DR. AJAY KUMAR PATHAK
ASSISTANT PROFESSOR
READ ALL THE NOTES CHAPTER WISE
SUBJECT : MJ–15 (Th):- INFORMATION SECURITY
FOR B. Sc. IT SEM 6 F.Y.U.G.P.
Copyright © by Dr. Ajay kumar pathak
B. Sc. IT. SEMESTER 6 NOTES BASED ON NEP
SUBJECT : MJ–15 (Th): INTRODUCTION TO NETWORK SECURITY
(To be selected by the students from)
Course Learning and Outcomes:- Know about the logics and algorithms needed for computer programming
UNIT 1:- INTRODUCTION TO NETWORK SECURITY
Objective: The objective of the course is to enable students to
· The objective of this course is to provide students with a comprehensive understanding of network security concepts and techniques. The course aims to develop students' skills in identifying network vulnerabilities, implementing security measures, and ensuring the confidentiality, integrity, and availability of networked systems.
Learning Outcome:- After completion of this course, a student will be able to–
·
Understand the
principles and concepts of network security.
·
Identify
potential security threats and vulnerabilities in networked systems.
·
Implement
security measures to protect network infrastructure.
·
Apply encryption
and authentication techniques to secure network communication.
· Analyze and respond to security incidents in networked environments
-: NOTES READ FROM HERE :-
UNIT- 1 :- INTRODUCTION TO NETWORK SECURITY
INTRODUCTION TO
NETWORK SECURITY:-
Network security is the
protection of the underlying networking infrastructure from unauthorized
access, misuse, or theft, malfunction, modification, destruction or improper
disclosure. It involves creating a secure infrastructure for devices,
applications, users, and applications to work in a secure manner.
The Internet has indeed become
a huge part of our lives. Many people in today’s generation trust on the
Internet for many of their professional, social and personal activities. But
are you sure your network is secure?
There are many people who
attempt to damage our Internet-connected computers, violate our privacy and
make it impossible to the Internet services. Given the frequency and variety of
existing attacks as well as the threat of new and more destructive future
attacks, network security has become a central topic in the field of
cybersecurity. Implementing network security measures allows computers, users
and programs to perform their permitted critical functions within a secure
environment.
Network security has several
vital roles within an IT environment:
·
Prevent
unauthorized access to assets and data.
·
Stop threats from
spreading through the system.
·
Protect network
data, infrastructure, and all traffic from external threats.
·
Grant users
adequate access to resources.
·
Enable secure
data sharing between systems and employees.
·
Detect and
respond to suspicious user behavior and software anomalies.
What are the main
network types?:-
Networks
come in a variety of types. Security measures required vary depending on
network configurations. Common variants include:
·
LAN – Local Area Networks or intranets are small
community devices connected via one or more routing nodes. Router tools handle
all network traffic and may also include internet interface modems. LAN
networks can include many different devices. A LAN could feature computers,
smartphones, printers, IoT devices, televisions, and gaming consoles. Routers
assign IP addresses to all devices, which identify them on the network.
·
WAN – Wide Area Networks are more common in modern
business. They constitute collections of LANs and cover wide geographical
areas. For instance, companies with several branches will usually connect them
via WAN technology. The internet itself is defined as a WAN. Every ISP is also
technically a WAN.
· SD-WAN – Software-defined Wide area networks are laid
over WAN networks. Agents on connected devices link users to network resources.
Managers can control access via secure gateways, and SD-WAN allows in-depth
traffic monitoring. Companies also tend to use SD-WAN to secure cloud assets effectively.
Types of network
security:-
(1) Firewalls:- A firewall is a network security
device that monitors incoming and outgoing network traffic and decides whether
to allow or block specific traffic based on a defined set of security rules.
Cisco offers both threat-focused firewalls and unified threat management (UTM)
devices.
(2) NetWORK security:- NetWORK security is
Cisco's vision for simplifying network, workload, and multicloud security by
delivering unified security controls to dynamic environments.
(3) Network segmentation:- Software-defined
segmentation puts network traffic into different classifications and makes
enforcing security policies easier. Ideally, the classifications are based on
endpoint identity, not mere IP addresses. You can assign access rights based on
role, location, and more so that the right level of access is given to the
right people and suspicious devices are contained and remediated.
(4) Workload security:- Workload security
protects workloads moving across different cloud and hybrid environments. These
distributed workloads have larger attack surfaces, which must be secured
without affecting the agility of the business.
(5) Access control:- Not every user should
have access to your network. To keep out potential attackers, you need to
recognize each user and each device. Then you can enforce your security
policies. You can block noncompliant endpoint devices or give them only limited
access. This process is network access control (NAC).
(6) VPN:- A virtual private network encrypts
the connection from an endpoint to a network, often over the internet.
