SECURITY PRACTICES

UNIT – 1
1. Model of network security?
The network security model represents the secure communication between sender and
receiver. This model depicts how the security service has been implemented over the network
to prevent the opponent from causing a threat to the authenticity or confidentiality of the data
that is being communicated through the network.

providing security have two components:

1. A security-related transformation on the information to be sent.

2. Some secret information is shared by the two principals and, it is hoped, unknown to the
opponent.

A trusted third party may be needed to achieve secure transmission. For example, a third party
may be responsible for distributing the secret information to the two principals while keeping it
from any opponent. Or a third party may be needed to arbitrate disputes between the two
principals concerning the authenticity of a message transmission. This model shows that there
are four basic tasks in designing a particular security service:

1. Design an algorithm for performing the security-related transformation.

2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of secret information.
4. Specify a protocol to be used by the two principals that make use of the security algorithm and
the secret information to achieve a particular security service.

Network Security Model

A Network Security Model exhibits how the security service has been designed over the
network to prevent the opponent from causing a threat to the confidentiality or authenticity of
the information that is being transmitted through the network.

three components discussed below:

1. Transformation of the information which has to be sent to the receiver. So, that any
opponent present at the information channel is unable to read the message. This indicates the
encryption of the message.

It also includes the addition of code during the transformation of the information which will be
used in verifying the identity of the authentic receiver.
2. Sharing of the secret information between sender and receiver of which the opponent must
not any clue. Yes, we are talking of the encryption key which is used during the encryption of
the message at the sender’s end and also during the decryption of message at receiver’s end.

3. There must be a trusted third party which should take the responsibility of distributing the
secret information (key) to both the communicating parties and also prevent it from any
opponent.

The network security model presents the two communicating parties sender and receiver who
mutually agrees to exchange the information. The sender has information to share with the
receiver.

But sender cannot send the message on the information cannel in the readable form as it will
have a threat of being attacked by the opponent. So, before sending the message through the
information channel, it should be transformed into an unreadable format.

Secret information is used while transforming the message which will also be required when
the message will be retransformed at the recipient side. That’s why a trusted third party is
required which would take the responsibility of distributing this secret information to both the
parties involved in communication.

So, considering this general model of network security, one must consider the following four
tasks while designing the security model.

1. To transform a readable message at the sender side into an unreadable format, an

appropriate algorithm should be designed such that it should be difficult for an opponent to
crack that security algorithm.
 2. Next, the network security model designer is concerned about the generation of the secret
information which is known as a key.
This secret information is used in conjunction with the security algorithm in order to transform
the message.

3. Now, the secret information is required at both the ends, sender’s end and receiver’s end. At
sender’s end, it is used to encrypt or transform the message into unreadable form and at the
receiver’s end, it is used to decrypt or retransform the message into readable form.
So, there must be a trusted third party which will distribute the secret information to both
sender and receiver. While designing the network security model designer must also
concentrate on developing the methods to distribute the key to the sender and receiver.
An appropriate methodology must be used to deliver the secret information to the
communicating parties without the interference of the opponent.

You are well aware of the attackers who attack your system that is accessible through the
internet. These attackers fall into two categories:

1. Hacker: The one who is only interested in penetrating into your system. They do not cause
any harm to your system they only get satisfied by getting access to your system.

2. Intruders: These attackers intend to do damage to your system or try to obtain the
information from the system which can be used to attain financial gain.

The attacker can place a logical program on your system through the network which can affect
the software on your system. This leads to two kinds of risks:

a. Information threat: This kind of threats modifies data on the user’s behalf to which actually
user should not access. Like enabling some crucial permission in the system.

b. Service threat: This kind of threat disables the user from accessing data on the system.

2. OSI security architecture in security practices?

The OSI (Open Systems Interconnection) Security Architecture defines a systematic approach
to providing security at each layer. It defines security services and security mechanisms that
can be used at each of the seven layers of the OSI model to provide security for data
transmitted over a network.

OSI Security Architecture focuses on these concepts:

• Security Attack:
• Security mechanism: A security mechanism is a means of protecting a system, network, or
device against unauthorized access, tampering, or other security threats.
• Security Service:
 OSI Security Architecture is categorized into three broad categories namely Security Attacks,
Security mechanisms, and Security Services. We will discuss each in detail:

1. Security Attacks:

A security attack is an attempt by a person or entity to gain unauthorized access to disrupt or

compromise the security of a system, network, or device. These are defined as the actions that
put at risk an organization’s safety. They are further classified into 2 sub-categories:

A. Passive Attack:

Attacks in which a third-party intruder tries to access the message/ content/ data being shared
by the sender and receiver by keeping a close watch on the transmission or eave-dropping the
transmission is called Passive Attacks. These types of attacks involve the attacker observing or
monitoring system, network, or device activity without actively disrupting or altering it. Passive
attacks are typically focused on gathering information or intelligence, rather than causing
damage or disruption.

Here, both the sender and receiver have no clue that their message/ data is accessible to some
third-party intruder. The message/ data transmitted remains in its usual form without any
deviation from its usual behavior. This makes passive attacks very risky as there is no
information provided about the attack happening in the communication process. One way to
prevent passive attacks is to encrypt the message/data that needs to be transmitted, this will
prevent third-party intruders to use the information though it would be accessible to them.

Passive attacks are further divided into two parts based on their behavior:

• Eavesdropping: This involves the attacker intercepting and listening to communications

between two or more parties without their knowledge or consent. Eavesdropping can be
performed using a variety of techniques, such as packet sniffing, or man-in-the-middle attacks.
• Traffic analysis: This involves the attacker analyzing network traffic patterns and metadata to
gather information about the system, network, or device. Here the intruder can’t read the
message but only understand the pattern and length of encryption. Traffic analysis can be
performed using a variety of techniques, such as network flow analysis, or protocol analysis.
 B. Active Attacks:

Active attacks refer to types of attacks that involve the attacker actively disrupting or altering
system, network, or device activity. Active attacks are typically focused on causing damage or
disruption, rather than gathering information or intelligence. Here, both the sender and
receiver have no clue that their message/ data is modified by some third-party intruder. The
message/ data transmitted doesn’t remain in its usual form and shows deviation from its usual
behavior. This makes active attacks dangerous as there is no information provided of the attack
happening in the communication process and the receiver is not aware that the data/ message
received is not from the sender.

Active attacks are further divided into four parts based on their behavior:

• Masquerade is a type of attack in which the attacker pretends to be an authentic sender in

order to gain unauthorized access to a system. This type of attack can involve the attacker using
stolen or forged credentials, or manipulating authentication or authorization controls in some
other way.
• Replay is a type of active attack in which the attacker intercepts a transmitted message through
a passive channel and then maliciously or fraudulently replays or delays it at a later time.
• Modification of Message involves the attacker modifying the transmitted message and making
the final message received by the receiver look like it’s not safe or non-meaningful. This type of
attack can be used to manipulate the content of the message or to disrupt the communication
process.
• Denial of service (DoS) attacks involve the attacker sending a large volume of traffic to a
system, network, or device in an attempt to overwhelm it and make it unavailable to legitimate
users.

2. Security Mechanism

The mechanism that is built to identify any breach of security or attack on the organization, is
called a security mechanism. Security Mechanisms are also responsible for protecting a system,
network, or device against unauthorized access, tampering, or other security threats. Security
mechanisms can be implemented at various levels within a system or network and can be used
to provide different types of security, such as confidentiality, integrity, or availability.

Some examples of security mechanisms include:

• Encipherment (Encryption) involves the use of algorithms to transform data into a form that
can only be read by someone with the appropriate decryption key. Encryption can be used to
protect data it is transmitted over a network, or to protect data when it is stored on a device.
• Digital signature is a security mechanism that involves the use of cryptographic techniques to
create a unique, verifiable identifier for a digital document or message, which can be used to
ensure the authenticity and integrity of the document or message.
• Traffic padding is a technique used to add extra data to a network traffic stream in an attempt
to obscure the true content of the traffic and make it more difficult to analyze.
• Routing control allows the selection of specific physically secure routes for specific data
transmission and enables routing changes, particularly when a gap in security is suspected.

3. Security Services:

Security services refer to the different services available for maintaining the security and safety
of an organization. They help in preventing any potential risks to security. Security services are
divided into 5 types:

• Authentication is the process of verifying the identity of a user or device in order to grant or
deny access to a system or device.
• Access control involves the use of policies and procedures to determine who is allowed to
access specific resources within a system.
• Data Confidentiality is responsible for the protection of information from being accessed or
disclosed to unauthorized parties.
• Data integrity is a security mechanism that involves the use of techniques to ensure that data
has not been tampered with or altered in any way during transmission or storage.
• Non- repudiation involves the use of techniques to create a verifiable record of the origin and
transmission of a message, which can be used to prevent the sender from denying that they
sent the message.

Benefits of OSI Architecture:

Below listed are the benefits of OSI Architecture in an organization:

1. Providing Security:

• OSI Architecture in an organization provides the needed security and safety, preventing
potential threats and risks.
• Managers can easily take care of the security and there is hassle-free security maintenance
done through OSI Architecture.

2. Organising Task:

• The OSI architecture makes it easy for managers to build a security model for the organization
based on strong security principles.
• Managers get the opportunity to organize tasks in an organization effectively.

3. Meets International Standards:

• Security services are defined and recognized internationally meeting international standards.
• The standard definition of requirements defined using OSI Architecture is globally accepted.
 3. Intrusion detection system in security practices?
A system called an intrusion detection system (IDS) observes network traffic for malicious
transactions and sends immediate alerts when it is observed. It is software that checks a
network or system for malicious activities or policy violations. Each illegal activity or violation is
often recorded either centrally using a SIEM system or notified to an administration. IDS
monitors a network or system for malicious activity and protects a computer network from
unauthorized access from users, including perhaps insiders. The intrusion detector learning task
is to build a predictive model (i.e. a classifier) capable of distinguishing between ‘bad
connections’ (intrusion/attacks) and ‘good (normal) connections

How does an IDS work?

• An IDS (Intrusion Detection System) monitors the traffic on a computer network to detect any
suspicious activity.
• It analyzes the data flowing through the network to look for patterns and signs of abnormal
behavior.
• The IDS compares the network activity to a set of predefined rules and patterns to identify any
activity that might indicate an attack or intrusion.
• If the IDS detects something that matches one of these rules or patterns, it sends an alert to the
system administrator.
• The system administrator can then investigate the alert and take action to prevent any damage
or further intrusion.

Classification of Intrusion Detection System

IDS are classified into 5 types:

• Network Intrusion Detection System (NIDS): Network intrusion detection systems (NIDS) are
set up at a planned point within the network to examine traffic from all devices on the network.
It performs an observation of passing traffic on the entire subnet and matches the traffic that is
passed on the subnets to the collection of known attacks. Once an attack is identified or
abnormal behavior is observed, the alert can be sent to the administrator. An example of a
 NIDS is installing it on the subnet where firewalls are located in order to see if someone is trying
to crack the firewall.

Host Intrusion Detection System (HIDS): Host intrusion detection systems (HIDS) run on
independent hosts or devices on the network. A HIDS monitors the incoming and outgoing
packets from the device only and will alert the administrator if suspicious or malicious activity is
detected. It takes a snapshot of existing system files and compares it with the previous
snapshot. If the analytical system files were edited or deleted, an alert is sent to the
administrator to investigate. An example of HIDS usage can be seen on mission-critical
machines, which are not expected to change their layout.

• Protocol-based Intrusion Detection System (PIDS): Protocol-based intrusion detection system

(PIDS) comprises a system or agent that would consistently reside at the front end of a server,
controlling and interpreting the protocol between a user/device and the server. It is trying to
secure the web server by regularly monitoring the HTTPS protocol stream and accepting the
related HTTP protocol. As HTTPS is unencrypted and before instantly entering its web
 presentation layer then this system would need to reside in this interface, between to use the
HTTPS.
• Application Protocol-based Intrusion Detection System (APIDS): An application Protocol-based
Intrusion Detection System (APIDS) is a system or agent that generally resides within a group of
servers. It identifies the intrusions by monitoring and interpreting the communication on
application-specific protocols. For example, this would monitor the SQL protocol explicitly to
the middleware as it transacts with the database in the web server.
• Hybrid Intrusion Detection System: Hybrid intrusion detection system is made by the
combination of two or more approaches to the intrusion detection system. In the hybrid
intrusion detection system, the host agent or system data is combined with network
information to develop a complete view of the network system. The hybrid intrusion detection
system is more effective in comparison to the other intrusion detection system. Prelude is an
example of Hybrid IDS.

Benefits of IDS

• Detects malicious activity: IDS can detect any suspicious activities and alert the system
administrator before any significant damage is done.
• Improves network performance: IDS can identify any performance issues on the network,
which can be addressed to improve network performance.
• Compliance requirements: IDS can help in meeting compliance requirements by monitoring
network activity and generating reports.
• Provides insights: IDS generates valuable insights into network traffic, which can be used to
identify any weaknesses and improve network security.

Detection Method of IDS

1. Signature-based Method: Signature-based IDS detects the attacks on the basis of the specific
patterns such as the number of bytes or a number of 1s or the number of 0s in the network
traffic. It also detects on the basis of the already known malicious instruction sequence that is
used by the malware. The detected patterns in the IDS are known as signatures. Signature-
based IDS can easily detect the attacks whose pattern (signature) already exists in the system
but it is quite difficult to detect new malware attacks as their pattern (signature) is not known.
2. Anomaly-based Method: Anomaly-based IDS was introduced to detect unknown malware
attacks as new malware is developed rapidly. In anomaly-based IDS there is the use of machine
learning to create a trustful activity model and anything coming is compared with that model
and it is declared suspicious if it is not found in the model. The machine learning-based method
has a better-generalized property in comparison to signature-based IDS as these models can be
trained according to the applications and hardware configurations.

[Link] Prevention system in security practices?

 What is an intrusion prevention system? An intrusion prevention system (IPS) is a network
security tool (which can be a hardware device or software) that continuously monitors a
network for malicious activity and takes action to prevent it, including reporting, blocking, or
dropping it, when it does occur.

Intrusion Prevention System is also known as Intrusion Detection and Prevention System. It is a
network security application that monitors network or system activities for malicious activity.
Major functions of intrusion prevention systems are to identify malicious activity, collect
information about this activity, report it and attempt to block or stop it.

Intrusion prevention systems are contemplated as augmentation of Intrusion Detection

Systems (IDS) because both IPS and IDS operate network traffic and system activities for
malicious activity.

IPS typically record information related to observed events, notify security administrators of
important observed events and produce reports. Many IPS can also respond to a detected
threat by attempting to prevent it from succeeding. They use various response techniques,
which involve the IPS stopping the attack itself, changing the security environment or changing
the attack’s content.

Types of IPS

There are two main types of IPS:

1. Network-Based IPS: A Network-Based IPS is installed at the network perimeter and monitors all
traffic that enters and exits the network.
2. Host-Based IPS: A Host-Based IPS is installed on individual hosts and monitors the traffic that
goes in and out of that host.

Network-based intrusion prevention system (NIPS):

It monitors the entire network for suspicious traffic by analyzing protocol activity.

Wireless intrusion prevention system (WIPS):

It monitors a wireless network for suspicious traffic by analyzing wireless networking protocols.

Network behavior analysis (NBA):

It examines network traffic to identify threats that generate unusual traffic flows, such as
distributed denial of service attacks, specific forms of malware and policy violations.

Host-based intrusion prevention system (HIPS):

It is an inbuilt software package which operates a single host for doubtful activity by scanning
events that occur within that host.

Detection Method of Intrusion Prevention System (IPS):

1. Signature-based detection:
Signature-based IDS operates packets in the network and compares with pre-built and
preordained attack patterns known as signatures.

2. Statistical anomaly-based detection:

Anomaly based IDS monitors network traffic and compares it against an established baseline.
The baseline will identify what is normal for that network and what protocols are used.
However, It may raise a false alarm if the baselines are not intelligently configured.

3. Stateful protocol analysis detection:

This IDS method recognizes divergence of protocols stated by comparing observed events with
pre-built profiles of generally accepted definitions of not harmful activity.

Comparison of IPS with IDS:

The main difference between Intrusion Prevention System (IPS) with Intrusion Detection
Systems (IDS) are:

1. Intrusion prevention systems are placed in-line and are able to actively prevent or block
intrusions that are detected.
2. IPS can take such actions as sending an alarm, dropping detected malicious packets, resetting a
connection or blocking traffic from the offending IP address.
3. IPS also can correct cyclic redundancy check (CRC) errors, defragment packet streams, mitigate
TCP sequencing issues and clean up unwanted transport and network layer options.

[Link] web applications in security practices?

1. Carry Out a Full-Scale Security Audit

The best way to ensure that you’re following optimal web application security practices and
identifying security loopholes within your systems is to regularly conduct security audits. This
will help you to keep on top of potential security vulnerabilities hidden within the web
application and remain safe from targeted breaches.

For a comprehensive and objective viewpoint, you should appoint a third-party testing team
that has the necessary skills and experience to do the job right. With their professional security
experience and lack of exposure to the code, they’ll be better trained to do penetration testing
and help your team identify vulnerabilities that need to be patched or otherwise mitigated. A
security audit is typically one of the following types:
• Black Box Security Audit: This type of security audit is a ‘hacker style’ audit where no
information is asked about the web application and it’s tested for exploitable security
vulnerabilities. Basically, you only give the blackbox audit team the relevant URL of the web
application. (You don’t want to make it too easy, right?)
• White Box Security Audit: This process is the opposite of the black box approach we just
discussed. In a white box audit, important information (including your code base) is often
shared with the team performing the audit. The aim of the white box audit is to ensure all best
practices are being followed right from secure coding practices to optimal configurations of
cloud infrastructure.
• Gray Box Security Audit: As the name suggests, a gray box audit is a mix of black box and white
box audits where some important information like testing account credentials is provided
before performing the security audit.

Once a security audit finishes, the next step is to work on fixing all the found vulnerabilities. The
best way to prioritize the fixing is to categorize the vulnerabilities by their impact and start with
the highest-impact vulnerabilities.

2. Ensure Your Data Is Encrypted (Both In Transit and At Rest)

Whenever someone visits your web application, they might share confidential information on
your website that needs to be protected from eavesdroppers. Ensuring data is encrypted in
transit between the visitor’s browser and your server becomes important.

This is where SSL/TLS encryption comes into play. SSL/TLS encrypts all the communications that
occur between your website visitors and your website via the secure HTTPS protocol.
Encrypting this data in transit not only helps establish trust in your website visitors but also
comes with SEO benefits, too. That’s because Google loves websites with SSL. (Google counts
the use of HTTPS as one of their search engine’s ranking factors.) According to BuiltWith,
65.76% of the top one million websites now use SSL/TLS.

Still, there are websites that are running without SSL or using weak encryption. This is high time
to start using an SSL to ensure that your customer’s data is secure when they are accessing your
website.

Image graphic courtesy of Astra Security. An illustration that emphasizes the importance of web
applications.

