INFORMATION SECURITY

MEHROZ
Information security

Information security is a broad field that encompasses the

protection of information from unauthorized access, use,
disclosure, disruption, modification, or destruction.
It is a critical aspect of modern-day computing and is
essential for safeguarding sensitive data.
Principals or CIA triads
There are several principles of information security including
1. Confidentiality: ensures that only authorized individuals
have access to sensitive information.
2. Integrity: ensures that the information is accurate ,
complete and uncorrupted.
3. Availability: ensures that the information is accessible to
authorized individuals when needed without any delay.
Information security

Information security (InfoSec) enables organizations to

protect digital and analog information.
InfoSec provides coverage for cryptography(process of hiding
information so that only the intended recipient can read ),
mobile computing, social media, as well as infrastructure and
networks containing private, financial, and corporate
information.
Cyber security, on the other hand, protects both raw and
meaningful data, but only from internet-based threats.
Information security
Information Security vs. Cyber
security

Although both security strategies, cyber security and

information security cover different objectives and scopes with
some overlap.
Information security is a broader category of protections,
covering cryptography, mobile computing, and social media.
It is related to information assurance, used to protect
information from non-person-based threats, such as server
failures or natural disasters.
Cyber security only covers Internet-based threats and digital
data.
 Additionally, cyber security provides coverage for raw,
unclassified data while information security does not.
Information security

Types of Information Security

1. Application security: Application security strategies protect

applications and application programming interfaces (APIs).
2. Infrastructure security: Infrastructure security strategies protect
infrastructure components, including networks, servers, client devices,
mobile devices, and data centers.
3. Cloud security: Cloud security provides similar protections to
application and infrastructure security but is focused on cloud or
cloud-connected components and information.
4. Endpoint Security: Endpoint security helps protect end-user endpoints
such as laptops, desktops, smart phones, and tablets against cyber
attacks. For example, an endpoint detection and response (EDR) tool
can automatically respond to the threat using predetermined rules.
5. Cryptography: Cryptography uses a practice called encryption to
secure information by obscuring the contents.
Information security

Types of Information Security

To encrypt information, security teams use tools such as encryption

algorithms or technologies like blockchain.
6. Incident response: Incident response is a set of procedures and tools
that you can use to identify, investigate, and respond to threats or
damaging events. A commonly used tool for incident response is
an incident response plan (IRP).
Information security

History of computer security

• In the early days of computers, the term computer security specified

the need to secure the physical location of computer technology from
outside treats.
• Later it represents all actions taken to preserve computer system from
threats.
• The history of computer security dates back to the early days of
computers when security was concerned only with the physical device
and access to it .
• Early mainframe computers were used to store government records,
personal information, and transactional processing .
• The security was to safeguard the data stored in the computers.
• The need for computer security arose during world war II when the
first mainframe computers were developed and used for
computations.
Information security

History of computer security (1939-1045)

• The need for computer security arose during world war II(1939-1945)
when the first mainframe computer was developed and used to aid
computations for communication code breaking message from enemy
using cryptographic device like Enigma.
• During these early days, information security was a straight forward
composed of physical security and simple document classification
scheme(which document needs to be public and which must be private
ad encrypted).
• One of the first documented security problem occurred in the early
1960s , when a system administrator was working on a MOTD(message
of the day public file) while other administrator was editing the
password.
• A software glitch(bug)mixed these files and entire password was
printed to each print of public file.
Information security

History of computer security (1947-1091)

• During the cold war many more mainframe computers were brought
online to accomplish more complex and sophisticated tasks.
• These required less complex process of communication than mailing
magnetic tapes between computer centers(because there was no
personal computer so we had to transfer or mail whole disk to share
data).
• In response to this need, Department of Defense's Advanced Research
Project Agency (ARPA) began examining the feasibility of a redundant,
networked communication system to support military’s exchange of
information.
• In 1968 Dr. Larry Roberts developed APRANET.
• ARPA evolved into what we know as the internet, and Roberts become
its founder.
Information security

History of computer security (1970s and 80s)

• ARPAET became more popular and widely used increasing the

potential of it’s misuse.
• In 1973, the internet pioneer Robert M. Metcalfe identified
fundamental problems with ARPANET.
• He proposed some problems as:
• not sufficient controls to protect data
• Vulnerability(easily breakable) of password structure and
format
• Lack of safety procedures
• Nonexistent user identification ad authorization
Information security

History of computer security

• 1970s: age of the mainframe (Encryption was seen to provide the

most comprehensive protection for data stored in computer memory
and on backup media.)
• 1980s: age of the PC (computer security evolved as a distinct field.)
• 1990s: age of the Internet(the world went online, and cyber security
became a core part of modern life .)
• 2000s: age of the web ( cyber security is a rapidly growing field that
involves designing, developing, testing, and deploying applications with
security in mind . Cyber security measures include vulnerability
scanning, web application firewalls, strong authentication, data
encryption, and continuous security testing.
Information security

Critical characteristics of information:

• Accuracy
• Authenticity
• Confidentiality
• Integrity
• Availability
• Personally identified information (PII)
• Possession (who own data?)
• Utility (value or importance of data)
Information security

Key information security concepts

• Access : a subject’s ability to access, manipulate and modify another

subject. Authorized users have legal access but hackers have illegal.
• Asset : The organizational resource being protected. Can be logical as
websites or physical.
• Attack : An intentional or unintentional act which may damage the
system. It can be active or passive, direct or indirect, intentional or
unintentional.
• Control
• Safeguard
• Loss
• Risk
• Threats
• Threat agent (bug)
• Threat event (occurrence of threat)
• Threat source
Information security

Key information security concepts

• Asset is a resource user and owner of network wish to protect.

• It can be:
• Hardware
• Software
• Data
• Communication resources
Information security

Threats
• Threat: any circumstance or event that has the potential to adversely impact
organizational operations, assets, or individuals through an information system
via unauthorized access, destruction, disclosure and modification of information .
types of threats:
1. Malware attack: Malware is a type of software designed to harm or exploit any
device, network, or system. Malware can be used to steal sensitive information,
damage systems, or gain unauthorized access to networks. Kuch download ya
USB lagany se atta ha
2. Social engineering attacks: Social engineering attacks are designed to
manipulate people to get their sensitive information or performing actions that
are not in their best interest.
Examples include phishing, pretexting, baiting, and tailgating.
3. Software supply chain attacks: Software supply chain attacks involve
exploiting vulnerabilities in third-party software or hardware components that
are used in an organization’s systems. Attackers can use these vulnerabilities to
gain unauthorized access to systems or steal sensitive information. Hackers get
advantage of weaknesses in software.
Information security

Types of Threats

4. Advanced persistent threats (APT): APTs are long-term, targeted attacks

that are designed to gain unauthorized access to systems or steal sensitive
information. APTs are often carried out by nation-state actors or other well-
funded groups.
5. Distributed denial of service (DDoS): DDoS attacks are designed to
overwhelm a system with traffic, making it unavailable to users. DDoS
attacks can be used to disrupt services, steal sensitive information, or extort
money from victims.
6. Man-in-the-middle attack (MitM): MitM attacks involve intercepting
communications between two parties to steal sensitive information or gain
unauthorized access to systems. MitM attacks can be carried out on public
Wi-Fi networks, unsecured websites, or other vulnerable systems.
7. Password attacks: Password attacks are designed to steal or guess
passwords to gain unauthorized access to systems. Password attacks can
include brute-force attacks, dictionary attacks, and social engineering
attacks.
Information security

Threat Model
Information security

Cocequencs mn ye aye ga ky threat ki wajah se hacker uss data tk

pohanch jaye ga jisky liye wo authorized ni ha wo usko chage kr dy ga
aur user kolaggy ga yahi sahi data ha jb ky wo galat ho ga
Information security