Typically, a remote-access VPN uses IPsec or Secure Sockets Layer to
authenticate the communication between device and network.
(7) Anti-virus and anti-malware software:-
"Malware," short for "malicious software," includes
viruses, worms, Trojans, ransomware, and spyware. Sometimes malware will infect
a network but lie dormant for days or even weeks. The best antimalware programs
not only scan for malware upon entry, but also continuously track files afterward
to find anomalies, remove malware, and fix damage.
(8) Application security:- Any software you
use to run your business needs to be protected, whether your IT staff builds it
or whether you buy it. Unfortunately, any application may contain holes, or weaknesses,
that attackers can use to infiltrate your network. Application security
includes the hardware, software, and processes you use to close those holes.
(9) Cloud security:- Cloud security is a broad
set of technologies, policies, and applications applied to defend online IP,
services, applications, and other imperative data. It helps you better manage
your security by shielding users against threats anywhere they access the
internet and securing.
(10) Email security:- Email gateways are the
number one threat vector for a security breach. Attackers use personal
information and social engineering tactics to build sophisticated phishing
campaigns to deceive recipients and send them to sites serving up malware. An
email security application blocks incoming attacks and controls outbound
messages to prevent the loss of sensitive data.
(11) Mobile device security:- Cybercriminals are
increasingly targeting mobile devices and apps. Within the next three years, 90
percent of IT organizations may support corporate applications on personal
mobile devices. Of course, you need to control which devices can access your
network. You will also need to configure their connections to keep network
traffic private.
(12) Web security:- A web security solution will
control your staff's web use, block web-based threats, and deny access to
malicious websites. It will protect your web gateway on site or in the cloud.
"Web security" also refers to the steps you take to protect your own
website.
(13) Wireless security:- Wireless networks are
not as secure as wired ones. Without strict security measures, installing a
wireless LAN can be like putting Ethernet ports everywhere, including the
parking lot. To prevent an exploit from taking hold, you need products
specifically designed to protect a wireless network.
BASICS OF NETWORK
SECURITY:-
Introduction:- Network Security
refers to the set of rules, technologies, hardware, software, and procedures
used to protect computer networks from unauthorized access, misuse, modification,
destruction, and denial of service. It ensures that data remains safe while
being stored or transmitted over a network.
In
the modern digital world, computers are connected with each other through
networks to share data, resources, and services. These networks may be small,
such as a home network, or very large, such as the Internet. As networks grow,
the risk of security threats like hacking, data theft, viruses, and
unauthorized access also increases. To protect networks and the data
transmitted through them, Network Security is required.
Meaning of Network
Security:- Network Security is the process of protecting the integrity,
confidentiality, and availability of data and network resources by preventing
unauthorized access and cyber-attacks. It controls who can access the network,
what actions they can perform, and how data is protected during transmission.
In simple words, network security acts like a security system for a network,
similar to locks, alarms, and guards used to protect a building.
Basic Principles of
Network Security (CIA Triad):- In today’s digital era, computer networks play a vital
role in communication, data sharing, online transactions, and information
storage. With the rapid growth of networking and internet usage, security threats
such as hacking, data theft, malware attacks, and unauthorized access have also
increased. To protect networks and the information transmitted through them,
strong network security mechanisms are required.
The
foundation of network security is based on three fundamental principles known
as the CIA Triad. CIA stands for Confidentiality, Integrity, and Availability.
These three principles define the goals of network security and are essential
for designing and implementing secure network systems. Any network that fails
to maintain any one of these principles is considered insecure.
(1) Confidentiality
(2) Integrity
(3) Availability
(1) CONFIDENTIALITY:- Confidentiality
refers to the protection of information from unauthorized access, disclosure,
or exposure. It ensures that sensitive data is accessed only by authorized
users, devices, or systems and remains hidden from unauthorized individuals.
In
simple words, confidentiality means keeping information secret and private so
that only the intended person can see or use it.
Explanation:- When data is
transmitted over a network, it may pass through multiple intermediate devices
such as routers, switches, gateways, and servers. During this process,
attackers may attempt to intercept the data using techniques like packet
sniffing or man-in-the-middle attacks. If confidentiality is not ensured,
attackers can read confidential information such as passwords, bank details,
personal records, or business secrets.
Network
security mechanisms are used to protect data by converting it into an
unreadable form or by restricting access to authorized users only. Even if an
attacker intercepts the data, confidentiality ensures that the information
cannot be understood or misused.
Examples of
Confidentiality :-
(1) Online
Banking:- When a user logs into an online banking
system, the username, password, and transaction details are encrypted. This
ensures that only the bank server and the authorized user can read the data.
(2) Email
Communication:- Confidential
emails sent within an organization are protected using encryption so that
unauthorized persons cannot read sensitive documents.
