1

INFORMATION SECURITY(MODULE-1)
1.computer Auditing-System Access Control
2.Data Access Control
3.Security Administration
4.System Design

Computer Auditing: Computer auditing is a systematic and logical process that follows a risk based
approach to determine whether the information systems of an entity, including its detailed
information technology processes, controls and activities, will achieve its IT objectives and will
thereby ultimately enable the organisation to achieve their organisational goals. Although computer
auditing is already a specialist field within auditing, there is a need for even further specialisation in
areas such as computer assisted audit techniques (CAATs), IT governance, risk and information
systems control, information security, information system continuity, disaster recovery, etc. The
primary functions of an IT audit are to evaluate the systems that are in place to guard an
organization's information.

Types of IT audits
Various authorities have created differing taxonomies to distinguish the various types of IT audits.
Goodman & Lawless state that there are three specific systematic approaches to carry out an IT
audit
• Technological innovation process audit. This audit constructs a risk profile for existing and new
projects. The audit will assess the length and depth of the company's experience in its chosen
technologies, as well as its presence in relevant markets, the organization of each project, and the
structure of the portion of the industry that deals with this project or product, organization and
industry structure.
• Innovative comparison audit. This audit is an analysis of the innovative abilities of the company
being audited, in comparison to its competitors. This requires examination of company's research
and development facilities, as well as its track record in actually producing new products.
• Technological position audit: This audit reviews the technologies that the business currently has
and that it needs to add. Technologies are characterized as being either "base", "key", "pacing" or

Principles of an IT audit

The following principles of an audit should find a reflection

• Timeliness: Only when the processes and programming is continuously inspected in regard to
their potential susceptibility to faults and weaknesses, but as well with regard to the continuation of
the analysis of the found strengths, or by comparative functional analysis with similar applications
an updated frame can be continued.
• Source openness: It requires an explicit reference in the audit of encrypted programs, how the
handling of open source has to be understood.
• Elaborateness: Audit processes should be oriented to certain minimum standard. The recent audit
processes of encrypting software often vary greatly in quality, in the scope and effectiveness and
also experience in the media reception often differing perceptions.
The financial context: Further transparency is needed to clarify whether the software has been
developed commercially and whether the audit was funded commercially (paid Audit).
• Scientific referencing of learning perspectives: Each audit should describe the findings in detail
within the context and also highlight progress and development needs constructively.
• Literature-inclusion: A reader should not rely solely on the results of one review, but also judge
according to a loop of a management system (e.g. PDCA, see above),
2
• Inclusion of user manuals & documentation: Further a check should be done, whether there are
manuals and technical documentations, and, if these are expanded.

Why is access control important?

The goal of access control is to minimize the security risk of unauthorized access to physical and
logical systems. Access control is a fundamental component of security compliance programs that
ensures security technology and access control policies are in place to protect confidential
information, such as customer data. Most organizations have infrastructure and procedures that limit
access to networks, computer systems, applications, files and sensitive data, such as personally
identifiable information (PII) and intellectual property. Access control systems are complex and can
be challenging to manage in dynamic IT environments that involve on-premises systems and cloud
services.
How access control works
These security controls work by identifying an individual or entity, verifying that the person or
application is who or what it claims to be, and authorizing the access level and set of actions
associated with the username or Internet Protocol (IP) address. Directory services and protocols,
including Lightweight Directory Access Protocol (LDAP) and Security Assertion Markup Language
(SAML), provide access controls for authenticating and authorizing users and entities and enabling
them to connect to computer resources, such as distributed applications and web servers.

Types of access control

The main models of access control are the following:
• Mandatory access control (MAC). This is a security model in which access rights are regulated
by a central authority based on multiple levels of security. Often used in government and military
environments, classifications are assigned to system resources and the operating system (OS) or
security kernel. For example, Security Enhanced Linux (SELinux) is an implementation of MAC on
the Linux OS
• Discretionary access control (DAC). This is an access control method in which owners or
administrators of the protected system, data or resource set the policies defining who or what is
authorized to access the resource. Many of these systems enable administrators to limit the
propagation of access rights.
• Role-based access control (RBAC). This is a widely used access control mechanism that restricts
access to computer resources based on individuals or groups with defined business functions -- e.g.,
executive level, engineer level 1,
• Rule-based access control. This is a security model in which the system administrator defines the
rules that govern access to resource objects. Often, these rules are based on conditions, such as time
of day or location. It is not uncommon to use some form of both rule-based access control and
RBAC to enforce access policies and procedures.
• Attribute-based access control (ABAC). This is a methodology that manages access rights by
evaluating a set of rules, policies and relationships using the attributes of users, systems and
environmental conditions.

Implementing access control

Access control is a process that is integrated into an organization's IT environment. It can involve
identity management and access management systems. These systems provide access control
software, a user database, and management tools for access control policies, auditing and
enforcement. When a user is added to an access management system, system administrators use an
automated provisioning system to set up permissions based on access control frameworks, job
responsibilities and workflows.
3

Challenges of access control

Many of the challenges of access control stem from the highly distributed nature of modern IT.
Some specific examples include the following:
• dynamically managing distributed IT environments;
• password fatigue;
• compliance visibility through consistent reporting;
• centralizing user directories and avoiding application-specific silos; and
• data governance and visibility through consistent reporting.
Access control software
There are many types of access control software and technology, and often, multiple components
are used together to maintain access control. They may focus primarily on a company's internal
access management or may focus outwardly on access management for customers. Some of the
types of access management software tools include the following:
• reporting and monitoring applications
• password management tools
• provisioning tools
• identity repositories
• security policy enforcement tool
What is System Access Control?
System access control is a security technique that regulates who or what can view or use resources
in a computing environment. It is a fundamental concept in security that minimizes risk to the
business or organization. There are two types of system access control: physical and logical.
Physical access control limits access to campuses, buildings, rooms and physical IT assets. Logical
access control limits connections to computer networks, system files and data.

