Unit2 CyberSecurity Shared

Noida Institute of Engineering and Technology, Greater Noida Application Security (CO2)
APPLICATION Introduction to Application Security

• Security of information and information systems is,
SECURITY
undoubtedly, the leading challenge for organizations.
• However, they cannot ignore the importance of third-party

vendor applications such as Web browsers, and therefore,
security measures must be applied to maintain the data and
Unit: 2 application security.
• In order to secure applications, we have various technologies

Subject such as firewall, Virtual Private Network (VPN), and access
Cyber Security Devanshu Dube control systems.
(AMCANC 0201) MCA • Online purchase of products and services is considered to be
one of the most vulnerable uses of the Internet as it involves
Course Details exchange of finances and identity.
MCA – 2nd Semester
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 2
Introduction to Application Security (CO2) Application Security (CO2)
• Attackers, in the last decade, not only targeted the servers and
operating systems (OSs) but also attacked the Client Applications. APPLICATION SECURITY
• Application security is the use of software hardware and procedural
• Organizations and individuals use various types of client-side methods to protect applications from external threats.
applications that include Browsers, Multimedia Programs, and
Document Readers. • Security is becoming one of the important concern during
application development.
• The most common attacks on the client-side applications include • There are three types of application security:
Phishing and Social Engineering.
• Database security
• Attacker may send malware through e-mail. • Email Security
• Internet security
• Attacker may ask to download a plug-in or a cookie to help you
improve your search, but that may turn you into a victim of social
engineering attack.
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 3 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 4
1
Application Security (CO2) Application Security (CO2)
DATABASE SECURITY DATABASE SECURITY
• It is used to protect the data, database applications or
• Data corruption and loss caused by the entry of invalid data or commands
stored functions, the database systems, server and the
• Many layers and type of information security are appropriate to database
associated network links.
including
• It involves various categories of controls, such as technical, procedural/administrative,
physical. • Access Control : In the fields of physical security and information
Security risk to database system includes security access control is selective restriction of access to a place or other
• Unauthorized or unintended activity or misuse by authorized database user, or hackers. resource.
• Malware infections causing incidents such as unauthorized access, leakage or disclosure of • Auditing : Involves observing a database so as to be aware of the actions
personal or proprietary data of database users.
• Unanticipated failure of database services • Authentication : It is the act of confirming the truth of an attribute of a
• Overloads, performance constraints resulting in the inability of authorized users to use single piece of data or entity.
database as intended.
• Physical damage to servers by fire, electronic breakdown…etc.
• Encryption : A process of converting the data within a database, in plain
text form to a meaningless cipher text by means of suitable algorithm. It is
• Design flaws and programming bugs in database and associated programs and systems
creating various vulnerabilities
done to encrypt sensitive data like credit card details, medical Records etc.
Application
Application
Security
Security
(CO2) Application Security (CO2)
EMAIL SECURITY
• E-MAIL is one of the uses of WWW which is fast and secures methods of
sending information to the other computers users.
DATABASE SECURITY • A typical email contains four elements
• Post offices : where outgoing message temporary stored
• Backup : A process of backing up refers to copying and archiving • Message transfer agents (MTA) : Used for forwarding message
between post offices and to destinations client
the data so it may be used to restore the original after the loss or Gateways Translate different email system, different email addressing
an event schemes and messaging protocols.
• Integrity control : It refers to maintaining the accuracy and • Email Clients Computer that connects to Post offices.
consistency of data over its entire life cycle and is a critical aspect to • MAIL SEVER uses SMTP,POP,IMAPv4 protocol.
the design and implementation and usage of any system which
store processes or retrieves data.
2
APPLICATION SECURITY (CO2) APPLICATION SECURITY (CO2)
Security Services
Email Security issues
• Most Electronics System Provides Variety of Security Services For
• Email can allow attacker to exploit an organization user to gather Electronic Mail as given below:
information. • Privacy
• Flaws in mail server application may be exploited • Authentication
• DoS attacks may be directed to the mail server • Integrity
• Sensitive information on mail servers may be read by unauthorized • Non-repudiation
users • Proof of Submission
• Information may be altered • Proof of Delivery
• Users may send inappropriate message via email which may lead to • Audit
action against company • Accounting
• Missed configuration may allow malicious entities to use organization • Self Destructs
server to send email based advertisement. • Containment
5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 9 5/24/2022 10

DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2
INTERNET SECURITY (CO2) INTERNET SECURITY (CO2)
INTERNET SECURITY INTERNET SECURITY

• Internet security is defined as a process to create rules and actions
to take to protect against attacks over the Internet. An example • Internet security is defined as a process to create rules
of Internet security is an online system that prevents credit card and actions to be taken to protect against attacks over
numbers from being stolen on a shopping website. the Internet. An example of Internet security is an online
Or system that prevents credit card numbers from being
• Internet security is a branch of computer security specifically stolen on a shopping website.
related to the Internet, often involving browser security but
also network security on a more general level as it applies to other
applications or operating systems on a whole. Its objective is to • Internet security is specifically related to the Internet,
establish rules and measures to use against attacks over the • browser security
Internet. The Internet represents an insecure channel for
exchanging information leading to a high risk of intrusion or fraud, • network security.
such as punishing. Different methods have been used to protect the • Its objective is to establish rules and measures to use
transfer of data, including encryption and from-the-ground-up against attacks over the Internet.
engineering.
3
INTERNET SECURITY THREATS (CO2) INTERNET SECURITY THREATS (CO2)
Types of Internet Security Threats and Its Prevention Phishing Threats:
Phishing means, when any website
Viruses : VITAL INFORMATION RESOURCES UNDER SIEGE impersonates itself as a trustworthy and
• A computer program developed intentionally to
corrupt the files, applications, data, etc. of a
well established brand most probably to
computer. It gets back door entry (from storage steal the information as well as money
devices, internet, USB etc.) without the by misleading the online users.
knowledge of the user, and exploits the system
mercilessly. Prevention:
• Install updated version of antivirus tool.
Hackers:
• An intruder or probably an enemy of a particular entity with malicious • Do not click blindly on the hyperlinks appearing in the e-mail that
intentions creates and injects malicious content to steal sensitive information came from the unknown sources.
or money or sometimes to destroy some part of data or applications.
Prevention: • Secure your website with anti spam and phishing detection tools.
• Beware of downloading applications, files (mp3, mp4, gif, etc) from the • Always look for the “https:” before trusting the website especially,
sites and also from the attachments of the e-mails.
before providing credit card information and personal information.
• Use/buy certified and secured products from the vendors.
• Keep a habit of regularly scanning the system also keep updating the virus • Guard the walls of the server with updated firewalls.
scanning tools/software.
INTERNET SECURITY THREATS (CO2) Topic

