Asia Pacific Journal of Research Vol: I. Issue XXXVI, February 06 ISSN: 0-550, E-ISSN-7-79 USAGE AND AWARENESS OF TOOLS AND TECHNOLOGIES PROVIDING CYBERSECURITY AMONGST INTERNET USERS IN PUNE Prof. Mayank R. Kothawade Research Scholar, North Maharashtra University, Jalgaon, Maharashtra, India Prof. Dr. PreetiAgrawal Director, GHRIBM, Jalgaon, Maharashtra, India ABSTRACT Cyber security and awareness are crucial parameters while using internet or internet applications. These parameters are categorized into non-technological and technological issues. Non-technological parameters refers to awareness of security issues and policies related to security concern and technological issues covering the knowledge and awareness of tools and technologies providing cyber security. This paper highlights usage and level of awareness of various tools technologies providing cyber security with respect to five important parameters which includes usefulness, continuity with tool or technology usage, reliability, efficiency and limitations associated. KEYWORDS: Tools, Technologies, Cyber threat, Reliability, Efficiency, Awareness. INTRODUCTION: Cybercrime encompasses a wide range of activities, but these can generally be broken into two categories: first crimes that target computer networks or devices and second crimes that use computer networks to spread other criminal activities. Cybercrime is a bigger risk now than ever before, due to large number of connected people and devices. Crime, in whatever form it is, directly or indirectly affects the society. In today s world, there is immense increase in the use of internet in every field of the society and due to this escalation in usage of internet, a number of new crimes have evolved.cybercrime and cyber security are issues that can hardly be separated in an interconnected environment. The fact that the 00 UN General Assembly resolution on cybersecurity 5 addresses cybercrime as one major challenge underlines this. www.apjor.com Page 6
Asia Pacific Journal of Research Vol: I. Issue XXXVI, February 06 ISSN: 0-550, E-ISSN-7-79 To minimize the impact of these cyber threats various initiatives are taken by the worldwide organizations. The Cyber Technology and Information Security Laboratory (CTISL) conducts applied research focused on cyber threats and countermeasures, secure multi-level information sharing, resilient command and control network architectures, reverse engineering, information operations and exploitation, high performance computing, and data analytics.ctisl has six strategic thrusts 6 : Reverse Engineering, Vulnerability Identification, and Exploitation Resilient Network Systems Engineering Malicious Software Analysis, Threat Intelligence and Penetration Testing High Performance Computing and Analytics Multi-Level, Secure Software Systems and Collaboration Tools Professional Education, Outreach, and Awareness Another initiative taken by White House, President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we as a government or as a country are not adequately prepared to counter. Shortly after taking office, the President therefore ordered a thorough review of federal efforts to defend the U.S. information and communications infrastructure and the development of a comprehensive approach to securing America s digital infrastructure. In May 009, the President accepted the recommendations of the resulting Cyberspace Policy Review, including the selection of an Executive Branch Cybersecurity Coordinator who will have regular access to the President. The Executive Branch was also directed to work closely with all key players in U.S. cybersecurity, including state and local governments and the private sector, to ensure an organized and unified response to future cyber incidents; strengthen public/private partnerships to find technology solutions that ensure U.S. security and prosperity; invest in the cutting-edge research and development necessary for the innovation and discovery to meet the digital challenges of our time; and begin a campaign to promote cybersecurity awareness and digital literacy from our boardrooms to our classrooms and begin to build the digital workforce of the st century. Finally, the President directed that these activities be conducted in a way that is consistent with ensuring the privacy rights and civil liberties guaranteed in the Constitution