NMIMS Global Access

School for Continuing Education (NGA-SCE)

Course: IT Security and Risk Management

Internal Assignment Applicable for December 2022

Examination
Question.1

INTRODUCTION

Although Kerberos was originally developed for use with Microsoft Windows, it is now
widely supported on other operating systems, including Apple OS X, FreeBSD, UNIX, and
Linux. When compared to its predecessors, Kerberos's authentication procedures are far
superior. The security of your network will be much improved if you use strong encryption
and welcome visitors from outside your organization. Kerberos has bolstered the safety of the
internet and its users and expanded the range of activities that may be conducted safely by
internet and non-internet users alike.

CONCEPT

Kerberos authentication was coined and given the name of a legendary beast. The three-
headed dog, Kerberos, had the hooks of a lion, the tail of a serpent, and a beard of snakes. To
monitor the entrances to the netherworld, where the deceased go to shroud their identities, he
was picked up. References to the Nemesis's rumored headcount have led some to conclude
that the snake's mane proves the creature has fifty.

Protocols for Kerberos Authentication and the Authentication Framework

Kerberos depends on consumers' word-of-mouth promises not to share the secret word with
anybody else. Kerberos requires a confirmation client, a database, and then a server to
distribute tickets in order to work properly. The verification server is an essential component
of the ticketing and confirmation process. The design's training dataset is then used to check
the patrons' credentials upon admittance. The TGS, or ticket-granting server, issues the
tickets for both servers.

If Kerberos doesn't work, why bother using it?

The next sections detail the procedures for validating a Kerberos-protected connection,
explaining the protocol's design and function in further detail.

Kerberos security relies heavily on the first step being client validation. The client makes first
contact with the validating server in order to acquire a ticket-related ticket. When a
solicitation is sent, the client ID is also stored for future use.

Once the client's credentials have been entered, the key distribution network will check them.
The validation server instantly runs this check to confirm that the client and the travel
voucher server are accessible. If all of these requirements are satisfied, the server handling
the verification process will create a pair of client/client cryptographic keys. Therefore, the
client's secret key will be the hash. The server responsible for issuing tickets' secret key is
sent to the validation server, which then processes it. A meeting key is encrypted using the
same client/client cryptographic keys. The verifications server then produces a ticket
confirming ticket that contains the client ID, duration, meet key, lifespan, and client network
address. After then, the ticket is encrypted using a server key supplied by the Ticker that
remains secret.

This allows the client to see the information in its unaltered form. The client must utilize the
secret key agreed upon by both clients in order to decode the message. More than that, it
eliminates the secret key and TGT and creates the authenticator to verify the client's TGS.

The client may then use TGT to submit a request for service.

At the present time, a request is sent to the database server from the key distribution network.
Clients will provide a ticket, which will be deciphered by the ticket-granting server with the
use of a secret key. After then, the hidden key is taken away. The authenticator reads the
encrypted authorization code from the ticket and compares it to the client's identify and
network address to see whether they are a match. To avoid prematurely closing the ticket, a
time mark is also employed. After then, a support ticket is opened at the principal distribution
hub.

Here, the client performs an authentication check using the document pass.

At the completion of the procedure, the decoded and verified data is sent to the impartial
server.

Exactly how the Bitcoin protocol operates has so been revealed.

Kerberos's advantages and disadvantages

Although the Kerberos protocol is secure, there are pros and cons to utilizing it to safeguard
client credentials.

Functions of Kerberos

Access to the Kerberos authentication service is widespread on the web. These procedures are
executed each time a client sends identification information to a server, including a
passphrase. This helps guarantee that the complex information sent between client and a
server cannot be intercepted by an attacker. The client's whole journey is encrypted, including
all of the subtleties that make it unique. These are placed on systems that require powerful
evaluating and verifying features to assist ensure the safety and their users.

Kerberos Attempt Verification

Several places on the web have made use of Kerberos Validation. Kerberos is a security
protocol used in many different settings, including Static Directory, Posix Valid, Samba, and
NFS. Kerberos is an alternate authentication method that may be used with SSH, SMTP, and
POP. As the primary authentication technique, Kerberos was integrated with Windows 2000
and then all following Windows editions. Numerous Unix distributions include the user-
verification framework Kerberos to beef up security.