Infected Websites:
• These are the normal looking website that acts as sources of
viruses, Trojans and malwares.
• Be it in emails or ads on the websites or the normal looking
website, you might never know what it is stored in it. These can be
the sources of viruses, Trojans and malwares; by clicking on the link
you install them in your system. DATA SECURITY CONSIDERATION
Prevention:
• Avoid visiting to the suspicious websites
specially those, which are not secured
with digital certificates, install appropriate
antivirus, anti malware, anti phishing tools.
4
Data Security Considerations(CO2) Reasons for Data Loss (CO2)
• Security of data means maintaining its Confidentiality- Hardware

Integrity-Availability (CIA) properties, which requires certain Failure
points to be considered. Theft of Fault
– Data backup Storage (media/
media software)
– Archival Reasons
for Data
– Disposal
Loss
Erroneous
human Infection
activities of viruses
Power
Failure
Data Backup Security Considerations Storage Media Data Backup (CO2)

(CO2)
• Compact Disks (CDs),

• Data Backup primarily used for the purpose of data security
against any kind of accidents or loss of data due to some • Digital Versatile Disks (DVDs)
malicious activities.
• Removable hard drive
• Backup of data is nothing, but the storage of a snapshot of
data at certain points. • Magnetic tape
• One could restore the most recent form of data. • Time machine (backup mechanism of macOS)
• Data backup is seen as an essential part of data management

operations.
5
Data Backup Modes (CO2) Data Backup Modes (CO2)
Incremental Storage Mode

Backup Modes
– Incremental • First create a backup of all the files of relevance.
– Differential
• Keep on backing up only those files in which some changes
or modifications have occurred since the last backup.
• In this backup method, you should use removable storage

media such as CDs/DVDs to store the backup files.
Data Backup Modes (CO2) Data Archival Security Considerations (CO2)
• Data archiving is the process of moving data that is no longer

Differential Storage Mode actively used to a separate storage device for long-term retention.
• First create a backup of the entire system (or the backup of • In a bulk data set, some parts may be crucial for future references,
relevant files). but may not be actively used anymore.
• Therefore, most organizations move the currently inactive parts of
• Every time changes are incorporated in the files or new files data to a separate storage location in order to reduce complexity
created, you will need to back up the files since the first full and keep active parts of data fresh.
backup. • This process of separating older (or currently inactive) data from
currently active, new, and fresh data is known as archival of data.
• Use fixed media such as removable hard drives or networked • The separated older data is moved to a different storage device so
hard drives for storing the backup files. that the data can be retained for a long time and referenced
whenever required.
6
Data Backup vs Data Archival (CO2) Data Backup vs Data Archival (CO2)
Backup Archive
The original data remains
Archived data is moved
in place, while a backup
Data Backup Data Archival Data Storage Method
copy is stored in another
from its original location to
an archive storage location
location
Once you create an
Backed up data is
It is the storage of data that can Data archiving requires Data State
constantly changing
archive, you do not modify
it
be used later to recover data retaining data that has become You periodically delete or
overwrite data backups Data archives are designed
lost due to disaster or malicious obsolete for current purposes Data Retention Policy
that are too old to be for long-term storage
useful
activities such as hacking. but can be required, at a later Hot cloud storage or easily
Cold cloud storage or
Storage Type accessible local storage
stage, for reference. locations
tape archives
All of your data, with the

Specific files that you must
exception of unimportant
Data Scope retain for compliance
information like temporary
purposes
files
Benefits of Data Archival(CO2) Criteria for Data Archival (CO2)
• Reduce cost • Records being rarely changed or accessed and important but less
• Save storage space in the online system accessed information are most suitable data for archival.
• Reduce access complexity • The criteria can be defined by the user or the archiving products
• Improve system performance may take metadata for files and contexts of objects as defining
criteria to select the information to be archived.
• Efficient identification of preserved data
• Archived data is stored according to the object context and indexed
• Use archived data for historical researches
so that finding them becomes easy whenever required in future.
• These systems store records in a well-managed form so that we can

use and understand the records in future.
7
Selection of the best archival solutions(CO2) Selection of the best archival solutions
1- Longevity of storage solution: 2- Manageability of storage solution:

Following features helps in simplifying the archiving-service
• Archiving solution should be selected keeping long-term objectives
delivery.
in mind.
• Security and role-based access control options
• The solution should offer the required level of flexibility and ease of
• Granular provisioning and reporting
access for changes to be easily incorporated as and when required.
3- Amount of focus on intelligence of content:
• The content intelligence quality of archival solutions helps
organizations in identifying and defining the value of specific
sections of data.
Selection of the best archival solutions Data Disposal Security Considerations (CO2)
• Data Disposal is an act of permanently deleting or destroying the

