(c) Intellectual Property Rights Terms

(i) Copyright

• Copyright is a legal protection given to creators of original works like books,

music, movies, paintings, and software.

• It means no one else can copy, share, or use these works without the creator’s
permission.

• This helps artists and writers earn money and control how their work is used.

(ii) Patent

• A patent is a legal right given to inventors for their new inventions or unique
processes.

• It stops others from making, using, or selling the invention without the inventor’s
permission for a fixed time (usually 20 years).

• This encourages people to invent new things by protecting their ideas.

(iii) Trademark

• A trademark is a special sign, logo, name, or symbol that identifies a company or

product.

• It helps customers know that the product is made by a particular company.

• Trademarks prevent other companies from using the same or similar signs that
could confuse customers.

If you want, I can also add examples to make it clearer!

1
### (a) Biometric Terms with Definitions and Working

*(i) Fingerprint Analysis*

* *Definition:* Using the unique patterns on a person’s fingertip to identify them.

* *Working:*

* Place finger on scanner.

* Scanner captures ridges and valleys pattern.

* Extracts unique features (minutiae points).

* Compares with stored fingerprints.

* If matched, identity is verified.

*(ii) Retina Scan*

* *Definition:* Using the unique pattern of blood vessels in the eye’s retina for
identification.

* *Working:*

* Look into retina scanner.

* Infrared light captures blood vessel pattern.

* Converts pattern into digital code.

* Matches code with stored retina patterns.

* If matched, identity is confirmed.

*(iii) Keystroke*

* *Definition:* Identifying a person by their unique typing rhythm and speed.

* *Working:*

2
 * System records timing of key presses/releases while typing.

* Creates a unique typing pattern.

* Compares with stored typing profile.

* If matched, user is identified.

### *Proxy Server*

* A *proxy server* acts as a middleman between your device (like your computer) and
the internet.

* When you send a request (like opening a website), the proxy server receives it first,
then sends it to the internet on your behalf.

* The response from the internet goes back to the proxy server, which then forwards it
to you.

---

### *Why use a proxy server?*

* *Privacy:* It hides your real IP address from the websites you visit.

* *Security:* It can block harmful websites or filter unwanted content.

* *Performance:* It can cache (save) frequently visited websites to load them faster next
time.

* *Access Control:* It helps organizations control what websites users can visit.

---

3
### *Example:*

You want to visit a website. Instead of your computer contacting the website directly, the
proxy server contacts it, then sends you the webpage. This way, the website only sees
the proxy server’s IP, not yours.

---

If you want, I can explain different types of proxy servers too!

4
### *(a) Types of Attacks:*

---

#### *(i) Sniffing*

*Sniffing* means secretly *capturing data* that is being transmitted over a network.

📌 *Example*:

Suppose you’re using public Wi-Fi at a cafe to log in to your email.

A hacker nearby uses a *sniffing tool* to capture the *username and password* you
typed.

---

#### *(ii) Spoofing*

*Spoofing* means *pretending to be someone else* to gain unauthorized access.

📌 *Example*:

A hacker sends an email that looks like it’s from your *bank*, asking for your account
details.

You believe it and reply, thinking it's real.

---

#### *(iii) Phishing*

5
*Phishing* is a type of attack where *fake emails or messages* are used to trick people
into giving personal information.

📌 *Example*:

You receive an email that says “Your account is blocked. Click here to fix it.”

The link takes you to a *fake website* that looks like your bank, and when you enter
your login details, they go to the attacker.

### *(b) Define Password Selection Strategies*

Password selection strategies are methods used to create secure and strong passwords
that protect systems and data from unauthorized access. Some common strategies are:

1. *User Education*

* Users are trained to create strong passwords.

* They are advised to avoid common words, names, or dates.

2. *Computer-Generated Passwords*

* System generates random passwords.

* These are usually strong but harder to remember.

3. *Reactive Password Checking*

* System checks existing passwords against a list of weak passwords.

* Users are forced to change weak passwords.

6
4. *Proactive Password Checking*

* Password is checked at the time of creation.

* If it is weak, the system does not accept it.

(i) Piggybacking
Meaning:

Piggybacking is when an unauthorized person enters a secure area by closely following

an authorized person, without permission.

Example:

A stranger enters an office building right after an employee opens the door using their
access card.

Prevention:

Do not allow unknown persons to enter behind you.

Use security guards or automated gates.

Enable security cameras at entry points.

Train employees to be aware of tailgating/piggybacking.

7
### 🔐 *1. Brute Force Attack*

* *What is it?*

Attacker tries all possible password combinations until the correct one is found.

* *Prevention:*

* Use *strong and complex passwords*.

* Enable *account lockout* after a few failed attempts.

* Use *CAPTCHA* to stop automated tries.

---

### 🔐 *2. Dictionary Attack*

* *What is it?*

Attacker uses a list of common passwords/words to guess the password.

* *Prevention:*

* Avoid using *common or easy passwords*.