Similarly, data at rest also requires the implementation of encryption standards to prevent
server-side interventions. Employees from the inside, official staff, or systems administrators
can take copies of or completely remove your drives, making all security barriers useless. A few
best practices to protect data at rest include:

• Implementing network firewalls to ensure relevant protection against threats from within the
network.
• Encrypting sensitive data with the strongest algorithms prior to storing it.
• Storing data in secure, password-protected databases on a separate server.
• Investing in infrastructure security.

3. Implement Real-Time Security Monitoring

Next on our list of web application security best practices is real-time security monitoring.
While a security audit helps strengthen your web application’s core by helping patch all
vulnerabilities, something more is needed for continuous 24/7 protection. That’s where a WAF
comes in.

A web application firewall (WAF) covers all the aspects related to real-time monitoring of your
web application’s security posture. A WAF helps you block any malicious-looking activity in your
website or web app in real-time such as:

• SQL injections,
• XSS attacks, or
• bad bots trying to launch DDoS attacks or scrape content from your website).

However, there may be situations where WAFs end up showing false positives and miss signs of
security being compromised. Therefore, in addition to a WAF, you also may want to use an
application security management platform (ASMP) (e.g., Sqreen) or a Runtime Application
Self-Protection (RASP) tool. These solutions modify themselves according to your security
needs and provide real-time monitoring of threats and protection. Here’s how each of these
helps:

• ASMP (Application Security Management Platforms): An ASM is embedded in your application

and helps you protect your web application against unknown threats in real-time. It monitors
various protocols beyond the application layer like FTP, ICMP, SOAP, TCP etc.
• Runtime Application Self-Protection (RASP): RASP is a technology that runs on your server and
analyzes the behavior of your web application and the context of user inputs. If it detects
anything unusual or malicious, it immediately ends the session or blocks the bad actors.

Using a WAF can be a good starting point for businesses. Based on their needs, eventually,
more complex tools can be introduced further down the road.

4. Follow Proper Logging Practices

Not all security vulnerabilities are risky enough to catch the preliminary attention of scanners or
firewalls. To tackle this, proper logging practices need to be implemented. This will make sure
that you have details of what happens at what time, how the situation occurred, and what else
was happening at the same time.
 In order to capture data relating to security incidents or events, the right tools need to be put in
place for logging them. Logging tools provide an excellent feedback mechanism to firewalls and
security scanners too. You can use tools such as Linux Syslog, ELK stack, PaperTrail, etc. Logging
also ensures that in case of a breach, the task of tracing the cause and even the threat actor
becomes easier. Without proper logging in place, post-incident forensics becomes a daunting
task.

5. Continuously Check for Common Web Application Vulnerabilities

For this, following the OWASP Top 10 list of web application security vulnerabilities should be
enough. It’s important to stay on top of and test your web application regularly to ensure
they’re resilient against such threats as they present critical threats to your web application.
Injection attacks, broken authentication and session management, cross-site scripting attacks,
and sensitive data exposure are a few of the common vulnerabilities that make it to the list.

6. Implement Security Hardening Measures

Here are a couple of components that will require security hardening measures beyond their
default settings:

• Maximum script execution time: Script execution time defines how long a particular script can
run on your server. It’s a good idea to define this based on your application’s use case. Having a
low number as maximum execution time might be a good idea as it would narrow the attack
possibilities by attackers.
• Disable modules: It’s always a good idea to disable modules or extensions on your web server
that are not used by the application. This reduces the attack surface area.
• Add a content security policy: A strong content policy prevents malicious infections like
redirection malware from taking over by specifying trusted redirect URLs.

7. Carry Out Regular Vulnerability Scans and Updates

As we mentioned at the beginning, more than 50 new vulnerabilities are found every day.
Hackers are quick to identify websites running vulnerable software with these vulnerabilities.
The next step hackers follow is to find ways to exploit these weaknesses. That’s why
continuously testing your web applications for vulnerabilities is our last (but not least)
important web application security best practice to mention.

Further, all servers where web applications are hosted should be up-to-date with the latest
security releases. This process can be conducted through manual review or with automated
tools (Unattended Upgrades, the Automatic Updates feature on Windows, etc.). Most software
languages, dynamic or static, have package managers that allow them to manage and maintain
external dependencies with automation during deployment. This procedure will also ensure
that you remain updated on the latest security vulnerabilities and initiate protection measures
for your web application.
[Link] in security practices?

The Open Web Application Security Project, or OWASP, is an international non-profit

organization dedicated to web application security. One of OWASP’s core principles is that all of
their materials be freely available and easily accessible on their website, making it possible for
anyone to improve their own web application security. The materials they offer include
documentation, tools, videos, and forums. Perhaps their best-known project is the OWASP Top
10.

What is the OWASP Top 10?

The OWASP Top 10 is a regularly-updated report outlining security concerns for web application
security, focusing on the 10 most critical risks. The report is put together by a team of security
experts from all over the world. OWASP refers to the Top 10 as an ‘awareness document’ and
they recommend that all companies incorporate the report into their processes in order to
minimize and/or mitigate security risks.

Below are the security risks reported in the OWASP Top 10 2017 report:

1. Injection

Injection attacks happen when untrusted data is sent to a code interpreter through a form
input or some other data submission to a web application. For example, an attacker could enter
SQL database code into a form that expects a plaintext username. If that form input is not
properly secured, this would result in that SQL code being executed. This is known as an SQL
injection attack.

Injection attacks can be prevented by validating and/or sanitizing user-submitted data.

(Validation means rejecting suspicious-looking data, while sanitization refers to cleaning up the
suspicious-looking parts of the data.) In addition, a database admin can set controls to minimize
the amount of information an injection attack can expose.

2. Broken Authentication

Vulnerabilities in authentication (login) systems can give attackers access to user accounts and
even the ability to compromise an entire system using an admin account. For example, an
attacker can take a list containing thousands of known username/password combinations
obtained during a data breach and use a script to try all those combinations on a login system
to see if there are any that work.

Some strategies to mitigate authentication vulnerabilities are requiring two-factor

authentication (2FA) as well as limiting or delaying repeated login attempts using rate limiting.
3. Sensitive Data Exposure

If web applications don’t protect sensitive data such as financial information and passwords,
attackers can gain access to that data and sellor utilize it for nefarious purposes. One popular
method for stealing sensitive information is using an on-path attack.

Data exposure risk can be minimized by encrypting all sensitive data as well as disabling the
caching* of any sensitive information. Additionally, web application developers should take
care to ensure that they are not unnecessarily storing any sensitive data.

*Caching is the practice of temporarily storing data for re-use. For example, web browsers will
often cache webpages so that if a user revisits thosepages within a fixed time span, the browser
does not have to fetch the pages from the web.

4. XML External Entities (XEE)

This is an attack against a web application that parses XML* input. This input can reference an
external entity, attempting to exploit a vulnerability in the parser. An ‘external entity’ in this
context refers to a storage unit, such as a hard drive. An XML parser can be duped into sending
data to an unauthorized external entity, which can pass sensitive data directly to an attacker.

The best ways to prevent XEE attacks are to have web applications accept a less complex type
of data, such as JSON**, or at the very least to patch XML parsers and disable the use of
external entities in an XML application.

*XML or Extensible Markup Language is a markup language intended to be both human-

readable and machine-readable. Due to its complexity and security vulnerabilities, it is now
being phased out of use in many web applications.

**JavaScript Object Notation (JSON) is a type of simple, human-readable notation often used to
transmit data over the internet. Although it was originally created for JavaScript, JSON is
language-agnostic and can be interpreted by many different programming languages.

5. Broken Access Control

Access control refers a system that controls access to information or functionality. Broken
access controls allow attackers to bypass authorization and perform tasks as though they were
privileged users such as administrators. For example a web application could allow a user to
change which account they are logged in as simply by changing part of a url, without any other
verification.

Access controls can be secured by ensuring that a web application uses authorization tokens*
and sets tight controls on them.
*Many services issue authorization tokens when users log in. Every privileged request that a
user makes will require that the authorization token be present. This is a secure way to ensure
that the user is who they say they are, without having to constantly enter their login
credentials.

6. Security Misconfiguration

Security misconfiguration is the most common vulnerability on the list, and is often the result of
using default configurations or displaying excessively verbose errors. For instance, an
application could show a user overly-descriptive errors which may reveal vulnerabilities in the
application. This can be mitigated by removing any unused features in the code and ensuring
that error messages are more general.

7. Cross-Site Scripting

Cross-site scripting vulnerabilities occur when web applications allow users to add custom code
into a url path or onto a website that will be seen by other users. This vulnerability can be
exploited to run malicious JavaScript code on a victim’s browser. For example, an attacker could
send an email to a victim that appears to be from a trusted bank, with a link to that bank’s
website. This link could have some malicious JavaScript code tagged onto the end of the url. If
the bank’s site is not properly protected against cross-site scripting, then that malicious code
will be run in the victim’s web browser when they click on the link.

Mitigation strategies for cross-site scripting include escaping untrusted HTTP requests as well as
validating and/or sanitizing user-generated content. Using modern web development
frameworks like ReactJS and Ruby on Rails also provides some built-in cross-site scripting
protection.

8. Insecure Deserialization

This threat targets the many web applications which frequently serialize and deserialize data.
Serialization means taking objects from the application code and converting them into a format
that can be used for another purpose, such as storing the data to disk or streaming it.
Deserialization is just the opposite: converting serialized data back into objects the application
can use. Serialization is sort of like packing furniture away into boxes before a move, and
deserialization is like unpacking the boxes and assembling the furniture after the move. An
insecure deserialization attack is like having the movers tamper with the contents of the boxes
before they are unpacked.

An insecure deserialization exploit is the result of deserializing data from untrusted sources,
and can result in serious consequences like DDoS attacks and remote code execution attacks.
While steps can be taken to try and catch attackers, such as monitoring deserialization and
implementing type checks, the only sure way to protect against insecure deserialization attacks
is to prohibit the deserialization of data from untrusted sources.
 9. Using Components With Known Vulnerabilities

Many modern web developers use components such as libraries and frameworks in their web
applications. These components are pieces of software that help developers avoid redundant
work and provide needed functionality; common example include front-end frameworks like
React and smaller libraries that used to add share icons or a/b testing. Some attackers look for
vulnerabilities in these components which they can then use to orchestrate attacks. Some of
the more popular components are used on hundreds of thousands of websites; an attacker
finding a security hole in one of these components could leave hundreds of thousands of sites
vulnerable to exploit.

Component developers often offer security patches and updates to plug up known
vulnerabilities, but web application developers don’t always have the patched or most-recent
versions of components running on their applications. To minimize the risk of running
components with known vulnerabilities, developers should remove unused components from
their projects, as well as ensuring that they are receiving components from a trusted source
and ensuring they are up to date.

10. Insufficient Logging And Monitoring

Many web applications are not taking enough steps to detect data breaches. The average
discovery time for a breach is around 200 days after it has happened. This gives attackers a lot
of time to cause damage before there is any response. OWASP recommends that web
developers should implement logging and monitoring as well as incident response plans to
ensure that they are made aware of attacks on their applications.

UNIT – 2
1. Internet Security in security practices?
Internet security is a central aspect of cybersecurity, and it includes managing cyber threats and risks
associated with the Internet, web browsers, web apps, websites and networks. The primary purpose
of Internet security solutions is to protect users and corporate IT assets from attacks that travel over the
Internet.

Internet Security Threats

The Internet carries numerous types of risks for an organization. Some of the leading threats
include:

• Malware: The Internet is one of the primary delivery mechanisms for malware, which can be embedded
in malicious or compromised websites or attached to an email. Once malware has gained access to a
 system, it can encrypt or steal data, impair system functionality, hijack the infected system or take other
actions to hurt an organization.
• Phishing: Phishing emails are a leading delivery mechanism for malware and a common form of social
engineering used for data theft. This Internet-based attack vector is common and effective because it
targets the person behind the computer, attempting to trick or coerce them into doing the attacker’s
bidding.
• Data Loss: Data can be stolen from an organization over the Internet in various ways. Malware may
collect or steal information; through human error, an employee may accidentally divulge it; or a user
may send themselves or store sensitive enterprise and customer data within personal accounts (such as
online storage and webmail accounts).
• Credential Compromise: Cybercriminals collect user credentials to gain access to corporate systems or
log into online accounts. Credentials can be stolen via data breaches of user databases, collected via
phishing sites or compromised through credential stuffing or through guessing weak and reused
passwords.
• Malicious Websites: Many sites on the Internet are malicious or inappropriate for business use.
Employees visiting these sites on corporate machines could be infected with malware, compromise their
credentials, or access inappropriate or illegal content on company-owned systems.

Components Of Internet Security

Internet security solutions should provide comprehensive protection against Internet-borne

cyber threats. Crucial capabilities include:

• URL Filtering: URL filtering solutions enable an organization to block users from visiting certain types of
websites on company-owned machines. URL filtering can be used to block access to known-bad sites
and to prevent employees from visiting sites with illegal or inappropriate content or ones that can
negatively impact employee productivity (such as social media).
• Malicious Download Prevention: Malicious content can be downloaded from a website or attached to
an email. An Internet security solution should detect and block malicious content en-route to the user’s
device, before it enters the network or is downloaded to the user’s system, eliminating the threat to the
organization. This typically involves a sandboxing solution.
• Anti-Bot Protection: If an employee’s computer is infected with a malware bot client, it may
communicate with command and control (C2) servers or other bots controlled by an attacker. An
internet security solution detects and blocks this malicious traffic.
• Data Loss Prevention: Employees may leak corporate data intentionally or inadvertently on malicious
websites, via email, or through insecure cloud-based data storage. Internet security solutions should
scan Internet traffic for sensitive and protected types of data and prevent them from being exposed
outside of the organization.
• Phishing Protection: Phishing attacks are some of the most common cyberattacks and can have a
significant impact on corporate cyber and data security. Internet security solutions should integrate
email scanning and anti-phishing protections to identify and block suspected phishing emails from
reaching the intended recipient’s inbox.
• Browser Exploit Prevention: Websites are able to run scripts within a user’s browser, which can exploit
unpatched or zero-day browser vulnerabilities. Browser exploit prevention helps to detect and block the
execution of this malicious code.
• Zero-Day Attack Prevention: Traditional, signature-based defenses protect against known exploits but
are often blind to novel attacks. Zero-day attack prevention in an internet security solution detects and
blocks novel attacks.

Internet Security With Check Point

Check Point Harmony Suite offers an integrated cybersecurity architecture providing protection
against a range of cyber threats, including Internet threats. Check Point Harmony Browse
enables employees to safely browse the Internet from anywhere using security integrated into
the browser. Check Point Harmony Connect offers enterprise-level security delivered via a
cloud-based secure web gateway (SWG) service.

Need help figuring out which to choose? Learn more about Harmony Browser by signing up for
a free demo. You’re also welcome to explore the features of Harmony Connect by signing up for
a free demo or free trial.

An intranet is a private network within a business that allows workers to securely exchange
company information and computer resources. An intranet can also be utilized for group
collaboration and teleconferences.

Intranets promote internal communication inside a company. They provide employees with
easy access to critical information, links, applications, forms, and business records databases.
To ensure intranet security, a database including all of the usernames of workers with network
access permissions is frequently utilized.

Internal Threats

• Employee Error or Negligence: This is the most common threat to the security of your intranet
and happens when your data security policies aren't adequately enforced or are weak.
Ultimately, workers may end up unintentionally leaving breaches for cyberattackers to exploit.
• Accidental Intranet Exposure: Sensitive data is accidentally placed in a location accessible from
the Web. The news stories about improper usage of Amazon S3 permissions (and other cloud
storage) fall into this category.
• Insider Theft: This is similar —and sometimes mistakenly seen as— employee negligence, but in
this case, the employee breaches the system and accesses insider data knowingly with
malicious purposes.

External Threats

• Physical Theft: Cyberattackers can coordinate seemingly harmless attacks and steal office
equipment like pen drives or hard drives to gain access to employee data or passwords. Plus,
 hackers can also gain access to your network by gaining access to your routers or physical
servers.
• Interception of Data During Transit: Another security challenge for intranets is that data is
particularly vulnerable during transit. Many companies use insecure protocols like HTTP and
don't encrypt their data, which results in lost data packages that malicious hackers can
intercept.
• Hacking: Direct hacking involving a third party is always possible, especially if your company
deals with sensitive data or financial records. Potential hacking can come in denial-of-service
attacks, phishing, malware or virus, and ransomware.

2. Intranet Security Best Practices?

In order to have a safe and secure intranet, you need to protect the stored data. Now that you
know the potential threats to your company, let's talk about some best practices you need to
follow to protect your organization's intranet from cyberattacks.

1. Establish a Comprehensive Security Policy

While it's possible that your company has some data security measures in place, it's likely that
you overlooked your intranet data security, especially if you're using a legacy intranet. Take
some time to review your security policies and measures and make sure they also protect your
remote workers' digital workplace, and that the protection extends to your mobile intranet.
Once you've reviewed your actions, delineate a plan with steps for a rapid response if a data
breach occurs.
2. Strengthen Your Log-in Protocols
While we're all aware of the potential dangers of weak passwords, the truth is that many
people still rely on them. Modern intranets, however, protect you from picking weak passwords
and enable more secure log-in protocols such as Single Sign-on (SSO), Active Directory (AD), or
Lightweight Directory Access Protocols (LDAP). Protocols like this enable a seamless, centralized
authentication management process that also enables secure mobile access to your corporate
intranet.
3. Enact Access Control
It's necessary to limit the amount of information your employees have access to unless it
relates to their job.. An intranet platform with granular roles and permissions capabilities can
help control access and reduce potential internal data breaches. For instance, by creating
permissions for different intranet users based on their roles, you make sure that employees
have access to only the information they need, increasing their productivity and reducing time
lost looking for information.
4. Meet Global Security Standards
Security standards exist for a reason, and it's always a good idea to follow them as closely as
possible to prevent a security breach or cyberattacks. Also, for regulated industries such as
healthcare, government, and financial institutions, security standards aren't an option, and
your intranet needs to meet compliance regulations to operate. A modern intranet like dotCMS
offers users a GDPR, SOC2, HIPAA, and ISO 9001-compliant platform that protects your data
and simplifies compliance efforts.
5. Secure Third-party Integrations
Modern intranets can be extended using third-party software. Third-party software enables
greater flexibility and functionality but also introduces security risks to your corporate intranet.
For your intranet to be safe and secure, you need to make sure that every piece of software you
integrate is protected from end to end. API-based integrations, for example, need to offer
secure endpoints and shouldn't expose your private API data, details about the intranet, or your
employees.
6. Never Forget to Update
Updates always introduce new complexities and risks to your company intranet. However, not
updating is not an option either, as new threats and security vulnerabilities emerge every day.
Legacy intranets, for example, require manual updates that can break your system and damage
functionality, which results in potential data loss or the exposure of sensitive information. With
a modern intranet, these concerns largely disappear as SaaS-based products carry out
automatic updates.
7. Choose a Modern Intranet Platform
Lastly, make sure you choose the right tool for your business. Assess your company needs and
decide whether you need an open-source intranet or proprietary software. Decide between a
monolithic solution or a best-of-breed platform and determine the architecture and the
functionalities your intranet needs to have to support your employees. The intranet platform
you choose will play a vital role in how you will be able to approach security and how safe your
information is against malicious attacks.