CONCLUSION

For Kerberos, this issue is now closed. Several online firms and market segments have
modified Kerberos to increase the security of their consumers' access to the server. As a
result, only the client can decode the client's coded code and Client ID, and the client's
communication to the site is encrypted. This ensures the security of the system against any
potential attacks. You will finish this article with a thorough understanding of Kerberos
security, including its inner workings and potential uses. Are you set on a career in network
security in light of the present situation? Visit our Red Gang Lord Network Security
Certification page for additional details. This is the first facility of its type in India, and it will
give you a leg up in the real world by giving you the opportunity to hone your skills in an
environment that constantly mimics a biological system.
Q.2

INTRODUCTION

Organizational safeguards need to develop and change when new dangers emerge. In the
present unpredictable and complicated climate, it is important to establish a more robust
foundation for digital guard. Groups that stick to SOPs put an emphasis on their employees,
their daily routines, and their willingness to try new things. The yearly growth rate of assaults
has been estimated at 600 percent recently, and experts expect that this pattern will persist
and perhaps increase in the coming years. Many different things have come together to create
our present predicament. The Incredible Alienation, and the Increasing Danger of
Cyberattacks from State-Sponsored Actors are Problems. Programmers spend countless hours
crafting ever-improving versions of their assaults; some make use of nuanced social design to
minimize collateral harm, while others depend on a.i. to unleash waves of raw force. The
more time they have to conceal and propagate ransomware within an organization, the more
harm they might potentially inflict.

CONCEPT

The Human Race -

Digital aggressors increasingly deploy cutting-edge strategies to attack technically savvy

workers and even heads of state. This is why people are the weak point in any network
security architecture, since human mistake is the root cause of the vast majority of security
breaches. However, with the right cycles or training programs, they may be transformed into
a HUMAN FIREWALL, significantly enhancing our ability to cope with networked security
threats. Equally, remember that all of the most advanced technology is meaningless if it is not
used well or managed adequately. As a result, it's important to recognize that people are the
bedrock of every enterprise. All workers should understand how they may contribute to the
company's overall efforts to protect its networks against cyberattacks. For the sake of user
safety on a network, I have outlined some of the most important considerations below:

Digitized detail-oriented leadership.

Chief Information Security Officer (CISO) is charge of supervising a team of professionals

that ensure the safety of a network by doing tasks such as vulnerability scanning, security
auditing, incident response, and security engineering.
Drop a line to the local security or insurance agency.

Individuals', the Board's, and Cycle's Capability to Identify System Security Information

There is a system in place to ensure that employees' personal information is secure when they
are doing business online.

Planning for and understanding of internet safety among staff members.

How will you determine whether it is better to hire a new security specialist or train your
present staff? For how long do you plan on being a "vendor-locked in" before you look
elsewhere?

IT/Security Although people are often cited as economic drivers of change, research suggests
that tight security measures may actually inhibit their ability to conduct business.

Comments

Client consistency in applying security measures including best practices is reinforced by the
association's unified mission, culture of protection, and leadership.

All authorized agents were treated the same, regardless of their rank.

If you break the strategy, you may anticipate immediate and appropriate remedial action and
sanctions that fit the crime.

Peer pressure, positive thinking, and cash benefits for appropriate security conduct among
staff members may make adherence to security rules more palatable.

The largest threat is people, but with the right cycles, that shouldn't be the case.

Current Situation - Well-established protocols are crucial to effective network security. Your
preparation for a given role should include documenting and refining progress that is well-
described, readily replicable, and enhanced in gradual steps. This lynchpin of cyber defense
makes sure that safeguards are in place to stop attacks before they happen and to recover
quickly if they do. There are several steps and responsibilities associated with maintaining
online safety; I have highlighted one of the most important ones here: developing a
comprehensive plan to protect your network.

Committee of the board's plan to protect sensitive information.

Detecting, analyzing, and investigating security risks in a network.

The Evaluation of Network Threats Online Security Methods and Tools for Procedures.

There should be harmony between the board's overall structure and the company's intentions
and activities.

Analyzing the State of Organizational Security Modeling and Secure Engineering Practices

Sharing of information about cyber risks and evaluations of their effects.

Method for ensuring the security of digital infrastructure.

A Digital Emergency Calls for Executive Interface and Digital Delivery.

Methodology for testing and evaluating internet security protocols.

Prevention Strategies for the World Wide Web Advanced Management Training Verification
and Consistency.

Weakness Methodology for Analyzing Risk and Potential Harm.

Initial and Diagnostic Evaluations of Weaknesses.