How is access to IT systems and data controlled?

Over time the ways in which IT systems can be accessed has grown, and the job of securing those
system and their data has become increasingly more complex. High-profile breaches have spawned
a host of compliance regulations that further expanded the ways – and thus the complexities - in
which organizations needed to secure their systems and protect sensitive data.
• Strengthening logon security through multi-factor authentication
• Restricting user privilege through elevated authority management solutions
• Granting requests for access to systems and data based on the identity of the user and the context
of the request. A complete system access control solution requires a layered defence to protect
access control systems.
How is system access control performed?
System access control solutions determine how users are allowed to interact with specific systems
and resources. A robust system access control regime gives an organization the ability to manage,
restrict, and monitor user activity while protecting sensitive systems and data. A robust system
access control solution will intercept every request for access through network protocols, open
source database protocols, communications ports, SQL statement, command lines and more,
determine whether to grant or deny the request based on precise rules, and log both accepted and
rejected access attempts.
Loss prevention
Loss prevention focuses on what one's critical assets are and how they are going to protect them. A
key component to loss prevention is assessing the potential threats to the successful achievement of
the goal. This must include the potential opportunities that further the object (why take the risk
4
unless there's an upside?) Balance probability and impact determine and implement measures to
minimize or eliminate those threats

Security risk management

The management of security risks applies the principles of risk management to the management of
security threats. It consists of identifying threats (or risk causes), assessing the effectiveness of
existing controls to face those threats, determining the risks' consequence(s), prioritizing the risks
by rating the likelihood and impact, classifying the type of risk, and selecting an appropriate risk
option or risk response. In 2016, a universal standard for managing risks was developed in The
Netherlands. In 2017, it was updated and named: Universal Security Management Systems Standard
2017.
Types of risks
External
• Strategic: Competition and customer demand.
• Operational: Regulations, suppliers, and contract.
• Financial: FX and credit.
• Hazard: Natural disasters, cyber, and external criminal acts.
• Compliance: New regulatory or legal requirements are introduced, or existing ones are changed,
exposing the organization to a non-compliance risk if measures are not taken to ensure compliance.
Internal
• Strategic: R&D.
• Operational: Systems and processes (H&R, Payroll )
• Financial: Liquidity and cash flow.
• Hazard: Safety and security; employees and equipment.
• Compliance: Concrete or potential changes in an organization's systems, processes, suppliers, etc.

System Design
Systems design is the process of defining the architecture, product design, modules, interfaces, and
data for a system to satisfy specified requirements. Systems design could be seen as the application
of systems theory to product development. There is some overlap with the disciplines of systems
analysis, systems architecture and systems engineering

Architectural design
The architectural design of a system emphasizes the design of the system architecture that
describes the structure, behaviour and more views of that system and analysis.
Logical design
The logical design of a system pertains to an abstract representation of the data flows, inputs and
outputs of the system. This is often conducted via modelling, using an over-abstract (and sometimes
graphical) model of the actual system. In the context of systems, designs are included. Logical
design includes entity-relationship diagrams(ER diagrams).
Physical design
The physical design relates to the actual input and output processes of the system. This is explained
in terms of how data is input into a system, how it is verified/authenticated, how it is processed, and
how it is displayed. In physical design, the following requirements about the system are decided.
Rapid application development (RAD)
Rapid application development (RAD) is a methodology in which a system designer produces
prototypes for an end-user. The end-user reviews the prototype, and offers feedback on its
suitability. This process is repeated until the end-user is satisfied with the final system.
5
MODULE-2
Hardware Security Control-The Total System Needs Security
a.Levels Of Hardware Controls
b.Operating System Control
c.Access Control
d.General Purpose Operating System Security
e.Sources of Additional Information

1. Hardware security is vulnerability protection that comes in the form of a physical device rather
than software that is installed on the hardware of a computer system. Hardware security can pertain
to a device used to scan a system or monitor network traffic.
2. The term hardware security also refers to the protection of physical systems from harm.
equipment destruction attacks, for example, focus on computing devices and networked non-
computing devices such as the ever-increasing number of connected devices in M2M or IoT
(Internet of Things) environments. These environments are bringing connectivity and
communications to large numbers of hardware devices that must be protected through either
hardware- or software-based security.
3.To assess the security of a hardware device, it’s necessary to consider vulnerabilities existing
from its manufacture as well as other potential sources such as running code and the device’s data
I/O on a network. Although any device should be protected if it connects even indirectly to the
internet, the stringency of that protection should be in accordance with need.
Security Controls
Computer security is often divided into three distinct master categories, commonly referred to as
controls:
• Physical
• Technical
• Administrative
• Regulatory Controls

Physical Controls
Physical control is the implementation of security measures in a defined structure used to deter or
prevent unauthorized access to sensitive material. Examples of physical controls are:
• Closed-circuit surveillance cameras
• Motion or thermal alarm systems
• Security guards
• Picture IDs
• Biometrics

Technical Controls
Technical controls use technology as a basis for controlling the access and usage of sensitive data
throughout a physical structure and over a network. Technical controls are far-reaching in scope and
encompass such technologies as:
• Encryption
• Smart cards
• Network authentication
• Access control lists (ACLs)
• File integrity auditing software
6
Administrative Controls
Administrative controls define the human factors of security. It involves all levels of personnel
within an organization and determines which users have access to what resources and information
by such means as:
• Training and awareness
• Disaster preparedness and recovery plans
• Personnel recruitment and separation strategies
• Personnel registration and accounting

What are the types of security controls?