3. Local Area Network Security in security practices?

The most common strategy to secure a Local Area Network is installing a firewall resource
behind a single access point such as an initial wireless router. Administrators can also secure
routers and switches that are required to create the network (both wired and wireless).

LAN stands for Local Area Network. A Local Area Network (LAN) is a set of computers and
associated devices that send a common communications line or wireless connection and share
the resources of an individual processor or server inside a small geographic area generally
within an office building.

Generally, the server has applications and data storage that are shared in common by several
computer users. A local area network can serve as few as two or three users (for instance, in a
home network) or as some thousands of users.

LANs have become commonplace in several organizations for supporting telecommunications

network capabilities that connect end users in offices, branches, and some work groups.
Ethernet is commonly used LAN technology.

A multiple corporations use the Token Ring technology. FDDI is used as a backbone LAN
interconnecting Ethernet or Token Ring LANs. Another LAN technology, ARCNET, once the most
generally installed LAN technology, is used in the industrial automation market. In some
 situations, a wireless LAN can be preferable to a wired LAN because it is cheaper to set up and
maintain.

A suite of application programmes can be maintain on the LAN server. Users who require an
application frequently can download it once and then run it from their local hard disk. Users can
order printing and several services as required through software run on the LAN server. A user
can send files with others at the LAN server; read and write access is kept by a LAN
administrator. A LAN server can also be used as a Web server if safeguards are taken to protect
internal software and data from external access.

LAN supports access to more computing power, data, and resources than be practical if each
user required a single copy of everything. LAN supports the benefits of personal computing.
LAN can connect multiple offices to one laser printer, fax machine, or modem. This creates a
single element of equipment available to multiple users and prevents unnecessary equipment
purchases.

LAN users can choose personal documents that they need co-workers to see, including
engineering drawings, department plans, contracts, or drafts of memos. Co-workers can view at
these files without delays for printing paper copies. LAN can be used to send and handle
electronic mail and messages.

LAN also supports access to shared databases. The file server is connected to a disk that
includes shared databases, including the firm’s customer list and telephone directory. When a
workstation require data in a shared database, it sends a request message to the document
server, which implements the retrieval from the disk and sends the data to the requesting
workstation. This arrangement prevents maintaining redundant copies of information.

4. Wireless Network Security practices?

The importance of wireless network security cannot be understated. With the proliferation of
mobile devices and the popularity of public Wi-Fi hotspots, the potential for data breaches and
other cybersecurity threats has increased exponentially.

While there are many different steps that can be taken to secure a wireless network, these 12
best practices are essential for ensuring that your data and devices are safe from malicious
actors.

1. Enabling Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security to the login process. It requires users
to enter both a username and password, as well as a code that is generated by an authenticator
app. This makes it more difficult for someone to gain unauthorized access to the network.
To enable two-factor authentication, access the wireless router's configuration page and enable
the feature. Be sure to download an authenticator app such as Google Authenticator or Authy
and have it available when logging in.

You can also consider using passwordless authentication like cloud radius for even more robust
protection. This is an important best practice because if someone does manage to get a hold of
your password, they'll be able to access your network. By using a cloud-based solution, you can
be sure that only authorized users will be able to access your network.

2. Using A Strong Password

Using a strong password is one of the most important best practices for wireless network
security. A strong password is at least eight characters long and includes a mix of upper- and
lower-case letters, numbers, and symbols. Passwords should be changed regularly to ensure
that they remain secure.

3. Encrypting Data

Encrypting data is another important best practice for wireless network security. Data
encryption scrambles data so that it can only be decrypted and read by authorized users. This
helps to protect sensitive information from being accessed by unauthorized individuals.

Encryption can be implemented in a number of ways, including through the use of encryption
software, hardware, or services. Make sure that employees are aware of the importance of
encrypting sensitive data and that they know how to properly encrypt files.

4. Disabling SSID Broadcast

Disabling SSID broadcast is another best practice for wireless network security. When SSID
broadcast is enabled, it allows anyone within range of the wireless network to see the
network's name. You can disable SSID broadcast by accessing the wireless router's
configuration page and disabling the SSID broadcast feature.

The goal is to make it more difficult for unauthorized individuals to connect to the network. The
SSID can still be seen if someone is within range of the network and uses a wireless network
scanner, but it will not be as easily accessible.

5. Using MAC Filtering

Using MAC filtering is another best practice for wireless network security. MAC addresses are
unique identifiers assigned to devices that connect to a network.

By allowing only devices with specific MAC addresses to connect to the network, you can help
to prevent unauthorized access. MAC filtering can be implemented by accessing the wireless
router's configuration page and adding the MAC addresses of devices that are allowed to
connect to the network.

6. Enabling WPA3 Security

Enabling WPA3 security is another best practice for wireless network security. WPA3 is the
most recent and most secure wireless security protocol. It provides stronger protection than
WPA2 and should be used whenever possible.

When shopping around for a router, make sure to look for ones that support this most recent
security protocol. Earlier protocols were easier to compromise, so it is important to make sure
that WPA3 is enabled.

7. Using A VPN

Using a VPN is another best practice for wireless network security. A VPN encrypts all traffic
between a device and the VPN server, making it more difficult for someone to eavesdrop on the
connection. This is especially important when using public Wi-Fi networks, as they are often less
secure than private ones. Be sure to only use VPNs from trusted providers and make sure that
employees are aware of the importance of using a VPN when working remotely.

8. Disabling Remote Administration

Disabling remote administration is another best practice for wireless network security. When
remote administration is enabled, it allows anyone with the proper credentials to access the
router's configuration page and make changes to the network. This can be a security risk, as it
allows unauthorized individuals to potentially gain access to the network. To disable remote
administration, access the wireless router's configuration page and disable the feature. This will
help to prevent unauthorized access to the network.

9. Changing The Default Password

Changing the default password is another best practice for wireless network security. Many
routers come with a default password that is easy to guess. This can be a security risk, as it
allows unauthorized individuals to potentially gain access to the network.

To change the default password, access the wireless router's configuration page and change the
password to something that is more difficult to guess. Be sure to choose a strong password that
is at least 8 characters long and includes a mix of upper and lowercase letters, numbers, and
symbols.
 10. Using A Firewall

Using a firewall is another best practice for wireless network security. A firewall helps to
protect the network by blocking incoming traffic that is not authorized. This can be especially
important in preventing attacks from malware and other malicious software.

To use a firewall, access the wireless router's configuration page and enable the feature. There
are typically two types of firewalls: network-based and host-based. Network-based firewalls are
typically used in business environments, while host-based firewalls can be used on individual
devices.

11. Disabling UPnP

Universal Plug and Play (UPnP) is a protocol that allows devices to automatically discover and
connect to each other. This can be a security risk, as it allows unauthorized devices to
potentially gain access to the network. To disable UPnP, access the wireless router's
configuration page and disable the feature. You can also disable UPnP on individual devices by
accessing the settings menu.

12. Disabling Unnecessary Services

You often find that routers come with a number of unnecessary services enabled. These can be
a security risk, as they can provide potential attackers with information about the network. To
disable unnecessary services, access the wireless router's configuration page and disable any
services that are not needed. This will help to reduce the attack surface of the network.
Common unnecessary services include things like telnet, SSH, and HTTP.

Conclusion

Implementing these best practices for wireless network security is important in order to protect
the network from potential attacks. By disabling unnecessary services, changing the default
password, and enabling two-factor authentication, you can help to make it more difficult for
unauthorized individuals to gain access to the network.

Additionally, using a firewall and disabling UPnP can also help to protect the network. By
following these best practices, you can help to ensure that your wireless network is secure.

5. Wireless Sensor Network Security practices?

Security: WSNs are vulnerable to various types of attacks, such as eavesdropping, jamming,
and spoofing. Ensuring the security of the network and the data it collects is a major challenge.
challenge. Interference: WSNs are often deployed in environments where there is a lot of
interference from other wireless devices.

Analyzed Cryptographic Methods and Primitives

WSNs, as we said, paved the way for a wide range of possible useful use cases involving, as a
consequence, several kinds applications such as the ones related to the military field or the scientific
field but, also, some applications related to smart houses and home automation.

3.1. Advanced Encryption Standard (AES)

The AES is a symmetric block cipher developed as a replacement of the Data Encryption Standard (DES)
algorithm which has been broken in the seventies. AES is a standardized and widely used cipher which
allows the use of three different key lengths:

3.1.1. Confidentiality in AES

Due to the resource constraints which characterize WSNs and the involved devices, we decided to use a
key length of 128 bit for AES. In order to make exchanged data confidential, which means that only
sender and receiver can understand the data carried within the packets.

Integrity and Authentication in AES

To achieve integrity and authentication for the exchanged packets we use a tag. To this purpose, we use
the cipher-based message authentication code (CMAC) algorithm.

Rivest Shamir Adelman (RSA)

The RSA is a cryptographic algorithm which belongs to the asymmetric (or public key) algorithm. Public
key cryptography is an algorithmic, cryptographic system that is based on the use of two keys, a public
and a private key used to cipher and decipher data.
 Confidentiality in RSA
We ensure confidentiality with RSA by ciphering the message with the public key of the target server,
which upon the receipt of the message will decipher it using its own private key see Figure 4. This is the
traditional schema used to ensure confidentiality using the public key cryptography.

Integrity and Authentication in RSA

To achieve integrity and authentication of the exchanged data we leveraged the digital signature
technique. Each sensor will be featured by a couple of keys, a public and a private one. For the case of
integrity and authentication alone, without considering confidentiality, packets, being sent by each
sensor to the server entity are composed of the plaintext message along with the digital signature
computed upon the message using the private key of the sender, ensuring, in this way, that no one can
impersonate him/her (unless their private key is leaked

Elliptic Curve Criptography (ECC)

The ECC is a type of cryptography which is encompassed in the public-key cryptography class. Its
functioning leverages on the algebraic structure of the elliptic curves defined over finite fields. It could
be used for several tasks related to the field of cyber security,

Confidentiality in ECC
As a traditional public key cryptographic algorithm, the ciphering and deciphering steps are carried out
as we described when describing RSA related to confidentiality. The only difference in the case of ECC is
the key generation mechanism which is based on the geometric element called elliptic curve and it has
been proved that this mechanism is very efficient and optimized. So, the sensor uses the public key,
generated using ECC, of the server (the target) to cipher messages, and then the server upon the receipt
of the messages uses its own private key, also generated using ECC, to decipher the ciphertext and get
the plaintext,

Integrity and Authentication in ECC and ECDSA

Digital signatures [37,38] generated using ECDSA guarantee authentication and integrity. The procedure
done to generate and verify the digital signature is the same of that used for the RSA algorithm.

Implemented Attacks and Relative Mitigations

A WSN should always be able to resist attacks so that it can continue to provide its services and,
therefore, it is also necessary that mitigations are introduced for allowing it to continue a normal
network operations [39].

The attacks that will be proposed in this section are:

• energy drain attack;

• impersonation attack.
Energy Drain Attack
As said before, WSNs, in the IoT field, despite the huge benefits they can provide, raise not negligible
security issues due to the inherent security vulnerabilities which could be found inside the
communication protocol or the IoT devices which are involved in these particular networks. Leveraging
these vulnerabilities, an attacker can focus its malicious intent on the most resource- and power-
constrained IoT devices: sensors and actuators which are part of a WSN. The idea, related to the energy
drain attack, also named energy depletion attack [40] is the following: the attacker aims to overwhelm
the target device, in order to force it to execute energy-hungry operations such as receiving a large
number of ping messages, for example. This attack can lead to the complete draining of the devices’
batteries very rapidly. Extending this kind of attack to all the sensors and actuators composing the WSN,
it is clear that to successfully target each device and complete this attack will lead to the shutdown of
the whole WSN. Most of the existing energy drain attacks target the MAC layer. The traditional strategy,
adopted by an attacker,

Energy Drain Attack Targe

ting a Specific Sensor
Energy Drain Attack: Mitigation
Impersonation Attack
Impersonation Attack: Impersonating a Sensor Node against the Legacy Server

Impersonation Attack: Proposed Mitigation

It is more complex to mitigate this kind of security issue. So, we propose several techniques
with relation to the specific cryptographic method that is used. The techniques we will consider
are the following ones:
1. Symmetric cryptography;
2. Public key cryptography.
Use of Symmetric Cryptography
Considering the scenario in which symmetric cryptography is used, each sensor shares with the server a
secret key, which is supposedly unknown to anyone except by the two entities, the sensor, and the
server. In order to mitigate the attack, therefore, sensor nodes send to the server their packets, which
are composed of the message m (as a plaintext), a ciphered field (the one we want to make confidential)
and a 𝑡𝑎𝑔

Use of Asymmetric Cryptography

In this case, each sensor node will keep a couple of keys: a public key and a private key. A packet, sent
by a node, will be composed of the message m (as a plaintext) along with the digital signature, obtained
from the plaintext, and the private key of the sender,
6. Cellular Network Security?
In recent years, cellular networks have become open public networks to which end subscribers have
direct access. This has greatly increased the number of threats to cellular networks. Though cellular
networks have vastly advanced in their performance abilities, the security of these networks still
remains highly outdated. As a result, they are one of the most insecure networks today – so much so,
that using simple off-the-shelf equipment, any adversary can cause major network outages affecting
millions of subscribers. In this chapter, we address the security of cellular networks. We also educate
readers on the current state of security of cellular networks and their vulnerabilities. In addition, we
outline a cellular network specific attack taxonomy–also called the three-dimensional attack taxonomy.
Furthermore, we also discuss the vulnerability assessment tools for cellular networks. Finally, we
provide insights as to why cellular networks are so vulnerable and why securing them can prevent
communication outages during emergencies.

Types of Network Security Protections

• Firewall. Firewalls control incoming and outgoing traffic on networks, with predetermined
security rules. ...
• Network Segmentation. ...
• Remote Access VPN. ...
• Email Security. ...
• Data Loss Prevention (DLP) ...
• Intrusion Prevention Systems (IPS) ...
• Sandboxing. ...
• Hyperscale Network Security.

How secure is cellular network

Mobile devices can connect to the internet in two ways: cellular data or a Wi-Fi network —
either a private or public network. Generally, cellular data is the safest method to connect to
the internet. A private Wi-Fi network is the next best option, and a public network is the least
safe.
7. mobile security in cyber security?
Mobile Device Security refers to the measures designed to protect sensitive information stored on and
transmitted by laptops, smartphones, tablets, wearables, and other portable devices. At the root of
mobile device security is the goal of keeping unauthorized users from accessing the enterprise network.

Definition

Mobile security is the strategy, infrastructure, and software used to protect any device that
travels with users, including smartphones, tablets, and laptops. Cybersecurity for mobile
devices includes protecting data on the local device and the device-connected endpoints and
networking equipment. As mobile devices continue to be a user preference over desktops, they
will be bigger targets for attackers.

Why Is Mobile Security Important?

As more users travel and work from home, mobile devices have become increasingly more
integrated into their everyday lives, including corporate employees. Internet browsing activity
used to be limited to desktops, and employees that traveled were the only ones with laptops.
Now, mobile devices are the preferred way to browse the internet, and traffic from these
devices has become the dominant form of web browsing over desktops.

Mobile devices have a much bigger attack surface than desktops, making them a more
significant threat to corporate security. A desktop is immobile with threats mainly from outside
attackers, but mobile devices are vulnerable to physical and virtual attacks. Users carry mobile
devices with them wherever they go, so administrators must worry about more physical attacks
(e.g., theft and loss) and virtual threats from third-party applications and Wi-Fi hotspots (e.g.,
man-in-the-middle attacks). Stationary desktops don’t move from the corporate network,
making it easier for administrators to control network and endpoint security. With mobile
devices, users can root them, add any app, and physically lose them.

For many of these reasons and more, corporations have a lot more overhead when creating
strategies surrounding mobile devices. Even with the overhead, it’s a critical part of
cybersecurity as mobile devices pose significant threats to data integrity.

Physical Threats

There are two main physical threats to a mobile device: data loss and theft. Natural disasters
are also an issue, which would be the cause of data loss but not data theft. Lost data can be
recovered, but data theft is an expensive issue for organizations. Mobile devices have lock
screens to help stop data theft after a device is stolen, but the technology must be strong
enough to prevent an attacker from bypassing the screen lock by removing the storage device
and extracting the information.

Should the device be stolen, it should request a few PIN attempts to get only to the home
screen before locking the phone. This security feature stops brute-force home screen PIN
attacks. For devices with sensitive data, the company should use wipe applications that delete
all data on the phone after several incorrect home screen PIN attempts. Encrypted storage
drives stop attackers from exfiltrating data directly from the device by bypassing the PIN
feature.

Application Threats

Administrators can block applications from being installed on a desktop, but a user with a
mobile device can install anything. Third-party applications introduce several issues to mobile
device security. Corporations must create a policy surrounding mobile devices to help users
understand the dangers of installing unapproved third-party apps.

Users should not be able to root their phones, but some do, rendering many of the internal
operating system security controls unusable. Third-party applications running on rooted devices
can disclose data to an attacker using a number of attack methods. Third-party applications can
also have hidden malware and keyloggers embedded in the code. Anti-malware programs can
be installed, but rooted devices leave even these applications open to malware manipulation.

Network Threats

With mobile devices – especially bring-your-own-device (BYOD) – they create a threat for the
internal network. It’s not uncommon for malware to scan the network for open storage
locations or vulnerable resources to drop malicious executables and exploit them. This can
happen silently on a mobile device that isn’t adequately secured.
 Administrators can force anyone with a BYOD to have antimalware installed, but it still does not
ensure that the software is up to date. If the corporation offers public Wi-Fi hotspots for
customers and employees, this too can be a point of concern. When employees connect to
public Wi-Fi and transfer data where other users can read data, it leaves the network
vulnerable to man-in-the-middle (MitM) attacks and possible account takeover if the attacker
steals credentials.

Web-Based and Endpoint Threats

Mobile apps connect to data and internal applications using endpoints. These endpoints receive
and process data, and then return a response to the mobile device. The endpoints and any
web-based application add threats to the organization. Endpoints used by the application must
be properly coded with authentication and authentication controls to stop attackers.
Incorrectly secured endpoints could be the target of an attacker who can use them to
compromise the application and steal data.

Because mobile devices have been increasingly more popular, some web-based attacks target
these users. Attackers use sites that look like official websites tricking users into uploading
sensitive data or downloading malicious applications. It’s not uncommon for an attacker to tell
a user that they must download an app to view a video or other media source. Users download
the app and don’t realize it’s a malicious app used to probe the devices for vulnerabilities and
disclose data.

Components of Mobile Security

Organizations that use mobile devices have several options to protect them from attackers.
Components in mobile security can be used to define cybersecurity strategies surrounding
mobile devices. In addition to the infrastructure added to corporate strategy, it’s also important
to create BYOD and mobile device policies that instruct users what can and cannot be installed
on the device.