* Use *passwords with special characters, numbers, and mixed cases*.

* *Salting* passwords before hashing.

---

### 🔐 *3. Phishing Attack*

* *What is it?*

User is tricked into giving their password through fake websites or emails.

8
* *Prevention:*

* *Don’t click* on suspicious links or emails.

* Use *anti-phishing filters* in browsers and email.

* Educate users about *social engineering tricks*.

---

### 🔐 *4. Keylogging*

* *What is it?*

A software/hardware records keystrokes to steal passwords.

* *Prevention:*

* Use *updated antivirus/antimalware*.

* Avoid using public computers for login.

* Use *on-screen keyboard* for typing passwords on unsafe systems.

---

### 🔐 *5. Shoulder Surfing*

* *What is it?*

Attacker watches the user type their password.

* *Prevention:*

* Use *privacy screens*.

* Be aware of surroundings while entering passwords.

9
 * Enable *two-factor authentication (2FA)*.

---

### 🔐 *6. Credential Stuffing*

* *What is it?*

Attacker uses leaked username-password pairs from other sites to try logging in.

* *Prevention:*

* *Don’t reuse passwords* across sites.

* Enable *2FA*.

* Use *password managers* to store unique, complex passwords.

10
Here’s a simple and exam-friendly explanation for each term:

Backdoors and Trapdoors

• Backdoor: A hidden way to access a system without normal authentication,

often left by hackers or developers for easy access.

• Trapdoor: Another name for backdoor; a secret entry point in software to

bypass security.

Man-in-the-Middle (MITM) Attack

• An attacker secretly intercepts and possibly alters communication between two

parties without their knowledge.

• Example: Someone listens to or changes messages between you and a website.

Replay Attack

• Attacker captures valid data (like login info) and reuses it later to gain
unauthorized access.

• Example: Reusing a recorded password or token to log in again.

TCP/IP Hacking

• Exploiting vulnerabilities in the TCP/IP protocols used for internet

communication to gain unauthorized access or disrupt services.

• Examples: IP spoofing, session hijacking.

Encryption Attacks

• Attempts to break or bypass encryption to read secret data.

• Examples: Brute force attacks, cryptanalysis.

Patch and Service Pack

• Patch: A small update that fixes specific security or software bugs.

• Service Pack: A collection of patches and updates bundled together to improve

software.

11
Principle of Authentication

• The process of verifying the identity of a user or device before allowing access.

• Common methods: Passwords, biometrics, tokens.

Audit

• A systematic review or examination of systems and records to check security and

compliance.

• Helps find weaknesses or breaches.

RBAC (Role-Based Access Control)

• Access control method where users get permissions based on their role in an
organization.

• Makes managing security easier by grouping permissions.

If you want me to explain any term in more detail or add examples, just ask!

12
Sure! Here’s a simple and clear explanation for each term, exam-friendly:

Misuse Detection

• It looks for known bad activities or attacks by matching patterns or rules.

• Example: Detecting a virus by recognizing its signature.

• Works like an alarm that rings when a known threat is detected.

Anomaly Detection

• It finds unusual or abnormal behavior that doesn’t fit the normal pattern.

• Example: Alerting when a user suddenly logs in from a strange location.

• Helps detect new or unknown attacks.

PEM (Privacy Enhanced Mail)

• A format for sending encrypted and signed emails securely.

• Uses base64 encoding and includes headers to show what kind of data it contains
(like certificates or keys).

X.509 / PKIX Certificate Format

• A standard format for digital certificates used in public key infrastructure (PKI).

• Contains info like:

o Owner’s public key

o Owner’s identity (name, organization)

o Issuer’s signature (Certification Authority)

o Validity period

• Used to verify identities online, like in HTTPS websites.

Compliance Standards for Information Security

• Implementing an Information Security Management System (ISMS):

A framework to manage security risks systematically.

13
 • ISO 27001:
An international standard for managing information security. It sets rules to
protect information and ensure confidentiality, integrity, and availability.

• ISO 20000:
A standard for IT service management, ensuring IT services meet business needs
effectively.

• BS 25999:
A British standard for business continuity management, helping organizations
prepare for disruptions.

• PCI DSS (Payment Card Industry Data Security Standard):

A security standard to protect credit card data and prevent fraud.

If you want me to explain any part more or give examples, just say!

Sure! Here’s a simple explanation:

Plain Text

• This is the original readable message or data.

• Example: A normal sentence like "Hello, how are you?"

Cipher Text

• This is the scrambled or coded version of the plain text after encryption.

• It looks like random characters and cannot be understood without the key.

• Example: "Xy7!qP2@#"

Encryption

• The process of converting plain text into cipher text to keep it secret.

• It uses a key (a secret code) to scramble the message.

Decryption

• The process of converting cipher text back into plain text.

• It uses a key to unscramble the message and make it readable again.

14
In short:
Encryption = Locking the message
Decryption = Unlocking the message

Let me know if you want examples!

15