Cryptography
• Cryptography comes from Greek words kryptos, meaning “hidden”
and graphein meaning “to write” and involves making and using cods
to secure message.
• Cryptanalysis involves cracking or breaking encrypted message back
into it's unencrypted form.
• Cryptography uses mathematical algorithms.
• Cryptography is not the knowledge of algorithms to encrypt data but it
involves keys added to original data to secure it.
• A cipher is a systematic method used to transform plaintext
(readable text) into ciphertext (encoded text) to protect its
confidentiality during transmission or storage.
• A cipher refers to the algorithm or process used to encrypt data.
• It defines how plaintext is transformed into ciphertext.
 Information security

Cryptography
• Bit stream cipher: method of encrypting data one bit at a time.
• Block cipher: method of encrypting data divided into blocks one block at a
time. These blocks are encrypted and also decrypted in blocks.
• Encryption (aka ciphering) is the actual process of converting data using a
specific cipher.
• It involves taking plaintext and applying the chosen cipher to produce
ciphertext.
• Encryption ensures that sensitive information remains confidential during
transmission or storage.
• Data can’t be decrypted unless one has a decryption key.
• Link encryption: a series of encryption and decryption between several
systems in which each system gets data decrypts it and sends it to the next
by re-encrypting it.
• This process continues until the message reaches it’s destination.
Information security

Symmetric vs. Asymmetric Encryption:

• Symmetric Encryption: the same key is used for both encryption and
decryption.
• Examples include the Data Encryption Standard (DES) and the Advanced
Encryption Standard (AES).
• Symmetric encryption is efficient but requires secure key distribution.
• Asymmetric Encryption: uses a pair of keys:
• a public key for encryption
• a corresponding private key for decryption.
• Asymmetric encryption provides secure key exchange but is
computationally more expensive.
• Decryption (aka deciphering) involves converting ciphertext back into
plaintext using the same algorithm and the secret key or decryption key.
• Only authorized parties possessing the correct key can perform
decryption.
• reverse process of encryption.
• Algorithm is formula to convert messages.
Information security

Symmetric Encryption:
• same key is used for both encryption and decryption.
• Also known as conventional or single key encryption.
• Algorithm for decryption is also reverse used for encryption.
• Advantages:
• Less complex
• Easy to implement
• Easy to understand
• Disadvantage:
• If the key is stolen data can be decrypted easily.
• Two types of attacks can be occurred (passive(lose of confidentiality)
and active(lose of integrity) attacks).
Information security

Symmetric Encryption:

Active Attack Passive Attack

In an active attack, Modification in information takes While in a passive attack, Modification in the
place. information does not take place.

Active Attack is a danger to Integrity as well

Passive Attack is a danger to Confidentiality.
as availability.

In an active attack, attention is on prevention. While in passive attack attention is on detection.

Due to active attacks, the execution system is always While due to passive attack, there is no harm to the
damaged. system.

In an active attack, Victim gets informed about the While in a passive attack, Victim does not get
attack. informed about the attack
Information security

Symmetric Encryption:
• Components:
1. Plain text
2. Secret key
3. Encryption algorithm (work based on key)
4. Cipher text to transmit
5. Decryption algorithm
• Main points:
1. The algorithm must be strong
2. The key must be known to both sender and receiver
Information security

Symmetric Encryption-Stream Ciphers:

Here are the two main types of symmetric encryption algorithms:
• Stream Ciphers:
• Stream ciphers encrypt individual digits (usually bytes) or letters (in
substitution ciphers) of a message one at a time.
• Algorithm and key is applied to each bit.
• Operation:
• write bits of data as m1,m2
• Write bits of key
• Take nor of both bits to generate cipher text.
• Repeat at receiver side.
Symmetric Encryption-Block cipher:

• Block Ciphers:
• Block ciphers divide the plaintext into fixed-size blocks (e.g., 64 or 128
bits) and then encrypt each block separately.
• Key and algo. Is applied to each block.
• Message(cipher text) is also sent in blocks.
• Common block cipher algorithms are:
• AES (Advanced Encryption Standard): A widely used symmetric
encryption algorithm.
• DES (Data Encryption Standard): An older standard, now considered
less secure. Text is in 64 bits key size is 56
• 3DES (Triple DES): An enhanced version of DES.
 Information security

Modes of block cipher: important

o Block ciphers are encryption algorithms that take a fixed-size input (usually denoted
as b bits) and produce a ciphertext of the same size.
o Here are some common modes:
1. Electronic Code Book (ECB):
• Each block of input plaintext is directly encrypted, resulting in blocks of encrypted
ciphertext.
• Advantages:
• Parallel encryption of blocks is possible, making it faster.
• Simple to implement.
• Disadvantages:
• Prone to cryptanalysis
due to a direct
relationship between
plaintext and ciphertext1
 Information security

Modes of block cipher: important

2. Cipher Block Chaining (CBC):
• The previous ciphertext block is XORed with the original plaintext block before
encryption of the current block.
• Advantages:
• Works well for input larger than b bits.
• Provides better resistance to cryptanalysis compared to ECB.
• Disadvantages:
• Parallel encryption is not
possible since each
encryption requires
the previous
cipher block1.
 Information security

Modes of block cipher: important

3. Cipher Feedback Mode (CFB):
• CFB mode uses a shift register and an initial vector (IV).
• The previous ciphertext block is used as feedback for the next encryption.
• Advantages:
• Difficult for cryptanalysis due to data loss from the shift register.
•Disadvantages:
• Similar drawbacks as
CBC mode1.
 Information security

Modes of block cipher: important

4. Output Feedback Mode (OFB):
• Similar to CFB, but the encrypted output is used as feedback instead of the actual
cipher.
• All bits of the block are sent as feedback.
 Information security

Modes of block cipher: important

5. Counter Mode (CTR):
• Uses a counter value as input to the block cipher.
• The counter value is incremented for each block.
• Provides confidentiality and supports parallel encryption.
Information security

DES (Data Encryption Standard):

o DES is a historic encryption algorithm known for its 56-bit
key length.
o It uses the same algorithm and key for both encryption and
decryption, with minor differences.
o The key length in DES is 56 bits.
o DES encrypts 64-bit(blocks) plaintext blocks under the
control of 56-bit keys.
o Each key is extended by a parity byte to give a 64-bit
working key.
Information security

DES (Data Encryption Standard):

Key points:
o Input: 64 bits
o Output: 64 bits
o Main key: 64 bits
o Sub key: 56 bits
o Round key: 48 bits
o No. of rounds: 16 rounds
DES (Data Encryption Standard):

o Initial permutation is the

rearranging of bits.
o There are 8 parity bits in the
initial key so we remove (every
eighth bit of the initial key is
discarded) those and give it to
c-not and d-not.
o PC=permuted choice.
o LS=left circular shift
o We will shift 1 bit if round =
1,2,9,16
o If round no is other then this
we have to shift with 2 bits
DES (Data Encryption Standard): s box

o We will divide plain text into

two parts of 32 bits each
o Because we want to take XOR
of text(32 bit) and key(64 bit)
we have to expand the text to
48 bits.
o There are going to be 8 s boxes
in this algorithm.
o Each takes 6 bits and returns 4
o This is a table with 4 rows and
16 columns.
o First and last bits indicate the
row
o And remaining 4 indicate
column
o Check the value from the s
table and write it in 4 bits
DES (Data Encryption Standard): s box

0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111

00 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7

01 0 15 7 4 14 2 13 1 10 6 12 11 6 5 3 8

10 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0

11 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
Information security

Asymmetric Encryption:
•Asymmetric encryption: aka public-key encryption, is a powerful
cryptographic technique that plays a crucial role in securing digital
communication.
•Key Pair: two distinct keys are used:
•Public Key: This key is openly shared and used for encryption.
•Private Key: Kept secret by the recipient, it is used for decryption.
•The public key can encrypt data, but only the corresponding private key
can decrypt it.
•How It Works:
•When someone wants to send an encrypted message to another party:
•They use the recipient’s public key to encrypt the message.
•The recipient then uses their private key to decrypt and read the message.
•This process ensures confidentiality and authenticity.
Information security