In the cyber security domain, there are a variety of security controls that facilitate guarding
business assets. On a broad level, cyber security controls are classified on three function levels.
Those are:
• Preventive Controls
• Detective Controls
• Corrective Controls

Preventive Controls:
Preventive security controls refer to the countermeasure limiting cyber events from happening and
stopping the incident before they occur. Antivirus, software firewalls, blocking malicious traffic
communication, blocking unauthorised accesses are some examples of preventive controls.
Detective Controls:
These controls refer to information security countermeasures that identify the cyber events and
notify the concerned authorities about the real-time event or suspicious action in progress.
Corrective Controls:
These information security controls are those countermeasures that every organisation must have in
advance. This control refers to the actions and plans that help reduce the impact and damage of the
data breach or any cyber incident.

Operating System Controls

Security refers to providing a protection system to computer system resources such as CPU,
memory, disk, software programs and most importantly data/information stored in the computer
system.
• Authentication
• One Time passwords
• Program Threats
• System Threats
• Computer Security Classification
Authentication
Authentication refers to identifying each user of the system and associating the executing programs
with those users.. Operating Systems generally identifies/authenticates users using following three
ways −
• Username / Password − User need to enter a registered username and password with Operating
system to login into the system.
• User card/key − User need to punch card in card slot, or enter key generated by key generator in
option provided by operating system to login into the system.

One Time passwords

7
One-time passwords provide additional security along with normal authentication. . Once a one-
time password is used, then it cannot be used again. One-time password are implemented in various
ways.
• Random numbers − Users are provided cards having numbers printed along with corresponding
alphabets. System asks for numbers corresponding to few alphabets randomly chosen.
• Secret key − User are provided a hardware device which can create a secret id mapped with user
id. System asks for such secret id which is to be generated every time prior to login.
• Network password − Some commercial applications send one-time passwords to user on
registered mobile/ email which is required to be entered prior to login

Program Threats
Operating system's processes and kernel do the designated task as instructed. If a user program
made these process do malicious tasks, then it is known as Program Threats.
• Trojan Horse − Such program traps user login credentials and stores them to send to malicious
user who can later on login to computer and can access system resources.
• Trap Door − If a program which is designed to work as required, have a security hole in its code
and perform illegal action without knowledge of user then it is called to have a trap door.
• Logic Bomb − Logic bomb is a situation when a program misbehaves only when certain
conditions met otherwise it works as a genuine program. It is harder to detect.
• Virus − Virus as name suggest can replicate themselves on computer system. They are highly
dangerous and can modify/delete user files, crash systems.

System Threats
System threats refers to misuse of system services and network connections to put user in trouble.
System threats can be used to launch program threats on a complete network called as program
attack. System threats creates such an environment that operating system resources/ user files are
misused. Following is the list of some well-known system threats.
• Worm − Worm is a process which can choked down a system performance by using system
resources to extreme levels.
• Port Scanning − Port scanning is a mechanism or means by which a hacker can detects system
vulnerabilities to make an attack on the system
. • Denial of Service − Denial of service attacks normally prevents user to make legitimate use of
the system. For example, a user may not be able to use internet if denial of service attacks browser's
content settings

Access Control
Access control is a method of limiting access to a system or to physical or virtual resources. It is a
process by which users can access and are granted certain prerogative to systems, resources or
information. Access control is a security technique that has control over who can view different
aspects, what can be viewed and who can use resources in a computing environment. It is a
fundamental concept in security that reduces risk to the business or organization. To establish a
secure system, electronic access control systems are used that depend on user credentials, access
card readers, auditing and reports to track employee access to restricted business locations and
areas.
Authentication Factors:
• Password or PIN
• Bio-metric measurement (fingerprint & retina scan)
• Card or Key Different access control models are used depending on the compliance requirements
and the security levels of information technology that is to be protected.
8
Basically access control is of 2 types:
1. Physical Access Control: Physical access control restricts entry to campuses, buildings, rooms
and physical IT assets.
2. Logical Access Control: Logical access control limits connections to computer networks, system
files and data.
Access Control Models:
1. Attribute-based Access Control (ABAC): In this model, access is granted or declined by
evaluating a set of rules, policies, and relationships using the attributes of users, systems and
environmental conditions.
2. Discretionary Access Control (DAC): In DAC, the owner of data determines who can access
specific resources. 3. History-Based Access Control (HBAC): Access is granted or declined by
evaluating the history of activities of the inquiring party that includes behavior, the time between
requests and content of requests.
4. Identity-Based Access Control (IBAC): By using this model network administrators can more
effectively manage activity and access based on individual requirements.
5. Mandatory Access Control (MAC): A control model in which access rights are regulated by a
central authority based on multiple levels of security. Security Enhanced Linux is implemented
using MAC on the Linux operating system.