The following components will help any organization protect from attacks directed towards
mobile devices:

• Penetration scanners: Automated scanning services can be used to find vulnerabilities in endpoints.
While this is not the only cybersecurity that should be used on endpoints, it’s the first step in finding
authentication and authorization issues that could be used to compromise data.
• Virtual Private Network (VPN): Users connecting to the network from a remote location should always
use VPN. VPN services and always on VPN alternatives installed on a mobile device will encrypt data
from the device to the endpoint or from the device to the internal network. Plenty of third-party
services are set up specifically for protecting corporate traffic from a mobile device to the internal
network.
• Auditing and device control: While administrators can’t remote control a smartphone or tablet, they
can require users to install remote wiping capabilities and tracking services. GPS can be used to locate a
stolen device, and remote wiping software will remove all critical data should it be stolen.
• Email security: Phishing is one of the biggest threats to all organizations. Email services are usually
added to a mobile device so that users can obtain their email messages. Any phishing messages could
target mobile devices with malicious links or attachments. Email filters should block messages that
contain suspicious links and attachments.

8. IOT security in cyber security?

IoT security is the process of securing these devices and ensuring they do not introduce threats into a
network. Anything connected to the Internet is likely to face attack at some point. Attackers can try to
remotely compromise IoT devices using a variety of methods, from credential theft to vulnerability
exploits.

What is IoT security?

Internet of Things (IoT) devices are computerized Internet-connected objects, such as

networked security cameras, smart refrigerators, and WiFi-capable automobiles. IoT security is
the process of securing these devices and ensuring they do not introduce threats into a
network.

Anything connected to the Internet is likely to face attack at some point. Attackers can try to
remotely compromise IoT devices using a variety of methods, from credential theft to
vulnerability exploits. Once they control an IoT device, they can use it to steal data, conduct
distributed denial-of-service (DDoS) attacks, or attempt to compromise the rest of the
connected network.

IoT security can be particularly challenging because many IoT devices are not built with strong
security in place — typically, the manufacturer's focus is on features and usability, rather than
security, so that the devices can get to market quickly.

IoT devices are increasingly part of everyday life, and both consumers and businesses may face
IoT security challenges.

What attacks are IoT devices most susceptible to?

Firmware vulnerability exploits

All computerized devices have firmware, which is the software that operates the hardware. In
computers and smartphones, operating systems run on top of the firmware; for the majority of
IoT devices, the firmware is essentially the operating system.
Most IoT firmware does not have as many security protections in place as the sophisticated
operating systems running on computers. And often this firmware is rife with known
vulnerabilities that in some cases cannot be patched. This leaves IoT devices open to attacks
that target these vulnerabilities.

Credential-based attacks

Many IoT devices come with default administrator usernames and passwords. These usernames
and passwords are often not very secure — for instance, "password" as the password — and
worse, sometimes all IoT devices of a given model share these same credentials. In some cases,
these credentials cannot be reset.

Attackers are well aware of these default usernames and passwords, and many successful IoT
device attacks occur simply because an attacker guesses the right credentials.

On-path attacks

On-path attackers position themselves between two parties that trust each other — for
example, an IoT security camera and the camera's cloud server — and intercept
communications between the two. IoT devices are particularly vulnerable to such attacks
because many of them do not encrypt their communications by default (encryption scrambles
data so that it cannot be interpreted by unauthorized parties).

Physical hardware-based attacks

Many IoT devices, like IoT security cameras, stoplights, and fire alarms, are placed in more or
less permanent positions in public areas. If an attacker has physical access to an IoT device's
hardware, they can steal its data or take over the device. This approach would affect only one
device at a time, but a physical attack could have a larger effect if the attacker gains
information that enables them to compromise additional devices on the network.

How are IoT devices used in DDoS attacks?

Malicious parties often use unsecured IoT devices to generate network traffic in a DDoS attack.
DDoS attacks are more powerful when the attacking parties can send traffic to their target from
a wide range of devices. Such attacks are harder to block because there are so many IP
addresses involved (each device has its own IP address). One of the biggest DDoS botnets on
record, the Mirai botnet, is largely made up of IoT devices.

What are some of the main aspects of IoT device security?

Software and firmware updates

IoT devices need to be updated whenever the manufacturer issues a vulnerability patch or
software update. These updates eliminate vulnerabilities that attackers could exploit. Not
having the latest software can make a device more vulnerable to attack, even if it is outdated
by only a few days. In many cases IoT firmware updates are controlled by the manufacturer, not
the device owner, and it is the manufacturer's responsibility to ensure vulnerabilities are
patched.

Credential security

IoT device admin credentials should be updated if possible. It is best to avoid reusing
credentials across multiple devices and applications — each device should have a unique
password. This helps prevent credential-based attacks.

Device authentication

IoT devices connect to each other, to servers, and to various other networked devices. Every
connected device needs to be authenticated to ensure they do not accept inputs or requests
from unauthorized parties.

For example, an attacker could pretend to be an IoT device and request confidential data from
a server, but if the server first requires them to present an authentic TLS certificate (more on
this concept below), then this attack will not be successful.

For the most part, this type of authentication needs to be configured by the device
manufacturer.

Encryption

IoT device data exchanges are vulnerable to external parties and on-path attackers as they pass
over the network — unless encryption is used to protect the data. Think of encryption as being
like an envelope that protects a letter's contents as it travels through the postal service.

Encryption must be combined with authentication to fully prevent on-path attacks. Otherwise,
the attacker could set up separate encrypted connections between one IoT device and another,
and neither would be aware that their communications are being intercepted.

Turning off unneeded features

Most IoT devices come with multiple features, some of which may go unused by the owner. But
even when features are not used, they may keep additional ports open on the device in case of
use. The more ports an Internet-connected device leaves open, the greater the attack surface
— often attackers simply ping different ports on a device, looking for an opening. Turning off
unnecessary device features will close these extra ports.
DNS filtering

DNS filtering is the process of using the Domain Name System to block malicious websites.
Adding DNS filtering as a security measure to a network with IoT devices prevents those devices
from reaching out to places on the Internet they should not (i.e. an attacker's domain).

What is mutual TLS (mTLS)?

Mutual Transport Layer Security (mTLS) is a type of mutual authentication, which is when both
sides of a network connection authenticate each other. TLS is a protocol for verifying the server
in a client-server connection; mTLS verifies both connected devices, instead of just one.

mTLS is important for IoT security because it ensures only legitimate devices and servers can
send commands or request data. It also encrypts all communications over the network so that
attackers cannot intercept them.

mTLS requires issuing TLS certificates to all authenticated devices and servers. A TLS certificate
contains the device's public key and information about who issued the certificate. Showing a
TLS certificate to initiate a network connection can be compared to a person showing their ID
card to prove their identity.

How does Cloudflare help secure IoT devices?

Cloudflare API Shield protects IoT devices by securing IoT APIs through the use of strong client
certificate-based identity and strict schema-based validation. Learn more about Cloudflare API
Shield.

Cloudflare Zero Trust supports mTLS for both IoT devices and an organization's other computing
resources, such as employee laptops and internal servers. To learn more about installing mTLS
using Cloudflare Zero Trust, see our documentation. Or, read more about mTLS.

[Link] Linux in cyber security?

What Is Kali Linux? Kali Linux is an open-source distribution designed for cybersecurity professionals,
ethical hackers, and penetration testers. It is Debian-derived and focused on providing over 600 tools
for penetration testing and security auditing

What is the use of Kali Linux

Kali Linux is mainly used to initiate advanced-level Security Auditing and Penetration Testing.
The OS comprises numerous tools responsible for carrying out tasks like information security,
security research, penetration testing, reverse engineering, and computer forensics.
Features of Kali Linux
• Wide-ranging wireless device support.
• Custom Kernel, patched for injection.
• GPG signed packages and repositories.
• A Trustable operating system.
• Forensic Mode.
• Kali Linux Full Disk Encryption.
• Kali Linux Metapackages.
• Kali Linux accessibility features

Why Kali Linux is secure

Network services disabled by default: Kali Linux contains systemd hooks that disable network
services by default. These hooks allow us to install various services on Kali Linux, while ensuring
that our distribution remains secure by default, no matter what packages are installed.
How to Use Kali Linux

With Kali Linux, ethical hackers can assess the computing infrastructure of an organization and
discover vulnerabilities to be addressed.

Here are the main steps for carrying out penetration testing on a network and the Kali Linux
tools that can be used.

1. Reconnaissance

In this first process, a pen tester collects preliminary information or intelligence on the target,
enabling better planning for the actual attack.

Some Kali Linux reconnaissance tools include

• Recon-ng
• Nmap
• Hping3
• DNSRecon

2. Scanning

In this step, technical tools are utilized to collect more intelligence on the target. For example, a
pen tester can use a vulnerability scanner to identify security loopholes in a target network.
 Some Kali Linux scanning tools include

• Arp-scan
• jSQL Injection
• Cisco-auditing-tool
• Oscanner
• WebSploit
• Nikto

3. Gaining access

In this third step, the ethical hacker infiltrates the target network with the intention of
extracting some useful data or to use the compromised system to launch more attacks.

Some Kali Linux exploitation tools include

• Metasploit Framework
• BeEF (Browser Exploitation Framework)
• Wireshark
• John the Ripper
• Aircrack-ng

4. Maintaining access

Just like the name suggests, this phase requires the pen tester to continue dominating the
target system as long as possible and cause more destruction. It requires tools that can allow
stealthy behavior and under-the-ground operations.

Some Kali Linux tools for maintaining access include

• Powersploit
• Webshells
• Weevely
• Dns2tcp
• Cryptcat
 5. Covering tracks

In this last stage, the hacker removes any sign of past malicious activity on the target network.
For example, any alterations made or access privileges escalated are returned to their original
statuses.

Some Kali Linux tools for covering tracks include

• Meterpreter
• Veil
• Smbexec

Conclusion

Kali Linux cyber security is a useful tool for penetration testing. You should learn the ins and
outs of using the tool so that you can sufficiently guard your critical IT infrastructure from
malicious attackers.

After mastering use of this tool using a Kali Linux tutorial, you’ll feel comfortable carrying out
advanced penetration testing to discover vulnerabilities in your network.

How do you find Kali Linux useful?

Please let me know in the comment section below.

Unit – 3

1. Security Management System?

Security Management System (ISMS) is defined as an efficient method for managing sensitive
company information so that it remains secure. The security management system is a very broad
area that generally includes everything from the supervision of security guards at malls and
museums to the installation of high-tech security management systems that are generally made to
protect an organization’s data. Read on to learn more about this field and get examples of the
types of security management in place today.

Feature of Security Management System:

• Security management relates to the physical safety of buildings, people, and products.
 • Security management is the identification of the organization’s assets.
• Generally, Security Management System is provided to any enterprise for security
management and procedures as information classification, risk assessment, and risk
analysis to identify threats, categorize assets, and rate.

Importance of security management: There are some important aspects of security

management which is generally provided to any organization and which are given below:

[Link] Property: There are principal reasons, that organizations formalize an

innovation management program, is to gain a competitive edge over the competition.
Although if the initial ideation phases are open to everyone, a lot of work goes into
developing and refining those ideas and that refinement is often the difference between
an incremental idea and a transformative one and the companies don’t protect those later
stage refinement activities, then they could lose the competitive edge they gain by
instituting an innovation management program in the first place.

2. Data Integrity: Security Management systems confidence in lots of data to help

prioritize and validate initiatives and generally we could be talking about votes and
comments on ideas, ROI data, and beyond. If security management systems aren’t secure,
this data could be stripped or tampered with. It will be simple to make an idea or project
appear more popular or more valuable if the system can be gamed.

3. Personally Identifiable Information: All who participate in a security management

program share at least their personal information in order to log on to the system and
where privacy is everything – security management systems are provided to protect all
their users as a matter of course.

4. System Interconnectivity: Generally, security management software interacts with a

variety of other systems like project management, social software, and beyond, etc.
Frailness in one system can lead to frailness in others, which is why any security
management system has to be equal to the systems with which it interacts.

[Link] driven system management?

What is policy driven system management?

Policy-based management is a technology that can simplify the complex task of managing
networks and distributed systems. Under this paradigm, an administrator can manage different
aspects of a network or distributed system in a flexible and simplified manner by deploying a set
of policies that govern its behaviour.

What is the policy management architecture in network management?

Policy-based network management enables IT administrators to set policies that manage network
resources and ensure that network bandwidth is appropriately allocated to users. Policies can
determine who has access to certain resources and when those resources are available.
Policy-driven system management or policy-based management (PBM) is a research domain that aims at
automatizing the management of large-scale computing systems. The long-term vision of PBM is that
humans do not need to care for low-level aspects of system management any more, but focus on the
specification of high-level management goals that will be autonomously enforced by computer agents.
Ultimately, computing systems will be comparable to, for instance, biological systems that regulate basic
body functions such as the heart rate without conscious intervention by humans. The promise of PBM
lies on the one hand in reducing system management costs that significantly grew over the last decades,
and, on the other hand, in the improvement of service quality. While PBM has several application
domains, this chapter will focus particularly on its use for securing computing systems according to high-
level security goals.
he benefits of policy management software

• Fewer time demands on policy managers. ...

• Instant audit trails via compliance management solution. ...
• Your policy management solution centralises all key documents and processes. ...
• A cloud-based platform increases flexibility.

Policy Management Challenges [When Poorly Managed]

• 1) Inconsistent Document Creation and Editing.

 • 2) Poor Policy Maintenance.
• 3) Lack of Accountability.
• 4) Outdated Documents.
• 5) Improper Policy Mapping.

2. IT security in cyber security?

Goals of IT Security

Simply put, IT security aims to ensure that computer systems are able to do their jobs. This
largely boils down into protecting the “CIA triad”, which includes:

• Confidentiality: Protecting the privacy of data

• Integrity: Ensuring that data has not been modified
• Availability: Providing continual access to data and systems

Types of IT Security

IT security deals with all aspects of protecting IT assets against cyber threats. The modern
business’s IT assets are spread across multiple different platforms, meaning that IT security must
secure a wide range of different platforms from cybersecurity threats.

IT security includes:

• Identity Security: Identity security includes methods and processes to identify, verify and
authorize machines, devices, users, groups, applications, and functions. This is essential to
identity and access management (IAM).

• Network Security: Network security involves securing on-prem networks, wide area networks
(WAN), and the Internet. Network segmentation, secure transport, secure access and content
inspection to prevent threats are some methods used for securing networks.
• Cloud Security: As organizations increasingly adopt cloud technologies, they need cloud-specific
security solutions. Common aspects of cloud security include solutions for IaaS security
(covering infrastructure and workloads), PaaS security (securing applications and containers),
and SaaS security (protecting office suites and email).
• Endpoint Security: As employees increasingly work from home, endpoint security is more
important than ever. This includes device compliance and threat prevention for both traditional
endpoints and mobile devices and securing Internet of Things (IoT) devices with device
discovery, segmentation, and threat prevention.
 • Application and API Security: Applications and application programming interfaces (APIs) are a
major part of an organization’s attack surface and should be secured via code review, analysis
and runtime analytics. In the modern organization, security is no longer bolted on or added as
an overlay on top of Infrastructure as Code but is included in the CI/CD pipelines as part of Shift
Left Security and DevSecOps initiatives.

• Management: Deploying an array of security solutions means that organizations need to

manage them as well. This includes device configuration, monitoring, optimization, automation,
and orchestration.

• Visibility And Incident Response: The goal of IT security is to protect the organization against
cyber threats. To do so, organizations need to maintain visibility into their network, ingest threat
intelligence, and engage in forensics, threat hunting, and threat mitigation as needed.

IT Security Threats

IT assets are a vital part of how organizations do business and a valuable target for
cybercriminals. A number of threats to IT security exist, including:

• Vulnerability Exploitation: IT assets commonly run software that contains potentially

exploitable vulnerabilities. Cybercriminals can take advantage of this by attacking these systems
directly over the network or sending malicious files to exploit the vulnerabilities.
• Account Takeover: Cybercriminals can steal account credentials via phishing and other social
engineering attacks. With these credentials, attackers can take over user accounts to steal
sensitive data or use them in their attacks.
• Financially-Motivated Attacks: Cybercrime is a business with many opportunities to make
money. These include ransomware, data exfiltration, and Denial of Service (DoS) attacks for
financial extortion.
• Advanced Persistent Threats (APTs): APTs are sophisticated threat actors financed by nation-
states or organized crime. These groups can launch very sophisticated attacks, such as
exploitation of supply chain vulnerabilities.
• Poor Security Practices: Lax security configurations and access controls are a common problem
in both on-prem and cloud-based environments. Examples include the use of default and weak
credentials exploitable via brute force attacks.

IT Security vs Cybersecurity

IT security and cybersecurity are closely related. Both address the security of an organization’s
IT assets and the data that they contain, and this includes protecting these assets against digital
threats. IT may also include measures to secure IT from physical threats.

The main difference between IT security and cybersecurity is that cybersecurity goes beyond IT
security. While cybersecurity encompasses IT security, it also includes other areas, such as
protecting the sensitive and personal data of individuals or consumers and the
telecommunications and critical infrastructure sectors.

3. online identity in security management?

• Identity management practices refer to the strategies, processes, and technologies
organizations implement to effectively manage and secure user identities and access to
various resources within their systems and networks. It involves the administration of user
accounts, authentication methods, authorization mechanisms, and overall governance of
user identities.
• Identity management practices play a crucial role in today’s digital landscape, especially
with the rise of remote work and the adoption of cloud-based environments. By
implementing robust identity management practices, organizations can ensure that the right
individuals have appropriate access to the right resources at the right time while
maintaining security and mitigating potential risks.
• These practices extend beyond simply verifying user identities and granting access
permissions. They encompass various aspects, including identity lifecycle management,
identity provisioning, access request and approval processes, role-based access control,
single sign-on (SSO) solutions, multi-factor authentication (MFA), privileged access
management (PAM), and identity governance and administration (IGA). These practices
help organizations enhance security, streamline user access management, comply with
regulatory requirements, and support efficient and secure collaboration across systems and
applications.
Key Best Practices for Online Security

1. Use Strong Passwords: Creating strong passwords is essential for protecting your online
identity. Ensure that your passwords are at least eight characters long and include a combination
of uppercase and lowercase letters, numbers, and symbols. Avoid using easily guessable
information such as your name, birthdate, or common words. Using unique passwords for each
online account is crucial to minimize the risk of multiple accounts being compromised if one
password is exposed.

2. Enable Two-Factor Authentication: Two-factor authentication (2FA) provides an extra layer

of security for your accounts. In addition to entering your password, 2FA requires a second
verification form, such as a code sent to your mobile device or generated by an authentication app.
By enabling 2FA, even if someone obtains your password, they would still need the additional
authentication factor to access your account, significantly reducing the risk of unauthorized access.

3. Keep Software Up to Date: Regularly updating your Software is vital for maintaining online
security. Software updates often include patches that address security vulnerabilities. Ensure that
your operating system, web browser, and applications are up to date to benefit from the latest
security enhancements and protect against potential exploits.

4. Beware of Phishing Scams: Phishing scams are attempts to deceive individuals into revealing
sensitive information by posing as trustworthy entities. Be cautious when receiving emails,
messages, or calls asking for personal information or directing you to click on suspicious links.
Verify the sender’s email address or phone number, and be skeptical of urgent or unsolicited
requests for sensitive data. Instead of clicking on links provided in emails, manually enter website
addresses or use bookmarks to access trusted sites.