Asymmetric Encryption:
•Components:
1. Plain text
2. Encryption algorithm
3. Public key (for encryption)
4. Private key (for decryption)
5. Cipher text
6. Decryption algorithm
•Advantages:
1. Enhanced Security: higher level of security.
2. Authentication: Public keys can verify the sender’s identity.
3. Key Distribution: Asymmetric encryption simplifies secure key
exchange.
Information security

Asymmetric Encryption:
•Public key of both sender and receiver may be different but private key
must be same.
•Sender uses public key of receiver to generate the cipher text.
•Receiver uses it’s own private key to decrypt data.
•More complexity
•Algorithm:
•RSA (Rivest-Shamir-Adleman) is a widely accepted asymmetric encryption
technique.
• In asymmetric cryptography, two different keys are used: a public key for
encryption and a private key for decryption.
•Let’s explore how RSA works:
Information security

RSA:
•Key Generation:
1. Choose two prime numbers, p and q.
2. Calculate n = p*q.
3. Compute f(n) = (p-1)(q-1).
4. Select a value e such that gcd(f(n), e) = 1 (where 1 < e < f(n)). It means
there must not be any common factor in e and f(n)
5. Determine d such that ed mod f(n) = 1 OR ed = 1+ k f(n)
k = constant khus se put krna ha point mn value nhi anni chahiye bss
6. The private key is represented as {d, n}, and the public key as {e, n}.
e=public key
d=private key
•Encryption:
•To encrypt a message M, use the formula: C = Me mod n.
•Decryption:
•To decrypt the ciphertext C, the receiver uses: M = Cd mod n.
Information security

RSA:
•Uses
• Secure communication
• Digital signature
• Data encryption
• Key management
Example:
•Let’s assume you calculated your keys as follows:
• p = 17 and q = 7.
• Compute n = 17 \times 7 = 119.
• Determine f(n) = (17-1)(7-1) = 96.
• Choose e = 11 (since gcd(96, 11) = 1).
• Calculate d = 35.
•Your keys are:
• Private key: {35, 119}
• Public key: {11, 119}
Information security

Hash or compression function:

3. Hash Function: Maps a message of any length to a fixed-length
hash value, serving as the authenticator.

• A hash function is a mathematical algorithm that takes an input

(or "message") and produces a fixed-size string of characters,
which is typically a hexadecimal number. The output generated
by a hash function is called a hash value, hash code, or digest.
• independent of key
• H(M)=fixed length->hash code-message digest-act as
authenticator.
•Another important encryption technique often used in
cryptosystem.
•They do not convert in cipher text just make sure the integrity and
identity of message.
Information security

Hash or compression function:

• Properties
• One way only.
• Any length input fixed length output.
• Small variation in input produce large variation in
output.
• Collision are possible.
• No secrecy involved.
 EXAMPLES
SHA-1 (Secure Hash Algorithm 1)
SHA-256, SHA-384, SHA-512
MD5 (Message Digest Algorithm 5)

44
Information security

Authenticity:
•Verifying the users identity.
• Building blocks that enable secure communication, ensuring both data
integrity and origin.
•Authenticator is value used to authenticate message.
•Authentication function produces this authenticator.
•Types of authentication:
1. Encryption (cipher text acts as authenticator)
2. Message Authentication Code (MAC): A function of the message and a
secret key that produces a fixed-length value serving as the
authenticator called MAC.
c(MK)=fixed length
where c=authentication function
M=message
K-key
Information security

EIGmal encryption:
o It is introduced by “Taher ElGamal”, an Egyptian cryptographer.
o It is based on a public-key cryptosystem.
o It is used in secure communication protocols, digital signatures, and
cryptographic voting systems.
o It includes : -> Key Generation -> Encryption -> Decryption

Advantages
 It is used to secure our Disadvantages
communication like online  It is slower because it has
transactions, sensitive many modular
emails, etc. exponentiation operations.
 It is used not only in  It has large key sizes.
encryption but also in  It uses more storage and
digital signatures. bandwidth.
 It is a probabilistic  It involves more
encryption technique. mathematical operations.
 It is a versatile method.  It is more complex.
Information security

Digital signature:
• A digital signature is a mathematical technique that validates the
authenticity and integrity of a message, software, or digital file.
• It uses public key cryptography and a hash function to create a unique
and secure signature that can be verified by the recipient.
• A digital signature can also provide non-repudiation, which means that
the sender cannot deny that they signed the message.
• Some of the applications of digital signatures are:
• Secure email: Digital signatures can be used to encrypt and sign
email messages, ensuring that only the intended recipient can
read them and that the sender’s identity is verified.
• Electronic transactions: Digital signatures can be used to sign
online contracts, invoices, receipts, and other documents,
providing legal validity and protection from fraud.
Information security

Digital signature:
• This was created in response to the rising need to verify information
transferred via electronic systems.
• Verify 4 things as:
• Authentication
• Non repudiation (u can’t deny that u do not done this because
your digital signature is used)
• Integrity
• Confidentiality (only u know your digital signature )
Algorithm steps:
Key generation
Digital Signature.pdf
Digital_signatures_(1)[1].pptx
Network security
• Network security is defined as the activity created to protect the integrity
of your network and data. It is like a shield protecting data.
• Any action intended to safeguard the integrity and usefulness of your
data and network is known as network security.
• Network security aims to protect networking infrastructure from threats
such as data theft, unauthorized access, and manipulation.
• It encompasses various practices and technologies that safeguard internal
networks against attacks and data breaches.
• The network security solutions protects various vulnerabilities of the
computer systems such as:
1. Users
2. Locations
3. Data
4. Devices
5. Applications
Types of Network security
• There are several types of network security through which we can make
our network more secure.
• Your network and data are shielded from breaches, invasions, and other
dangers by network security.
• Here below are some important types of network security:
1. Email Security
The most common danger vector for a security compromise is email gateways.
Hackers create intricate phishing campaigns using recipients’ personal
information and social engineering techniques to trick them and direct them
to malicious websites. To stop critical data from being lost, an email security
program restricts outgoing messages and stops incoming threats.
2. Firewalls
Your trusted internal network and untrusted external networks, like the
Internet, are separated by firewalls. They control traffic by enforcing a set of
predetermined rules. A firewall may consist of software, hardware, or both.
Types of Network security

3. Network Segmentation
Network segmentation is a powerful architectural approach that
divides a computer network into smaller, isolated segments or
subnets. Each segment acts as its own mini-network, allowing
network administrators to control the flow of traffic between
these segments based on granular policies.
4. Access Control
Access control mechanisms regulate who can access specific
resources within the network. It ensures that only authorized
users can interact with network devices, applications, and data.
5. Virtual Private Networks (VPNs):
VPNs create secure, encrypted tunnels for data transmission over
public networks. They ensure confidentiality and integrity of data
between remote locations.
Types of Network security

6. Cloud network security:

Cloud network security is a critical aspect of safeguarding data,
applications, and systems within cloud and hybrid environments.
Cloud network security focuses specifically on the network
aspects of cloud infrastructure. It involves implementing security
measures to protect the integrity, confidentiality, and availability
of data in the cloud.
7. Web security
A online security solution will restrict access to harmful websites,
stop web-based risks, and manage staff internet usage. Your web
gateway will be safeguarded both locally and in the cloud. “Web
security” also include the precautions you take to safeguard your
personal website.
Benefits of Network security