Safe access in addition to verification steps, the character of the available resources, and
personal characteristics.

Systems and practices for guarding confidential information.

The Board and Its Information Systems Need to Be Restored.

Methodology for Deploying and Upholding Security Applications and Hardware.

How often an executive goes through a cycle and how quickly they respond to events.

Continuously checking in to see how things are going.

Assessing exposure to risk and locating potential dangers in light of ongoing, real-time
activity

Use the CIS standard as a measuring stick for how much support you have at your disposal.

Analysis techniques for gauging data security.

The Problem Gambling Assistance Program and the Board of Moderation.

Security-minded thought-training software.

Adaptive digital system.

An Insurance Policy Management System

Constant changes and improvements are being made to the cycling procedure.

Comments

Just as the capacity to respond quickly to a changing threat environment and the flexibility of
a control operations program to address emerging threats are essential, so too must security
incident boards be flexible, cutting down on superfluous regulatory processes, linear
progression, paperwork, etc.

In regards to technology, this entails completing the necessary preparations for the eventual
full-scale computerization of cycles, which will make them more intelligent and
economically viable. Security teams may employ a plethora of innovations to beef up their
defenses. If businesses want to build a safe and reliable database, they need to use a decision-
making mechanism that is in step with the project's innovations and security design. Every
recent improvement in internet security, from walls to intrusion prevention systems, is
detailed here. I've also made a passing reference to cross-border innovation, which is
happening thanks to Cloud and a few others who are blazing new trails.

Several methods exist for establishing a safe perimeter, including the use of a firewall at the
network's edge, an intrusion customized product prevention system, a firewall at the
application's entry point, real security, diversions, email security, DNS security, and secure
demilitarized zones (DMZs).

Network Access Control (NAC), Inline Maintenance, Network Firewall Protection, Unified
Threat Management, and Voice over Internet Protocol (VOIP) Safety.

Protection for the endpoint, such as sandboxing (capable), endpoint detection and
intervention (EDR), generally pro protection (AMP), program dissociation (PD), prevent data
loss (DLP), and mobile phone security.

Administration of a Secure Distribution Platform; a Secure Bot Board; and Secure Data Sets
are all part of developer processes for Application Security.
Methods for encrypting and safeguarding software. Implementing and enforcing safe coding
practices, including testing software for vulnerabilities.

The terms "information disclosure," "information characterization," "password protection,"

"information concealment/tokenization," "identity and access management," "policy and
procedure," "key administration," "file integrity monitoring," "secure file transfer protocol,"
and "electronic discovery and risk management" (EDRM) are all terms that pertain to the
realm of "information security" (Information Reinforcement and recuperation).

All of the acts denoted by the phrases SIEM, XDR, Take leave, Monitor the bosses, and UBA
are connected to security in some way.

Safeguarding data and applications in the cloud, using techniques like Cloud Service Provider
Modes, Cloud Application Defense Broker, Cloud Knowledge and Event Management, as
well as Docker Container Security.

Answers Peril information, Meaningfulness web/dim web Check observing/Takedown

services. "Inadequacies in the organizational machinery, a well-thought-out system for
managing employees, a well-oiled board of directors, and a well-fortified company all come
from a lack of these Distinction on a micro scale, true safety"

Security innovations for operational technology (OT), internet of things (IoT), blockchain,
artificial intelligence (AI), and machine learning (ML), as well as zero trust network analysis
(ZTNA), secure application security environment (SASE), robotic process automation (RPA),
business application security (BAS), installer exchange security, but also advanced threat
assurance.

CONCLUSION

The three pillars of digital security—people, procedures, and technology—must all be in

place for any system to be considered safe. However, when a corporation finds a happy
medium in between people, its messaging, and its technology, a system that completely
supports safety may be established. To a large extent, I agree with the sentiment that the
focus of this kind of assistance should be on the individuals receiving it.
Q.3(A)

INTRODUCTION

This dataset was compiled by a government organization of a state in the Indian Subcontinent
that provides services to low-income households. ZDNet declined to provide the state's
identity when pressed. There is no need for a password to see the dataset online; this is the
main reason why. For the time being at least, the data set is clean of any personally
identifiable medical details. However, it took and over three weeks to finally unhook these
files, and the process was fraught with difficulty.

