Assignment 2

Note:
 Total Marks: 100
 Markets will be deducted for late submissions, plagiarism (copying from others)
 Write each answer in your own words

1. What do you understand by Cyber Security? How is it different from Information Security?

Answer: Cyber Security is the defensive protection of internet-connected systems, including hardware,
software and data, from cyberattacks. In a computing context, security comprises cybersecurity and
physical security, both are used by enterprises to protect against unauthorized access to data centers and
other computerized systems. One of the most problematic elements of cybersecurity is the constantly
evolving nature of security risks. Ensuring Cyber Security requires the coordination of efforts throughout
an information system, which includes:
 Application security
 Information security
 End-user education (Security Awareness)
 Network security
 Disaster recovery/business continuity planning
 Operational security – identify critical information to implement Procedures, Policies using
Identity, Risk and Incident Management.

Information security is designed to maintain the confidentiality, integrity and availability of data, is a
subset of cybersecurity.

Differences between Cyber and Information Security:

Cyber Security Information Security

Deals with protecting data and information in
digital or electronic format
Protects data and systems in the Cyber domain
from unauthorized access, computer fraud
This primarily involves Cyber-attacks: Phishing,
Data Breach, Malware, Ransomware, Zero day and
Advanced Persistent Threats (APTs)
Deals with safeguarding information assets in both
Physical and Digital format.
Protects information and their Confidentiality,
Integrity and Availability (CIA)
This primarily involves all types of threats to
ensure security protocols are in place for the IT
Infrastructure, including Data Theft, Unauthorized
access, Intruders, DoS and Internal agents.

Systems or Devices with data connected to Internet / External networks

2. Describe at least three Threats and Vulnerabilities faced by Windows OS, give examples.

Answer: Top Threats faced by Windows Operating Systems are

 Privilege Escalation  attacker takes control
 Malware  Virus, Worm, Trojan, Spyware
 Spam  Phishing
 Adware  Spywares
 Rootkits  Exploit

Windows-based systems have plenty of potential security risks. Some of the top Vulnerabilities are listed
below:
 Missing patches in Windows as well as third-party software
 Weak Windows security policy settings –
o Unused/unknown Accounts
o Weak or Weak or nonexistent passwords
o Event Logging
o Auditing / Scanning OS/Ports
o File and Share permissions
o Unaccounted Applications in end user systems
o Unmanaged services such as IIS and SQL Server Express
 Not using Hardened Windows OS/Mobile devices
 Not using Endpoint Security (Antivirus, Malware, Firewall protection)
 Weak or nonexistent disk drive encryption
 No minimum security standards – SSL, WPA

Top Windows OS Vulnerabilities in recent time (February 2019) are:

 CVE-2015-0057  Elevation of Privilege Vulnerability.
 Windows 10 WiFi Sense Contact Sharing.
 MS15-078  Microsoft Font Driver Vulnerability.
 MS15-092  .NET Framework Escalation of Privilege Vulnerability.
 CVE-2015-5143  Redirect to SMB Vulnerability
3. Describe at least five Threats and Vulnerabilities faced by Mobile OS, give examples.

Answers: According to Arxan technology 2019 Report, 90% of mobile and apps surveyed, had at least 2
to 5 of the OWASP’s top ten major security risks. Mobile devices are just as vulnerable to Social
Engineering and Cyber-attacks as the more traditional computing devices (Desktops, Laptops). While this
means a treat for the hackers, it can be a huge risk for businesses and mobile users. Mobile Threats include:

 Physical Threat:
o Device Theft
o Device Loss
o Lack of fingerprint/face or password to open mobile
o Social Engineering
o Sharing USB cards / memory drives

 Network Threat:
o Unsecured / Free Wi-Fi  attackers sniff, eavesdrop user sessions  capture data
o Network Exploit: Trick users  install free apps  contain malwares  turn into BOTS

 Mobile OS & Application Threat:

o Use of unpatched mobile OS can lead to Data Leakage – contacts, SMS, documents, Photos
o Lack of Anti-Virus/Malware  Mobile attacks others, OS and user data getting corrupted
o Browser Exploit – vulnerable mobile browser – Flash, Adobe, Java, Image Viewer
o Lack of encryption on mobile
o Side Channel attack  gain info from implementation rather than vulnerability (S/W bug)
o Use of Rootkit Apps  claim to enhance security / performance of device

 Web based Threats:

o Phishing Attacks  email, SMS, Social sites – trick user to provide PII, Passwords or CC#
o Drive-By Downloads  Apps automatically download other payloads/scripts/apps (App
permissions enabled for access of emails, contacts, photos, documents, calling/SMS others)
o Improper Session Handling  apps share info with other APIs or apps

4. Explain at least five Business drivers that influence Endpoint Security

Answer:

IT Drivers Business Drivers

Think IT Admin, Installation, End user
 Internal threats and threat agents
 External threats and threat agents
 IT service management commitments
 IT environment complexity
 Audit and traceability
 IT vulnerabilities: Configuration
 IT vulnerabilities: Flaws
 IT vulnerabilities: Exploits
 End User Complexity
 Fast-Growing Web Threats
 VPN Security Challenges
Think as business owner
 Organization Reputation
 Compliance & Audit
 Business environment complexity
 Data loss / Device theft
 Handle all types of threats – Physical / Cyber
 Minimum customer-side performance issues
 IT Staff workload
 Ease of security for mobile users
 State of art / latest - brand
5. Describe the Gartner’s Magic Quadrant. Mention top three leading vendors for Server Operating
Systems, Endpoint Security and Network Firewalls.