(3) Password Protection:- Access to a network is restricted using usernames and
passwords to maintain confidentiality.
Techniques Used to
Maintain Confidentiality in Network Security:-
1.
Data encryption
2.
User authentication systems
3.
Access control policies
4.
Secure communication protocols such as HTTPS and SSL
(1) Data Encryption:-
Data
encryption is the process of converting readable data (called plaintext) into
an unreadable or coded form (called ciphertext) using a mathematical algorithm
and a secret key. Only authorized users who possess the correct decryption key
can convert the data back into readable form. In simple words, encryption locks
the data so that unauthorized users cannot understand it.
Example
1:- Online Banking, When a customer enters login credentials on a banking
website, the data is encrypted before transmission. Even if a hacker intercepts
the data, it appears as random characters and cannot be read.
Example
2: WhatsApp Messages, Messages sent through WhatsApp are encrypted so that only
the sender and receiver can read them.
(2) User
Authentication Systems:- User authentication is the process of
verifying the identity of a user before allowing access to a network or system.
It ensures that only legitimate users can access confidential data. In simple
words, authentication answers the question:“Who are you?”
Example
1: Email Login, When a user logs into an email account, the system verifies
the username and password. Without correct credentials, access is denied.
Example
2: Two-Factor Authentication (2FA), After entering a password,
the user receives an OTP on their mobile phone. Only after entering the OTP is
access granted.
(3) Access Control Policies:-
Access control policies define who can access what resources in a network and what actions they are allowed to perform. It ensures that users access only the data they are authorized to use. In simple words, access control decides permissions.
Example 1: College Network, Students can view their marks, Teachers can upload marks, Administrators can modify records
Example 2: Office Network, Employees can access project files, Managers can approve , documents, IT administrators can manage servers
(4) Secure Communication Protocols (HTTPS and
SSL):-
Secure communication protocols protect data transmitted over networks by encrypting communication between client and server. The most common secure protocols are HTTPS (Hypertext Transfer Protocol Secure) and SSL (Secure Sockets Layer). In simple words, these protocols secure data while it is traveling over the network.
Example 1: Secure Websites, Websites with “https://” and a lock symbol in the browser use HTTPS and SSL to protect login details and payment information.
Example 2: Online Shopping, When customers enter credit card details on e-commerce websites, HTTPS encrypts the data to prevent theft.
(2) INTEGRITY:- Integrity refers to the accuracy, consistency, and reliability of data throughout its lifecycle. It ensures that information is not altered, modified, or destroyed in an unauthorized manner during storage or transmission. In simple words, integrity means data should remain correct and unchanged unless modified by an authorized user.
Explanation:- During data transmission, information can be changed
either accidentally due to transmission errors or intentionally by attackers.
Unauthorized modification of data can lead to serious consequences such as
incorrect records, financial loss, or wrong decision-making. Integrity
mechanisms ensure that any change in data is detected and that only authorized
users can modify the data.
If data integrity is
compromised, the system may process incorrect information, which can damage the
credibility of the network.
Examples of Integrity
:-
(1) Online Examination System:- When a student submits exam answers
online, integrity ensures that the answers are not modified by any attacker
during transmission.
(2) Online Money Transfer:-
If a user transfers Rs. 5,000 to another account, integrity ensures that the
amount is not changed to Rs. 50,000 during transmission.
(3) Database Records:-
Student marks stored in a university database must remain accurate and
unchanged unless updated by an authorized administrator.
Techniques Used to
Maintain Integrity:-
1. Hash functions
2. Digital signatures
3. Checksums
4. Message authentication codes (MAC)
(1) Hash Functions:- A hash function is a mathematical algorithm that
converts data of any size into a fixed-length value, known as a hash value or
message digest. Even a small change in the original data results in a
completely different hash value. In simple words, a hash function creates a
digital fingerprint of data.
Example
1: File Download, When you download
software from a website, a hash value (such as SHA-256) is provided. After
downloading, your system calculates the hash value of the file. If the two hash
values match, it confirms that the file has not been altered.
Example
2: Online Examination, Exam answers
submitted by a students are hashed before transmission. If the data is altered,
the hash value at the server will differ, indicating a loss of integrity.
(2) Digital Signatures:- A digital signature is a cryptographic technique used
to verify the authenticity and integrity of a message. It ensures that the data
has not been altered and confirms the identity of the sender. In simple words,
a digital signature is like a handwritten signature in electronic form.
Example
1: Online Contracts, Digital signatures
are used to sign online agreements. Any change in the document invalidates the
signature, ensuring integrity.
Example
2: Government Documents, Digital
signatures are used in income tax filing systems to ensure documents are not
altered.
(3) Checksums:- A checksum is a simple mathematical value calculated from the data and
used to detect errors or changes during transmission. In simple words, a
checksum is a basic integrity check value.