General Purpose Operating System Security:

The process of ensuring OS availability, confidentiality, integrity is known as operating system
security. OS security refers to the processes or measures taken to protect the operating system from
dangers, including viruses, worms, malware, and remote hacker intrusions. Operating system
security comprises all preventivecontrol procedures that protect any system assets that could be
stolen, modified, or deleted if OS security is breached. Security refers to providing safety for
computer system resources like software, CPU, memory, disks, etc. It can protect against all threats,
including viruses and unauthorized access.
System security may be threatened through two violations, and these are as follows:
1. Threat
A program that has the potential to harm the system seriously.
2. Attack
A breach of security that allows unauthorized access to a resource.

Security may be compromised through the breaches. Some of the breaches are as follows:
1. Breach of integrity This violation has unauthorized data modification.
2. Theft of service It involves the unauthorized use of resources.
3. Breach of confidentiality It involves the unauthorized reading of data.
4. Breach of availability It involves the unauthorized destruction of data.
5. Denial of service It includes preventing legitimate use of the system. Some attacks may be
accidental

The goal of Security System

There are several goals of system security. Some of them are as follows:
1. Integrity Unauthorized users must not be allowed to access the system's objects, and users with
insufficient rights should not modify the system's critical files and resources.
2. Secrecy The system's objects must only be available to a small number of authorized users. The
system files should not be accessible to everyone.
3. Availability All system resources must be accessible to all authorized users, i.e., no single
user/process should be able to consume all system resources.
9

Types of Threats
There are mainly two types of threats that occur.
1. Program threats
The operating system's processes and kernel carry out the specified task as directed. Program
Threats occur when a user program causes these processes to do malicious operations.
1.Virus A virus may replicate itself on the system. Viruses are extremely dangerous and can
modify/delete user files as well as crash computers.
2. Trojan Horse This type of application captures user login credentials. It stores them to transfer
them to a malicious user who can then log in to the computer and access system resources.
3. Logic Bomb A logic bomb is a situation in which software only misbehaves when particular
criteria are met; otherwise, it functions normally.
4. Trap Door A trap door is when a program that is supposed to work as expected has a security
weakness in its code that allows it to do illegal actions without the user's knowledge.

2.System Threats
System threats are described as the misuse of system services and network connections to cause
user problems. These threats may be used to trigger the program threats over an entire network,
known as program attacks.
1. Port Scanning It is a method by which the cracker determines the system's vulnerabilities for an
attack. It is a fully automated process that includes connecting to a specific port via TCP/IP.
2. Worm The worm is a process that can choke a system's performance by exhausting all system
resources. A Worm process makes several clones, each consuming system resources and preventing
all other processes from getting essential resources.
3. Denial of Service Denial of service attacks usually prevents users from legitimately using the
system. For example, if a denialof-service attack is executed against the browser's content settings,
a user may be unable to access the internet

Threats to Operating System

There are various threats to the operating system. Some of them are as follows:
Malware It contains viruses, worms, trojan horses, and other dangerous software. These are
generally short code snippets that may corrupt files, delete the data, replicate to propagate further,
and even crash a system.
Network Intrusion Network intruders are classified as masqueraders, misfeasors, and unauthorized
users. A masquerader is an unauthorized person who gains access to a system and uses an
authorized person's account.
Buffer Overflow It is also known as buffer overrun. It is the most common and dangerous security
issue of the operating system.

There are various ways to ensure operating system security.

1. Authentication The process of identifying every system user and associating the programs
executing with those users is known as authentication.
1. Username/Password Every user contains a unique username and password that should be input
correctly before accessing a system.
2. User Attribution These techniques usually include biometric verification, such as fingerprints,
retina scans, etc. This authentication is based on user uniqueness and is compared to database
samples already in the system. Users can only allow access if there is a match.
3. User card and Key To login into the system, the user must punch a card into a card slot or enter a
key produced by a key generator into an option provided by the operating system.
10
2. One Time passwords Along with standard authentication, one-time passwords give an extra
layer of security. Every time a user attempts to log into the One-Time Password system, a unique
password is needed.
1. Secret Key The user is given a hardware device that can generate a secret id that is linked to the
user's id. The system prompts for such a secret id, which must be generated each time you log in.
2. Random numbers Users are given cards that have alphabets and numbers printed on them. The
system requests numbers that correspond to a few alphabets chosen at random.
3. Network password Some commercial applications issue one-time passwords to registered
mobile/email addresses, which must be input before logging in.

Firewalls
Firewalls are essential for monitoring all incoming and outgoing traffic. It imposes local security,
defining the traffic that may travel through it. Firewalls are an efficient way of protecting network
systems or local systems from any network-based security threat.
Physical Security
The most important method of maintaining operating system security is physical security. An
attacker with physical access to a system may edit, remove, or steal important files since operating
system code and configuration files are stored on the hard drive.

Operating System Security Policies and Procedures

Various operating system security policies may be implemented based on the organization that you
are working in. In general, an OS security policy is a document that specifies the procedures for
ensuring that the operating system maintains a specific level of integrity, confidentiality, and
availability. OS Security protects systems and data from worms, malware, threats, ransomware,
backdoor intrusions, viruses, etc. Security policies handle all preventative activities and procedures
to ensure an operating system's protection, including steal, edited, and deleted data.