Answer: Gartner’s Magic Quadrant refers to an annually published series of market research reports. These
reports provide insights, advice and tools for leaders in IT, Finance, HR, Customer Service and Support,
Legal and Compliance, Marketing, Sales, and Supply Chain functions across the world. The reports rely on
proprietary qualitative data analysis methods to demonstrate market trends, such as direction, maturity and
participants’ weakness and strengths.

Leading vendors:
 Operating System: Microsoft Windows Enterprise Server, Red Hat Enterprise Server, Ubuntu
 Endpoint Security: Bit Defender, Carbon Black, Dhruva, Cyber Reason
 Network Firewalls: Barracuda NextGen, Cisco ASA, Fortinet FortiGate, Juniper SRX, SonicWall
 Application Firewalls: Impreva SecureSphere, CloudFlare, Fortinet Fortiweb, F5 Big-IP ASM

6. Describe and give examples for at least 5 types of Threats to IT Systems.

Answer: Threat is any activity that can lead to data loss/corruption through to disruption of normal
business operations. Threats faced by IT system can be classified as follows:
 Physical Threats cause damage to computer systems hardware and infrastructure.
o Internal: Fire, Unstable Power supply, Humidity in the rooms housing the hardware
o External: Lightning, floods, earthquakes
o Human: Theft, Vandalism of the infrastructure and/or hardware, Disruption, Accidental or
Intentional errors
 Non-Physical (Logical) Threats target software and data on the computer systems. These include
o Loss or corruption of system OS and data
o Unauthorized access – remote access, credential harvesting, privilege escalation
o Denial of Service (DoS)
o Illegal monitoring – Spyware, Key Loggers, Adware, User activity monitors
o Malware (Virus, Worm, Trojan, Rootkit, )
o Exploits by Hackers using vulnerability
o Phishing - Ransomware

7. Describe each Technical Control for IT Security and give examples for each.

Answer: Technical Controls for IT Security are implemented to provide protection against security
incidents. This involves Detection, Prevention and Mitigation of security incidents related to IT
infrastructure, system, data and users. These include:
 Physical Security Controls:
o Locks on doors to secure IT room, Guards, Access cards, Motion Sensors
 Procedural Security Controls:
o Employee Security Awareness Trainings
o Checking references for job applicants
 IT Technical Controls:
o Network Infra: Firewalls, Proxy, Hot Site (Backup/Disaster Recovery)
o Server Systems: Strong Passwords, Account Hygiene, OS Hardening, Access monitoring, Data
and Disk Encryption, SSL/TLS, Digital Certificates/Keys, Intrusion Detection System (IDS),
Defensive Hack (Penetration Testing & Vulnerability Assessment (find Risk & Mitigate).
o User Systems: Anti-Virus/Malware, Disk Encryption, System Policies, OS Hardening/Patching
8. Compare the strength and weakness (three points) for each of the following Endpoint security vendors:

Endpoint Vendor Strength Weakness

a. Trend Micro  .  .
 .  .
 
b. Sophos
c. Webroot
d. Microsoft Security
e. Panda
f. Kaspersky
g. Intel Security
h. Carbon Black

9. Describe the layers of Physical Security.

Answer: Broadly the concept of Security in Physical Layers addresses external barriers (such as, fences,
walls, gates, buildings, and lobbies) depending on the type of facility and its location and internal barriers
(such as, access control, intrusion detection systems). Recent security attacks and tends have advocated use
of a proper security plan that can prevent, hider or outright halt intrusions. These include
 Physical Security Design: refers to any and all environmental structures that can be built or installed to
deter, impede, or stop an attack from occurring.
o These environmental structures can be nearly anything imaginable that suits the jobs like Walls,
fences, barbed wire, vehicle barriers, speed bumps, and gated windows are all design features
that can be used.
o Other environmental designs that can be considered for physical safety can even be
implemented into the overall architectural design of the building. Limiting the number of
entrances, funneling movement through the building so as to go through various check points,
and even reinforcing the building structure with additional steel or concrete to withstand
various attacks all can be considered before construction of a location begins.
 Physical Security Control: refers to any and all control capabilities in a building, ranging from
mechanical and electronic to procedural that limit access to certain areas. This can entail
o Key locked and key coded doors
o Electronic access
o Check points at entrance at restricted areas, or areas where who is present needs to be known.
o Signing guest books
 Physical Security Detection involves the ability to detect intruders or attackers. This is needed because
even the most well thought out plans and defenses have holes or cracks that can be capitalized on.
o Motion sensors
o Security Lighting
o Cameras
o Human guards
 Physical Security Identification is for access to certain areas which is limited for a reason.
o If access is limited, you must make sure that those few who are allowed are actually the ones
who are there. Impersonating and other forms of subterfuge is common.
o This problem becomes even worse when you are dealing with a large complex, or large influxes
of people entering. So correctly identifying the people present in an area needs to be considered
heavily to ensure they are supposed to be there.
o Use of ID Cards, Biometric, Fingerprint scanners are used here
10. Give examples of at least two Physical Security Controls.

Answer: Working examples of Physical Security controls are as follows

 1st line of defense - fenced walls or razor wires at security perimeter.
 Protective barriers - preventing forced entry of persons or vehicles, complemented by gates and other
points of security checks.
 Locks are a method to enable only individuals with a key or access control card to open or lock a door
or gate. Locks may be connected to a more comprehensive security monitoring system.
 Surveillance cameras and sensors that track movements and changes in environment
 Security lighting to ensure all monitored areas are visible at any given moment.
 Security guards should cover all entry points to your facility while also securing business critical areas
indoors.
 Water-, smoke- and heat detectors, as well as firefighting systems are your protection against water
leakages and fire.
 Last point of defense against unauthorized access is the use of smart cards, biometric identification,
and in-person clearance aimed at allowing only authorized personnel get into a restricted area.