Network Security has several benefits, some of which are

mentioned below:
1. Network Security helps in protecting clients’ information and
data which ensures reliable access and helps in protecting the
data from cyber threats.
2. Network Security protects the organization from heavy
losses that may have occurred from data loss or any security
incident.
3. It overall protects the reputation of the organization as it
protects the data and confidential items.
Working on Network Security or levels
The basic principle of network security is protecting huge stored data and
networks in layers that ensure the bedding of rules and regulations that
have to be acknowledged before performing any activity on the data.
These levels are:
1. Physical Network Security: This is the most basic level that includes
protecting the data and network through unauthorized personnel from
acquiring control over the confidentiality of the network. The same can be
achieved by using devices like biometric systems.
2. Technical Network Security: It primarily focuses on protecting the data
stored in the network or data involved in transitions through the network.
This type serves two purposes. One is protected from unauthorized users,
and the other is protected from malicious activities.
3. Administrative Network Security: This level of network security protects
user behavior like how the permission has been granted and how the
authorization process takes place. This also ensures the level of
sophistication the network might need for protecting it through all the
attacks. This level also suggests necessary amendments that have to be
done to the infrastructure.
Firewall

• A firewall is a network security device, either hardware or

software-based, which monitors all incoming and outgoing
traffic and based on a defined set of security rules accepts,
rejects, or drops that specific traffic.
• Accept: allow the traffic
• Reject: block the traffic but reply with an “unreachable error”
• Drop : block the traffic with no reply.
• A firewall is essentially the wall that separates a private
internal network from the open Internet at its very basic
level.
Working of Firewall

1. Firewall match the network traffic against the rule set

defined in its table.
2. Once the rule is matched, associate action is applied to the
network traffic.
3. Rules can be defined on the firewall based on the necessity
and security policies of the organization.
4. From the perspective of a server, network traffic can be
either outgoing or incoming.
5. Firewall maintains a distinct set of rules for both the cases.
6. Mostly the outgoing traffic, originated from the server itself,
allowed to pass.
Types of Firewall

1.Packet filtering firewall

Packet filtering firewall is used to control network access
by monitoring outgoing and incoming packets and allowing
them to pass or stop based on source and destination IP
address, protocols, and ports. If rule if matched msg is
forwarded or discarded. If no rule is matched default action is
used which says discard msg with no rule matched. It does not
check the data in msg only checks port no. , source address,
destination address and network IP so it’s not secure.
2. Stateful Inspection Firewall
Stateful firewalls (performs Stateful Packet Inspection) are able
to determine the connection state of packet, unlike Packet
filtering firewall, which makes it more efficient.
Types of Firewall

3. Software Firewall
A software firewall is any firewall that is set up locally or on a
cloud server. When it comes to controlling the inflow and
outflow of data packets and limiting the number of networks
that can be linked to a single device, they may be the most
advantageous. But the problem with software firewall is they
are time-consuming.
4. Hardware Firewall
They also go by the name “firewalls based on physical
appliances.” It guarantees that the malicious data is
halted/prevented before it reaches the network endpoint that is
in danger.
Types of Firewall

5. Application Layer Firewall

Application layer firewall can inspect and filter the packets on
any OSI layer, up to the application layer. It has the ability to
block specific content, also recognize when certain application
and protocols (like HTTP, FTP) are being misused. In other
words, Application layer firewalls are hosts that run proxy
servers. A proxy firewall prevents the direct connection between
either side of the firewall, each packet has to pass through the
proxy.
Functions of Firewall

1. Every piece of data that enters or leaves a computer

network must go via the firewall.
2. If the data packets are safely routed via the firewall, all of
the important data remains intact.
3. A firewall logs each data packet that passes through it,
enabling the user to keep track of all network activities.
4. Since the data is stored safely inside the data packets, it
cannot be altered.
5. Every attempt for access to our operating system is
examined by our firewall, which also blocks traffic from
unidentified or undesired sources.
Advantages of Firewall

1. Protection from unauthorized access

2. Prevention of malware and other threats
3. Control of network access
4. Monitoring of network activity
5. Regulation compliance
6. Network segmentation
Disadvantages of Firewall

1. Complexity
2. Limited Visibility
3. False sense of security
4. Limited adaptability
5. Performance impact
6. Limited scalability
7. Limited VPN support
8. Cost
Intrusion detection system

• An intruder in the context of network security refers to an

unauthorized individual or entity attempting to access a system
or network without proper authorization.
• These intruders have various motives, including causing harm,
stealing sensitive data, or disrupting regular operations.
• Masqueraders (outsider):
These individuals are not authorized to use the system,
yet they exploit users’ privacy and confidential information.
They operate from outside the system and aim to compromise
security.
• Misfeasors (insider):
Authorized users who misuse their granted
access and privileges fall into this category. Misfeasors take
undue advantage of their permissions, even though they have
direct access to the system. Their unethical actions involve
stealing data or information.
Intrusion detection system

• Intrusion is the activity performed by intruder to harm the

system , data and policies.
• IDS is used to detect and prevent intrusion, whenever it
finds some suspicious activity it informs the system
administrator about it using alert messages.
Working of Intrusion Detection System(IDS)

• An IDS (Intrusion Detection System) monitors the traffic on a

computer network to detect any suspicious activity.
• It analyzes the data flowing through the network to look for
patterns and signs of abnormal behavior.
• The IDS compares the network activity to a set of
predefined rules and patterns to identify any activity that
might indicate an attack or intrusion.
• If the IDS detects something that matches one of these rules
or patterns, it sends an alert to the system administrator.
• The system administrator can then investigate the alert and
take action to prevent any damage or further intrusion.
Classification of Intrusion Detection System(IDS)

Intrusion Detection System are classified into 5 types:

1.Network Intrusion Detection System (NIDS):
NIDS are set up at a planned point within the
network to examine traffic from all devices on the network. . It
monitor, capture and analyze network traffic. It performs an
observation of passing traffic on the entire subnet and matches
the traffic that is passed on the subnets to the collection of
known attacks. Once an attack is identified or abnormal
behavior is observed, the alert can be sent to the administrator.
Classification of Intrusion Detection System(IDS)

2.Host Intrusion Detection System (HIDS):

HIDS run on independent hosts or
devices on the network. A HIDS monitors the incoming and
outgoing packets from the device only and will alert the
administrator if suspicious or malicious activity is detected. It
takes a snapshot of existing system files and compares it with
the previous snapshot. If the analytical system files were edited
or deleted, an alert is sent to the administrator to investigate.
Detection Method of IDS

1. Signature-based Method:
• detects the attacks on the basis of the specific patterns called
signature.
• Signature is pattern searching in data packet to check if
attacker puts some malicious content in data.
• The detected patterns in the IDS are known as signatures.
• Signature-based IDS can easily detect the attacks whose
pattern (signature) already exists in the system but it is quite
difficult to detect new malware attacks as their pattern
(signature) is not known.
Detection Method of IDS

2.Anomaly-based Method:
• detect unknown malware attacks as new malware is
developed rapidly.
• The machine learning-based method has a better-generalized
property in comparison to signature-based IDS as these
models can be trained according to the applications and
hardware configurations.
Benefits of IDS
1. Detects malicious activity
2. Improves network performance
3. Compliance requirements
4. Provides insights
Comparison of IDS with Firewalls:

Comparison of IDS with Firewalls:

• IDS and firewall both are related to network security but an
• IDS differs from a firewall as a firewall looks outwardly for
intrusions in order to stop them from happening.
• Firewalls restrict access between networks to prevent
intrusion and if an attack is from inside the network it doesn’t
signal.
• An IDS describes a suspected intrusion once it has happened
and then signals an alarm.
• IDS detects inside and outside malicious activities but firewall
only detects coming from outside of network.
Important questions
What is Session Hijacking?
TCP session hijacking is a security attack on a user session over a protected
network. The most common method of session hijacking is called IP
spoofing, when an attacker uses source-routed IP packets to insert
commands into an active communication between two nodes on a network
and disguise itself as one of the authenticated users. This type of attack is
possible because authentication typically is only done at the start of a TCP
session.
Another type of session hijacking is known as a man-in-the-middle attack,
where the attacker, using a sniffer, can observe the communication
between devices and collect the data that is transmitted.
Important questions
5 basic security principles?