Example
1: Data Transmission, When data packets
are transmitted over a network, checksums help detect transmission errors.
Example
2: File Transfer, If a file is corrupted
during download, the checksum value changes, indicating data corruption.
(4) Message Authentication Codes (MAC):- A Message Authentication Code (MAC) is a cryptographic
value used to ensure data integrity and authenticity. It is generated using a
secret key and a message. In simple words, MAC ensures that data comes from a
trusted sender and is not modified.
Example
1: Secure Network Communication, MAC is
used in secure communication protocols to verify that messages have not been
altered.
Example
2: Banking Systems, MAC ensures that
financial transaction messages are not modified.
(3) AVAILABILITY:- Availability ensures that network systems, services, and data are
accessible to authorized users whenever required. It focuses on maintaining
uninterrupted access to resources even in the presence of failures or attacks. In
simple words, availability means the system
should always be operational and usable.
Explanation:- Even if confidentiality and integrity are well
maintained, a network becomes useless if authorized users cannot access it.
Availability can be affected by hardware failures, software crashes, natural
disasters, or cyber-attacks such as Denial of Service (DoS) and Distributed
Denial of Service (DDoS) attacks. Network security measures ensure that systems
remain available and continue functioning under such conditions. Availability
is especially important for critical services such as banking, healthcare,
education, and government systems.
Examples of
Availability:-
(1) University Admission
Portal:- During online admissions, the university website must remain
accessible to thousands of students. If the server crashes due to an attack,
availability is lost.
(2) Online Banking Services:-Customers should be able to access banking services
at any time. Server downtime affects availability.
(3) Hospital Systems:- Medical records and systems must be available 24/7
for patient care.
Techniques Used to Maintain Availability:-
1. Backup servers and systems
2. Data backups and recovery
plans
3. Load balancing
4. Protection against DoS and
DDoS attacks
(1) Backup Servers and Systems:- Backup servers and systems are additional servers or hardware systems that are
kept ready to take over operations when the primary system fails. In simple
words, backup servers act as standby systems.
Example
1: Banking System, Banks use backup
servers to ensure that ATM and online banking services remain available even if
the main server fails.
Example
2: University Website, If a university
admission portal crashes due to high traffic, a backup server takes over and
keeps the website running.
(2) Data Backups and Recovery Plans:-Data backups involve creating copies of important data
and storing them in a secure location. A recovery plan defines the steps
required to restore data and systems after a failure or attack. In simple
words, this technique ensures that data can be recovered if something goes
wrong.
Example
1: Hospital Records, Hospitals back up
patient records regularly. If the system crashes, data can be restored quickly
without affecting patient care.
Example
2: Office Files, Companies back up their
data daily so that work can continue even after system failure.
(3) Load Balancing:- Load balancing is the process of distributing network
traffic evenly across multiple servers to prevent overload. In simple words,
load balancing shares the workload.
Example
1: E-Commerce Website, During festival
sales, millions of users access shopping websites. Load balancing ensures
smooth service by distributing traffic across multiple servers.
Example
2: Online Examination System, During
online exams, load balancing helps manage thousands of students accessing the
system simultaneously.
(4) Protection Against DoS and DDoS Attacks:- A Denial of Service (DoS) attack attempts to make a
system unavailable by overwhelming it with fake traffic.
A Distributed Denial of Service
(DDoS) attack uses multiple compromised systems to launch a large-scale attack.
Example
1: Government Websites, Government
portals are often targeted by DDoS attacks. Security mechanisms ensure that
legitimate users can still access services.
Example
2: Online Gaming Platforms, Gaming
servers use DDoS protection to ensure uninterrupted gameplay.
SECURITY THREATS AND
VULNERABILITIES:-
SECURITY THREATS :- Cyber security threats are
malicious acts designed to steal or destroy sensitive data, compromise computer
systems or identities, disrupt or damage business operations, and in general,
disturb digital life. Common types of cyber threats include malware, ransomware,
denial of service (DoS), and SQL injection attacks.
Another
meaning of the term cyber threats refers to the potential for successful
cyberattacks on organizations. This is also known as the attack surface. For
example, any computing system that has a known security vulnerability
(weakness) is exposed to imminent cyber threats. To address threats and
security weaknesses, both present and future, many organizations are adopting
practices and technologies for advanced threat protection.
Cyber
threats are performed by a variety of threat actors, both inside and outside an
organization. Threat actors can include individual hackers, organized
cybercrime groups, state sponsored hacks, hacktivists (who attack in the name
of a social cause), and malicious insiders who abuse their privileges to access
an organization’s computing systems.