As OS security policies and procedures cover a large area, there are various techniques to
addressing them. Some of them are as follows:
1. Installing and updating anti-virus software
2. Ensure the systems are patched or updated regularly
3. Implementing user management policies to protect user accounts and privileges.
4. Installing a firewall and ensuring that it is properly set to monitor all incoming and outgoing
traffic.

OS security policies and procedures are developed and implemented to ensure that you must first
determine which assets, systems, hardware, and date are the most vital to your organization. Once
that is completed, a policy can be developed to secure and safeguard them properly.

Module-3
11
MODULE-3
Security Controls
Security controls are parameters implemented to protect various forms of data and infrastructure
important to an organization. Any type of safeguard or countermeasure used to avoid, detect,
counteract, or minimize security risks to physical property, information, computer systems, or other
assets is considered a security control. Given the growing rate of cyberattacks, data security controls
are more important today than ever. According to a Clark School study at the University of
Maryland, cybersecurity attacks in the U.S.

Types of security controls

There are several types of security controls that can be implemented to protect hardware, software,
networks, and data from actions and events that could cause loss or damage. For example:
 Physical security controls include such things as data center perimeter fencing, locks, guards,
access control cards, biometric access control systems, surveillance cameras, and intrusion detection
sensors.
 Digital security controls include such things as usernames and passwords, two-factor
authentication, antivirus software, and firewalls.
 Cybersecurity controls include anything specifically designed to prevent attacks on data,
including DDoS mitigation, and intrusion prevention systems.
 Cloud security controls include measures you take in cooperation with a cloud services provider
to ensure the necessary protection for data and workloads. If your organization runs workloads on
the cloud, you must meet their corporate or business policy security requirements and industry
regulations.

Security controls can also be classified according to their characteristics, for example:
 Physical controls e.g. fences, doors, locks and fire extinguishers;
 Procedural or administrative controls e.g. incident response processes, management oversight,
security awareness and training;
 Technical or logical controls e.g. user authentication (login) and logical access controls, antivirus
software, firewalls;
 Legal and regulatory or compliance controls e.g. privacy laws, policies and clauses

Security control frameworks and best practices

Systems of security controls, including the processes and documentation defining implementation
and ongoing management of these controls, are referred to as frameworks or standards. Frameworks
enable an organization to consistently manage security controls across different types of assets
according to a generally accepted and tested methodology. Some of the best-known frameworks and
standards include the following

National Institute of Standards and Technology Cyber Security Framework

The National Institute of Standards and Technology (NIST) created a voluntary framework in 2014
to provide organizations with guidance on how to prevent, detect, and respond to cyberattacks. The
assessment methods and procedures are used to determine if an organization’s security controls are
implemented correctly, operate as intended, and produce the desired outcome (meeting the security
requirements of the organization). The NIST framework is consistently updated to keep pace with
cybersecurity advances
12
Center for Internet Security controls
The Center for Internet Security (CIS) developed a list of high-priority defensive actions that
provide a “must-do, do-first” starting point for every enterprise looking to prevent cyberattacks.
According to the SANS Institute, which developed the CIS controls, “CIS controls are effective
because they are derived from the most common attack patterns highlighted in the leading threat
reports and vetted across a very broad community of government and industry practitioners.” : 
Enforces IT security policies through security controls
 Educates employees and users about security guidelines
 Meets industry and compliance regulations
 Achieves operational efficiency across security controls
 Continually assesses risks and addresses them through security controls

Security controls assessments

A security controls assessment is an excellent first step for determining where any vulnerabilities
exist. A security controls assessment enables you to evaluate the controls you currently have in
place and determine whether they are implemented correctly, operating as intended, and meeting
your security requirements. NIST Special Publication 800-53 was created by NIST as a benchmark
for successful security control assessments. The NIST guidelines serve as a best practice approach
that, when applied, can help mitigate risk of a security compromise for your organization.
Alternatively, your organization can also create its own security assessment

Intrusion and software intrusions:

Safeguarding the security of your IT infrastructure is no easy task. There are so many components
to protect, and no firewall is entirely foolproof. Cyberattacks are constantly evolving, with the
express intention of breaching your defenses and compromising your systems, and more come to
light every day. Keeping pace with these developments requires your security solution to be
adaptable and comprehensive.
An intrusion detection system (IDS) is a vital element of a truly successful solution. It flags up
inbound and outbound malicious traffic, so you can take proactive steps to safeguard your network.
An effective IDS keeps your IT personnel informed, so they can respond rapidly and with precision
to a potential threat.

What Is an Intrusion Detection System (IDS)?

An intrusion detection system, IDS for short, monitors network and system traffic for any
suspicious activity. Once any potential threats have been identified, intrusion detection software
sends notifications to alert you to them. The latest IDS software will proactively analyze and
identify patterns indicative of a range of cyberattack types. An effective solution should be able to
discover any threats before they fully infiltrate the system. Firewalls and anti-malware programs are
just one small part of a comprehensive approach to security. When a network grows, and unknown
or new devices regularly jump in and out, you need intrusion detection software. This software
should be capturing snapshots of your whole system, using knowledge of potential intrusions to
proactively prevent them.