1. Confidentiality
2. Integrity
3. Availability
4. Authenticity
5. Non reputation
Important questions
Types of session hijacking?

1.Active Session Hijacking :

An Active Session Hijacking occurs when the attacker takes control over
the active session. The actual user of the network becomes in offline
mode, and the attacker acts as the authorized user. They can also take
control over the communication between the client and the server. To
cause an interrupt in the communication between client and server, the
attackers send massive traffic to attack a valid session and cause a denial of
service attack(DoS).
2.Passive Session Hijacking :
In Passive Session Hijacking, instead of controlling the overall session of a
network of targeted user, the attacker monitors the communication
between a user and a server. The main motive of the hacker is to listen to
all the data and record it for the future use. Basically, it steals the
exchanged information and use for irrelevant activity. This is also a kind of
man-in-middle attack (as the attacker is in between the client and the
server exchanging information.
Important questions
Types of session hijacking?

3.Hybrid Hijacking :
The combination of Active Session Hijacking and Passive Session Hijacking is
referred to as Hybrid Hijacking. In this the attackers monitors the
communication channel (the network traffic), whenever they find the issue,
they take over the control on the web session and fulfill their malicious
tasks.
Important questions
Processes of session hijacking?

1. Locating a target
2. Finding an active session
3. Sequence number prediction
4. Taking a user offline
5. Taking over a session (aissa session bna dena jb na server
respond kr ra ha na request ja rai ha )
Important questions
Attacks on TCP?

Attacks on TCP:
1. SYN flooding
2. IP spoofing
3. Sequencing number attack
4. TCP session hijacking
5. RST and FIN
6. Ping O Death
Authentication

 The process by which it can be identified that the user, which wants to
access the network resources, valid or not by asking some credentials
such as username and password.
 Common methods are to put authentication on console port, AUX port,
or vty lines.
 As network administrators, we can control how a user is authenticated if
someone wants to access the network.
 Some of these methods include using the local database of that device
(router) or sending authentication requests to an external server like the
ACS server.
 To specify the method to be used for authentication, a default or
customized authentication method list is used.
Authentication

• Authentication is a critical process used to verify the identity of users,

processes, or devices before granting them access to resources within
an information system.
• Here are the key points about authentication:
I. Identification: Users establish their identity, typically through a
username. This initial step helps the system recognize who they
are.
II. Authentication: Users prove that they are who they claim to
be. Traditionally, this involves entering a password, which only
the user should know.
• However, to enhance security, many organizations now require
additional factors:
I. Something they have: This could be a phone, a token device,
or any other physical item.
II. Something they are: Biometric methods like fingerprint scans
or face recognition.
Authentication

 Why is authentication important?

1. Protecting Systems: Authentication helps organizations safeguard their
systems, data, networks, websites, and applications from unauthorized
access.
2. Confidentiality: It empowers individuals to keep their personal data
confidential, allowing them to conduct online activities (such as
banking or investing) with reduced risk.
 Risks of Weak Authentication:
1. Data Breach: Weak authentication makes it easier for attackers to
compromise accounts by guessing passwords or tricking users into
revealing their credentials.
2. Malware Installation: Attackers can install malicious software (such as
ransom ware) when authentication is weak.
3. Noncompliance: Organizations may violate regional or industry data
privacy regulations due to inadequate authentication practices.
Authentication

How Authentication Works:

For users, authentication involves setting up a username, password, and other
methods (like biometrics).
Passwords are hashed (not encrypted) and stored in the database. When a user
enters a password, the system hashes it and compares it to the stored hash.
Biometric information (e.g., fingerprints or facial scans) is encoded, encrypted,
and saved on the user’s device.
Types of Authentication Mechanism
1. Two-factor authentication
2. Multi-factor authentication
3. one-time password
4. Three-factor authentication
5. Biometrics
6. Hard Tokens
7. Soft Tokens
8. Contextual Authentication
9. Device identification
Authentication

Authentication Authorization

In the authentication process, the identity While in authorization process, a the

of users are checked for providing the person’s or user’s authorities are checked
access to the system. for accessing the resources.

In the authentication process, users or While in this process, users or persons

persons are verified. are validated.

It is done before the authorization While this process is done after the
process. authentication process.

It needs usually the user’s login details. While it needs the user’s privilege or
security levels.

Authentication determines whether the While it determines What permission

person is user or not. does the user have?

Generally, transmit information through Generally, transmit information through

an ID Token. an Access Token.
Access control
• Access control is a fundamental concept in information security. It plays a crucial
role in managing who is authorized to access corporate data and resources.
• Access control is a security strategy that controls who or what can view or utilize
resources in a computer system.
• . Access control systems perform identification, authentication, and authorization
of users and entities by evaluating required login credentials that may include
passwords, pins, bio-metric scans, or other authentication factors.
• Multi-factor authentication requires two or more authentication factors, which is
often an important part of the layered defense to protect access control systems.
Authentication Factors
1. Password or PIN
2. Bio-metric measurement (fingerprint & retina scan)
3. Card or Key
Access control

Components of Access Control

1. Authentication: Authentication is the process of verifying the identity of a user.
User authentication is the process of verifying the identity of a user when that
user logs in to a computer system.
2. Authorization: Authorization determines the extent of access to the network
and what type of services and resources are accessible by the authenticated user.
Authorization is the method of enforcing policies.
3. Access: After the successful authentication and authorization, their identity
becomes verified, This allows them to access the resource to which they are
attempting to log in.
4. Manage: Organizations can manage their access control system by adding and
removing authentication and authorization for users and systems. Managing
these systems can be difficult in modern IT setups that combine cloud services
and physical systems.
5. Audit: The access control audit method enables organizations to follow the
principle. This allows them to collect data about user activities and analyze it to
identify possible access violations.
Types of Access Control

1. Physical Access Control: hardware based access control devices. Physical

access control restricts entry to campuses, buildings, rooms and physical IT
assets.
2. Logical Access Control: Logical access control limits connections to computer
networks, system files and data.
3. Attribute-based Access Control (ABAC): In this model, access is granted or
declined by evaluating a set of rules, policies, and relationships using the
attributes of users, systems and environmental conditions.
4. Discretionary Access Control (DAC): In DAC, the owner of data determines
who can access specific resources.
5. History-Based Access Control (HBAC): Access is granted or declined by
evaluating the history of activities of the inquiring party that includes behavior,
the time between requests and content of requests.
6. Identity-Based Access Control (IBAC): By using this model network
administrators can more effectively manage activity and access based on
individual requirements.
7. Mandatory Access Control (MAC): A control model in which access rights are
regulated by a central authority based on multiple levels of security. Security
Enhanced Linux is implemented using MAC on the Linux operating system.
Working of Access Control
I. Access control involves determining a user based on their credentials and then
providing the appropriate level of access once confirmed.
II. Credentials are used to identify and authenticate a user include passwords, pins,
security tokens, and even biometric scans.
III. Multifactor authentication (MFA) increases security by requiring users to be
validated using more than one method.
IV. Once a user’s identity has been verified, access control policies grant specified
permissions, allowing the user to proceed further.
V. Organizations utilize several access control methods depending on their needs.
Benefits of Using Access Control Systems:
a) People Management: Access control helps manage the flow of people in and out
of buildings. It ensures safety during emergencies by blocking entry to specific
areas and facilitating smooth evacuations.
b) Business Management: Access control improves overall operations by providing
effective cardholder and credential management.
c) Building Management: Access control is now central to building operations,
integrating with other systems.
d) Site Management: It protects sensitive areas and restricts unauthorized entry.
e) Integration Capabilities: Access control systems can integrate with other security
solutions
Software security
• A collection of methods used to protect computer programs and the sensitive
information handled by them against malicious attacks.
• It covers a wide range of functions to safeguard software and its correlated data on
privacy, accuracy, and accessibility respectively.
• Software Security is aimed at finding and reducing security risks. These risks can be
different and include external threats in the form of cyber attacks or internal weak
points due not only to coding mistakes but also inadequate design or other defects
that may potentially exist in a particular piece of software.
• Essentially, software security is a shield from many threats that if not addressed
may cause data leaks, loss of money, or users’ lack of trust in the company.
What are the threats to Software?
Threats can be broadly categorized into two main types:
1. External threats
2. Internal threats
Application Security vs. Software Security:
Software Security: Focuses on the code itself during development.
Application Security: Comes into play when the software becomes a deployable
artifact (e.g., a JAR or container image). It involves securing the entire application,
including its runtime environment
Software security