Types of Security Threats and How to Protect Against Them :-
Types of Security Threats:-
1. Malware Attacks
2. Phishing and Social
Engineering
3. Data Breaches
4. Denial of Service (DoS)
Attacks
5. Man-in-the-Middle (MitM)
Attacks
6. Insider Threats
7. IoT Vulnerabilities
8. Password Attacks
9. E-commerce and Online
Transaction Risks
10. Identity Theft and Fraud
(1) Malware Attacks:- Malware, short for malicious software, takes various forms, including
viruses, worms, Trojans, and ransomware. These programs are designed to
infiltrate systems, steal data, or disrupt operations. Malware often spreads
through infected emails, websites, or software downloads.
Types of Malware:
ü Viruses: Attach
themselves to legitimate programs and spread when those programs are executed.
ü Worms: Self-replicating
programs that spread across networks without user interaction.
ü Trojans: Deceptive
software that appears legitimate but performs malicious actions.
ü Ransomware: Encrypts
user data and demands payment for its release.
Prevention and Mitigation:-
·
Keep software and systems up to date.
·
Use reputable antivirus and antimalware software like McAfee, NortonLifeLock,
or Trend Micro.
·
Be cautious when clicking on links or downloading files from unknown
sources.
(2) Phishing and
Social Engineering:- Phishing
is a tactic where attackers impersonate legitimate entities to deceive
individuals into revealing sensitive information, such as passwords or credit
card numbers. Social engineering exploits human psychology to manipulate
victims into taking actions that benefit the attacker.
Common Phishing
Techniques:-
ü Spear Phishing: Targets
specific individuals with tailored messages.
ü Whaling: Targets
high-profile individuals, like CEOs or government officials.
ü Baiting: Offers
something enticing in exchange for personal information.
Protection Strategies:-
·
Be skeptical of unsolicited emails.
·
Verify the legitimacy of websites before entering credentials.
·
Educate employees about phishing techniques.
(3) Data Breaches:- A data breach occurs when unauthorized parties gain
access to sensitive information. Breaches can lead to identity theft, financial
fraud, and reputational damage for individuals and organizations.
Causes of Data Breaches:
ü Weak passwords and lack of proper authentication.
ü Unpatched software vulnerabilities.
ü Insider negligence or malicious intent.
Mitigation Measures:
·
Encrypt sensitive data.
·
Implement multi-factor authentication.
·
Regularly update and patch software.
(4) Denial of Service (DoS)
Attacks:- DoS attacks overwhelm a system or network with
excessive traffic, causing services to become unavailable. This can lead to
financial losses, downtime, and tarnished reputation.
Types of DoS Attacks:
ü TCP SYN Flood: Exploits
the TCP handshake process.
ü Ping Flood: Overwhelms
the target with ICMP echo request packets.
ü Distributed DoS (DDoS): Coordinated attack from multiple sources.
Defensive Tactics:
·
Use firewalls and intrusion detection systems.
·
Partner with a content delivery network (CDN) to absorb traffic spikes.
(5) Man-in-the-Middle
(MitM) Attacks:- MitM attacks involve intercepting communications
between two parties without their knowledge. Attackers can eavesdrop, alter, or
inject malicious content into the communication flow.
Common MitM Scenarios:
ü Unsecured public Wi-Fi
networks.
ü Tampered hardware or software.
ü Compromised routers or
switches.
Preventive Steps:
·
Use secure, encrypted connections (HTTPS).
·
Regularly update and secure networking equipment.
·
Employ VPNs (Virtual Private Networks) for secure browsing on public
networks.
(6) Insider Threats:- Insider threats originate from within an organization and can be either
malicious or unintentional. Malicious insiders exploit their access for
personal gain, while unintentional threats stem from human error.
Forms of Insider
Threats:
ü Sabotage or theft by disgruntled
employees.
ü Accidental data exposure due
to negligence.
Mitigating Insider Threats:
ü Implement strict access
controls.
ü Conduct regular security
awareness training.
ü Monitor user activity for
suspicious behavior.
(7) IoT Vulnerabilities:- The Internet of Things (IoT)
encompasses interconnected devices that communicate over the internet.
Vulnerabilities (weakness) in IoT devices can expose users to privacy breaches
and unauthorized access.
IoT Security
Challenges:
·
Lack of robust security measures in many IoT devices.
·
Vulnerable firmware and lack of regular updates.
Securing IoT Devices:
·
Change default passwords.
·
Update device firmware regularly.
·
Segment IoT devices from critical networks.
(8) Password Attacks:- Password attacks involve attempts to gain
unauthorized access by exploiting weak passwords. Attackers can use techniques
like brute force and dictionary attacks to crack passwords.
Protecting Passwords:-
·
Use strong, unique passwords for each account.
·
Enable multi-factor authentication (MFA) whenever possible.
·
Employ password managers to securely store passwords.
