्यक्ति के अनुमति लिए बिना उसके कंप्यूटर के डाटा को कॉपी करना उसे शेयर करना डाटा चोरी के अपराध की श्रेणी में आता है। किसी अनाधिकृत व्यक्ति द्वारा किसी अन्य व्यक्ति या संस्था की अनुमति के बिना डेटा कॉपी करना गैरकानूनी माना जाता है। वर्तमान में बहुत से छोटे स्टोरेज डिवाइस जैसे पेन ड्राइव मेमोरी कार्ड आसानी से उपलब्ध है, इन डिवाइस की सहायता से डाटा चुराना बहुत आसान हो गया है| इसमें आईटी एक्ट 2008 के अंतर्गत सजा का प्रावधान है।

Identity theft (पहचान चुराना)

किसी अन्य व्यक्ति की पहचान चुराकर कंप्यूटर नेटवर्क पर कार्य करना इस अपराध श्रेणी में आता है|
कंप्यूटर नेटवर्क पर स्वयं की पहचान बचा कर स्वयं को दूसरे के नाम से प्रस्तुत करना, उसके नाम पर कोई घपला कर ना, बेवकूफ बनाना आईटी एक्ट के अंतर्गत अपराध है|
इसके अतिरिक्त किसी अन्य व्यक्ति का पासवर्ड का प्रयोग करना,
डिजिटल सिग्नेचर की नकल करना भी इस अपराध की श्रेणी में आते हैं|
किसी अन्य के नाम का प्रयोग कर अवांछित लाभ लेना धोखाधड़ी करना भी इस प्रकार के अपराध में आते हैं|
जिस व्यक्ति की पहचान चुराई गई है उस से अनावश्यक रुप से कानूनी उलझनों का सामना करना पड़ता है, बहुत बड़ा नुकसान भी हो सकता है| उदाहरण के लिए आपके बैंक अकाउंट को कोई अन्य व्यक्ति आपकी पहचान चुराकर प्रयोग कर रहा है| आपकी पहचान चुरा कर दूसरी जगह धोखा धड़ी के लिए प्रयोग कर रहा है, इसलिए कंप्यूटर नेटवर्क पर अपने पासवर्ड व्यक्तिगत जानकारियां सार्वजनिक ना करें|आईटी एक्ट 2008 सेक्शन 66 सी के अंतर्गत सजा का प्रावधान है|

Virus Trojan or worms attack (कंप्यूटर वायरस)

जो प्रोग्राम किसी कंप्यूटर यह कंप्यूटर नेटवर्क की अनुमति के बिना कंप्यूटर में प्रवेश कर लेते हैं उन्हें कंप्यूटर वायरस की श्रेणी में डाला जाता है| साधारणता वायरस या वोर्म (Worm) प्रोग्राम का काम किसी अन्य के कंप्यूटर के डाटा को खराब /Delete/Edit करना है| इसीलिए कोई व्यक्ति या संस्था किसी ऐसे प्रोग्राम को अनावश्यक रुप से फैलाते हैं तो उन्हें इस अपराध की श्रेणी में रखा जाता है| बहुत से बड़े नेटवर्क को यदि वायरस प्रभावित करें तब बहुत बड़ा नुकसान हो सकता है| उदाहरण के लिए किसी विमान सेवा के कंप्यूटर में वायरस ने डाटा को बदल दिया है तब कोई प्लेन दुर्घटनाग्रस्त हो सकता है| यद्यपि सभी बड़े कंप्यूटर नेटवर्क में वायरस से कंप्यूटर को बचाने की प्रणाली होती है| भारतीय आईटी एक्ट 2008 के सेक्शन 43 (C) एवं 43 (e) के अंतर्गत वायरस फैलाने के कार्य के लिए सजा का प्रावधान है| Trojan उस प्रोग्राम को कहा जाता है जो दिखते तो उपयोगी हैं, लेकिन उनका कार्य कंप्यूटर कंप्यूटर नेटवर्क को नुकसान पहुंचाना होता है|

साइबर क्राइम के कुछ अन्य उदाहरण हैं –

• नेटवर्क का अनधिकृत तौर पर प्रयोग करना
• कंप्यूटर तथा नेटवर्क का प्रयोग कर व्यक्तिगत (Private) तथा गुप्त (Confidential) सूचना प्राप्त करना
• नेटवर्क तथा सूचना को नुकसान पहुंचाना
• बड़ी संख्या में ई – मेल भेजना (E – Mail Bombing)
• वायरस द्वारा कम्प्यूटर तथा डाटा को नुकसान पहुंचाना
• इंटरनेट का उपयोग कर आर्थिक अपराध (Financial Fraud) करना
• इंटरनेट पर गैरकानूनी तथा असामाजिक तथ्यों तथा चित्रों को प्रदर्शित करना