1. External Threats
External threat is the term used for referring to the likes of hackers, the criminals
operating on the internet and also the state’s sponsored entities. This may allow
them to use weak points in software in order to steal confidential information and
even break into systems, thus stopping their functioning or sending viruses.
Common external threats include:
I. Malware: Malware such as viruses, worms and ransomware may enter through
vulnerable software.
II. Distributed Denial of Service (DDoS) Attacks: In essence, these attacks are
characterized by flooding of a system or a network with traffic and making it
inaccessible for users who need to make genuine requests.
III. Phishing: Therefore, attackers use deceitful ways of making people reveal their
confidential data like login credentials and other finances.
IV. Data Breaches: One may lose vital data like personal information or financial
transactions, which can then be used by unwanted individuals.
Software security

2. Internal Threats
These internal threats result from people within one organization, whether
inadvertently or purposely.
They may include:
I. Insider Threats: Such privileged people such as employees or others who have
access to the software may use it against the organization and steal data.
II. Importance of Software Security Data Protection: Since most software are
based on such confidential data like personal or financial information. Failure of
securing software results into data breach, identity theft and monetary losses.
III. Regulatory Compliance: There are many countries across the globe with rigid
data protection laws, which cut across industries and governments as well.
Failure to comply may lead to legal liabilities and loss of reputation.
IV. Intellectual Property Protection: In many cases, this software constitutes
crucial intellectual property. It is important to guard it from those that may use it
without permission and lose money.
Issues Related to Software Security
There are numerous issues and challenges associated with software security.Some
common issues include:
I. Complexity of Software: Finding and fixing security holes as software gets
more complicated.
II. Lack of Awareness: Consequently, multiple developers and organisations are
unknowingly running undersecure programs.
Tools for Software Security
1. Static Application Security Testing (SAST)
Responsibility: Developers and code reviewers.
Description: SAST tools look into the source code of various applications for
vulnerabilities as they are being developed. Some of the SAST tools are such as
Fortify, Checkmarx and Veracode.
2. Dynamic Application Security Testing (DAST)
Responsibility: Security teams and testers.
Description: This is done by using DAST tools that target active programs by
mimicking realistic exploits. Some of the widely used DAST tools are Burp Suite,
OWASP ZAP, and Nessus.
Software security

3. Web Application Firewalls (WAF)

Responsibility: Security administrators.
Description: WAFs are made for blocking common internet based attacks such as
XSS and SQL injection that target web applications. Some of the popular WAFs are
ModSecurity and Imperva.
4. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems
(IPS)
Responsibility: Security teams and administrators.
Description: IDS and IPS devices monitor traffic on the internal network, looking
for indications of suspicious or malicious behavior, which they may then alert for,
or even prevent. The two most commonly used open-source IDS/IPS’s are snort
and suricata.
6. Authentication and Authorization Tools
Responsibility: Identity and access management teams.
Description: For example, multi-factor authentication are important
authentication tools that are used to control access to software systems.
Software security Vs cyber security
Software Security Cyber Security

It is process of providing security to It is a process of providing security to

software against malicious attack and computer systems and networks from
other hackers risks. attack, damage, and unauthorized access.

It is important because it include

It is important because it helps to prevent everything that can be done to protect
viruses and malwares that allows program confidential data, PII (Personally
to run quicker and smoother. identifiable information), PHI (Protected
health information), personal data, etc.

Its process includes risk management,

Its process includes designing, creating,
network security, monitoring, managing
and testing security software.
user privileges, malware protection.

It is especially designed to protect

It is especially designed to make software
network, devices, programs, and data
systems free of vulnerabilities and
from attack, damage, or unauthorized
impervious to attack as possible.
access.
Vulnerabilities

• A security vulnerability is an unintended characteristic of a computing

component or system configuration that multiplies the risk of an adverse event or
loss.
• These vulnerabilities can arise due to various factors, including accidental
exposure deliberate attacks, or conflicts with new system components.
• Unlike security risks, which might be inevitable, vulnerabilities can be addressed
through measures such as software patches, reconfiguration, user training,
firmware updates, or hardware replacements.
• Vulnerabilities mostly happened because of Hardware, Software, Network and
Procedural vulnerabilities.
1. Hardware Vulnerability:
A hardware vulnerability is a weakness which can used to attack the system
hardware through physically or remotely.
For examples:
Old version of systems or devices
Unprotected storage
Unencrypted devices, etc.
Vulnerabilities

2. Software Vulnerability:
A software error happen in development or configuration such as the execution of it
can violate the security policy.
For examples:
• Lack of input validation
• Unverified uploads
• Cross-site scripting
• Unencrypted data, etc.
3. Network Vulnerability:
A weakness happen in network which can be hardware or software.
For examples:
• Unprotected communication
• Malware or malicious software (e.g.:Viruses, Keyloggers, Worms, etc)
• Social engineering attacks
• Misconfigured firewalls
Vulnerabilities

4: Procedural Vulnerability:
A weakness happen in an organization operational methods.
For examples:
• Password procedure – Password should follow the standard password policy.
• Training procedure – Employees must know which actions should be taken and
what to do to handle the security. Employees must never be asked for user
credentials online. Make the employees know social engineering and phishing
threats.
5: Injection
Injection vulnerabilities occur when an attacker uses a query or command to insert
untrusted data into the interpreter via SQL, OS, NoSQL, or LDAP injection. The data
that is injected through this attack vector makes the application do something it is
not designed for. Not all applications are vulnerable to this attack, only the
applications that accept parameters as input are vulnerable to injection attacks.
Injection attacks can be prevented by
• Using safer API which avoids the use of the interpreter
• Using parameterized queries when coding
• Segregating commands from data to avoid exposure to attacks
Vulnerabilities
6: Broken Authentication
Broken Authentication is a vulnerability that allows an attacker to use manual or automatic
methods to try to gain control over any account they want in a system. In worse conditions, they
could also gain complete control over the system. This vulnerability is also more dangerous
because websites with broken authentication vulnerabilities are very common on the web.
Broken authentication normally occurs when applications incorrectly execute functions related
to session management allowing intruders to compromise passwords, security keys, or session
tokens.
Broken authentication attacks can be prevented by
• Implementing multi-factor authentication
• Protecting user credentials
• Sending passwords over encrypted connections
7: Broken Access Controls
This vulnerability occurs when there is broken access to resources, it means there are some
improperly configured missing restrictions on authenticated users which allows them to access
unauthorized functionality or data like access to others accounts, confidential documents, etc.
For this attack, attackers take the help of session management and try to access data from the
unexpired session tokens, which gives them access to many valid IDs and passwords.
Broken access control attacks can be prevented by
• Deleting accounts that are no longer needed or are not active
• Shutting down unnecessary services to reduce the burden on servers
• Using penetration testing
Vulnerabilities