4- Optimization of total cost of ownership:
data stored in a media for some security or compliance reasons.
• Archiving solutions should provide technical and administrative • Whenever legacy or obsolete systems and devices are replaced,
functionalities that help you in reducing costs in certain areas so removal of data stored in those systems and devices at present is a
that the ownership cost as a total can be cut down. must.
5- Type of available solution: • One cannot destroy data just by sending items into the trash.
Destruction of data requires you to take measures beyond this.
• An archival solution should be capable of accommodating to the Data sent to trash can be recovered easily.
scaling needs, supporting third party product integration, and
• Destruction of data means to completely wipe out the data from
working with a large set of storage options.
the storage media. This process of wiping out the data completely
You should select archiving solutions that apply the best kinds of data is known as Data Disposal.
security and retention measures.
8
Data Disposal Security Considerations (CO2) Data Disposal Security Considerations (CO2)
Overwriting hard drives

• Hard drives are not overwritten just by selecting and deleting an
Ways of item. Each area on your hard drive should be overwritten a number
Disposal of times to erase previous records completely.
• In the overwriting procedure, it is possible to reuse hard drives.
Overwriting
Degaussing Destroying
hard drive
Data Disposal Security Considerations (CO2) Data Disposal Security Considerations (CO2)
Degaussing hard drives and backup tapes Destroying storage

• Disposal of data is possible most securely through destruction of
• In degaussing method of data disposal, the magnetic storage the storage media.
• The best way to destroy your device is to shred it in the same way
devices, such as hard drives and backup tapes, are demagnetized so
as you shred a paper document.
that all the stored data on these devices is completely destroyed. • The first thing to consider is that deleting items to erase data is not
reliable because you can recover deleted data from hard drives and
other storage devices. This is a huge risk for the security of data.
• The magnetic media are unable to store any more data.
9
Topic Firewall (CO2)
• A firewall is a network security device that monitors incoming

and outgoing network traffic and permits or blocks data
packets based on a set of security rules.
• Its purpose is to establish a barrier between the internal
FIREWALL
network and incoming traffic from external sources (such as
the internet) in order to block malicious traffic like viruses and
hackers.
• Firewalls have been a first line of defense in network security.

• They establish a barrier between secured and controlled
internal networks that can be trusted and untrusted outside
networks, such as the Internet.
Firewall (CO2) Firewalls(CO2)

• Firewall is a combination of software and hardware.
• It maintains private network security by applying security policies at two or

more network boundaries.
• A firewall is a network security device, either hardware or software-based,

which monitors all incoming and outgoing traffic and based on a defined
set of security rules it accepts, rejects or drops that specific traffic.
• Accept : allow the traffic
• Reject : block the traffic but reply with an “unreachable error”
• Drop : block the traffic with no reply
• The Design goals includes
• All network traffic must pass through the firewall.
Source : https://iotlabs.dyndns.biz/ • Only authorized traffic will be allowed to pass from a firewall.
10
Functions of Firewall (CO2) Firewall Characteristics(CO2)
Firewalls include a variety of functions and capabilities with built-in

Service
features: control
• Network Threat Prevention

• Application and Identity-Based Control
• Hybrid Cloud Support Characteristics Direction
Behaviour control
of Firewall
• Scalable Performance control
• Network Traffic Management and Control
• Access Validation
• Record and Report on Events User
control
Firewall Characteristics(CO2) Types of Firewalls(CO2)

1. Service Control:
Service control shall specify the form of internet services available,
inbound, or outbound. It is enabled to funnel data using IP address and
TCP port, have a proxy application that collects and translates each service Firewalls
request before transmitting it or host the web server itself, like web or
mail.
2. Direction Control:
The control defines the path in which a complex service request can be Packet filtering Circuit-level Gateway
launched and passed across the firewall.
3. User Control:
It regulates access to a program that the customer attempts to enter. Application Gateway
4. Behaviour Control:
It regulates how specific services need to be employed.
5/24/2022 43 5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 44
11
Packet Filtering Firewalls(CO2) Packet Filtering Firewalls(CO2)
Inspects the packets of data that are passed through the network
It controls network access by analyzing incoming and and accepts or rejects the packets on the basis of the default or
outgoing packets user-defined rules.
Security Perimeter
Packet filter is also known as network layer firewall.
Private
Internet Network
Packet
filtering
router
Packet Filtering Firewalls(CO2) Application Gateway Firewalls(CO2)
Network layer firewalls are of two types- • It is a Firewall proxy
1. Stateful- Stateful firewalls maintain the state information of • It filters the inbound traffic to certain specific applications
active session. Application-level gateway

State contains properties, such as source and destination IP
addresses, UDP or TCP ports, and the current stage of the Outside connection Inside connection
connection’s lifetime.
2. Stateless- They require less time to filter the packets as they

do not maintain the state information of sessions.
Inside host
Outside host
12
Application Gateway Firewalls(CO2) Circuit-Level Gateway Firewalls(CO2)
Applies security mechanisms to specific applications such as File It monitors the TCP data packets handshaking to ensure legitimate
session
Transfer Protocol (FTP) and Telnet servers.
• Application layer firewalls are based on the application level of
the TCP/IP stack. These firewalls intercept all packets that are
sent or received from an application.
• Application layer firewalls help you in preventing unwanted
outside traffic from reaching to protected machines.
• These firewalls can restrict or prevent spreading of computer
worms and Trojans over a network.
Source: Swyam
Circuit-Level Gateway Firewalls(CO2) Topic
Applies security mechanisms after establishing a TCP or an UDP

connection. Virtual Private Network (VPN)
• The circuit-level gateway firewalls work at the session layer of
the OSI model.
• They monitor TCP handshaking between the packets to

determine whether or not the requested session is legitimate
13
Virtual Private Network (VPN) (CO2) Virtual Private Network (VPN) (CO2)
• VPN is a private communication network, which is the most

secure, remote method of connecting a computer to a private
network with the help of a public network, such as the
Internet.
• It creates the virtual tunnel through which the data travels from
one computer to the other over the network.
• Due to this, an attacker gets the way to use the remote client to
relay attacks through the VPN tunnel.
Source: CISCO
How does a virtual private network (VPN) work? (CO2) Virtual Private Network (VPN) (CO2)
Basic VPN Terms