5. Use Antivirus Software: Installing reputable antivirus software is crucial for defending against
viruses, malware, and other malicious Software. Keep your antivirus software current to ensure it
can detect and remove the latest threats. Regularly scan your computer for potential malware and
configure real-time protection features to provide continuous security.

6. Avoid Public Wi-Fi: Public Wi-Fi networks, such as coffee shops or airports, are often
unsecured, making them prime targets for hackers. Avoid accessing sensitive information, such as
online banking or personal accounts, while connected to public Wi-Fi. If you must use public Wi-
Fi, consider using a virtual private network (VPN) to encrypt your internet connection and protect
your data from potential eavesdropping or interception.

7. Monitor Your Accounts: Regularly monitoring your financial and online accounts is essential
for detecting any unauthorized activity promptly. Review your bank statements, credit card
transactions, and other financial records. Set up account alerts or notifications to receive immediate
notifications of any unusual account activities. If you notice any unauthorized transactions or signs
of account compromise, immediately report them to the relevant institution or service provider.

By implementing these best practices for online security, you can significantly enhance your
protection against identity theft, unauthorized access, and other cyber threats. Stay vigilant and
proactive in safeguarding your digital identity and personal information

user management system in cyber security

Though user management has been around for a long time now, especially within the IAM and
ITAM space, it has assumed new importance with introducing cloud-based subscriptions. Recent
trends show that there is a sure shift to cloud-based IAM, granting administrators greater access
and control over digital assets management.

Introduction

User management (UM) is defined as the effective management of users and their accounts,
giving them access to various IT resources like devices, applications, systems, networks, SaaS
services, storage systems, and more.

User management enables administrators to grant access and manage user access and control
user accounts. A user management system forms an integral part of identity and access
management (IAM) and serves as a basic form of security.

Any solution designed to serve multiple users utilizes a UM system that establishes
authorizations and provides secure access to various resources.

Authorization platforms, in turn, maintain an active directory of users, serving essential functions
such as service management, HR, or security.

Deployment of UM helps monitor users better, enhances user experience, and provides access to
essential resources to anyone that requires access.

The Big Shift to the Cloud

Though user management has been around for a long time now, especially within the IAM and
ITAM space, it has assumed new importance with introducing cloud-based subscriptions.

Recent trends show that there is a sure shift to cloud-based IAM, granting administrators greater
access and control over digital assets management.
Cloud services extend user accounts management to cloud infrastructure, web applications, and
non-Windows devices as well.

What Are The Benefits Of User Management?

Now that we know user management, it is now easier to understand how user management
applications solve the riddle of managing multiple user access to various resources.

Through UM, IT administrators can manage resources and access based on need, thereby
keeping digital assets more secure. This also ensures a frictionless experience for the end-user,
significantly improving the user experience.

The advent of cloud-only served to improve user management by opening up access to more web
applications. Users now have many more digital resources available to them, making cloud-
based user management quickly the most preferable system. Furthermore, the effective
management of user identities lays the basis for improved identity access management, an
essential aspect of security.

Key Elements in User Management

User management is a critical aspect of maintaining a secure and organized system for any
organization that deals with user data. There are several key elements that make up user
management, including user authentication, authorization, and access control.

User authentication involves the process of verifying the identity of a user who is attempting to
access a system. This can be done through several methods such as passwords, biometrics, or
two-factor authentication.

Once a user's identity has been confirmed, authorization determines what actions the user is
allowed to perform within the system.

Access control is the process of defining and managing user access to specific resources and data
within the system. This includes managing permissions for different levels of users, such as
administrators, employees, or customers.

User Management Requirements

Though traditional identity and user management solutions featured a central user identity that
can access all of a user’s IT resources, the move to the cloud and new platforms' arrival has
pushed for decentralization.

There are a few requirements to be considered for organizations now seeking to leverage cloud
systems and web-based applications for a centralized user management solution.
1. Delivered from the cloud

Even as most organizations continue to move away from on-premises infrastructure, a

centralized user management system needs to be delivered from the cloud and connect users to
resources both on-premises and in the cloud.

User management solutions of the next generation, often termed Identity-as-a-service (IDaaS),
are fully capable of functioning in any environment, on-premises, in the cloud, and even in
between.

2. Multiprotocol

There are currently many varying systems that leverage different products ranging from LDAP
to SAML, SSH, and RADIUS, among others. For a UM system in a modern network, it should
be capable enough to handle various protocols to connect users to resources.

3. High security

As digital identities turn into valuable technological assets, a centralized UM system becomes a
high-value target. Therefore, central UM systems must employ the latest security measures to
keep out unwanted users.

User management systems are central to organizations' effective functioning and form the core of
identity management as well. A thorough analysis of organizational requirements is always
beneficial to assess the kind of solutions required.

Three Generations of User Management Solutions

Three generations of user management solutions have evolved over time, each addressing the
needs of organizations at different stages of their growth and technology adoption.

The first generation of user management solutions focused on manual processes, with IT
administrators manually creating and managing user accounts and access control. This approach
was time-consuming, error-prone, and limited the scalability of user management.

The second generation of user management solutions addressed the limitations of manual
processes by introducing automation and self-service capabilities. This allowed users to manage
their own accounts and access control, freeing up IT administrators from repetitive and time-
consuming tasks.

However, this approach was still largely based on on-premises solutions and did not support
cloud-based applications and services.

The third generation of user management solutions is designed for the cloud-first, mobile-first
era, providing a centralized platform for managing user identities, access control, and
authentication across multiple cloud and on-premises applications.
These solutions support a wide range of authentication methods, including social login and
multi-factor authentication, and can integrate with existing identity and access management
systems. They also provide advanced analytics and monitoring capabilities to detect and prevent
security threats.

Case study Metasploit

Introduction to Metasploit:

Metasploit is an open-source exploit development framework that provides a platform to create,

test, and execute exploits against different systems. It is widely used in penetration testing and
ethical hacking for identifying vulnerabilities in computer systems and networks. Metasploit was
created by H. Moore in 2003 and was later acquired by Rapid7 in 2009.

Features of Metasploit:

Exploit modules: Metasploit provides a large number of exploit modules that can be used to
exploit vulnerabilities in various systems and applications. These modules are written in Ruby
and can be easily customized and modified to suit specific requirements.

Payloads: Metasploit includes various payloads, which are used to deliver the exploit to the
target system and execute the code. These payloads can be customized to evade detection by
antivirus software.

Meterpreter: Meterpreter is a powerful payload that provides a command shell to the attacker on
the compromised system. It provides complete access to the victim's system and allows the
attacker to perform various operations like file manipulation, system information gathering, and
remote code execution.

Post-exploitation modules: Metasploit provides a wide range of post-exploitation modules that

can be used to perform various tasks on the compromised system, such as privilege escalation,
data exfiltration, and lateral movement.

Integration with other tools: Metasploit can be integrated with other tools like Nmap and
Wireshark, which can enhance its capabilities and provide a comprehensive penetration testing
platform.

Using Metasploit:

To use Metasploit, the first step is to identify the target system and the vulnerabilities that can be
exploited. Once the target system is identified, a suitable exploit module can be selected from the
Metasploit module database. The payload can be customized to avoid detection by antivirus
software, and the exploit can be launched against the target system.

Once the exploit is successful, a Meterpreter session is established with the compromised
system, which can be used to gather information and perform various operations on the victim's
system.

Metasploit can be used by both ethical hackers and cyber criminals, and therefore it is important
to use it responsibly and within the legal boundaries.

Conclusion:

Metasploit is a powerful tool for penetration testing and ethical hacking, and it is widely used by
security professionals to identify vulnerabilities and weaknesses in computer systems and
networks. It is important to use Metasploit responsibly and within the legal boundaries, and to
always seek proper authorization before using it on any system or network.

Metasploit can be used by both ethical hackers and cyber criminals, and therefore it is important

to use it responsibly and within the legal boundaries.

Unit – 4 Cyber security and Cloud security

1. What is Cyber Forensics ?

Cyber forensics is a process of extracting data as proof for a crime (that involves electronic
devices) while following proper investigation rules to nab the culprit by presenting the evidence
to the court. Cyber forensics is also known as computer forensics. The main aim of cyber
forensics is to maintain the thread of evidence and documentation to find out who did the crime
digitally. Cyber forensics can do the following:

• It can recover deleted files, chat logs, emails, etc

• It can also get deleted SMS, Phone calls.
• It can get recorded audio of phone conversations.
• It can determine which user used which system and for how much time.
• It can identify which user ran which program.

Why is cyber forensics important?

in todays technology driven generation, the importance of cyber forensics is immense.

Technology combined with forensic forensics paves the way for quicker investigations and
accurate results. Below are the points depicting the importance of cyber forensics:
 • Cyber forensics helps in collecting important digital evidence to trace the criminal.
• Electronic equipment stores massive amounts of data that a normal person fails to see. For
example: in a smart house, for every word we speak, actions performed by smart devices,
collect huge data which is crucial in cyber forensics.
• It is also helpful for innocent people to prove their innocence via the evidence collected online.
• It is not only used to solve digital crimes but also used to solve real-world crimes like theft cases,
murder, etc.
• Businesses are equally benefitted from cyber forensics in tracking system breaches and finding
the attackers.

The Process Involved in Cyber Forensics

1. Obtaining a digital copy of the system that is being or is required to be inspected.

2. Authenticating and verifying the reproduction.
3. Recovering deleted files (using Autopsy Tool).
4. Using keywords to find the information you need.
5. Establishing a technical report.

How did Cyber Forensics Experts work?

Cyber forensics is a field that follows certain procedures to find the evidence to reach
conclusions after proper investigation of matters. The procedures that cyber forensic experts
follow are:

• Identification: The first step of cyber forensics experts are to identify what evidence is
present, where it is stored, and in which format it is stored.
• Preservation: After identifying the data the next step is to safely preserve the data and
not allow other people to use that device so that no one can tamper data.
• Analysis: After getting the data, the next step is to analyze the data or system. Here the
expert recovers the deleted files and verifies the recovered data and finds the evidence
that the criminal tried to erase by deleting secret files. This process might take several
iterations to reach the final conclusion.
• Documentation: Now after analyzing data a record is created. This record contains all
the recovered and available(not deleted) data which helps in recreating the crime scene
and reviewing it.
• Presentation: This is the final step in which the analyzed data is presented in front of the
court to solve cases.

Types of computer forensics

There are multiple types of computer forensics depending on the field in which digital
investigation is needed. The fields are:

• Network forensics: This involves monitoring and analyzing the network traffic to and from the
criminal’s network. The tools used here are network intrusion detection systems and other
automated tools.
 • Email forensics: In this type of forensics, the experts check the email of the criminal and recover
deleted email threads to extract out crucial information related to the case.
• Malware forensics: This branch of forensics involves hacking related crimes. Here, the forensics
expert examines the malware, trojans to identify the hacker involved behind this.
• Memory forensics: This branch of forensics deals with collecting data from the memory(like
cache, RAM, etc.) in raw and then retrieve information from that data.
• Mobile Phone forensics: This branch of forensics generally deals with mobile phones. They
examine and analyze data from the mobile phone.
• Database forensics: This branch of forensics examines and analyzes the data from databases
and their related metadata.
• Disk forensics: This branch of forensics extracts data from storage media by searching
modified, active, or deleted files.

Techniques that cyber forensic investigators use

Cyber forensic investigators use various techniques and tools to examine the data and some of
the commonly used techniques are:

• Reverse steganography: Steganography is a method of hiding important data inside the digital
file, image, etc. So, cyber forensic experts do reverse steganography to analyze the data and find
a relation with the case.
• Stochastic forensics: In Stochastic forensics, the experts analyze and reconstruct digital activity
without using digital artifacts. Here, artifacts mean unintended alterations of data that occur
from digital processes.
• Cross-drive analysis: In this process, the information found on multiple computer drives is
correlated and cross-references to analyze and preserve information that is relevant to the
investigation.
• Live analysis: In this technique, the computer of criminals is analyzed from within the OS in
running mode. It aims at the volatile data of RAM to get some valuable information.
• Deleted file recovery: This includes searching for memory to find fragments of a partially
deleted file in order to recover it for evidence purposes.

Advantages

• Cyber forensics ensures the integrity of the computer.

• Through cyber forensics, many people, companies, etc get to know about such crimes, thus
taking proper measures to avoid them.
• Cyber forensics find evidence from digital devices and then present them in court, which can
lead to the punishment of the culprit.
• They efficiently track down the culprit anywhere in the world.
• They help people or organizations to protect their money and time.
• The relevant data can be made trending and be used in making the public aware
[Link] is Disk Forensics?

Disk forensics, also known as computer or digital forensics, is a branch of forensic science that
focuses on the collection, preservation, analysis, and interpretation of digital data stored on
computer storage devices, such as hard disk drives (HDDs), solid-state drives (SSDs), and other
media.

The primary goal of disk forensics is to investigate and gather evidence related to computer
crimes or incidents. It involves the systematic examination of digital storage media to recover,
analyse, and interpret data that may be relevant to a legal investigation or an organization's
internal investigation.

How it works?
The following are some key techniques and tools used in disk forensics:

• Identification and Seizure: The first step is to identify and seize the storage media that may
contain relevant digital evidence. This may involve seizing computer systems, hard drives,
mobile devices, or any other storage medium.
• Preservation: Once the storage media is seized, it is crucial to preserve the integrity of the data.
Forensic professionals create a forensic image or exact copy of the storage media using
specialized tools and techniques. This ensures that the original data remains unaltered, and the
investigation can be conducted on a duplicate copy.
• Analysis and Recovery: The forensic image is then analyzed to recover and extract relevant
data. This may include deleted files, email communications, internet browsing history, system
logs, metadata, and other artifacts that can provide insights into user activities and events.
• Data Interpretation: The extracted data is analyzed and interpreted to establish timelines,
reconstruct events, identify patterns, and understand the context of the investigation. This may
 involve correlating data from multiple sources and using forensic tools to reconstruct user
activities.
• Reporting and Presentation: The findings and evidence discovered during the disk forensics
investigation are documented in a detailed report. This report may be used for legal
proceedings, internal investigations, or as evidence in court. Forensic professionals may also
present their findings and provide expert testimony if required.

Disk forensics is a specialized field that requires a combination of technical expertise, knowledge
of computer systems and storage technologies, understanding of legal procedures, and adherence
to strict forensic protocols to maintain the integrity of the evidence.

[Link] is network Forensics?

Network forensics is a subcategory of digital forensics that essentially deals with the examination
of the network and its traffic going across a network that is suspected to be involved in malicious
activities, and its investigation for example a network that is spreading malware for stealing
credentials or for the purpose analyzing the cyber-attacks. As the internet grew cybercrimes also
grew along with it and so did the significance of network forensics, with the development and
acceptance of network-based services such as the World Wide Web, e-mails, and others.

With the help of network forensics, the entire data can be retrieved including messages, file
transfers, e-mails, and, web browsing history, and reconstructed to expose the original transaction.
It is also possible that the payload in the uppermost layer packet might wind up on the disc, but
the envelopes used for delivering it are only captured in network traffic. Hence, the network
protocol data that enclose each dialog is often very valuable.

For identifying the attacks investigators must understand the network protocols and applications
such as web protocols, Email protocols, Network protocols, file transfer protocols, etc.

Investigators use network forensics to examine network traffic data gathered from the networks
that are involved or suspected of being involved in cyber-crime or any type of cyber-attack.
After that, the experts will look for data that points in the direction of any file manipulation,
human communication, etc. With the help of network forensics, generally, investigators and
cybercrime experts can track down all the communications and establish timelines based on
network events logs logged by the NCS.

Processes Involved in Network Forensics:

Some processes involved in network forensics are given below:

• Identification: In this process, investigators identify and evaluate the incident based on the
network pointers.
• Safeguarding: In this process, the investigators preserve and secure the data so that the
tempering can be prevented.
 • Accumulation: In this step, a detailed report of the crime scene is documented and all the
collected digital shreds of evidence are duplicated.
• Observation: In this process, all the visible data is tracked along with the metadata.
• Investigation: In this process, a final conclusion is drawn from the collected shreds of evidence.
• Documentation: In this process, all the shreds of evidence, reports, conclusions are documented
and presented in court.

Challenges in Network Forensics:

• The biggest challenge is to manage the data generated during the process.
• Intrinsic anonymity of the IP.
• Address Spoofing.

Advantages:

• Network forensics helps in identifying security threats and vulnerabilities.

• It analyzes and monitors network performance demands.
• Network forensics helps in reducing downtime.
• Network resources can be used in a better way by reporting and better planning.
• It helps in a detailed network search for any trace of evidence left on the network.

Disadvantage:

• The only disadvantage of network forensics is that It is difficult to implement.

4. wireless forensics in security practices?

Wireless network forensics is the process of collecting and analyzing evidence from wireless
networks, such as Wi-Fi, Bluetooth, cellular, or satellite
use of wireless security

Wireless security prevents unauthorized access or damage to computers using wireless

networks. The most common type of wireless security is Wi-Fi security, which protects
information sent through a Wi-Fi network. Several different types of security measures can be
used to protect Wi-Fi networks

How secure are wireless security systems

Are wireless security systems secure? Yes, wireless security systems are secure from both
physical and digital attacks. Since there are no wires, burglars can't disable wireless systems by
cutting landlines. Inclement weather doesn't affect most wireless systems either, especially if you
have cellular backup
Best wireless security cameras of 2023

• Reolink Argus 3 Pro. : Best overall.

• Google Nest Cam (Battery) : Best smart detection.
• Arlo Pro 4. : Best outdoor camera.
• Eufy Solo IndoorCam C120. : Best indoor camera.
• Blink indoor cam. : Budget pick.
• Google Nest Doorbell. ...
• Arlo Pro 3 Floodlight. ...
• Ring Stick Up Cam Battery.

steps of network forensics

These steps are:

Obtain information,
strategize,
collect evidence,
analyze and finally report.
This chapter summarize some basic concepts about digital forensics in general and
network forensics in specific.

[Link] Forensics in security practices?

Database forensics is a branch of digital forensic science relating to the forensic study
of databases and their related metadata. The discipline is similar to computer
forensics, following the normal forensic process and applying investigative techniques to
database contents and metadata.

In the world today, organizations are desperately focusing on innovation. We are making
products smarter, smaller, and faster, and ensuring that services are more accessible than ever
before. The result? Devices ranging from computer servers to refrigerators and from energy
meters to pace makers having embedded computers. Most of these computers need to store and
retrieve data that is managed within databases. Databases have been, and will increasingly be,
part of cyber investigations.

The problem? Well, many forensic tools and even the training investigators undergo focus very
little on databases. Going back to the story we stepped through to open the chapter, tracking the
criminals to the crown jewels is a great start. However, not knowing what the criminals did when
they got there can negate the value of an investigation and force the organization to assume that
all information was involved, when in reality a small subset of it may have been.

Database forensics is a subset of forensic science focusing on the preservation and analysis of
relational and nonrelational database platform artifacts to:

[Link] past activity within database systems

[Link] previously deleted data

[Link] the pre- and poststate of information

Simply put, database forensics allows you to better investigate Breaches and discount a
suspected intrusion or confirm and precisely scope a Breach to limit its impact. As you can
imagine this science can be a powerful tool within your Breach response toolkit and serve as
your last line of defense in protecting your organization.