and cherished by all Americans. To overcome these threats several tools and technologies are available and it is important to understand the usage and awareness of these tools and technologies along with their reliability and effectiveness. TOOLS AND TECHNOLOGIES PROVIDING CYBER SECURITY: Tools and technologies are playing vital role in protecting and securing systems and applications but their regular updates and patches are important. Some experts have stated that one of the cause of vulnerable computers is a lack of awareness by users and system administrators in keeping up with available security patches. To remedy this problem various tools and services are available to assist them in identifying vulnerabilities and their respective patches. A breach is stressful and expensive and only gets worse as word of the attack spreads to employees, customers, shareholders, competitors, and regulators. Today s hackers many with global networks and substantial financial resources -- have proven remarkably deft in getting around cyber security 9. Following categories of tools and technologies were considered for the study. Each category has different tools all the tools falls under different categories are shown in table. Antimalware Password auditing Application-specific scanners Port scanners Web browser related Rootkit detectors Encryption tools 5 Security-oriented operating systems 5 Debuggers 6 Packet sniffers 6 Firewalls 7 Vulnerability exploitation tools 7 Forensics Traffic monitoring tools Fuzzers 9 Vulnerability scanners 9 General-purpose tools 0 Intrusion detection systems 0 Web proxies Web vulnerability scanners Packet crafting tools Wireless Tools www.apjor.com Page 69
Asia Pacific Journal of Research Vol: I. Issue XXXVI, February 06 ISSN: 0-550, E-ISSN-7-79 OBJECTIVES:. To identify the usage of various tools and technologies providing cyber security.. To identify the level of usefulness, continuity with tool or technology usage, reliability, efficiency and limitations associated with various tools and technologies. HYPOTHESIS: Existing tools and technologies are not efficient to deal with cyber security threats. METHODOLOGY Information about usage and awareness of tools and technologies providing cybersecurity has been collected from 5 internet users by simple random sampling method. Respondents have been asked to comment on the usage of tools from the different categories. ANALYSIS: Analysis of usage and awareness of tools providing cybersecurity. From table it can be seen that internet users are unaware to most of the tool indicated by 0%. The scenario is not good about rest of the tools also percentage shows that rest of the tools are also not widely by the internet users. Analysis of various tools and technologies providing cyber security. From Table it can be seen that; Usefulness: Most of the respondents (%) agreed that they about the usage of tools and technologies providing cyber security. Continuity with tool usage: Only % respondents wish to continue with existing tool and technologies. Limitations associated: Only % respondents Strongly that existing tools and techniques have limitations. Reliability: Only % respondents Strongly that existing tools and techniques are reliable. Table : Usage and Awareness of tools providing cybersecurity Tool Usage Tool Usage Acunetix WVS 0.5% Grendel-Scan 0.5% AIDE 0.% Helix 0.% Aircrack 0.5% HijackThis.5% Angry IP Scanner.% Honeyd 0.% AppScan 0.% HP WebInspect 0.6% ArcSight SIEM platform 0% Hping.6% Argus 0% IDA Pro.% BackTrack % ike-scan.% BeEF.% Immunity Debugger % Brutus 0% inssider 0.% Burp Suite.% John the Ripper 0.9% Cain and Abel 0.% KeePass 0.5% Canvas.6% KisMAC.% Chrome % Kismet.% ClamAV 0.7% Knoppix.9% www.apjor.com Page 70