• A VPN extends a corporate network through encrypted connections
made over the Internet.
• Because the traffic is encrypted between the device and the network,
traffic remains private as it travels.
• An employee can work outside the office and still securely connect to
the corporate network.
• Even smartphones and tablets can connect through a VPN.
Source: CISCO
14
Types VPNs (CO2) Remote-Access VPNs (CO2)
• Remote Access VPN permits a user to connect to a private network and
• Virtual Private Network (VPN) is basically of 2 types:
access all its services and resources remotely. The connection between
1. Remote Access VPN the user and the private network occurs through the Internet and the
2. Site to Site VPN connection is secure and private. Remote Access VPN is useful for home
users and business users both.
• A remote access VPN securely connects a device outside the corporate

office. These devices are known as endpoints and may be laptops,
tablets, or smartphones.
• Advances in VPN technology have allowed security checks to be

conducted on endpoints to make sure they meet a certain posture
before connecting.
Remote-Access VPNs (CO2) Remote-Access VPNs (CO2)
• An employee of a company, while he/she is out of station, uses a VPN to

connect to his/her company’s private network and remotely access files
and resources on the private network.
• Private users or home users of VPN, primarily use VPN services to

bypass regional restrictions on the Internet and access blocked
websites.
• Users aware of Internet security also use VPN services to enhance their
Internet security and privacy.
Source: CISCO
15
Site-to-Site VPNs (CO2) Site-to-Site VPNs (CO2)
• A Site-to-Site VPN is also called as Router-to-Router VPN and is
• Intranet based VPN: When several offices of the same company are
commonly used in the large companies. Companies or organizations, connected using Site-to-Site VPN type, it is called as Intranet based VPN.
with branch offices in different locations, use Site-to-site VPN to
• Extranet based VPN: When companies use Site-to-site VPN type to connect
connect the network of one office location to the network at another to the office of another company, it is called as Extranet based VPN.
office location. • Site-to-site VPN create a imaginary bridge between the networks at
• A site-to-site VPN connects the corporate office to branch offices over geographically distant offices and connect them through the Internet
the Internet. and sustain a secure and private communication between the
networks. In Site-to-site VPN one router acts as a VPN Client and
• Site-to-site VPNs are used when distance makes it impractical to have
another router as a VPN Server as it is based on Router-to-Router
direct network connections between these offices.
communication. When the authentication is validated between the two
• Dedicated equipment is used to establish and maintain a connection. routers only then the communication starts.
Site-to-Site VPNs (CO2) Secure Remote-Access VPNs (CO2)
What is secure remote access?
• Secure remote access provides a safe, secure way to connect users and
devices remotely to a corporate network. It includes VPN technology
that uses strong ways to authenticate the user or device.
• VPN technology is available to check whether a device meets certain

requirements, also called a device’s posture, before it is allowed to
connect remotely.
Source: CISCO
16
Secure Remote-Access VPNs (CO2) VPN Components (CO2)
Is VPN traffic encrypted?
• Yes, traffic on the virtual network is sent securely by establishing an

encrypted connection across the Internet known as a tunnel. VPN
traffic from a device such as a computer, tablet, or smartphone is
encrypted as it travels through this tunnel. Offsite employees can then
use the virtual network to access the corporate network.
Source: CISCO
Topic Intrusion Detection Systems(IDS)(CO2)

• IDS monitors network traffic for suspicious activity
• Issues alerts in case of illicit activity
Intrusion Detection • Anomaly detection and reporting are two main functions
• Administers two jobs namely, forensic analysis and alert generation
• Prone to false alarms or false positives
• It is a software application that scans a network or a system for the harmful

activity or policy breaching.
• Any malicious venture or violation is normally reported either to an

administrator or collected centrally using a security information and event
management (SIEM) system.
• A SIEM system integrates outputs from multiple sources and uses alarm
filtering techniques to differentiate malicious activity from false alarms.
17
Intrusion Detection Systems(IDS) Components of Intrusion Detection System
Forensic • An IDS comprises Management console and sensors

Analysis
• It has a database of attack signatures
IDS
• Sensors detect any malicious activity
Alert
Administration • It also matches the malicious packet against the database
• If found a match, the sensor reports the malicious activity to

the management console
Source: CISCO
Components of Intrusion Detection System Types of Intrusion Detection Systems
• IDS is classified based on its level of operations
Decision Alarm
Detection Engine
Table
Monitors Malicious Response IDS
Detection
Configuration
Sensor Decision Engine
Hosts and Manages and Reports
Networks Action
Information Recorded NIDS NNIDS HIDS
Report
Management Console Network Node Network Host
Intrusion Intrusion Detection Intrusion
Detection System Detection
System System
18
Network Intrusion Detection System (NIDS) Network Intrusion Detection System
• NIDS examines the traffic on a whole subnet.
• It compares with the traffic passed by the attacks in existing

database
• It is positioned at strategic points within the network
• Scans inbound and outbound traffic from all network devices
Source: Swayam
Network Node Intrusion Detection System (NNIDS) Host Intrusion Detection System (HIDS)
• The Host Intrusion Detection System (HIDS) runs on all the devices
• It is similar to NIDS in the network with access to the internet and other parts of the
• The traffic in NNIDS is only monitored on a single host unlike enterprise network.
NIDS • HIDS takes an Image of entire system’s file set and compares it to
the preceding picture
• If there are major differences, then it sends an alert to the

administrator
• It runs on all machines and devices in the network
• It has direct access to both internet and internal network
• HIDS have some advantages over NIDS, due to their ability to look
more closely at internal traffic, as well as working as a second line of
defense against malicious packets a NIDS has failed to detect.
Source: Swayam
19
Host Intrusion Detection System (HIDS) Topic
Access Control
Source: Swayam
Access Control (CO2) Access Control (CO2)
• Access control is a mechanism that defines and controls