9. E-commerce and Online Transaction Risks:- Online
shopping and financial transactions are convenient but also expose users to
various risks, including fraudulent websites, fake payment gateways, and stolen
financial information.
Online Transaction
Security:
·
Ensure the website uses HTTPS encryption.
·
Verify the legitimacy of online merchants.
·
Use secure payment methods like credit cards with fraud
protection.
10. Identity Theft and Fraud :-
Identity
theft involves stealing someone’s personal information for financial gain.
Cybercriminals use stolen identities to commit fraud, open accounts, and make
unauthorized transactions.
Preventive Measures:-
·
Monitor your financial accounts and credit reports for
suspicious activity.
·
Shred sensitive documents before disposing of them.
·
Use identity theft protection services to detect and respond to
threats.
SECURITY
VULNERABILITIES:-
A
security vulnerability is any unintended characteristic of a computing
component that can be easily exploited by a threat actor. It is a weakness or
flaw (A flaw is unintended functionality. This may either be a result of poor
design or through mistakes made during implementation. Flaws may go undetected
for a significant period of time.) in a system, network, or software
application that can potentially harm your entire IT infrastructure. These
vulnerabilities can range from software bugs to weak authentication mechanisms.
Vulnerabilities
can also affect government agencies, industry, and critical infrastructure,
such as power or water-treatment plants, local and federal government agencies,
hospitals, banking institutions, and more. A successful attack against any of
these entities could be catastrophic, resulting in massive data breaches or
even injuries and death.
Causes of Software Vulnerabilities:-
1. Lack of input validation
2. Unverified uploads
3. Cross-site scripting
4. Unencrypted data, etc.
Type of Vulnerabilities:-
(1) Hardware Vulnerability:- Weaknesses or flaws in
physical devices (like computers or routers) that hackers can exploit to gain
unauthorized access or cause damage.
For
example:-
(a) Physical Attacks:- Hardware devices like
servers, laptops, or smartphones are susceptible to physical attacks. Attackers
may gain access to critical systems by stealing or tampering with hardware.
(b) Firmware Vulnerabilities: The software
that runs on hardware, known as firmware, can have vulnerabilities. Flaws in
firmware can lead to persistent attacks, as they are not always detected or
patched as frequently as software.
Causes
of Hardware Vulnerability:-
(a) Old version of systems or devices
(b) Unprotected storage
( c) Unencrypted devices, etc.
(2) Software Vulnerability:- Flaws or bugs in software
(such as apps or operating systems) that can be used by hackers to compromise
the system, often due to coding mistakes or outdated software.
For
example:
(a) Unpatched Software:- One of the most common vulnerabilities is the
failure to install security updates or patches. Software vendors frequently
release updates to address security flaws, and neglecting to apply these
patches can leave systems open to exploitation.
(b) Weak Authentication:- Many systems trust
on weak authentication methods such as simple passwords or unencrypted login
forms, which can be exploited by attackers to gain unauthorized access.
Causes
of Software Vulnerabilities:-
(a) Lack of input validation
(b) Unverified uploads
( c) Cross-site scripting
(d) Unencrypted data, etc.
(3) Network Vulnerability:- A network vulnerability is a
weakness or flaw in the design, implementation, or configuration of a computer
network that attackers can exploit to gain unauthorized access, steal data, or
disrupt services. These vulnerabilities can exist in hardware (routers,
switches), software (servers, protocols), or network configurations.
For
example:-
(a) Unsecured Wireless Networks:- Wi-Fi
networks that are not properly secured with strong passwords or encryption can
be easily accessed by attackers. Once inside the network, an attacker can
intercept communications, gain access to devices, or launch attacks against
connected systems.
(b) Open Ports:- Unnecessary or open ports
on a device can serve as gateways for attackers to exploit. Proper
configuration of firewalls is essential to ensure only necessary ports are open
and accessible.
Causes
of Network Vulnerability:-
(a) Unprotected communication
(b) Malware or malicious software
(e.g.:Viruses, Keyloggers, Worms, etc)
(c ) Social engineering attacks
(d) Misconfigured firewalls
(4) Human Vulnerabilities:- Security risks caused by human behavior, such as falling for phishing attacks, using weak passwords, or not being aware of security threats, making it easier for hackers to exploit the system.
For
Example:-
(a) Social Engineering:- Human behavior is
often the weakest link in cyber security. Attackers use social engineering
tactics to manipulate individuals into disclosing confidential information or
performing actions that compromise security. Phishing, baiting, and pretexting
are common social engineering methods.
(b) Lack of Security Awareness:- A lack of
training and awareness about cyber security best practices can leave
individuals and organizations vulnerable to attacks. Users may fail to
recognize phishing emails or may click on malicious links without thinking.