CONCEPT

In the beginning of Walk 2019, security expert Dmitry Diachenko of the intrusion prevention
consulting firm Security Disclosure discovered the dataset. The analyst was ultimately
unsuccessful in his attempt to take the server. The researcher approached ZDNet due to the
importance of the material, but our efforts to contact the appropriate government body were
mostly unsuccessful. It took the Computer Response Team (CERT) in India three weeks to
recover the dataset after it had been made publicly accessible for download along with the
patient information.

The sensitivity of the newly disclosed information

However, the corrupted database did not only contain any old clinical records. In an attempt
to reduce the number of abortions among young women in India and maintain a more
balanced gender distribution, the country passed the Pre-Origination and Pre-Netal Merely a
diagnosis Strategies Act (PCPNDT) in 1994. Clinical studies in India that might potentially
detect the sex of an innocent fetus are restricted to being utilized for genuine medical reasons
only and all test must be published alongside their purposes. Dr. Shah had said, "Every
pregnant woman undergoing USG, amnio, or other heredity testing must complete structure
F." To accomplish the goals of the Pre-Origination and Pre-Natal Highly informative
Procedures Act, the facility "holds a statement by both groups that now the test was
conducted to ascertain the sex of the child and a fetal removal isn't because of gender
segregation."

CONCLUSION
A server, set of data, or device that is not password-protected may be accessed like any other
website in a program, eliminating the need to resort to hacking. There is no deception on my
side, and whatever I find is shared openly. Consequently, I often try to raise people's
consciousness about these issues. However, many users are actively seeking for vulnerable
servers and are more concerned with ease of access than security. They illegally obtain, alter,
or download the information before putting it to harmful use.
Q.3(B)

INTRODUCTION

Today's always-on, internet-dependent services make that everybody in the U.s vulnerable to
data breaches. In any case, you may avoid becoming a statistic merely because some of your
personal data was compromised. You may protect your funds, credit score, and character
from the bullies who threaten them by taking specific actions.

CONCEPT

This article will discuss eleven strategies that may be used to safeguard IT systems.

Make sure your data is safe by making a copy.

In case anything happens to your primary copy of data, you will still have a backup. You
should relocate it from your usual workplace if at all feasible. This can help you recover
financially from disasters such as home invasion, fire, or flood.

Password-protect your accounts.

Everyone who uses a computer, a smart phone, an e - mail account, or indeed any
combination of these, including yourself, your workers, and your volunteers, should be
proficient in their usage.

Make sure to use caution while working from afar.

Check that your gadgets' security measures are at least as good as those used in the
workplace. Similarly, take note of your immediate environment.

Be wary of any messages that seem strange.

Learn to recognize questionable emails and then teach your workers to do the same. You may
lessen the odds of falling for a scam by keeping an eye out for warning flags like misspelled
language, calls for immediate action, and requests for money.

Add safeguards against malicious software and computer viruses

Additionally, maintain a regular news-reading schedule. When it comes to protecting your

network, the Public Data security Place's recommendations and standards are top notch.

If you don't want to be known as "that guy/girl who usually leaves their desk work/computer
unattended," make sure to stay on top of your tasks.
Information security risks arise when staff and volunteers leave their workstations
unattended. The trunk of your automobile, the overhead cabin of a train, or even your living
room will do.

Take precautions to protect your wireless network,

If you care about your privacy, one should never use the net before even creating a secure
connection, as well as especially avoid connecting over unprotected Wi-Fi or a connection
that is even somewhat unstable.

When you leave your workstation, make sure to lock your device.

Ensure your staff is adhering to the same standards you set. Simply taking the extra step of
locking your screens before leaving your workstation might prevent an intruder from
obtaining access to a computer system.

Be wary of who is near what at all times.

To ensure the safety of your IT network, you should control who has exposure to it. Having
anybody with no oversight log into your systems will make them unusable. Strict controls are
desirable in certain situations. The presence of guests shouldn't be concealed.

Do not hold files for far too long unless absolutely required.

Having a standard for how and where to keep individual information may save duplication of
effort and costs. Also, it will aid you in fulfilling any data security obligations. Don't fret
about relinquishing anything.

Safely dispose of old computers, hard drives, and other electronic media.

Before giving away or throwing away any electronic equipment, check to be sure that no
private data remains on it. A data deletion service may be contracted out, or you can employ
dedicated software.

CONCLUSION

There is no denying the need of network security in today's technologically advanced and
continuously evolving world. The threats are real, therefore it's crucial to find out how to
protect yourself and show others how to do the same.