Access control
access rights for individuals who can use specific resources in
systems
the OS.
• The access control is a security feature through which the

system permits or revokes the right to access any data and
Program Data rights
resource in a system. File permissions permissions
permissions
• The permission to access a resource is called authorization.
User can create, read, User can execute a User can retrieve or
edit, or delete file on the program on an update information in
server application server a database
20
Identification versus Authentication Access Control (CO2)
Identification Authentication
• Identification refers to the • Authentication refers to the
Rule-Based Access Mandatory Access
process of labeling and process of verifying whether the Control Control
recognizing a user. user is a valid user or not.
• The user provides his/her • Authentication processes or Access

credentials to a computer or a methods are password based or
network, which identifies the PIN, smart card, token, or an
Control
user. identification device, and
fingerprints or retinal pattern.
Role-Based Access Discretionary Access
Control Control
Mandatory Access Control (CO2) Discretionary Access Control (CO2)
Advantage
•MAC defines the Applicability
accessibility of
Exhaustive Problem
functionality, Enabling This model finds its
information in a applicability in the Advantage Despite the fact that
the detection and
consistent manner. environments where •DAC model offers this model offers a
repair of security It ensures dynamic
•Unless the the confidentiality of flexibility related to flexible environment,
breaches. exchange of
organization of information is the the exchange of unauthorized
information with
information crux of the matter. information to the information
other users.
exchange is put It allows outright network users disclosure is always
into place by the control over the the likely possibility
administrators, management of .
users can’t share information, and if
the information. required, can lock
down the network.
21
Role-Based Access Control (CO2) Rule-Based Access Control (CO2)
•RBAC models put

control over the
Advantage These rules allow
information access This model is
from the viewpoint of It follows function- •The decision access to some people
appropriate in the appearing in a list (an The list may contain
organizational roles centric- approach rather making is
into perspective. than individual centric. environments dependent on the allow list) while deny usernames, IP
settings that have access to others addresses, or even
exhibiting high been saved into appearing in a domains.
•RBAC model offers turnover. preconfigured different list (a true
flexibility, which is security policies deny list).
always greater than the
MAC model, but less
than the DAC model.
NOIDA INSTITUTE OF ENGINEERING AND TECHNOLOGY,GREATER NOIDA

Security Threats (CO2)
SECURITY THREATS
22
Viruses (CO2) Viruses (CO2)
• A virus refers to piece of software that is designed and

developed with the purpose of infecting a computer system
and performs illicit operations. Polymorphic Armored Phage
• A virus infected system can hamper data stored on a hard
drive, crash the OS, or get spread on a network.
Stealth Viruses Macro Virus
• Some of the ways by which a virus gets transmitted to a
system are:
a) On using infected media, such as CDs or USB drives. Retroviruses Multipartite Companion
b) Through e-mails and accessing social websites as a part of
another program.
Polymorphic Viruses (CO2) Polymorphic Viruses (CO2)
• Refers to the virus types that change from one form to another
to avoid being detected.
• A system infected by a polymorphic virus displays a message

and deletes the files available on the system.
• This virus involves the process of mutation which consists of

encrypting its parts to avoid detection.
• These viruses hide themselves in various cycles of encryption
and decryption.
Example: Beebone, VirLock.
23
Stealth Viruses (CO2) Retroviruses
• Refers to a virus type that masks itself from application in • Refer to the virus types that bypass installed antivirus
order to avoid being detected. software.
• This virus is one that, while active, hides the modifications its
has made to files or boot records. • The retrovirus is capable of making direct attack on an
• Programs that try to read infected files or sectors, see the antivirus.
original uninfected form instead of the actual, infected form.
• Virus must be resident in memory when the antivirus programs • A retrovirus will attempt to disable and infect the
executed to be undetected. antivirus software in order to avoid detection in the computer
• The stealth virus gets attached to the boot sector of a hard system. Also called anti-antivirus virus.
disk.
• The infected file is of different size than the original.
Multipartite Viruses Armored Viruses
• Refers to a virus type that has the ability to react in multiple • Refers to a virus type that is difficult to detect.
ways.
• A type of virus that has been designed to thwart attempts by
• Also called a multi-part virus, a virus that attempts to attack
analysts from examining its code by using various methods to
both the boot sector and the executable, or program, files at
make tracing, disassembling and reverse engineering more
the same time.
difficult.
• When the virus attaches to the boot sector, it will in turn affect
the system files, and when the virus attaches to the files, it will • It may also protect itself from antivirus programs, making it
in turn infect the boot sector. more difficult to trace. To do this, the it attempts to trick
• This type of virus can re-infect a system over and over again if the antivirus program into believing its location is somewhere
all parts of the virus are not eradicated. other than where it really is on the system.
• Ghostball was the first multipartite virus, discovered by Fridrik Example- Whale virus.
Skulason in October 1989. Other examples are Invader, Flip,
etc.
24
Macro Viruses Other Viruses
The Global Template • Companion: Refers to a virus type that gets spread by
is used as the basis attaching itself with other programs. The companion virus
for the document when attached with legitimate programs gets saved with a
settings and macros different file extension and is saved in a temporary directory of
a computer.
When an infected document