(5) Procedural Vulnerability:- Weaknesses in the processes or rules organizations follow, like using default passwords or failing to monitor activities, which can allow attackers to bypass security.
For
example:-
(a) Default Configurations:- Many devices,
applications, and systems come with default settings that are not optimized for
security. Leaving these defaults unchanged, such as using default administrator
passwords, can provide attackers with an easy way into the system.
(b) Inadequate Logging and Monitoring:-
Failure to implement adequate logging and monitoring can prevent organizations
from detecting unauthorized access or malicious activities in a timely manner.
A lack of monitoring can allow an attacker to maintain persistent access
without detection.
SECURITY CONTROLS AND DEFENSE MECHANISMS:-
Security
controls are parameters implemented to protect various forms of data and
infrastructure important to an organization. Security controls refer to any
type of safeguard or countermeasure used to avoid, detect, counteract or
minimize security risks to physical property, information, computer systems or
other assets. Security controls are countermeasures or safeguards used to
reduce the chances that a threat will exploit a vulnerability (weakness).
Security
controls help organizations comply with regulations and standards, ensuring
business continuity and safeguarding organizational assets. Properly
implemented, these controls manage risk by preventing unauthorized access, data
breaches, and other cyber threats. They form the backbone of an organization’s
approach to building a secure operational environment, laying the groundwork
for monitoring and incident response strategies.
TYPES OF SECURITY CONTROLS:-
There are three main types of IT security controls including:-
(1) Physical (2) Technical (3) Administrative
(1) Physical Controls:- Physical controls are tangible protections implemented to safeguard hardware and facilities from unauthorized access or damage. These include barriers such as locks, fences, biometrics, surveillance systems, and guards. Their primary function is to prevent physical intrusion that could lead to data breaches or equipment theft. These controls are essential in controlling access to sensitive areas, ensuring that only authorized personnel can reach critical infrastructure components.
Physical
controls play a role in disaster recovery planning by safeguarding backup
systems and maintaining continuity during power outages or natural disasters.
Environmental monitoring systems also fall under this category, protecting
assets from temperature fluctuations, humidity, and other conditions that might
compromise equipment integrity.
Examples
of physical controls are:-
·
Closed-circuit surveillance cameras
·
Motion or thermal alarm systems
·
Security guards
·
Picture IDs
·
Locked and dead-bolted steel doors
·
Biometrics (includes fingerprint, voice, face, iris, handwriting, and
other automated methods used to recognize individuals)
(2) Technical Controls:- Technical controls use
technology to protect information systems and networks from cyber threats.
These include tools like firewalls, encryption, antivirus software, intrusion
detection systems, and access controls. They automate the process of monitoring
and responding to cyber threats, managing the vast volume of data and potential
vulnerabilities (weakness). Technical controls are often the first line of
defense in identifying and mitigating threats.
Technical
controls adapt to new threats, often through regular updates and patches that
address known vulnerabilities. This adaptability is crucial, especially in
environments experiencing rapid technological changes or facing sophisticated
cyber-attacks. Continual assessment and fine-tuning are necessary to maintain
the efficacy of these technical measures.
Examples
of technical controls include:-
·
Encryption
·
Antivirus And Anti-Malware Software
·
Firewalls
·
Security Information And Event Management (SIEM)
·
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
(3) Administrative Controls:- Administrative controls
involve policies, procedures, and practices that manage the security framework
within an organization. These include security policies, training programs,
access management, and risk assessments designed to guide personnel on best
practices for data protection. Administrative controls set the organizational
tone, influencing the security culture and ensuring compliance through
structured oversight.
Administrative
controls are critical for incident response planning and executing regular
security audits. They establish roles and responsibilities, ensuring everyone
understands their part in maintaining security. By emphasizing employee
training and devotion to security policies, these controls reduce human error
and improve the overall effectiveness of security measures.
The
processes that monitor and enforce the administrative controls are:-
·
Management controls:- The
security controls that focus on the management of risk and the management of
information system security.
·
Operational controls:- The
security controls that are primarily implemented and executed by people (as
opposed to systems).
(4) Cloud security:- It is controls include
measures that you take in cooperation with a cloud services provider to offer
the necessary protection for data and workloads. If your organization runs
workloads on the cloud, you must meet their corporate or business policy
security requirements and industry regulations.
CYBER SECURITY- DEFENSE MECHANISM:-
BASIC DEFENSE MECHANISM:-
(1) Anti-Viruses/Anti-Malware/Anti-Spyware:-
Malwares are
malicious software or piece of code, that damages our system. Anti- Viruses or
Anti-Malwares are a type of utility used for scanning and removing viruses from
your computer. The definition of the viruses are uploaded into the antivirus
software’s database, and the program scans the database for potential theft and
filters them out of the system.