साइबर अपराध से बचने के उपाय (Ways To Prevent Cyber Crime)

• Login ID तथा पासवर्ड सुरक्षित रखना तथा समय – समय पर इसे परिवर्तित करते रहना
• Antivirus साफ्टवेयर का प्रयोग करना
• Fire wall का प्रयोग करना
• Data Backup रखना
• Proxy Server का प्रयोग करना
• Data को गुप्त कोड (Encrypted Form) में बदलकर भेजना व प्राप्त करना

Internet Security (इंटरनेट सुरक्षा)

इंटरनेट सुरक्षा का अर्थ है – नेटवर्क तथा नेटवर्क पर उपलब्ध सूचना, डाटा या सॉफ्टवेयर को अनधिकृत व्यक्तियों (Unauthorized persons) की पहुंच से दूर रखना तथा केवल विश्वसनीय उपयोगकर्ताओं द्वारा ही इनका उपयोग सुनिश्चित करना।
इंटरनेट सुरक्षा के मुख्यत: तीन आधार हैं –
• Authentication
• Access Control
• Cryptography

उपयोगकर्ता के प्रामाणिकता की जांच करना (Authentication) 

उपयोगकर्ता के प्रामाणिकता की जांच Login ID, Password/fingerprint/iris, गुप्त कोड आदि द्वारा की जाती हैं।

एक्सेस कंट्रोल (Access Control) 

कुछ विशेष डाटा या सूचना की उपलब्धता, कुछ विशेष उपयोगकर्ताओं के लिए ही सुनिश्चित करना एक्सेस कंट्रोल कहलाता हैं। अंगुलियों के निशान (Finger Print) आवाज की पहचान (Voice Recognition) इलेक्ट्रानिक कार्ड आदि द्वारा ऐसा किया जाता हैं।

क्रिप्टोग्राफी (Cryptography)

सूचना या डाटा को इंटरनेट पर भेजने से पहले उसे गुप्त कोड में परिवर्तित करना तथा प्राप्तकर्ता द्वारा उसे प्रयोग से पूर्व पुन: सामान्य सूचना में परिवर्तित करना क्रिप्टोग्राफी कहलाता हैं। यह इंटरनेट पर डाटा सुरक्षा का एक महत्वपूर्ण आधार है। सूचना या डाटा को गुप्त संदेशों में बदलने की प्रक्रिया Encryption कहलाती हैं। जबकि इनक्रिप्ट किए गए डाटा या सूचना को पुन: सामान्य सूचना में बदलना Decryption कहलाता हैं। क्रिप्टोग्राफी से डाटा स्थानान्तरण के दौरान डाटा चोरी होने या लीक होने की संभावना नहीं रहती है।

इंटरनेट सुरक्षा में शामिल होता हैं –

• सूचना, डाटा तथा संसाधनों का उपयोग केवल अधिकृत व्यक्तियों द्वारा किया जाना।
• डाटा तथा संसाधन अधिकृत व्यक्तियों के लिए हमेशा उपलब्ध होना।
• नेटवर्क पर भेजे गए डाटा के Destination तक पहुंचने से पहले उसे रिकॉर्ड करने तथा छेड़छाड़ या परिवर्तन करने की संभावना न होना।

यूजर आइडेंटीफिकेशन(User Identification)

कम्प्यूटर तथा नेटवर्क पर अधिकृत उपयोगकर्ता की पहचान करना User Identification कहलाता हैं जबकि इस पहचान को सत्यापित करने की प्रक्रिया ऑथेनटिकेशन (Authentication) कहलाती हैं।
यूजर नेम तथा पासवर्ड (User Name and Password)
 उपयोगकर्ता की पहचान स्थापित करने (Identification) तथा उसे सत्यापित करने  (Authentication) की सर्वाधिक प्रचलित विधि यूजर नेम तथा पासवर्ड की हैं। इसके द्वारा केवल अधिकृत उपयोगकर्ता को ही कम्प्यूटर डाटा तथा नेटवर्क का उपयोग करने दिया जाता हैं। यूजर नेम तथा पासवर्ड उपयोगकर्ता द्वारा कम्प्यूटर सिस्टम में स्टोर किया जाता हैं। अगली बार कम्प्यूटर या नेटवर्क का उपयोग करने के लिए कम्प्यूटर सिस्टम यूजर नेम तथा पासवर्ड डालने का request करता हैं। कम्प्यूटर पहले से स्टोर किए गए यूजर नेम तथा पासवर्ड से दी गई सूचना का मिलान करता हैं, तथा सही पाए जाने पर ही कम्प्यूटर तथा नेटवर्क के प्रयोग की इजाजत देता हैं।