With the macro virus • Phage: Refers to a virus type that is responsible for
is opened with Word, it will
already resident in the modifications in other applications and programs. The phage
usually copy its macro codes
Global Template, it can virus harms the system in such a way that the only option to
in the Global Template
already produce additional recover is to reinstall the infected programs.
copies of itself to other
documents accesses by
Word
Trojan Horses(CO2) Trojan Horses
• Trojan horses can be defined as programs that are transmitted

to a system under disguise of any legitimate application or
program, such as an attachment to a program or as part of an
installation process.
• During installation, either a backdoor is created or the original

program gets replaced by a Trojan horse.
• Due to difficulty in detection of a Trojan horse, best preventive
measure is to backup data after installing new software.
25
Logic bombs Logic bombs
• Logic bombs refer to programs or code snippets that are

executed when a predefined event occurs.
• These logic bombs display a message to user and occur at
time when either the user is accessing the Internet or making
use of a word processor application.
• The logic bombs do not directly attack, however, they are
responsible for informing victim if the criteria for an attack to
start have been met.
Worms(CO2) Worms
• Worms can be defined as threats that are self-sufficient to

replicate themselves and do not need any host application to
get transmitted.
• They are also capable of delivering a virus to a system.

• Earlier, the worms used to reside in the RAM of a target
computer; however, now a days, they can make use of
TCP/IP, e-mail, or Internet services.
Source: Swayam
26
Similarities and differences between Spoofing(CO2)
Virus, Worms and Trojan horse
Steal information Self-replicates
• Spoofing means to provide false information about your
Alter data
Delete data Virus identity to gain unauthorized access to others’ computer
Passive transmission systems.
Software code Can mutate
• IP spoofing and DNS spoofing are the most popular spoofing
Steal information Self-replicates attacks.
Delete data Alter data
Worm • The objective of IP spoofing is to make the data look as if it
Active transmission has come from a trusted host, when it did not.
Self-contained
Software Can mutate
• In DNS spoofing, the DNS server is given information about a
Non Self-replicates name server and the server assumes this information as
Steal information
Conscript host for legitimate, when it is not.
Open backdoor Trojan botnet
Disguised as a horse Keystroke and
useful program webcam logging
IP Spoofing(CO2) Trapdoor
Source IP: 192.168.1.3 • A trap door is kind of a secret entry point into a program that
Destination IP: 10.0.0.23 allows anyone gain access to any system without going through
Spoofed source IP address the usual security access procedures.
• Other definition of trap door is it is a method of bypassing
normal authentication methods. Therefore it is also known as
192.168.1.2
back door.
10.0.0.23 • Programmers use Trap door legally to debug and test programs.
Source IP: 10.0.0.23 • Trap doors turns to threats when any dishonest programmers to
Destination IP: 192.168.1.3 gain illegal access.
• Program development and software update activities should be
first focus of security measures.
192.168.1.3 • Operating system that controls the trap doors is difficult to
Source: Swayam
implement.
27
Trapdoor Malicious Software(CO2)
• The back door term is referred to as gaining access to a • Malicious code is a new kind of threat in the form of an auto-
network. executable application.
• The backdoor attack lets malicious user to enter illicit code at
the time of its execution. Moreover, a backdoor attack is
primarily an access or a modification attack. However, it • It can be in the form of scripting languages, such as Java
requires user ID and password to gain administrative Applets, ActiveX controls, or various new programming
privileges. languages designed to enhance Web pages.
• Some of the tools that are used to create backdoor attacks are
Back Orifice and NetBus.
Malicious Software Denial of Services Attack(CO2)
Malicious code can be categorized into the following types: • DoS Attack (Denial of Service Attack)
• DDoS Attack (Distributed Denial of Service Attack)
• Code that causes access violations: Refers to the category • DoS makes the system unresponsive to the actual service
of malicious code that tries to delete, steal, alter, or execute requests
unauthorized files. It can steal passwords, files, and other
confidential data. • It does so by overpowering the system resources
• DDoS attack is similar to the DoS attack
• Code that enables DoS attacks: Refers to the category of • Difference is that the attack is launched from a series of host
malicious code that prevents the user from using the system. It machines
may destroy the files that are open at the time of the attack.
28
Denial of Services Attack Denial of Services Attack
SYN flood attack

DoS and Ping of death
Botnets DDoS Attack • This attack compromises the
attack
Types initial handshake process
SYN flood Smurf • It makes the server
Attack attack unavailable for the actual
traffic
TCP SYN Tear Drop
flood attack attack • It sends SYN packets
repeatedly and eventually
overwhelms the targeted
server
Source: swayam

TCP SYN flood attack Tear Drop attack
• A buffer space is created during the TCP session • It is a DoS attack where fragmented packets are sent to a
establishment. target machine
• During TCP connection establishment the attacker fills up the
• This makes the victim’s computer to crash overwhelming with
target machine with multiple connection requests for
connection. packets
• It makes target machine to timeout, awaiting for permission to Packet #1

connect from the server IP ID = x
IP Header
Step2: SYN Packet length = 820
Packet #2
IP ID = x
Step2: ACK
IP Header
Step3: Never Sent Packet length = 820
Source: swayam Source: swayam
29
Smurf attack Smurf attack

• It is a DoS attack which involves IP spoofing
• A Ping is issued to the entire IP Broadcast addresses

• It stimulates response to the ping packet and the target
computer
• The process is repeated and automated to generate large

amount of network congestion

Denial of Services Attack NOIDA INSTITUTE OF ENGINEERING AND TECHNOLOGY,GREATER NOIDA
Ping of death attack

• It happens when the network packets are used to ping the
target machine with large packet size
THREATS TO E-COMMERCE
(CO2)
90,000 bytes
30,000 bytes per fragment
90,000 bytes Error!
Source: swayam
30
Threats to E-Commerce(CO2) Threats to E-Commerce
• Unauthorized internal users who may access confidential
• E-Commerce refers to the activity of buying and selling things
information by using passwords for committing fraud or theft.
over the internet.
• E-commerce can be drawn on many technologies such as
mobile commerce, Internet marketing, online transaction • Former employees of an organization who have maintained
processing, electronic funds transfer, supply chain access to the information sources directly by creating
management, electronic data interchange (EDI), inventory alternative password. “back doors” into the computer systems
management systems, and automated data collection or indirectly through former co- workers.
systems.
• E-commerce threat is occurring by using the internet for unfair

means with the intention of stealing, fraud and security breach • Weak access point in information infrastructure and security
that can expose company information and trade secrets.