(2) Biometric Security:- Our biometrics are unique
and it is something that we are and can’t be taken from us by any means. So, it
is one of the best possible way to secure our data as no one in the world
except us can open or unlock our data. Of course, there are ways to forge our
biometrics, but it requires lots of resources and skills which is not easily
accessible to every attackers.
(3) Multifactor
Authentication:- It uses more than authentication factor to ensure maximum security to our
data.
Most
common authentication factors are:-
(a) Something we have[OTP, Decryption Key,
etc]
(b) Something we know[Passcode, Password,
etc]
(c ) Something we are[Biometrics]
(4) Cryptography:- It is a method of changing a
plain text into a cipher text using different encryption algorithm, so that if
there is a breach in confidentiality, the attacker cannot decipher the text, as
they do not possess the decryption key.
Cryptography
+ Cryptanalysis = Cryptology
(a) Symmetric Key Cryptography:- The key for
the encryption and decryption is same and it is known as secret key. Some
common Symmetric key algorithm are: AES, DES, IDEA, RC4
(b) Asymmetric Key Cryptography:- The key
for encryption and decryption are different. Both the sender and receiver have
a private [Both Sender and Receiver has different Private Key] and public
key[Same for everyone]. The keys are combined together to form the encryption
and decryption key. Some common algorithm for asymmetric key encryption are:
RSA, ECC.
Applications
of Cryptography are:-
·
Authentication / Digital
Signature.
·
Password Protection.
·
PGP (Pretty Good Privacy), SMIME- Email Security.
·
IPSec, SSL & TLS.
·
Encrypting File Systems.
(5) Firewalls:- Firewall is a security
system that monitors the incoming and outgoing traffic based on the
predetermined security rules. It is like a semipermeable wall between a client
and the server or internet. It filters out all the untrusted network from
accessing the client’s data.
Types of firewalls:-
(i) Packet-Filtering Firewalls: It filters
the packets that are incoming and outgoing the system.
(ii) Circuit-Level Gateways:- A circuit-level
gateway is a type of firewall. Circuit-level gateways work at the session layer
of the OSI model, or as a “shim-layer” between the application layer and the
transport layer of the TCP/IP stack. They monitor TCP handshaking between
packets to determine whether a requested session is legitimate.
(iii) Stateful Inspection Firewall:- In
computing, a stateful firewall is a network-based firewall that individually
tracks sessions of network connections traversing it. Stateful packet
inspection, also referred to as dynamic packet filtering, is a security feature
often used in non-commercial and business networks.
(iv) Application-Level Gateway(Proxy
Firewalls):- An application-proxy firewall is a server program that
understands the type of information being transmitted — for example, HTTP or
FTP. It functions at a higher level in the protocol stack than do packet-filtering
firewalls, thus providing more opportunities for the monitoring and control of
accessibility.
(v) Next-Gen Firewalls:- A
next-generation firewall is a part of the third generation of firewall
technology, combining a traditional firewall with other network device
filtering functions, such as an application firewall using in-line deep packet
inspection, an intrusion prevention system.
Critical Defense Mechanism:-
(1) Risk Management:- To understand risk, we
need to first understand, vulnerability and threat. Vulnerability is the
weakness of a system. The exploitation of a system’s vulnerability is known as
threat. So, after knowing vulnerability and threat, the formula of risk stands
out to be:
Risk
= Known Vulnerability + Possible Threat
The
process of reducing risk is known as risk management.
The
risk management process include:-
(i) Identification of Risks
(ii) Risk Assessment steps are:-
Step
1: Determine Information Value
Step
2: Identify and Prioritize Assets
Step
3: Identify Threats
Step
4: Identify Vulnerability
Step
5: Analyze controls and implement new controls
Step
6: Calculate the likelihood and impact of various Scenarios on a per year
basis.
Step
7: Prioritize risks based on the cost of prevention vs information value.
Step
8: Document results in risk assessment report
(iii) Risk Mitigation Plans:- plans are
·
Risk Acceptance
·
Risk Transfer
·
Risk Avoidance
·
Risk Reduction
(iv) Implementation and Monitoring
(v) Review and Update Risks
(2) Security Control:- The particular mechanisms implemented
in order to mitigate the risk, in order to implement security into the system
is known as security control.
(9) Incidence Response:- Security incidence is an
event that complies that the particular system might be compromised.
(i) Incidence Response Plan:-
·
Preparation
·
Identification
·
Containment
·
Eradication
·
Recovery
·
Lessons Learned
(ii) Digital Forensics:-
·
Identification
·
Preservation
·
Collection
·
Analyze
·
Documentation
(iii) Backup and Recovery:-
THE END, UNIT-1 ( INTRODUCTION TO NETWORK SECURITY )
No comments:
Post a Comment
PLEASE DO LEAVE YOUR COMMENTS