8: Security Misconfiguration
It is estimated that up to 95% of cloud breaches are the result of human errors and this
fact leads us to the next vulnerability called security misconfiguration. This vulnerability
refers to the improper implementation of security intended to keep application data
safe. As we know that developer’s work is basically to work on the functionality of
websites and not on security and this flaw allows hackers to keep track of the
configuration of the security and find new possible ways to enter websites. The most
common reason for this vulnerability is not patching or upgrading systems, frameworks,
and components.
Security misconfiguration attacks can be prevented by
• Using Dynamic application security testing (DAST)
• Disabling the use of default passwords
• Keeping an eye on cloud resources, applications, and servers
Protection from Vulnerabilities

1.Mobile Device Management (MDM):

1. Mobile devices (laptops, smartphones, tablets) are often used for work, both on-
premises and remotely.
2. Implement an MDM solution to manage and secure mobile devices.
3. Address issues like physical theft, misplacement, and lookalike apps that trick
users into disclosing private information
2.Securing IoT Devices:
1. The Internet of Things (IoT) includes devices (smart thermostats, surveillance
cameras, etc.) that transfer data within a network.
2. Ensure IoT devices are secure, especially when employees use them remotely.
3. Hackers can exploit IoT devices as entry points into the network
3.Regular Vulnerability Scanning and Patch Updates:
1. Conduct regular vulnerability scans to identify weaknesses.
2. Keep software and operating systems up-to-date with security patches.
3. Unpatched applications can be exploited by attackers
Protection from Vulnerabilities

4. Firewall Configuration:
1. Configure firewalls properly to monitor network traffic.
2. Misconfigured firewalls can leave gaps in security.
5. Least Privilege and User Controls:
1. Enforce secure access by implementing least privilege principles.
2. Limit user permissions to essential functions.
3. Properly manage user controls to prevent unauthorized access
Malware
o Malware, short for malicious software, refers to any intrusive software developed
by cybercriminals (often called hackers) to steal data and damage or destroy
computers and computer systems.
o Cybercriminals typically use it to extract data they can use against victims to their
advantage in order to profit financially.
o Financial information, medical records, personal emails, and passwords are just a
few examples of the types of information that could be compromised.
o Malware is a program designed to gain access to computer systems, generally for the
benefit of some third party, without the user’s permission.
Why Do Cybercriminals Use Malware?
o Cybercriminals use malware, which includes all forms of malicious software
including viruses, for a variety of purposes.
o Using deception to induce a victim to provide personal information for identity
theft. Theft of customer credit card information or other financial information
o Taking over several computers and using them to launch denial-of-service attacks
against other networks
o Using infected computers to mine for crypto currencies like bitcoin.
Types of Malware

1. Viruses – A Virus is a malicious executable code attached to another executable

file. The virus spreads when an infected file is passed from system to system.
Viruses can be harmless or they can modify or delete data. Opening a file can
trigger a virus. Once a program virus is active, it will infect other programs on the
computer.
2. Worms – Worms replicate themselves on the system, attaching themselves to
different files and looking for pathways between computers, such as computer
network that shares common file storage areas. Worms usually slow down networks.
A virus needs a host program to run but worms can run by themselves. After a worm
affects a host, it is able to spread very quickly over the network.
3. Trojan horse – A Trojan horse is malware that carries out malicious operations
under the appearance of a desired operation such as playing an online game. A
Trojan horse varies from a virus because the Trojan binds itself to non-executable
files, such as image files, and audio files.
4. Ransom ware – Ransom ware grasps a computer system or the data it contains
until the victim makes a payment. Ransom ware encrypts data in the computer with
a key that is unknown to the user. The user has to pay a ransom (price) to the
criminals to retrieve data. Once the amount is paid the victim can resume using
his/her system
Types of Malware

5. Adware – It displays unwanted ads and pop-ups on the computer. It comes along
with software downloads and packages. It generates revenue for the software
distributer by displaying ads.
6. Spyware – Its purpose is to steal private information from a computer system for a
third party. Spyware collects information and sends it to the hacker.
7. Logic Bombs – A logic bomb is a malicious program that uses a trigger to activate
the malicious code. The logic bomb remains non-functioning until that trigger event
happens. Once triggered, a logic bomb implements a malicious code that causes
harm to a computer. Cyber security specialists recently discovered logic bombs that
attack and destroy the hardware components in a workstation or server including the
cooling fans, hard drives, and power supplies. The logic bomb overdrives these
devices until they overheat or fail.
8. Rootkits – A rootkit modifies the OS to make a backdoor. Attackers then use the
backdoor to access the computer distantly. Most rootkits take advantage of software
vulnerabilities to modify system files.
9. Backdoors – The purpose of the backdoor is to grant cyber criminals future access
to the system even if the organization fixes the original vulnerability used to attack
the system.
Types of Malware

10.Keyloggers – Keylogger records everything the user types on his/her computer

system to obtain passwords and other sensitive information and send them to the
source of the keylogging program.
How To Know If Our Devices Are Infected With Malware?
five signs that your device may be infected with malware or a virus:
11. Device Overheating: If your device suddenly feels hot to the touch or starts
overheating, it could be due to malware. Malicious software puts additional strain
on your device’s internal components, causing it to heat up.
12. Everything Feels Off: Similar to how a human virus affects overall health, a digital
virus impacts every aspect of your device’s performance. Look out for slower
website loading, app crashes, or poor battery life.
13. Random Pop-Ups and New Apps: An increase in unexpected pop-up ads or
unfamiliar app icons could indicate malware. Malicious apps may display unwanted
ads or even install other harmful software.
14. Fraudulent Links from Your Accounts: Malware might gain access to your contacts
list and send messages to your friends, spreading the infection. Be cautious if you
notice this cycle and change your passwords immediately 11.
15. Unauthorized Charges: If you see unauthorized charges on your credit card or bank
statements, investigate further. Malware could be making purchases on your behalf
or stealing your personal information
Protection from Malware

How To Protect From Malware?

Look at these top suggestions:
1. Protect your devices.
2. Update your operating system and software
3. Never click on a popup’s link.
4. Don’t install too many apps on your devices
5. Be cautious when using the internet.
6. Do not click on unidentified links.
7. Choose the websites you visit wisely.
8. Emails requesting personal information should be avoided.
9. Do not click a link in an email that appears to be from your bank and asks you to do
so in order to access your account or reset your password. Log in immediately at
your online banking website.
How To Remove Malware?
An antimalware tool that handles malware detection and removal is Malwarebytes.
Malware can be eliminated from Windows, macOS, Android, and iOS operating
systems. A user’s registry files, currently running programs, hard drives, and individual
files can all be scanned by Malwarebytes.
Advantages and disadvantages from Malware

Advantages of Detecting and Removing Malware

1. Improved Security
2. Prevent Data Loss
3. Protect Reputation
4. Increased Productivity

Disadvantages of Detecting and Removing Malware

5. Time-Consuming
6. Cost
7. False Positives
8. Difficulty
9. Risk of Data Loss
Database security
o Database Security means keeping sensitive information safe and prevent the loss of
data.
o Security of data base is controlled by Database Administrator (DBA).
o The following are the main control measures are used to provide security of data
in databases:
1. Authentication (process of confirmation that whether the user log in only
according to the rights provided to him to perform the activities of data
base)
2. Access control (done by creating user accounts and to control login
process by the DBMS. )
3. Inference control (countermeasures to statistical database security
problem. Used to prevent the user from completing any inference
channel.)
4. Flow control (prevents information from flowing in a way that it
reaches unauthorized users)
5. Database Security applying Statistical Method
6. Encryption
Database security