ELECTRONIC PAYMENT SYSTEMS(CO2) Types of EPS
• E-Commerce or Electronics Commerce sites use “electronic E Cash / E Money:

payment” where electronic payment refers to paperless monetary • A system that allows a person to pay for goods or services by
transactions.
transmitting a number from one computer to another.
• Electronic payment has revolutionized the business processing by
reducing paper work, transaction costs, labour cost. • Like the serial numbers on real currency notes, the E-cash numbers are
• Being user friendly and less time consuming than manual unique.
processing, helps business organization to expand its market reach / • This is issued by a bank and represents a specified sum of real money.
expansion. • It is anonymous and reusable.
– Credit Card
– Debit Card E-Wallet:
– Smart Card • The E-wallet is another payment scheme that operates like a carrier of
– E-Money e-cash and other information.
– Electronic Fund Transfer (EFT) • The aim is to give shoppers a single, simple, and secure way of carrying
– E- Wallet currency electronically.
• Trust is the basis of the e-wallet as a form of electronic payment.
31
Types of EPS E-cash Threats
Smart Card:
• A smart card, is any pocket-sized card with embedded integrated
circuits which can process data.
• This implies that it can receive input which is processed and delivered
as an output.
Credit Card :
• It is a Plastic Card having a Magnetic Number and code on it.
• It has Some fixed amount to spend.
• Customer has to repay the spend amount after sometime.
Debit Card :
• Similar to Credit card on coding and encryption.
• Purchase limit depends on the available balance in the account.
Source: javatpoint
E-cash Threats E-cash Threats
Backdoors Attacks Direct Access Attacks

• It is a type of attacks which gives an attacker to unauthorized access to a • Direct access attack is an attack in which an intruder gains physical
system by bypasses the normal authentication mechanisms. access to the computer to perform an unauthorized activity and
• It works in the background and hides itself from the user that makes it installing various types of software to compromise security.
difficult to detect and remove. • These types of software loaded with worms and download a huge
amount of sensitive data from the target victims.
Denial of service attacks

Eavesdropping
• A denial-of-service attack (DoS attack) is a security attack in which the
attacker takes action that prevents the legitimate (correct) users from • This is an unauthorized way of listening to private communication over
accessing the electronic devices. the network.
• It makes a network resource unavailable to its intended users by • It does not interfere with the normal operations of the targeting system
temporarily disrupting services of a host connected to the Internet. so that the sender and the recipient of the messages are not aware that
their conversation is tracking.
32
Credit/Debit card fraud Credit/Debit card fraud
• A credit card allows us to borrow money from a recipient bank to make Some of the important threats associated with the debit/credit card are-
purchases.  ATM (Automated Teller Machine)-
• The issuer of the credit card has the condition that the cardholder will • It is the favourite place of the fraudster from there they can steal our
pay back the borrowed money with an additional agreed-upon charge. card details. Some of the important techniques which the criminals opt
• A debit card is of a plastic card which issued by the financial organization for getting hold of our card information is:
to account holder who has a savings deposit account that can be used
instead of cash to make purchases. 1. Skimming-
• The debit card can be used only when the fund is available in the • It is the process of attaching a data-skimming device in the card reader
account. of the ATM. When the customer swipes their card in the ATM card
reader, the information is copied from the magnetic strip to the device.
• By doing this, the criminals get to know the details of the Card number,
name, CVV number, expiry date of the card and other details.

 ATM (Automated Teller Machine)-  ATM (Automated Teller Machine)-
3. Vishing/Phishing
2. Unwanted Presence-
• It is a rule that not more than one user should use the ATM at a time.
• If we find more than one people lurking around together, the intention • Phishing is an activity in which an intruder obtained the sensitive
behind this is to overlook our card details while we were making our information of a user such as password, usernames, and credit card
transaction. details, often for malicious reasons, etc.
• Vishing is an activity in which an intruder obtained the sensitive
information of a user via sending SMS on mobiles. These SMS and Call
appears to be from a reliable source, but in real they are fake. The main
objective of vishing and phishing is to get the customer's PIN, account
details, and passwords.
Smishing and vishing are two types of fraud
that use SMS (smishing) and voice (vishing)
to trick people into giving up money or
personal information
33
Some of the important threats associated with the debit/credit card are- Some of the important threats associated with the debit/credit card are-
 Online Transaction
• Online transaction can be made by the customer to do shopping and pay  POS Theft
their bills over the internet. • It is commonly done at merchant stores at the time of POS transaction.
• It is as easy as for the customer, also easy for the customer to hack into • In this, the salesperson takes the customer card for processing payment
our system and steal our sensitive information. and illegally copies the card details for later use.
• Some important ways to steal our confidential information during an
online transaction are-
– By downloading software which scans our keystroke and steals our password and card
details.
– By redirecting a customer to a fake website which looks like original and steals our
sensitive information.
– By using public Wi-Fi
Digital Signature(CO2) Goals of Digital Signature
• It is a Mathematical Approach used for authenticating a digital 1- Authenticity:

message or a document. – Refers to authenticating the sender and receiver.
• Whenever a digital signature is assigned to a message, the recipient – The use of digital signature authenticates the sources from where
the message has been received, that is, it verifies the authenticity
believes that the message is created by a known sender and has not of the sender.
been altered during transmission.
2- Security:
• Digital signatures are primarily used for the purpose of – Assures that the messages are delivered securely without any
– Identity verification security threats.
– This assures the sender and the receiver of a message that the
– User validation
message has not been altered by any unauthorized sources during
– Document authentication. transmission.
34
Process of Digital Signature Process of Digital Signature
Digital signatures use ‘Public key Cryptography’.
Digital Signature Creation:
• They employ an algorithm that uses two different but mathematically
related ‘keys’ => Public Key and Private Key • It is performed by the signer. It uses a hash result which is
• Private key is used for creating a digital signature. It is known only to computed from the signed message and the given private key.
the signer.
This hash result is unique.
• Public key is for verifying a digital signature.
• Computer equipment and software are collectively called “Asymmetric
Digital signature verification:
Cryptosystem.” • It is performed by the receiver of the digital signature.
• It involves two processes-
• A digital signature is verified by computing a new hash result of
1. Digital Signature Creation
the original message using the same hash function that was
2. Digital Signature Verification
used to create the digital signature.
Components of Digital Signature Components of Digital Signature
4. Serial number: Refers to the serial number of the individual or

1. Name: Refers to the name of the individual or organization. This is
the necessary component. organization that is used for digital identification.
2. Contact details: Refer to the full contact details of the individual or
organization, including e-mail address, telephone number, and other
contact details. 5. Digital signature of the Certification Authority (CA): Refers to
3. Public key: Refers to the public key of the individual or organization.
the digital signature of the CA, which is a third party that has issued
• This works as your secret identification number and is a part of
the verification process. the digital certificate to the individual or organization.
• The signature also includes the expiry date of the public key
that indicates the duration for which the digital signature is
valid.
35
Applications of Digital Signatures Cryptography and Encryption
• Filing of income tax online • Cryptography ensures secure transfer of data over an unsecured
• Filing of license applications online network, such as the Internet.
• Using digital signatures in banks and financial institutions Technical Terms-

• Transferring funds from one bank to another in real time • Plaintext- Original intelligible message or data.
• Key: The key to encrypt and decrypt the data is decided prior to
• Booking railways tickets online
encrypting the data.
• Using digital signatures in e-procurement • Encryption – Process of converting a plaintext into cipher text.
• Ciphertext – Encrypted Text.
• Decryption - Process of regenerating the plaintext from the cipher
text.
36

Unit2 CyberSecurity Shared

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Unit2 CyberSecurity Shared

Uploaded by

Copyright:

Available Formats

Noida Institute of Engineering and Technology, Greater Noida Application Security (CO2)

APPLICATION Introduction to Application Security

• However, they cannot ignore the importance of third-party

• In order to secure applications, we have various technologies

5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 2

Introduction to Application Security (CO2) Application Security (CO2)

5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 9 5/24/2022 10

INTERNET SECURITY (CO2) INTERNET SECURITY (CO2)

INTERNET SECURITY INTERNET SECURITY

INTERNET SECURITY THREATS (CO2) Topic

5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 15

• Security of data means maintaining its Confidentiality- Hardware

Data Backup Security Considerations Storage Media Data Backup (CO2)

• Compact Disks (CDs),

• Data backup is seen as an essential part of data management

Incremental Storage Mode

• In this backup method, you should use removable storage

Data Backup Modes (CO2) Data Archival Security Considerations (CO2)

• Data archiving is the process of moving data that is no longer

All of your data, with the

Benefits of Data Archival(CO2) Criteria for Data Archival (CO2)

• These systems store records in a well-managed form so that we can

1- Longevity of storage solution: 2- Manageability of storage solution:

• Data Disposal is an act of permanently deleting or destroying the

Overwriting hard drives

Disposal of times to erase previous records completely.

• In the overwriting procedure, it is possible to reuse hard drives.

Degaussing hard drives and backup tapes Destroying storage

• A firewall is a network security device that monitors incoming

• Its purpose is to establish a barrier between the internal

• Firewalls have been a first line of defense in network security.

5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 38

Firewall (CO2) Firewalls(CO2)

• It maintains private network security by applying security policies at two or

• A firewall is a network security device, either hardware or software-based,

Firewalls include a variety of functions and capabilities with built-in

• Network Threat Prevention

Firewall Characteristics(CO2) Types of Firewalls(CO2)

Packet Filtering Firewalls(CO2) Application Gateway Firewalls(CO2)

Network layer firewalls are of two types- • It is a Firewall proxy

active session. Application-level gateway

2. Stateless- They require less time to filter the packets as they

Circuit-Level Gateway Firewalls(CO2) Topic

Applies security mechanisms after establishing a TCP or an UDP

• They monitor TCP handshaking between the packets to

5/24/2022 DEVANSHU DUBE AMCANC 0201 CYBER SECURITY UNIT 2 51

• VPN is a private communication network, which is the most

Basic VPN Terms

• Even smartphones and tablets can connect through a VPN.

• A remote access VPN securely connects a device outside the corporate

• Advances in VPN technology have allowed security checks to be

Remote-Access VPNs (CO2) Remote-Access VPNs (CO2)

• An employee of a company, while he/she is out of station, uses a VPN to

• Private users or home users of VPN, primarily use VPN services to

Site-to-Site VPNs (CO2) Secure Remote-Access VPNs (CO2)

What is secure remote access?

• VPN technology is available to check whether a device meets certain

Is VPN traffic encrypted?

• Yes, traffic on the virtual network is sent securely by establishing an

Topic Intrusion Detection Systems(IDS)(CO2)

• Issues alerts in case of illicit activity

• Administers two jobs namely, forensic analysis and alert generation

• Prone to false alarms or false positives