Types of IDS
An intrusion detection system comes in one of two types:
1. host-based intrusion detection system (HIDS)
2. network-based intrusion detection system (NIDS).
13

Network-Based Intrusion Detection System (NIDS)

As a system that examines and analyzes network traffic, a network-based intrusion detection system
must feature a packet sniffer, which gathers network traffic, as standard. Though NIDSs can vary,
they typically include a rulebased analysis engine, which can be customized with your own rules. In
some cases, NIDSs have a user community producing rules you can import directly, to save you
time. It may take some time to get familiar with the rule syntax of your chosen NIDS and being able
to import from the user community can make the initial NIDS implementation feel like less of a
steep learning curve. NIDS rules also facilitate selective data capture.

Host-Based Intrusion Detection System (HIDS)

Instead of examining the traffic, host-based intrusion detection systems examine the events on a
computer connected to your network, by looking into admin file data. This usually includes
configuration and log files. A HIDS will back up your configuration files, so you can restore
previous settings if a virus affects system security by altering the device setup. You’ll also want to
defend yourself against root access on Unix-like platforms or Windows system registry changes. A
HIDS can’t block these alterations, but it should notify you so you can act to rectify or prevent
them. Hosts monitored by HIDSs must have software installed.

NIDS vs. HIDS

So, should you opt for a NIDS or a HIDS? The short answer: you should probably have both. A
NIDS gives you far more monitoring capacity than a HIDS can, allowing you to intercept
cyberattacks in real time. A HIDS, on the other hand, is only able to identify if something is wrong
once a setting or file has already been altered. By combining these two systems, you can achieve a
preventive and responsive solution. Having a HIDS is important because HIDS activity is less
aggressive than NIDS activity—for a start, a HIDS should not use as much CPU. Neither type of
system generates network traffic

Types of Intrusion Detection Methodologies

Both a host-based intrusion detection system and a network-based intrusion detection system will
have two modes of operation:
1.signature-based
2.anomaly-based.

1. signature-based IDS
The signature-based approach to IDS focuses on identifying a “signature” of an intrusion event.
This could be in the form of a known identity, or perhaps a pattern. Most IDSs use the signature-
based approach. For this mode to be successful, it needs to be updated regularly, so it understands
which identities and signatures are common. These identities and signatures are changing and
evolving. In other words, if an attacker changes details about how the attack is executed regularly
enough, they may be able to evade the attention of a signaturebased IDS, because the IDS cannot
keep up with the alterations. Brand-new attack types may also slip through, because they don’t yet
exist in the IDS database.

2.Anomaly-Based IDS
Anomaly-based detection, as its name suggests, focuses on identifying unexpected or unusual
patterns of activities. This method compensates for any attacks that slip past the signature-based
model’s pattern identifying approach. However, previously unknown but nonetheless valid behavior
14
can sometimes be flagged accidentally. Anomaly-based IDS is good for identifying when someone
is sweeping or probing a network, which can provide a strong indication of an imminent attack.
Examples of an anomaly include multiple failed login attempts and unusual port activity.

Signature-Based vs. Anomaly-Based IDS

The signature-based methodology tends to be faster than anomaly-based detection, but ultimately a
comprehensive intrusion detection software program needs to offer both signature and anomaly
procedures. This is because there are merits and disadvantages to both signature-based and
anomaly-based intrusion detection software, which are largely compensated for when the two are
combined.

How to Use an IPS?

IPS is short for “intrusion prevention system.” IPS and IDS software are branches of the same tree,
and they harness similar technologies. Detection facilitates prevention, so IPSs and IDSs must work
in combination to be successful. The key difference between these intrusion systems is one is active,
and the other is passive. A typical intrusion monitor alerting you when something is unusual or
suspicious might be referred to as a passive IDS. A system that detects and acts to prevent damage
and further attacks would be referred to as reactive. This is because it reacts to the intrusion rather
than merely identifying it.

Challenges of Managing an IDS

There are three main challenges associated with managing an IDS. When choosing your intrusion
detection software, look for a program that minimizes these challenges as much as possible.
1. Identifying false positives. The first challenge concerns the identification of false positives,
which I’ve already addressed in part. False positives can put pressure on IT teams, who must update
their IDS continually, so it has the information required to detect genuine threats and distinguish
those threats from genuine traffic.
2. Staffing. The second issue is staffing. Understanding the context of threats and suspicious
activity is an extremely important aspect of IDS management. The wider context is changing every
day, as cybercriminals try to keep pace with security software.
3. Identifying genuine risks. False positives can be time-consuming and cumbersome but missing
a legitimate threat can be worse. With an IDS, you have to know the nature of the attack to identify
and prevent it. Experts refer to this as the “patient zero” problem: someone has to get sick before
you can identify the illness in the future.

Some of the IDS

1. SolarWinds Security Event Manager
2. Kismet
3. Zeek
4. Open DLP
5. Sagan
6. Suricata
7. Security Onion

Security Configuration Management

Security configuration management is a process that involves adjusting the default settings of an
information system in order to increase security and mitigate risk. Security configuration
management identifies misconfigurations of a system’s default settings. Misconfigurations can lead
to a host of problems, including poor system performance, noncompliance, inconsistencies and
15
security vulnerabilities. In routers or operating systems, for example, manufacturers often set the
default configurations with predefined passwords or pre-installed applications.Specialized
configuration management tools allow security teams to understand what’s changing in their key
assets and detect a breach early. These tools typically perform the following tasks:
 Classify and manage systems
 Modify base configurations
 Roll out new settings to applicable systems
 Automate patches and updates
 Identify problematic and noncompliant configurations
 Access and apply remediation

How security configuration management works?