There are over 80 different commercial databases in existence today and are written in different
languages. Investigators need to interact with each database platform and the various types and
retention of artifacts scattered through the database platform. To help, we will limit the scope of
database forensics within this chapter to the following popular database platforms and versions:

Microsoft SQL Server (2005–2014)

Oracle (10gR2–12cR1)

MySQL (4.1–5.5)

The goal of this chapter is not to make you a database forensics expert. It is to provide you a
general idea of how the science can be used to precisely scope a Breach, when it should be used
within an investigation, and the associated benefits of doing so.

database forensics and its type

Database forensics is a subset of forensic science focusing on the preservation and analysis of
relational and nonrelational database platform artifacts to: 1. Retrace past activity within
database systems.

6. Malware forensics in security practices?

It is a way of finding, analyzing & investigating various properties of malware to seek out the
culprits and reason for the attack. the method also includes tasks like checking out the
malicious code, determining its entry, method of propagation, impact on the system, ports it
tries to use etc.

The genesis of computer viruses started in early 1980s when some researchers came up
with self-replicating computer programs. In 1984 Dr. Cohen provided a definition for
computer viruses saying, “A virus is program that’s ready to infect other programs by
modifying them to incorporate a possibly evolved copy of itself”. This definition is
predicated on the behavior of programs of that period, was appropriate. However,
overtime viruses have evolved into dozens of various categories and are now termed
collectively as malware rather than just virus. an epidemic is now simply considered
together category of malware.

Malware is brief for Malicious Software. it’s software that’s specially designed to harm
computer data in how or the opposite. Malware have evolved with technology & has taken
full advantage of latest technological developments .

Malware consists of programming (code, scripts, active content, and other software)
designed to disrupt or deny operations, gather information that results in loss of privacy
or exploitation, gain unauthorized access to system resources and other abusive behavior
.

What is Malware Forensics?

It is a way of finding, analyzing & investigating various properties of malware to seek out
the culprits and reason for the attack. the method also includes tasks like checking out
the malicious code, determining its entry, method of propagation, impact on the system,
ports it tries to use etc. investigators conduct forensic investigation using different
techniques and tools.

Types of Malware:

The category of malware is predicated upon different parameters like how it affects the
system, functionality or the intent of the program, spreading mechanism, and whether the
program asks for user’s permission or consent before performing certain operations. a
number of the commonly encountered malwares are:

• Backdoor
• Botnet
• Downloader
• Launcher
• Rootkit
• HackTool
• Rogue application
• Scareware
• Worm or Virus
• Credential-stealing program, etc.

Symptoms of Infected Systems:

Following are some symptoms of an infected system-

• System could be come unstable and respond slowly as malware might be utilizing system
resources.
• Unknown new executables found on the system.
• Unexpected network traffic to the sites that you simply don’t expect to attach with.
• Altered system settings like browser homepage without your consent.
• Random pop-ups are shown as advertisement.

Recent additions to the set are alerts shown by fake security applications which you never
installed. Messages like “Your computer is infected” are displayed and it asks the user to
register the program to get rid of the detected threat. Overall, your system will showcase
unexpected & unpredictable behavior.

Also Read : Cyber Crime Investigation : Tools and Techniques

Different ways Malware can get into system:

• Instant messenger applications

• Internet relay chat
• Removable devices
• Links and attachments in emails
• Legitimate “shrink-wrapped” software packaged by disgruntled employee
• Browser and email software bugs
• NetBIOS (File sharing)
• Fake programs
• Untrusted sites & freeware software
• Downloading files, games screensavers from websites .

Prerequisites for Malware Analysis:

Prerequisites for malware analysis include understanding malware classification,

essential x86 programming language concepts, file formats like portable executable file
format, windows APIs, expertise in using monitoring tools, disassemblers and debuggers
.

Types of Malware Analysis:

The two of the malware analysis types supported the approach methodology include:

Static Malware Analysis: it’s a basic analysis of code & comprehension of the malware
that explains its functions.

Dynamic Malware Analysis: It involves execution of malware to look at its conduct,

operations and identifies technical signatures that confirm the malicious intent.

Online Malware Analysis Services:

• VirusTotal
• Metascan Online
• Malware Protection Center
• Web Online Scanners
• Payload Security
• Jotti
• Valkyrie, etc.

Malware Analysis Tools:

• IDA Pro
• What’s Running
• Process Explorer
• Directory Monitor
• RegScanner
• Capsa Network Analyzer
• API Monitor .

It is an enormous concern to supply the safety to computing system against malware. a

day many malwares are being created and therefore the worse thing is that new malwares
are highly sophisticated which are very difficult to detect. Because the malware
developers use the varied advanced techniques to cover the particular code or the
behavior of malware. Thereby, it becomes very hard to research the malware for getting
the useful information so as to style the malware detection system due to anti-static and
anti-dynamic analysis technique. Therefore, it’s crucial for the forensic analysts to
possess sound knowledge of various malware programs, their working, and propagation,
site of impact also as methods of detection and analysis and continuous advancement of
an equivalent .

7. Mobile forensics in security practices?

 The mobile forensics process aims to recover digital evidence or relevant data from a mobile
device in a way that will preserve the evidence in a forensically sound condition.

Mobile forensics, a subtype of digital forensics, is concerned with retrieving data from an
electronic source. The recovery of evidence from mobile devices such as smartphones and tablets
is the focus of mobile forensics. Because individuals rely on mobile devices for so much of their
data sending, receiving, and searching, it is reasonable to assume that these devices hold a
significant quantity of evidence that investigators may utilize.

Mobile devices may store a wide range of information, including phone records and text messages,
as well as online search history and location data. We frequently associate mobile forensics with
law enforcement, but they are not the only ones who may depend on evidence obtained from a
mobile device.

Uses of Mobile Forensics:

The military uses mobile devices to gather intelligence when planning military operations or
terrorist attacks. A corporation may use mobile evidence if it fears its intellectual property is being
stolen or an employee is committing fraud. Businesses have been known to track employees’
personal usage of business devices in order to uncover evidence of illegal activity. Law
enforcement, on the other hand, may be able to take advantage of mobile forensics by using
electronic discovery to gather evidence in cases ranging from identity theft to homicide.
Process of Mobile Device Forensics:

• Seizure and Isolation: According to digital forensics, evidence should always be adequately kept,
analyzed, and accepted in a court of law. Mobile device seizures are followed by a slew of legal
difficulties. The two main risks linked with this step of the mobile forensic method are lock
activation and network / cellular connectivity.
• Identification: The identification purpose is to retrieve information from the mobile device. With
the appropriate PIN, password, pattern, or biometrics, a locked screen may be opened. Passcodes
are protected, but fingerprints are not. Apps, photos, SMSs, and messengers may all have
comparable lock features. Encryption, on the other hand, provides security that is difficult to
defeat on software and/or hardware level.
• Acquisition: Controlling data on mobile devices is difficult since the data itself is movable. Once
messages or data are transmitted from a smartphone, control is gone. Despite the fact that
various devices are capable of storing vast amounts of data, the data itself may be stored
elsewhere. For example, data synchronization across devices and apps may be done either
directly or via the cloud. Users of mobile devices commonly utilize services such as Apple’s iCloud
and Microsoft’s One Drive, which exposes the possibility of data harvesting. As a result,
investigators should be on the lookout for any signs that data may be able to transcend the mobile
device from a physical object, as this might have an impact on the data collecting and even
preservation process.
• Examination and analysis: Because data on mobile devices is transportable, it’s tough to keep
track of it. When messages or data from a smartphone are moved, control is lost. Despite the fact
that numerous devices can hold vast amounts of data, the data itself may be stored elsewhere.
 • Reporting: The document or paper trail that shows the seizure, custody, control, transfer,
analysis, and disposition of physical and electronic evidence is referred to as forensic reporting. It
is the process of verifying how any type of evidence was collected, tracked, and safeguarded.

Principles of Mobile Forensics:

The purpose of mobile forensics is to extract digital evidence or relevant data from a mobile device
while maintaining forensic integrity. To accomplish so, the mobile forensic technique must
develop precise standards for securely seizing, isolating, transferring, preserving for investigation,
and certifying digital evidence originating from mobile devices.

The process of mobile forensics is usually comparable to that of other fields of digital forensics.
However, it is important to note that the mobile forensics process has its own unique characteristics
that must be taken into account. The use of proper methods and guidelines is a must if the
investigation of mobile devices is to give positive findings.

8. email forensics in security practices?

Email forensics is the study of source and content of email as evidence to identify the actual
sender and recipient of a message along with some other information such as date/time of
transmission and intention of sender. It involves investigating metadata, port scanning as well as
keyword searching.

What is Email Forensics?

Email forensics is dedicated to investigating, extracting, and analyzing emails to collect digital
evidence as findings in order to crack crimes and certain incidents, in a forensically sound
manner.

The process of email forensics, it’s conducted across various aspects of emails, which mainly
includes

• Email messages
• Email addresses(sender and recipient)
• IP addresses
• Date and time
• User information
• Attachments
• Passwords
• logs (Cloud, server, and local computer)

To deeply and overall investigate the above crucial elements of email, potential clues are going
to be obtained to help push the progress of a criminal investigation.

Hence, knowing how to conduct scientific and effective email forensics has come into account.
But before diving deep into practical email forensics, without a full understanding of the
operation and theory of emails themselves, the forensic work is likely to be stuck.

How Email Works?

Just like other digital forensics technology, it’s not easy to conduct forensics without
understanding the basis of the underlying technologies.
Emails are probably generated from various mediums and approaches and thus different
technologies are applied accordingly.

Commonly speaking, a man writes an email on his digital device, maybe a phone or computer,
and then sends it to the one he wants to. Though it’s seemingly the man has finished his work,
the upon email processing work just starts in order to successfully and correctly be delivered to
the recipient.

When an email is sent out, countless servers are actually undertaken the whole information of the
email before it can really arrive in the recipient’s inbox, which is said that we have to understand
what’s proceeding after we click the “send” button.

Email Programs and Protocols

During the process, there are 3 protocols and 3 email programs tightly related and are vital to be
known.

• Simple Mail Transfer Protocol (SMTP): it is the standard Protocol used to transmit and send
emails.
• Internet Message Access Protocol (IMAP): it is one of the standard protocols used for receiving
emails.
• POP3 (Post Office Protocol 3): it is one of the standard protocols used to receive mail.
• Mail Transfer Agent (MTA): sends and forwards emails through SMTP. e.g. Sendmail, postfix.
• Mail User Agent (MUA): mail client used to receive emails, which uses IMAP or POP3 protocol to
communicate with the server. e.g. Outlook, Apple Mail, Gmail.
• Mail Delivery Agent (MDA): saves the mails received by MTA to local, cloud disk or designated
location, meanwhile it usually scans for spam mails and viruses. e.g. Promail, Dropmail.
• Mail Receive Agent (MRA): implements IMAP and POP3 protocol, and interacts with MUA. e.g.
dovecot
The theory of email running

Let’s take an example below for instance to better explain the theory of email running.

• STEP 1: To start, someone creates an email with a Mail User Agent (MUA), typical MUAs include
Gmail, Apple Mail, Mozilla Thunderbird, and Microsoft Outlook Express.
• STEP 2: Regardless of the MUA used, the mail is created and sent to the user’s mail transfer
agent (MTA) – the delivery process uses the SMTP protocol.
• STEP 3: The MTA then checks the recipient of the message (here we assume it is you), queries
the DNS server for the domain name corresponding to the recipient MTA, and sends the
message to the recipient MTA – again using the SMTP protocol.

At this moment, the mail has been sent from the remote user’s workstation to his ISP(Internet
Server Provider)’s a mail server and forwarded to your domain.

What will happen next?

Considering different network configurations, it is very likely that the mail will be transferred to
another MTA during the transmission process, but eventually, an MTA will take over the mail
and be responsible for delivery.
Then, the MTA will deliver the mail to a mail delivery agent (MDA).
The main function of the MDA is to save the mail to the local disk. Specific MDAs can also be
developed with other functions, such as mail filtering or direct mail delivery to other file
locations. Thus, it should be noted that it is MDA that completes the function of storing mail on
the server.

• STEP 4: Now, it’s time for you to check your mail.

Running MUA, you can use the IMAP protocol or POP3 protocol to query the mail server for
your mail. The mail server first confirms your identity, then retrieves the mailing list from the
mail store and returns the list to the MUA.

Now you can read the message.

Message location of an email

Even if we know the running theory of emails, it’s recommended to be noted that different
configuration on the recipient’s email client varies the copies of the message to be saved.

Additionally, any server that sends a message from a party to a recipient can keep a copy of the
email.

With the above root principle, it’s going to equip your initial ideas before conducting your email
investigation.

How to Conduct Email Forensics Investigation?

With the increasing popularity of the use of email based on the boom of the internet, some
typical crimes are tied to email. For instance, financial crime, cyber security, and extortion
software, to name a few.

To bring email criminals to justice, it’s crucial to look into email investigation in cyber
security.

Before we can dive into the major investigative extraction working directions of email forensics,
be noted:

1. Local Computer-based emails: For local computer-based email data files, such as Outlook .pst or
.ost files, it’s recommended to follow our following techniques directly.
2. （Cloud）Server-based emails: For （Cloud）Server based email data files, it’s not possible to
conduct complete forensic work until you obtain the electronic copies in the (Cloud)server
database under the consent of the service providers.
3. Web-based emails: For Web-based e-mail (e.g. Gmail,) investigations, it’s more likely possible to
just filter specific keywords to extract email address-related information instead of the overall
email data and information compared to local computer-based emails.
Viewing and Analyzing E-mail Headers

The primary evidence in email investigations is the email header where massive and valuable
information could be found.

When carrying out the analysis, you’d be advised to get started from the bottom to the top, since
the most crucial information from the sender would be on the bottom while information about
the receiver would be on the topmost.

Since we already talked about MTAs where you could find out the route of the email transferred,
it should be good for you to give it a detailed scan of the email header.

[Link] Security Automation: Best Practices, Strategy, and Benefits?

Businesses across all industry verticals have been leveraging the efficiency, elasticity,
and innovation of the cloud. Yet, a recent survey revealed that only 35% of organizations
have fully achieved their expected outcomes from the cloud and 65% identified ‘security
and compliance risks’ as a significant barrier.
Though cloud offers new opportunities to transform, modernize, and innovate, security
risk remains the most significant hurdle to cloud adoption. Moreover, the complexity of
hybrid and multi-cloud environments further complicate the journey to the cloud.
While security is often seen as the biggest hindrance to cloud adoption – in reality – it
can be its greatest accelerator – when automated.
Automating the cloud security process enables organizations to gather the information
they need to secure their cloud environments and redirect their efforts to innovation and
growth.
Automating the security processes that are conventionally created and deployed manually
brings a new evolution to the cloud. However, many enterprises struggle during the
implementation of cloud security automation.
Here are five best practices for the successful implementation of cloud security
automation:
5 Steps for Successful Cloud Security Automation
1) Automate Infrastructure Buildout

By automating infrastructure buildout, engineers are relieved from the task of manually
configuring security groups, networks, user access, firewalls, DNS names, and log shipping,
among others. This significantly reduces the scope for engineers to make security mistakes.

Moreover, the security team need not worry about the best practices every time they spin up a
new instance, as they only have to touch the scripts, not the instances, to make the changes.

2) Automate Script

In traditional IT, a zero-day vulnerability or any other major security issue requires an
organization’s system engineers to work rigorously to patch every server manually. But
automating scripts requires only a single line change in the manifests to ensure the newly
released version was running instead.

These automation script resources are declarative management tools that automatically configure
instances, virtualized servers, or even bare metal servers.

Whenever a new instance is launched, these scripts get the instance ready for production,
including the security configuration tasks like ensuring central authentication, installing intrusion
detection agents, and enabling multi-factor authentication.

3) Automate Deployments

Though automating deployments is one of the best practices in DevOps implementation, it can
also improve an organization’s security posture. In the event of a zero-day vulnerability,
deployment automation ensures that changes made to the DevOps tool script get deployed across
every instance or server automatically. This makes it possible for a single system engineer to
respond to threats quickly.

4) Automate Security Monitoring

In the present growing trend of hybrid and multi-cloud environments that support individual
applications, it is imperative to monitor the entire infrastructure in a single interface. During an
event of a security attack and downtime, it can be resource-draining and time-consuming to
identify and fix the problem.

Automated security monitoring aids engineers with the right intelligence to address the attack
and protect critical assets.
5) Get Ready for the Future of Automation

Within the next few years, data balloons and hybrid environments will become mainstream,
making the manual security approach incompetent. Hence, now is the best time to develop an
internal automation team or outsource it. Although achieving end-to-end process automation
across hybrid environments may take months or even years, it will prove infinitely more valuable
than training employees to reduce human error.

5 Stages of Cloud Security Automation Framework

Automation of cloud security involves a 5-step strategy as follows:

1) Monitor

Your cloud capacity will always scale to meet all the operational needs. So, it’s imperative to
monitor the workflow of all the tasks in your cloud. This enables you to gain an understanding of
how each workflow is carried out.

2) Evaluate

In the process of automating cloud security, knowing and prioritizing the tasks to automate is the
first critical step. Closely monitoring the workflows helps to evaluate tasks that should be
automated, like the repeated tasks, deployments, resource provisioning, and creating security
rules.

3) Analyze

Do an in-depth analysis of the collected information based on severity as low, medium, or high
risk. Then automate low-risk processes first, followed by medium and high. The in-depth
analysis also helps you do controlled automation and study the impact on infrastructure.
4) Automate and Report

The resulting analysis can now be pushed to integrated systems to automate the workflows. Then
configure the automation processes to generate the reports that give the overview of the changes
before or after.

5) Remediate

By now, you will get a clear picture of cloud automation, irrespective of whether you started
automating simple workflows or complex ones. This enables you to implement remediation and
enhance the overall security posture.

10. cloud types iaas paas saas?

. IaaS (Infrastructure as a Service).

IaaS, also known as cloud infrastructure services, provides end users with cloud-based
alternatives to on-premise, physical infrastructure, allowing businesses to purchase resources on-
demand instead of the more costly venture of having to buy and manage hardware.

IaaS characteristics.

IaaS is scalable and offers businesses greater flexibility than on-premise solutions through the
cloud. IaaS businesses typically provide services such as pay-as-you-go storage, networking and
virtualization.

IaaS cloud servers are typically offered to businesses over the internet, whether through a
dashboard or an API, ensuring users have complete control over their computing infrastructure.

IaaS platforms are:

• Highly flexible and highly scalable.

• Accessible by multiple users.
• Cost-effective.

IaaS advantages.

Maintaining on-premise IT infrastructure can be costly and labor-intensive as it often requires a

significant initial investment in physical hardware. You will also probably need to engage skilled
external IT contractors to maintain the hardware and keep everything working and up-to-date.

With IaaS, you can buy what you need, as you need it, and purchase more as your business
grows.