Asia Pacific Journal of Research Vol: I. Issue XXXVI, February 06 ISSN: 0-550, E-ISSN-7-79 Core Impact 0.5% L0phtCrack.% curl 0.% Maltego 0.% DirBuster 0% Malwarebytes' Anti- Malware.7% dradis 0% MBSA 0% dsniff % Medusa 0% DumpSec 0.% Metasploit 0% EnCase 0.6% Nagios 0.9% EtherApe 0% NBTScan.% Ettercap 0% Nemesis.% fgdump 0% Nessus.% Fiddler 0% Netcat.% Firebug 6% Netfilter 0.7% Firefox.% NetScanTools.% GDB 0.% Netsparker 0% GFI LanGuard 0.5% NetStumbler 0% GnuPG/PGP 0.7% NetWitness/NextGen 0.% NetworkMiner.5% Socat 0.% Nexpose 0% Social Engineer Toolkit 0.9% Ngrep 0.% SolarWinds 0.% Nikto 0% Splunk 0.% Nipper 0% sqlmap 0.% NoScript 0.% sqlninja 0.% Ntop 0.% sslstrip 0.% OllyDbg 0% Stunnel 0% OpenBSD PF 0% Superscan 0.% OpenSSH/PuTTY/SSH.9% Sysinternals 0% OpenSSL.% Tamper Data 0% OpenVAS.6% tcpdump 0.% OpenVPN.% THC Amap 0% ophcrack 0.% THC Hydra 0% OSSEC HIDS 0% The Sleuth Kit 0% OSSIM 0% Tor 0.5% P0f 0% Tripwire.% Paros proxy.% TrueCrypt 0.% Ping/telnet/dig/trace route/whois/netstat.% Unicornscan 0.% QualysGuard 0% VirusTotal 0.9% RainbowCrack 0.% VMware.% rat proxy.7% waf 0.% Retina 0.% Wapiti 0% SAINT 0.% Web Goat 0% Samurai Web Testing Framework 0.% Web Scarab 0% Scapy 0% Websecurify 0% Secunia PSI 0% Wfuzz 0% SELinux 0% Wikto 0% Sguil 0% WinDbg 0.% skipfish 0% Wireshark.% Snort.6% Yersinia 0% Total 00% www.apjor.com Page 7
Asia Pacific Journal of Research Vol: I. Issue XXXVI, February 06 ISSN: 0-550, E-ISSN-7-79 Table : Analysis of tools Variable Response options Frequency Percent.0.0.0 Useful.0 5 0.0.0 Total 5 00.0.0 Disagree 6.0 6.0 Continuity 9 6.0 with tool usage.0.0.0 Total 5 00.0 Limitation associated Reliability 6.0 Disagree 5 0.0.0 6.0 6.0.0.0 Total 5 00.0 6.0 Disagree.0.0 9 6.0.0.0.0 Total 5 00.0 www.apjor.com Page 7
Reliable Limitation associated Continuity with tool usage Useful Asia Pacific Journal of Research Vol: I. Issue XXXVI, February 06 ISSN: 0-550, E-ISSN-7-79 Graph :Analysis of tools 0 5 0 5 0 5 0 5 0 5 50 Disagree Disagree Disagree 5 6 5 6 6 9 9 6 6 6 0 0 6 6 Frequency Percentage HYPOTHESIS TESTING: - Statistical Test: Binomial Test - Test proportion: Test proportion was taken as 75%. More than 75% of responses to a particular category shows more agreement towards this category. Hence, Test proportion was 75%. - Level of significance α = 0.05 - H0: The proportion of responses indicating Existing tools and technologies are inefficient to deal with cyber security threats is less than or equal to 0.75 (p 0.75). www.apjor.com Page 7
Efficiency Asia Pacific Journal of Research Vol: I. Issue XXXVI, February 06 ISSN: 0-550, E-ISSN-7-79 - H: The proportion of responses indicating Existing tools and technologies are inefficient to deal with cyber security threats is greater than 0.75 (p 0.75). Efficiency of existing tools and technologies. Observed proportion = 0. Test proportion = 0.75 P =0.000 More than 75% of the respondents admitted that existing tools and technologies are inefficient to deal with cyber security threats. Binomial Test Category N Observed Prop. Test Prop. Exact Sig. (-tailed) Group <= 0.6 0.75 0.000 Group > 0. Total 5.00 From the above discussion it can be seen that more than 75% of the respondents perceive that existing tools and technologies are not efficient to deal with cyber security threats. Hence the hypothesis Existing tools and technologies are inefficient to deal with cyber security threats stands proved. CONCLUSION: Increased cyber threats and attacks are giving birth to the several risks. These risks leftbad impact on society, organization and individual in variety of ways. At present ample tools and technologies are available to protect against such cyber threats. Many internet users have no idea about their usage and they are unaware of these tools. Researchers have identified that available tools and technologies are inefficient and are not completely reliable. Several limitations are associated with these tools and technologies.it is clearly noticed that there is need of improved security tools and technologies. REFERENCES:. Cybercrime, [Online], Available: http://www.techopedia.com[5 March 0]. What is cybercrime?, [Online], Available, http://us.norton.com[6 March 0]. Cyber Crimes in India - an Introduction, [Online],Available, http://www. vakilno.com [6 March0]. Gercke, M. (0), Understanding Cybercrime: Phenomena, challenges and legal response, ITU, p.. 5. UNGA Resolution: Creation of a global culture of cybersecurity and taking stock of national efforts to protect critical information infrastructure, A/RES/6/. 6. Andrew. H, Lab Director, Cyber Technology and Information Security Laboratory (CTISL),[Online],Avaialblehttp://www.gtri.gatech.edu/ctisl 7. The Comprehensive National Cybersecurity Initiative, Foreign Policy, White House.. Technology assessment,(00, May) Cybersecurity for critical infrastructure protection, United States general accounting office, p. 07. 9. Kobus, T., Jones, P., (0, December), Into The Breach: The Limits Of Data Security Technology www.apjor.com Page 7