Patches, updates and changes to IT hardware and software typically require adjustments to the
system configuration. To prevent these adjustments from having an impact on security,
organizations require a welldefined security configuration management process and the right tools.
A solid process is key to disaster recovery. You can’t recover the last-known configuration without
correct and thorough documentation, for example. Security configuration management tools are
also important because they identify misconfigurations and detect and report unusual changes to
files or registry keys, enabling organizations to understand how their assets are changing.

Security configuration management has four phases

 Planning. This step involves developing policies and procedures for incorporating security
configuration management into existing IT and other security programs,
 Identifying and implementing configurations. Creating, reviewing, approving and
implementing a secure baseline configuration for the system is critical.
 Controlling configuration changes. Organizations ensure that changes are formally analyzed for
their impact on security — and later tested and approved prior to implementation.
 Monitoring. This phase identifies previously undiscovered or undocumented system
components, misconfigurations, vulnerabilities and unauthorized changes — all of which can
expose organizations to increased risk.

Security configuration management tools can address these challenges,

providing a number of advantages for businesses.
 Automation and visibility. Without a security configuration management tool, it’s nearly
impossible to maintain secure configurations across servers, routers, firewalls and switches.
 Heightened compliance. Security configuration management tools monitor an organization’s
compliance with both internal and external standards.
 Lower risk and faster recovery. Tools detect and quickly correct misconfigurations, thereby
reducing organizational risk.

Modularity, Encapsulation, and Information Hiding

Modularity
Modularization is the process of dividing a task into subtasks. This division is done on a logical or
functional basis. Each component performs a separate, independent part of the task. Modularity is
depicted in the figure below . The goal is to have each component meet four conditions
16
Coupling refers to the degree with which a component depends on other components in the system.
Thus, low or loose coupling is better than high or tight coupling because the loosely coupled
components are free from unwitting interference from other components. This difference in
coupling

Encapsulation
Encapsulation hides a component's implementation details, but it does not necessarily mean
complete isolation. Many components must share information with other components, usually with
good reason. However, this sharing is carefully documented so that a component is affected only in
known ways by others in the system. Sharing is minimized so that the fewest interfaces possible are
used. Limited interfaces reduce the number of covert channels that can be constructed. An
encapsulated component's protective boundary can be translucent or transparent, as needed. Berard
notes that encapsulation is the "technique for packaging the information [inside a component] in
such a way as to hide what should be hidden and make visible what is intended to be visible.

Information Hiding
Developers who work where modularization is stressed can be sure that other components will
have limited effect on the ones they write. Thus, we can think of a component as a kind of black
box, with certain well-defined inputs and outputs and a well-defined function. Other components'
designers do not need to know how the module completes its function; it is enough to be assured
that the component performs its task in some correct manner. This concealment is the information
hiding,
Mutual Suspicion
Programs are not always trustworthy. Even with an operating system to enforce access limitations,
it may be impossible or infeasible to bound the access privileges of an untested program effectively.
In this case, the user U is legitimately suspicious of a new program P. However, program P may be
invoked by another program, Q. There is no way for Q to know that P is correct or proper, any more
than a user knows that of P. Therefore, we use the concept of mutual suspicion to describe the
relationship between two programs.
Confinement
Confinement is a technique used by an operating system on a suspected program. A confined
program is strictly limited in what system resources it can access. If a program is not trustworthy,
the data it can access are strictly limited. Strong confinement would be helpful in limiting the
spread of viruses.

Genetic Diversity
At your local electronics shop you can buy a combination printerscannercopierfax machine. It
comes at a good price (compared to costs of the four separate components) because there is
considerable overlap in functionality among those four. It is compact, and you need only install one
thing on your system, not four. But if any part of it fails, you lose a lot of capabilities all at once
Confidentiality
Confidentiality measures are designed to prevent unauthorized disclosure of information. The
purpose of the confidentiality principle is to keep personal information private and to ensure that it
is visible and accessible only to those individuals who own it or need it to perform their
organizational functions.
Integrity
Consistency includes protection against unauthorized changes (additions, deletions, alterations,
etc.) to data. The principle of integrity ensures that data is accurate and reliable and is not modified
incorrectly, whether accidentally or maliciously.
17
Availability
Availability is the protection of a system’s ability to make software systems and data fully available
when a user needs it (or at a specified time). The purpose of availability is to make the technology
infrastructure, the applications and the data available when they are needed for an organizational
process or for an organization’s customers.

Information Security vs Cybersecurity

Information security differs from cybersecurity in both scope and purpose. The two terms are often
used interchangeably, but more accurately, cybersecurity is a subcategory of information security.
Information security is a broad field that covers many areas such as physical security, endpoint
security, data encryption, and network security. It is also closely related to information assurance,
which protects information from threats such as natural disasters and server failures.

Information Security Policy

An Information Security Policy (ISP) is a set of rules that guide individuals when using IT assets.
Companies can create information security policies to ensure that employees and other users follow
security protocols and procedures. Security policies are intended to ensure that only authorized
users can access sensitive systems and information. Creating an effective security policy and taking
steps to ensure compliance is an important step towards preventing and mitigating security threats.
To make your policy truly effective, update it frequently based on company changes, new threats,
conclusions drawn from previous breaches, and changes to security systems and tools.