IaaS solutions are highly flexible and scalable and can be replaced whenever needed without
losing money on your initial investment.
Another advantage of IaaS is it puts control over the infrastructure back in your hands. You will
no longer need to place trust in an external IT contractor — you can access and oversee IaaS
products yourself if you wish, without being an IT wiz.

IaaS disadvantages.

There are certain limitations and concerns when it comes to transitioning to IaaS, including:

• Legacy systems: Before a full migration to the cloud is completed, any legacy technology or
applications should be reviewed for compatibility. There are many older systems that are not
designed for cloud-based services and may need to be upgraded or replaced.
• Security: With the move from on-premise to the cloud, there could be new security threats,
whether sources from the host or other virtual machines (VMs). It is critical that organizations
review and research up-to-date security threats and their remediation strategies.
• Internal Training: With a new system comes a lack of familiarity with its intricacies. Businesses
should prepare additional training and resources to ensure their users know what they are
doing.

When to use IaaS.

IaaS is beneficial to businesses of all shapes and sizes. It allows complete control over your
infrastructure and operates on a pay-as-you-use model, which fits into most budgets.

With most IaaS platforms, you get access to ongoing support and have the option of scaling up
your requirements at any time.

Utilizing IaaS is an excellent way to future-proof your business.

IaaS non-ecommerce example.

A good example of IaaS is AWS EC2.

EC2 delivers scalable infrastructure for companies that want to host cloud-based applications.
EC2 users do not own the physical servers — AWS provides virtual servers.

Users only pay for the usage of the servers, saving them the cost — and associated ongoing
maintenance — of investing in physical hardware.

IaaS ecommerce example.

Adobe Commerce (Magento) can be used either on-premise or IaaS, depending on how the
merchant chooses to host their store.

In the case of IaaS, the merchant is paying Magento for the licensing of the software and then
using a third-party vendor for the best web hosting such as Rackspace.
Merchants are able to pay for a hosting plan that meets their own needs without the cost of
maintaining their own physical servers. The merchant is still responsible for installing and
managing updates to their Magento software.

2. PaaS (Platform as a Service).

PaaS, also known as cloud platform services, provides developers with a framework, software
and tools needed to build apps and software — all accessible through the internet.

Often seen as a scaled-down version of IaaS, PaaS gives its customers broader access to servers,
storage and networking, all managed by a third-party provider.

PaaS characteristics.

PaaS delivery is comparable to SaaS methods, with the main difference being that customers are
not able to access online software but an online platform.

PaaS provides that platform for software developers to create, allowing them to concentrate on
the software itself instead of any external issues.

PaaS platforms are:

• Accessible by multiple users.

• Scalable — customers can choose from various tiers of computing resources to suit the size of
their business.
• Built on virtualization technology.
• Easy to run without extensive system administration knowledge.

PaaS advantages.

PaaS is primarily used by developers who are building software or applications.

A PaaS solution provides the platform for developers to create unique, customizable software
meaning that developers don’t need to start from scratch when developing applications — saving
them time and money on writing extensive code.

PaaS is a popular choice for businesses who want to create unique applications without spending
a fortune or taking on all the responsibility. It’s similar to the difference between hiring a venue
to put on a show vs. building one yourself to put on a show.

The venue stays the same, but what you create in that space is unique.

PaaS disadvantages.

Like IaaS, there are certain drawbacks to using PaaS that companies should be aware of,
including:
 • Integrations: With PaaS, you may encounter challenges when integrating new applications. This
is tied into issues related to legacy systems since there are often aspects of these systems that
aren’t built for the cloud.
• Data security: Using third-party servers for your data could potentially lead to additional
security risks. Security options may also be limited since you will have to find a solution that can
integrate with the third-party systems.
• Runtime: PaaS solutions may not be fully optimized for the language and frameworks your
business uses and finding a specifically tailored solution may be difficult.
• Operational limitations: Customized cloud operations may not be compatible with PaaS
solutions, especially those with management automation workflows. This can inhibit your
operational capabilities and limit the full scope of your business.

When to use PaaS.

PaaS is often the most cost-effective and time-effective way for a developer to create a unique
application.

PaaS allows the developer to focus on the creative side of app development as opposed to the
menial tasks such as managing software updates or security patches. Instead, their time and
brainpower can go into creating, testing and deploying the app.

PaaS non-ecommerce example.

A good example of PaaS is AWS Elastic Beanstalk.

Amazon Web Services (AWS) offers over 200 cloud computing services such as EC2, RDS, and
S3. Most of these services can be used as IaaS, and most companies who use AWS will pick and
choose the services they need.

However, managing multiple services can quickly become difficult and time-consuming for
users.

That’s where AWS Elastic Beanstalk comes in. It works as another layer on top of the
infrastructure services and automatically handles the details of capacity provisioning, load
balancing, scalability, and application health monitoring.

PaaS ecommerce example.

Adobe Commerce (Magento) is the most common example of PaaS for ecommerce. It enables
the merchant to bundle their hosting as part of their package with Magento.

Merchants evaluating Magento go through a scoping process to determine their hosting needs,
bundled into their monthly plan. You will have full access to edit the source code of their
Magento store and can fully customize the application.
Any platform updates, security patches and general maintenance to their store would be the
merchant's responsibility.

3. SaaS (Software as a Service).

SaaS, also known as cloud application services, is the most commonly used service within the
cloud market. SaaS platforms make software available to users over the internet, usually for a
monthly subscription fee.

They are typically ready-to-use and run from a users’ web browser, which allows businesses to
skip any additional downloads or application installations.

SaaS characteristics.

SaaS is delivered through the internet as a full functional service, accessible via any web
browser. With SaaS, vendors manage the data, servers and storage, ultimately eliminating the
need for IT review and streamlining business processes.

SaaS platforms are:

• Available over the Internet.

• Hosted on a remote server by a third-party provider.
• Ideal for small businesses or startups who cannot develop their own software applications.
• Scalable, with different tiers for small, medium and enterprise-level businesses.
• Inclusive, offering security, compliance and maintenance as part of the cost.

SaaS advantages.

With SaaS, you don’t need to install and run software applications on your computer. Everything
is available over the internet when you log in to your account online. You can usually access the
software from any device, anytime — as long as there is an internet connection.

The same goes for anyone else using the software. All your staff will have personalized logins
suitable to their access level. You no longer need to engage an IT specialist to download the
software onto multiple computers throughout your office or worry about keeping up-to-date
software on every computer. It’s all taken care of in the Cloud.

Another key advantage is the payment structure.

Most SaaS providers operate a subscription model with a fixed, inclusive monthly account fee.
You know precisely how much the software will cost and can budget accordingly without
worrying about hidden surprises.

Subscriptions can potentially include maintenance, compliance and security services. SaaS
providers also offer out-of-the-box, simple solutions to set up if you need a basic package, with
more complex solutions for larger organizations. You could have the basic software up and
running within a matter of hours – and you’ll have access to customer service and support along
the way.

SaaS disadvantages.

Like IaaS and PaaS, there are limitations and concerns about SaaS, including:

• Data Security: With data primarily located in off-premise servers, security could potentially
become an issue. Ensure that you have the right security solutions in place and are comfortable
with whichever SaaS service you are using.
• Interoperability: Integrations with existing applications and services can be a concern since
many SaaS apps are not designed for open integrations. Finding a service with integration
capabilities can be difficult, and attempting to create your own can be worse.
• Customization: SaaS services typically allow minimal customization for features, capabilities and
integrations. This can force companies to invest significant resources into managing or adding
customization capabilities.
• Lack of control: With a SaaS solution, businesses often have to hand over ultimate control to the
third-party service providers — giving them the keys to functionality, performance and even
data. You will want to ensure that you trust the provider used or have the ability to review your
information remotely.

11. DVWA security practices?

There are 4 security levels in DVWA. These range from LOW to IMPOSSIBLE and
set the difficulty for attacking the application. The security levels also reveal how
specific issues can be coded more securely. LOW – This security level is
completely vulnerable and has no security measures at all .
DVWA Security Levels
How many security levels are there in DVWA?

There are 4 security levels in DVWA. These range from LOW to IMPOSSIBLE and set the
difficulty for attacking the application. The security levels also reveal how specific issues can be
coded more securely.

LOW – This security level is completely vulnerable and has no security measures at all. It is
meant to be an example of how web application vulnerabilities manifest through bad coding
practices.

MED – This level is more difficult than low and illustrates bad security practices, where the
developer has tried but failed to secure an application. This level will require more sophisticated
exploitation techniques.

HIGH – This option is an extension to the medium difficulty, with a mixture of harder or
alternative bad practices to attempt to secure the code. The vulnerability may not allow the same
extent of exploitation.

IMPOSSIBLE – This level should be secure against all vulnerabilities. It is used to compare
the vulnerable source code to the secure source code.

How do I change security levels in DVWA?

Login with the default user (admin/password) and select DVWA Security from the menu on the
left. Select the desired security level, and click Save. A message will indicate the security level
was changed.

After checking that the security level is set appropriately, we can begin. Lets get started with a
classic and still effective attack: sql injection.

DVWA Hacking Tutorial: SQL Injection

A SQL injection vulnerability occurs when user input is not properly sanitized before being used
to form a database query. This timeless comic describes the issue nicely!

There are more than a handful SQL injection vulnerabilities in DVWA. We will start with the
more obvious one by selecting SQL Injection from the left hand menu.

Exploration

We are presented with a form field asking for a User ID. This page looks like some kind of
utility for looking up user information. Let us enter a random user id and see what happens. Why
don’t we start with 1?
 Unit – 5

UNIT – 5

Privacy On The Internet :

Privacy etymologically means “state of being alone and not watched by others”. The word
privacy is derived from the Latin word “privatus” which means restricted, personal, isolated, or peculiar.
As internet has great advantages, there are undue disadvantages that it carries along with. One of the biggest
disadvantages is the risk to privacy. Our privacy over the Internet is highly at risk of being affected. In fact
we ourselves many times put our privacy at risk.

How is privacy affected?

There are many ways in which our privacy is affected over the Internet. Some of them are
discussed below:

Spying and snooping: Spying and snooping simply getting to know someone’s private
information without their knowledge. As many social media sites have come into existence, it has
made it easy for spies to keep an eye upon us. We are so fascinated by social media that we share
all our personal information on them which we even don’t share with anyone in our real life.
Though we value privacy in our real life but in the virtual world, we have lost the sense of
understanding that what needs to be posted or shared and what not. Also, we allow even strangers
to connect with us through our accounts in order to gain more followers or make more friends. We
fail to understand the fact that not everyone over social media is a genuine person and they misuse
our information for their benefit or for threatening us. This is how we knowingly but unconsciously
affect our own privacy over the virtual world.

Website Tracking: We make use of websites for all our work. You might have noticed when you
open a website it asks you to allow cookies in order to access that site. Cookies are small text files
that gather information in order to recognize you as a genuine user. While some of the sites are
genuine, the fraud sites or genuine ones misuse the gathered information for their personal benefits.
As a result, your privacy is put at risk.
Phishing attacks: Phishing is a kind of social engineering attack. The attackers or hackers see
users as fish and they lure them by bait. This bait could be fraud lottery wins, fraud job offers,
fraud emails, frauds call, and SMS. People being greedy or foolish fall into the trap and end up
sharing their confidential information such as addresses, bank details, credit or debit card details.
All this information is used by attackers and hackers for their monetary gains, revenge purposes,
or blackmailing purposes. Thus due to our unawareness and foolishness, we affect our privacy and
bear its consequences later.

Information Mishandling and Data privacy: The Internet is widely used for sharing information
and data with others. This is because it is the easiest and fastest way to share our information and
data. In order to share our information or data we connect to a network and then transfer them
according to some protocols. If our data is unencrypted and it is in its usual form and also our
network is not protected, it might be possible that middlemen in between collects our data and
manipulates it, and transfer that manipulated data or information to the destination person. They
may even misuse this information and data. This is how information mishandling occurs and data
privacy gets affected.

Location Tracking: Many apps on your android phones ask you to turn on your location in your
phone to get a better user experience. As soon as we on the location our location can be easily
accessed by them. Though genuine apps won’t spy upon you but the fraudulent apps will get to
know your location, track your activities for a variety of purposes. They may do so in order to get
to know about our habits or activities and accordingly display advertisements which are also
known as targeted advertisements. Or there may be several reasons to do so. Hence this puts our
privacy at risk.

Identity Theft: Identity theft is a crime or illegal practice in which a person impersonates another
person by gathering all their personal information and data. This person makes fake accounts in
your name and uses them for illegal purposes or in order to defame you. Identity theft is the most
common privacy issue in today’s time. Almost daily we get to hear cases of how someone fooled
the other person by impersonating what they were not. Identity theft drastically affects the mental
and emotional state of the victim person.

Privacy Enhancing Technologies :

 Technical improvements of Web and location technologies have fostered the development
of online applications that use the private information of users to offer enhanced services.

The increasing amount of available personal data and the decreasing cost of data storage
and processing makes it technically possible and economically justifiable to gather and analyse
large amounts of data.

Access Control Models and Languages

Access control systems have been introduced for regulating and protecting access to
resources and data owned by parties. Originally, access control models and languages have been
defined for centralized and closed environments: users were assumed to be known by the system,
and to be identified and authenticated before any authorization process could start.

Attribute-based and credential-based access control, are the two controls where authorization
policies specify the set of attributes and credentials that a user must possess, or conditions over credentials
and attributes that a user needs to satisfy to access a resource.

In general, credentials are characterized by a type (Identity Card), a unique identifier, and
an issuer (US government), and certify a set of properties for the user (FirstName=John,

LastName=Doe). Similarly, attribute-based languages refer to those solutions that evaluate

policies using attributes that are self-certified by the owner, without a signature made by a third
party.

The eXtensible Access Control Markup Language (XACML) provides an attribute-

based access control solution that balances between expressivity and simplicity, is flexibile and
extensible, and integrates well with open environments. XACML proposes an XMLbased
language to express and interchange access control policies, defines an architecture for the
evaluation of policies, and specifies a communication protocol for messages interchange.

Main features of XACML are:

(1) policy combination : a method for combining policies on the same resource
independently specified by different entities
 (2) combining algorithms : different algorithms representing ways of combining multiple
decisions into a single decision

(3) attribute-based restrictions: the definition of policies based on properties associated

with subjects and resources rather than on their identities;

(4) multiple subjects: the definition of more than one subject relevant to a decision request;

(5) policy distribution: policies can be defined by different parties and enforced at different
enforcement points

(6) implementation independence, an abstraction layer that isolates the policy-writer from
the implementation details and

(7) obligations : a method for specifying the actions that must be fulfilled in conjunction
with the policy enforcement.

Each XACML policy has an element Policy or PolicySet as root, which in turn may

contain other Policy or PolicySet [Link] for Privacy-Aware Access Control

and Privacy Preferences P3P aimed at protecting the privacy of users by addressing their need to
assess that the privacy practices adopted by a server provider comply with users‘ privacy
requirements.\

The goal of P3P is twofold:

i) to allow Web sites to state their data collection practices in a standardized, machine-
readable way, and

ii) to provide users with a solution to understand which data will be collected and how
those data will be used. P3P (Platform for Privacy Preferences Project) allows Web sites to declare
their privacy practices in a standard and machine-readable XML format known as P3P policy. A
P3P policy contains the specification of the data it protects, the data recipients allowed to access
the private data, consequences of data release, purposes of data collection, data retention policy,
and dispute resolution mechanisms. The corresponding language that would allow users to specify
their preferences as a set of preference rules is called a P3P Preference Exchange Language
(APPEL). Unfortunately,interactions between P3P and APPEL have shown that users can
explicitly specify just what is unacceptable in a policy, whereas the APPEL syntax is cumbersome
and error prone for users.

The following types of privacy policies have been specified:

1. Access control policies: They govern access/release of services/data managed by the

party (as in traditional access control).

2. Release policies: They govern release of properties/ credentials/personal identifiable

information (PII) of the party and specify under which conditions this information can be
disclosed.

3. Data handling policies: They define how personal information will be (or should be)

dealt with at the receiving parties.

Privacy in Mobile Environments The lack of location privacy protection could be exploited
by adversaries to perform various

attacks:

Unsolicited advertising, when the location of a user could be exploited, without her

consent, to provide advertisements of products and services available nearby the user

position.

Physical attacks or harassment, when the location of a user could allow criminals to

carry out physical assaults on specific individuals.

 User profiling and tracking, when the location of a user could be used to infer other

sensitive information, such as state of health, personal habits, or professional duties, by

correlating visited places or paths.

Political, religious, sexual persecution and discrimination, when the location of a user
could be used to reduce the freedom of individuals, and mobile technologies are used to identify
and persecute opponents.

Denial of service, when the location of a user could motivate an access denial to services
under some circumstances.

The following categories of location privacy can then be identified:

Identity privacy protects the identity of the users associated with or inferable from

location information.

Position privacy protects the position of individual users by perturbing corresponding

information and decreasing the accuracy of location information.

Path privacy protects the privacy of information associated with users movements, such
as the path followed while travelling or walking in an urban area.

The protection of location privacy of users, has defined techniques that can be divided into
three

main classes: anonymity-based, obfuscation-based, and policy-based techniques.

Anonymity-based techniques have been primarily defined to protect identity privacy and
are not suitable for protecting position privacy, whereas obfuscation-based techniques are well
suited for position protection and not appropriate for identity protection. Anonymity-based and
obfuscation-based techniques could also be both exploited for protecting path privacy. Policy-
based techniques are in general suitable for all location privacy categories, although they are often
difficult to understand and manage Privacy-enhancing technologies or PET are designed to prevent
data leaks while balancing privacy with usability. Some PETs even prevent bad actors from
identifying to whom the collected data belongs - if a leak were to occur, the data would be virtually
useless to cybercriminals.

PET can also come in the form of remote auditing services that monitor and ensure that
data is only being processed for the right purposes. This minimizes the chance of data leaks and
breaches.

Your company may have all the necessary data and know everything there is to know about
it, but building online and software-based services that are private by design is challenging. PET
can help you launch privacy-honoring services that prevent disastrous data leaks.

Personal privacy Policies :

Primary purpose of a privacy policy is to give the user enough information
that they can make an informed decision about your services. This could be whether
or not to use the service at all. It could also be whether to provide the additional
personal data needed to get the maximum benefit of your service.

A data privacy policy is a legal document that lives on your website and details
all the ways in which a website visitors' personal data may be used. At the very least,
it needs to explain how your website collects data, what data you collect, and what
you plan to do with that data.

Protecting the Sensitive

o A privacy policy dictates who should know what. Policies and

procedures supported by
 o system enhancements can largely address protection of sensitive
information, often
o identified or implied by federal laws or community expectations.
Privacy is more
o important now because of linkages and access to data that weren’t
available before.
o Examples of potentially sensitive information include the following:
1. Social Security numbers
2. Grades
3. Financial aid
4. Research
5. Donor information
6. Health records
7. Physical activity (such as garage or shuttle use)
8. Student information
9. Employee information
10. Applicant information
11. Credit card information
12. Names
13. Addresses
14. Communications (who sends to who)
15. E-mail content
16. Network logins

Detection of Conflicts in security policies :

A different method to identify whether the firewall policy is correct consists of performing an
exhaustive analysis of the ACL, to detect all the situations that may be evidence of a misconfiguration.