Common threats and challenges:

1. Software Misconfigurations: Improperly configured software can lead to
vulnerabilities.
2. Carelessness or Misuse: Human errors, lack of awareness, or misuse of database
privileges can compromise security.
Advantages of Database Security:
1. Improved Data Security
2. Safeguarding Intellectual Property
3. Brand Reputation Protection
4. Business Continuity
5. Compliance with Regulations
Disadvantages of Database Security:
6. Complexity
7. Cost
8. Performance Overhead
Security policies

 A security policy (also called an information security policy or IT security

policy) is a document that spells out the rules, expectations, and overall
approach that an organization uses to maintain the confidentiality, integrity,
and availability of its data.
 Security policies exist at many different levels, from high-level constructs
that describe an enterprise’s general security goals and principles to
documents addressing specific issues, such as remote access or Wi-Fi use.
 A security policy is frequently used in conjunction with other types of
documentation such as standard operating procedures. These documents
work together to help the company achieve its security goals.
 The policy defines the overall strategy and security stance, with the other
documents helping build structure around that practice.
 You can think of a security policy as answering the “what” and “why,” while
procedures, standards, and guidelines answer the “how.”
Types of Security policies

1. Information Security Policy

organization’s overall security policy. It provides a framework for
consistent and coordinated security efforts, ensuring that all aspects of information,
including data, technology and people, are protected.
2. Data Security Policy (Data Protection Policy)
A data security policy is essential for protecting sensitive and
confidential data, which is a primary target for cyber attacks. It ensures
that this data is handled appropriately and that the organization complies
with data protection laws like GDPR and HIPAA. It addresses how data is
collected, stored, processed and shared to maintain its confidentiality,
integrity and availability.
3. Data Classification Policy :
A data classification policy outlines how your organization
classifies the data it handles. It helps everyone understand the kinds of data
in use and outlines the rules for handling it, and helps you ensure you have
the right measures in place to protect the data appropriately.
Types of Security policies

4. Risk Assessment Policy:

This policy defines how to identify, evaluate and manage risks
associated with your organization’s operations and assets. It will typically highlight
the following detail.
• The methods and procedures for identifying and cataloging potential
risks.
• The criteria and processes for evaluating the potential impact and
likelihood of identified risks.
• Strategies for reducing, mitigating or transferring risks once they are
identified and assessed.
• Who is responsible for conducting risk assessments, evaluating risks
and implementing mitigation measures.
• How risk assessment findings will be communicated to relevant
stakeholders, including the frequency and format of reports.
• How often risk assessments will be conducted and how frequently
they will be reviewed and updated to adapt to changing circumstances,
technologies and threats
Types of Security policies

5. Incident Detection Policy:

This policy outlines the procedures and tools used to detect security
incidents in your organization. It is essential for early detection and containment of
security or data breaches. It defines the types of incidents, the roles and
responsibilities for incident detection, and the use of intrusion detection systems
(IDS), log monitoring and other tools.
6. Employee Awareness and Training Policy:
Employees are often the first line of defense against cyber security threats.
Therefore, an employee security awareness and training policy is crucial for
managing and preventing security incidents. This policy educates employees on
security best practices, risks and their responsibilities in maintaining a secure work
environment. It outlines the requirements, topics and frequency of training. It may
also include measures to test employee awareness.
7. Password Management Policy:
Strong password practices help safeguard sensitive information and systems
from unauthorized access through secure management of passwords. It covers
password complexity requirements, expiration policies, account lockout rules,
secure storage and more.
 Types of Security policies
8. Email Policy:
Email is the most common form of business communication, and emails often
contain sensitive data. It’s therefore essential to have an email policy that protect against
email-related .
9. Bring-Your-Own-Device Policy
This policy governs the use of personal devices for work purposes. It defines
device security requirements, data access and storage rules, and responsibilities for
device management.
10. Acceptable Use Policy
An acceptable use policy helps maintain network security, protect against legal
liabilities and ensure employees use resources responsibly. It outlines acceptable and
unacceptable practices for the organization computers, networks and other resources,
such as internet usage, software installation and personal use such as accessing social
media.
11. Backup Policy
Backups are critical for recovering from data loss, system failures and security incidents.
It states the frequency of backups, the types of data or systems to be backed up, storage
locations, and backup retention periods.
12. Disaster Recovery Policy
A well-defined disaster recovery policy helps an organization minimize downtime and
data loss in the face of disasters by establishing procedures and strategies for resuming
operations. It covers recovery of data and systems, as well as roles and responsibilities
Seven elements of an effective security policy

1. Clear purpose and objectives

2. Scope and applicability
3. Commitment from senior management
4. Realistic and enforceable policies
5. Clear definitions of important terms
6. Tailored to the organization’s risk appetite
7. Up-to-date information

Time hua too yahn se questions dekh ln gy

What is a Security Policy? Definition, Elements, and Examples (varonis.com)
Policy formation and enforcement

•Policy is a set of rules that dictates the acceptable and unacceptable behavior.
•Standards are more detailed statements of what must be done to comply
with policy
Policy formation and enforcement

• Importance of policy:
Policy formation
• Process that involves identifying and creating a set of policy alternatives to address a
specific problem.
• During this phase, decision-makers develop normative solutions that guide
subsequent actions.
• Key components of policy formulation include:
• Objectives: Defining the ideal situation to be achieved when the problem is solved.
• Means of Action: Identifying the methods or strategies to achieve the objectives.
• Responsibility: Determining the actors responsible for implementing the chosen
means.
• Advantages of Policy Formation:
1. Structured Decision-Making
2. Problem Solving
3. Guidance for Implementation
• Disadvantages of Policy Formation:
1. Limited Perspective
2. Complexity
3. Resistance to Change
Policy formation
1. Establish Objectives:
Begin by defining the purpose and goals of your information
security policy. What are you trying to achieve? Consider factors like risk reduction,
compliance, and protection of sensitive data.
2. Identify Relevant Regulations:
Understand the corporate, industry, and government regulations that impact
your organization. These regulations will shape the content of your policy.
3. Customize the Policy:
Tailor the policy to your organization’s specific needs, risk profile, and business
environment. Avoid a one-size-fits-all approach.
4. Align with Organizational Needs:
Ensure that the policy aligns with your organization’s overall strategy, culture, and
operational requirements.
5. Inventory Systems, Processes, and Data:
Identify all the systems, processes, and data that the policy will cover. This step
helps you understand the scope of your policy.
6. Risk Identification:
Assess the risks associated with your systems, data, and workflows. Consider both
internal and external threats
Policy enforcement
• Policy enforcement refers to the process of ensuring compliance with security
policies, procedures, and standards.
• It involves enforcing access controls, monitoring system usage, and ensuring that
devices and software are updated and patched to prevent security breaches.
Advantages of Policy Enforcement:
1. Security Enhancement
2. Consistency
3. Risk Mitigation
4. Auditing and Accountability
Disadvantages of Policy Enforcement:
5. Rigidity
6. Complexity and Overhead
7. Resistance and User Frustration
8. False Positives and Negatives
Policy enforcement
1. Policy Definition: Clearly articulate the rules, expectations, and approach for
maintaining the confidentiality, integrity, and availability of data. The policy should
cover areas like access control, data management, and acceptable use.
2. Application and Implementation:
Translate policy requirements into practical actions. Implement controls,
procedures, and technical measures to enforce the policy.
3. Management and Monitoring:
Regularly review and update the policy as needed. Monitor compliance, track
incidents, and adjust controls based on changing threats or business needs.
4. Automated Execution:
Use technology to automate policy enforcement where possible. For example,
access control lists, firewalls, and intrusion detection systems can enforce policy
rules
SAMPLE SLIDES