Security Requirements
Security requirements are a high-level, declarative representation of the rules
according to which access control must be regulated. Security requirements largely
ignore details of the system used to deliver the service, but focus on business
concepts. This layer uses terminology and levels of detail typical of managers that
are commonly expressed using natural language. For this reason,
formal consistency verification cannot be applied automatically to security
requirements, and so human intervention will be required to complete the task.
Policies
Policies represent how business requirements are mapped to the systems used for
service provisioning. Policies can be defined at different levels, and the use of
higher-level specification requires an approach to be adopted, possibly associated
with a software tool, that supports the generation of lower-level representations.

Privacy And Security In Environment Monitoring Systems

Introduction. Environmental monitoring is a tool to assess environmental conditions and trends, support
policy development and its implementation, and develop information for reporting to national
policymakers, international forums and the public.

Types of Monitoring software

[Link] (formerly iAuditor) Environmental Monitoring Software

Why use SafetyCulture?

Collecting, measuring, and assessing ecological data in facilities and their surroundings is more
efficient with this industry-leading inspection platform, thanks to digitization and automation.
SafetyCulture’s environmental monitoring system enables companies to reduce their ecological
impact, improve their sustainability policies, and ensure compliance with regulations by
providing relevant teams with 24/7 visibility into their operations.
Features:

• Monitor the workplace and other sites using sensors with threshold alarms and alerts to acquire
real-time environmental data.
• Automate data collection with the help of numerous templates and checklists from the Public
Library and save historical data in secure, centralized storage.
• Inform the management of issues as soon as they emerge to facilitate the immediate delegation
of corrective and preventive actions.
• Generate comprehensive environmental reports with media attachments that can help
stakeholders interpret data, acquire insights, and identify trends.
• Communicate with different teams via Heads Up to uphold collaboration.

[Link] Insight Environmental Monitoring Software

Why use EHS Insight?

Businesses that want to adhere to environmental regulations and related industry standards or
just want to make sure that their carbon footprint is maintained at a minimum will benefit from
EHS [Link] remote environmental monitoring system automates various processes like data
capture, tracking, measurement, and analysis.

Features:

• Sustainability management through data collection

• Automated permit tracking with reminders
• Integration with ISO 14001

3. ERA EH&S Environmental Monitoring Software

Why use ERA EH&S?

With nearly three decades of service in the industry, ERA is an industry-defining software that
was developed by dedicated environmental scientists, engineers, chemists, and research experts
so that it can deliver accurate data and improved ecological monitoring and analytics to
companies that need it.

Features:

• Comprehensive ecological data collection and management

• Reporting from a centralized dashboard
• Compliance management system
4. EnviroData Solutions Environmental Monitoring Software

Why use EnviroData Solutions?

This is a comprehensive EHS software that supports companies in their environmental and
sustainability initiatives through modules for tracking and managing generated waste, air quality,
and water consumption and condition. EnviroData also offers consulting and training that is
tailored to the organization’s needs.

Features:

• Centralized dashboard
• EHS compliance management
• Face-to-face training

5. Cleartrace Environmental Monitoring Software

Why use Cleartrace?

Decarbonization through accurate data collection, process automation, and robust analytics is
possible through Cleartrace as it provides companies with a clear picture of their emissions and
helps them achieve their goals.

Features:

• Energy and carbon management

• Energy supplier sales
• Green certification

6. Rotronic Environmental Monitoring Software

Why use Rotronic?

A brand of Process Sensing Technologies, Rotronic initially offered calibration instruments and
monitoring tools that give companies ecological data in real-time, from humidity levels to air
quality. More importantly, they have a remote environmental monitoring system that provides
critical information that may be accessed through a centralized dashboard.

Features:

• 24/7 real-time monitoring

• Automated data collection and reporting
• Threshold alarms
7. Envirosuite Environmental Monitoring Software

Why use Envirosuite?

It is difficult to improve the company’s environmental sustainability plans or act on issues that
emerge when relevant ecological data collected is incomplete or inaccurate. Envirosuite, an
environmental monitoring system, lets companies know when to maximize their capacity or
when to slow down through automated alerts and notifications.

Features:

• Threshold alerts for emissions

• Dynamic and actionable insights
• Environmental compliance management

[Link] Area Network Security in security practices?

This involves implementing robust authentication mechanisms, data encryption, access controls, and
network monitoring to prevent unauthorized access, data breaches, and malicious activities. Digital SAN
security measures ensure that data remains protected while in transit or at rest within the SAN
infrastructure.

Types of SAN Security

To ensure comprehensive protection, SAN security encompasses both physical and digital
aspects.

Physical SAN Security

Physical SAN security involves securing the physical infrastructure that houses the SAN
components. This includes securing data centers, server rooms, and network equipment from
unauthorized physical access. Measures such as restricted access, surveillance systems, and
biometric authentication can help mitigate physical threats to the SAN.

Digital SAN Security

Digital SAN security focuses on protecting data and network communications within the SAN
environment. This involves implementing robust authentication mechanisms, data encryption,
access controls, and network monitoring to prevent unauthorized access, data breaches, and
malicious activities. Digital SAN security measures ensure that data remains protected while in
transit or at rest within the SAN infrastructure.

Key Components of SAN Security

To establish a robust SAN security framework, several key components need to be considered:

Access Controls

Access controls play a critical role in SAN security by managing user authentication and
authorization. Implementing strong user authentication methods, such as multifactor
authentication (MFA) or biometric authentication, helps prevent unauthorized access to the SAN.
Role-based access control (RBAC) enables administrators to assign specific privileges to
different users based on their roles and responsibilities, ensuring that access to sensitive data is
limited to authorized personnel only.

Digital Certificates

Digital certificates are used to verify the authenticity and integrity of SAN components,
including servers, storage devices, and network switches. By utilizing digital certificates,
organizations can establish secure communication channels within the SAN environment.
Certificates enable encryption and decryption of data, protecting it from interception and
tampering.

Network Protocols

SANs rely on various network protocols to transfer data between servers and storage devices.
Secure protocols, such as Fibre Channel Security Protocol (FC-SP) and Internet Protocol
Security (IPsec), provide encryption and integrity checks, ensuring data confidentiality and
protection against unauthorized modifications during transmission.

Backup

Regular data backups are crucial for SAN security. By creating redundant copies of critical data,
organizations can recover in case of data loss or system failure. Backup procedures should be
well-defined and securely stored, either off-site or in a separate location within the SAN
infrastructure. Encryption should be applied to backup data to prevent unauthorized access to
sensitive information.

Conclusion

SAN security is of utmost importance in ensuring the protection of valuable data stored within
Storage Area Networks. By implementing a robust SAN security framework that includes
physical and digital security measures, organizations can mitigate the risk of unauthorized
access, data breaches, and disruptions. As technology continues to advance, it is crucial for
organizations to stay vigilant and adapt their SAN security measures to address emerging threats
and challenges.

Q. Storage Area Network Security Devices?

Storage area networking (SAN) devices have become a critical IT component of almost every
business today. The upside and intended consequences of using a SAN are to consolidate
corporate data as well as reduce cost, complexity, and risks. The tradeoff and downside to
implementing SAN technology are that the risks of large-scale data loss are higher in terms of
both cost and reputation. With the rapid adoption of virtualization, SANs now house more than
just data; they house entire virtual servers and huge clusters of servers in “enterprise clouds.”
Perhaps a main reason SANs have emerged as the leading advanced storage option is because
they can often alleviate many if not all the data storage “pain points” of IT managers. For quite
some time IT managers have been in a predicament in which some servers, such as database
servers, run out of hard disk space rather quickly, whereas other servers, such as application
servers, tend to not need a whole lot of disk space and usually have storage to spare. When a
SAN is implemented, the storage can be spread throughout servers on an as-needed basis.

Q. Risk management in security practices?

Security Risk Management is the ongoing process of identifying these security risks and implementing
plans to address them. Risk is determined by considering the likelihood that known threats will exploit
vulnerabilities and the impact they have on valuable assets.
Organizational Security Model or Framework

Organizational security model is a framework which is made of many components (logical,

physical and administrative), procedures, processes and configurations that all work together to
provide security level for the given system.

Information security or InfoSec

Infosec as it is known popularly is the term used to define the practice to protect the information
from illegal access, use, disclosure, disruption, change, perusal, inspection, recording or
destruction. This is a standard term that is used regardless of the form the data may take.
The following are the typical terms that we will hear when dealing with information security:

IT Security or Computer Security

IT Security, also known as Computer Security is defined as information security when applied to
technology (Hardware and Software). We define a computer as any device or hardware with a
processor and memory. IT security specialists are present in almost all major enterprise/
establishments due to the nature and value of the data within larger businesses. The IT security
team is responsible for keeping all of the technology within the company secure from malicious
cyber attacks that often attempt to breach into critical private information or gain control of the
internal systems.

Information Assurance

Information Assurance (IA) is the act of ensuring that data is not lost when grave issues arise.
The issues which can be reason for loss of data can include but are not limited to the natural
disasters, computer problem or error, physical theft of the hardware or software, or any other
issue where data has the potential of being lost. Information assurance includes protection of the
integrity, availability, authenticity, non-repudiation and confidentiality of the application and
user data. It uses physical, technical and administrative controls to accomplish these tasks. While
focused predominantly on information in digital form, the full range of IA encompasses not only
digital but also analog or physical form. These protections apply to data in transit, both physical
and electronic forms as well as data at rest in various types of physical and electronic storage
facilities. Information assurance as a field has grown from the practice of information security.

Certified Information Systems Auditor (CISA)

CISA certification is meant for Information Technology professionals specifically in audit arena
sponsored by ISACA, formerly the Information Systems Audit and Control Association. This
particular certification is planned for those who audit, control, monitor and review an
enterprise’s information technology and business systems. Candidates for the certification must
meet requirements set by ISACA on educational qualification and professional experience.
Security policy

Security policy is the term used to describe as what it means to be a secure system, organization
or component or entity. This policy addresses the constraints on actions taken by its members as
well as constraints imposed on adversaries. Security policy for the given systems is the
mechanism to address constraints on functions and flow among them, constraints on access by
external systems and adversaries including programs and access to data by people.

IT Security Incident Management

IT Security Incident Management can be defined as a process which tells us on the effectiveness
of preparation by our information technology (IT) department or administrator to handle security
incidents. In our experience many organizations will only learn to respond to security incidents
after suffering attacks. After attack, incidents often become much more costly than needed.
Proper incident response should be an integral part of the organization's overall security policy
and risk mitigation strategy.

Network Security

Network security is the term often used for the requirements and policies adopted by a network
team to prevent and monitor unauthorized access, misuse, modification, or denial of a computer
network service or resource.
Network security involves the authorization of access to data in a network, which is controlled
by the network administrator. Users are assigned a Used ID and password or it could be any
other information to authenticate and access to information and programs they are authorized to
access. Network security covers a variety of computer networks, both public and private, that are
used in everyday jobs conducting transactions and communications among businesses,
government agencies and individuals. Networks can be private, such as within a company, and
others which might be open to public access. Network security is involved in organizations,
enterprises, and other types of institutions. It does as its title explains: It secures the network, as
well as protecting and overseeing operations being done. The most common and simple way of
protecting a network resource is by assigning it a unique name and a corresponding password.

Q. Physical Security [Link] security practices?

Security experts agree that the three most important components of a physical security plan are access
control, surveillance, and security testing, which work together to make your space more secure. Access
control may start at the outer edge of your security perimeter, which you should establish early in this
process.
Before getting into specifics, let’s start with a physical security definition. Simply put, physical
security is the protection of your people, property and assets. This includes the physical
protection of equipment and tech, including data storage, servers and employee computers.

Physical security is often jokingly referred to as just being “guards and gates”, but modern
physical security systems consist of multiple elements and measures, for example:

• Site layout and security configuration: where are your weak points? What needs the
most protection?
• Visibility of critical areas: including lighting and video cameras
• Access control: from simple locks through to keypads and biometric access
• Perimeter protection: the “guards and gates” aspect of physical security
• Intrusion detection: including motion sensors, cameras and tripwire alarms
• Infrastructure protection: including power, fire, network connectivity and water
• Staff training and incident response: do your employees know how to handle an
incident, and do you have an emergency response process in place?

As you can see, the physical security examples above are extremely varied, touching on every
aspect of a site and its functions. Some physical security plans are determined by environmental
factors, such as your site layout, whilst some are behavioral, like staff training. So, to revisit the
physical security definition above, successful protection of people, property and assets involves
a range of physical security measures.

Common physical security threats, vulnerabilities and risks

Each business’ individual physical security risks will be different, but there are some common
types of physical security threats to be aware of.
 • Unauthorized entry: this includes tailgating, social engineering, or access via stolen passes or
codes. The earliest physical security breaches are, logically, at the first point of entry to your
site. If unwanted visitors manage to gain access, then it is only a matter of time before other
physical security threats can occur.
• Theft and burglary: businesses own many valuable assets, from equipment, to documents and
employee IDs. Some businesses are extremely exposed to physical security risks like theft
because of what they store on their premises – for example, jewelry or tech stores. Other
businesses store extremely valuable information, like a wealth management firm. Both
businesses are prime targets for thieves, even though their assets are very different.
• Vandalism: some businesses are at risk of their property being destroyed or tampered with. This
can be linked to a company’s location — for example, if your business is next door to a bar or
nightclub, alcohol-related vandalism could be a frequent problem. Vandalism can also be
ideologically motivated: for example, when activists cause physical damage to a business’
premises, such as smashing windows or throwing paint.

These are a few high-level types of physical security threats. As you conduct a risk assessment of
your own business, you will discover physical security risks specific to your industry
and location.

Physical security measures and methods

There are all kinds of physical security measures, but the main types of physical security fall into
four broad categories: Deter, Detect, Delay and Respond.

As the diagram shows, the different physical security methods work together in stages. These
levels of physical security begin with Deter at the outermost level, working inwards until finally,
if all other levels are breached, a Response is needed.

Levels of physical security

Deter – Deterrence physical security measures are focused on keeping intruders out of the
secured area. Common methods include tall perimeter fences, barbed wire, clear signs stating
that the site has active security, commercial video cameras and access controls. All of these are
designed to give a clear message to criminals that trespassing is not only difficult, it is also
highly likely that they will be caught.

Detect – Detection works to catch any intruders if they manage to get past the deterrence
measures mentioned above. Some criminals might slip in behind an employee — known as
tailgating — or they might find a way of scaling barriers. In these cases, a physical security
measure that can detect their presence quickly is crucial. These include many types of physical
security system that you are probably familiar with. Physical security controls examples include
CCTV cameras, motion sensors, intruder alarms and smart alerting technology like AI analytics.
If an intruder is spotted quickly, it makes it much easier for security staff to delay them getting
any further, and to contact law enforcement if needed.
Delay – You will notice that several physical security systems have multiple roles: they can deter
as well as detect. Many of the physical security measures above also effectively delay intruders.
Access control systems require credentials to open a locked door, slowing an intruder down and
making it easier to apprehend them.

Respond – Having the technology and processes to respond to intruders and take action is
crucial for physical security, yet often overlooked. Response physical security measures include
communication systems, security guards, designated first responders and processes for locking
down a site and alerting law enforcement.

Physical security controls come in a variety of forms — from perimeter fences, to guards and
security camera system recorders. Many physical security components have more than one
function, and when several methods are combined, they are very effective at preventing or
intercepting intruders and criminal activity.

Physical security control technology

Within the four main types of physical security control categories is an enormous range of
physical security tools and cutting-edge technology.

Physical security technologies have evolved in leaps and bounds in recent years, offering
advanced protection at accessible price points. Physical security devices now use cloud
technology and artificial intelligence for even smarter processing in real time.

Automated physical security components can perform a number of different functions in your
overall physical security system. For physical controls, you might want to verify entry and exits
with access control technology. You can carry out proactive intrusion detection with video
security and access controls that work together as a unified system.

One of the great things about physical security technology is that it is scalable, so you can
implement it flexibly. If you are testing physical security technology out, you might start with
a small number of cameras, locks, sensors or keypads, and see how they perform. However, for
a more robust plan required for properties like municipalities, extensive government cameras,
access control and security technology are most likely necessary and should be planned
accordingly. When connected to the cloud or a secure network, physical security technology can
also collect useful data for audit trails and analysis. It is also useful for demonstrating the merits
of your physical security plan to stakeholders.

When scoping out your physical security investment plan, consider how different types of
physical security tools will work together. Choosing physical security devices that seamlessly
integrate together will make things much easier, especially in the soak testing phase. Many
physical security companies now observe universal standards like ONVIF, which enables
devices from different manufacturers to integrate much more smoothly than in the past. Other
specific standards such as FIPS certified technology should also be taken into account when
reviewing your investment plan.
Video security

Video surveillance technology is a core element of many physical security plans today. CCTV
has moved on significantly from the days of recording analog signal to tape. So too has internet
connectivity – thanks to fast network connections and the cloud, transmitting high-quality video
is faster than ever before.

Video security is primarily a Detect form of physical security control. Using a live connection
and smart cameras, it is possible to spot suspicious activity in real time. They can also be used to
Deter intruders, since the sight of cameras around a premises can discourage criminals from
attempting to break in.

There are many different types of security cameras to suit all kinds of requirements and
environments, such as city surveillance cameras used for poor lighting conditions. Or, for
targeting specific small spaces in a business setting, varifocal lens cameras are best for such
environment. Analog cameras are still a cost-effective option for many physical security plans,
and whilst the technology is older, in some cases they have advantages over their more current
counterparts. HD analog security cameras are a popular choice that offers the best of both
worlds: cheaper hardware with high-quality footage.

Internet protocol (IP) cameras use the latest technology to transmit high-quality video over an
internet connection via ethernet security camera cables. These cameras have many smart
features, such as motion detection and anti-tampering. This means that you not only receive data
about what is going on around your site, you also have information about the cameras
themselves. IP cameras come in many different models, depending on the footage you need
to record.

As the name suggests, fixed IP cameras have a fixed viewpoint. This might sound limiting, but
most cameras only need to focus on one key area at a time. Fixed IP cameras are a great choice
for indoor and outdoor use, and there are models for both. These cameras can handle a range of
lighting conditions. Available in both bullet cameras or dome camera formats, these cameras can
handle wall-to-wall and floor-to-ceiling coverage. This also makes them suitable security choices
as elevator cameras. Some models are specifically designed to be vandal-resistant, if this is
a physical security risk.

If 360-degree views are what you need, then pan-tilt-zoom (PTZ) security cameras are the
perfect choice. These give you ultimate control over what you can see in a certain area. They are
made to be versatile in a range of lighting conditions, with long-distance views. Look for low
latency cameras, which deliver footage with minimal delays.

If you want 360-degree views around the clock, panoramic IP cameras are a great option. They
constantly record from all angles. If there are areas where you need maximum visibility, these
could be a great choice for your physical security plan.

Some environments are more challenging and require a specialized solution. For industries such
as oil and gas plants, there are ruggedized cameras which can resist blasts and extreme
temperatures. Ruggedized cameras are also useful in extreme outdoor conditions, for example at
busy ports where water and humidity can affect equipment