Top Information Security Threats

There are hundreds of categories of information security threats and millions of known threat
vectors. Below we cover some of the key threats that are a priority for security teams at modern
enterprises.
Unsecure or Poorly Secured Systems
The speed and technological development often leads to compromises in security measures. In other
cases, systems are developed without security in mind, and remain in operation at an organization
as legacy systems. Organizations must identify these poorly secured systems, and mitigate the threat
by securing or patching them, decommissioning them, or isolating them.

Social Media Attacks

Many people have social media accounts, where they often unintentionally share a lot of
information about themselves. Attackers can launch attacks directly via social media, for example
by spreading malware via social media messages, or indirectly, by using information obtained from
these sites to analyze user and organizational vulnerabilities, and use them to design an attack.

Social Engineering
Social engineering involves attackers sending emails and messages that trick users into performing
actions that may compromise their security or divulge private information. Attackers manipulate
users using psychological triggers like curiosity, urgency or fear.

Malware on Endpoints
Organizational users work with a large variety of endpoint devices, including desktop computers,
laptops, tablets, and mobile phones, many of which are privately owned and not under the
organization’s control, and all of which connect regularly to the Internet.

Lack of Encryption
18
Encryption processes encode data so that it can only be decoded by users with secret keys. It is very
effective in preventing data loss or corruption in case of equipment loss or theft, or in case
organizational systems are compromised by attackers.

Security Misconfiguration
Modern organizations use a huge number of technological platforms and tools, in particular web
applications, databases, and Software as a Service (SaaS) applications, or Infrastructure as a Service
(IaaS) from providers like Amazon Web Services. Enterprise grade platforms and cloud services
have security features, but these must be configured by the organization. Security misconfiguration
due to negligence or human error can result in a security breach.

Active Attack
An active attack involves intercepting a communication or message and altering it for malicious
effect. There are three common variants of an active attacks:
 Interruption—the attacker interrupts the original communication and creates new, malicious
messages, pretending to be one of the communicating parties.
 Modification—the attacker uses existing communications, and either replays them to fool one of
the communicating parties, or modifies them to gain an advantage.
 Fabrication—creates fake, or synthetic, communications, typically with the aim of achieving
denial of service (DoS). This prevents users from accessing systems or performing normal
operations

Active Attack
An active attack involves intercepting a communication or message and altering it for malicious
effect. There are three common variants of an active attacks:
 Interruption—the attacker interrupts the original communication and creates new, malicious
messages, pretending to be one of the communicating parties.
 Modification—the attacker uses existing communications, and either replays them to fool one of
the communicating parties, or modifies them to gain an advantage.
 Fabrication—creates fake, or synthetic, communications, typically with the aim of achieving
denial of service (DoS). This prevents users from accessing systems or performing normal
operations

Active Attacks Passive Attacks

1.Modify messages, communications or data 1. Do not make any change to data or systems
2.Poses a threat to the availability and integrity 2. Poses a threat to the confidentiality of
sensitive of sensitive data sensitive data
3.May result in damage to organizational systems. 3.Does not directly cause damage to
4.Victims typically know about the attack organizational systems
. 4.Victims typically do not know about the ttack.

Information Security and Data Protection Laws

Information security is in constant interaction with the laws and regulations of the places where an
organization does business. Data protection regulations around the world focus on enhancing the
privacy of personal data, and place restrictions on the way organizations can collect, store, and
make use of customer data.

Security software selections

19
Security software is used to restrict access to data, files, and users on a computer or server. Products
include:
 Firewalls
 Antivirus software
 Anti-spyware
 Anti-phishing software
 LAN/WAN security
 Data encryptio

How it Works
Networks
Most network security software include packet sniffers and loggers for tracking potentially
malicious traffic. These system administration products use a combination of hardware and software
to prevent such traffic from entering the network. For example, security specialists often implement
firewall server software that is designed to open or close certain ports; configure black, white, and
gray lists for email; and act as a DMZ (demilitarized zone) between the Internet and an external
network.

Email and Internet

Security software provides protections for e-mail and Internet access. Email security software can
include antivirus applications that scan HTML-based emails and email attachments for worms,
Trojans, and malicious scripts. Common types of Internet security software use anti-phishing
applications to prevent the logging of personal information in an unsecured or malicious Web site.
Anti-spyware software provides protection against:
 Malicious startup scripts
 Exploits (e.g., buffer overflow handling)
 Browser help object (BHO) threats
 Keyloggers
 Pop-up ads
 Adware injectors

Applications
Application security is a highly desirable feature in security software products. Systems
administrators use data encryption software to protect corporate information stored by applications
within a database. This type of software generally uses an algorithm of combined security features
including user names, passwords, and encryption keys to insure that only authorized users have
access to sensitive datasets.

Database Introduction
A database is an organized collection of data, generally stored and accessed electronically from a
computer system. It supports the storage and manipulation of data. In other words, databases are
used by an organization as a method of storing, managing and retrieving information. Types of
Database
Types of Databases
Depending upon the usage requirements, there are following types of databases available in the
market:
 Centralized database
 Distributed database
 Personal database
20
 End-user database
 Commercial database
 NoSQL database
 Operational database
 Relational database
 Cloud database
 Object-oriented database
 Graph database

Advantages of using Databases

There are many advantages of databases
 Reduced data redundancy
 Reduced updating errors and increased consistency
 Greater data integrity and independence from application programs
 Improved data access to users through the use of host and query languages
 Improved data security
 Reduced data entry, storage, and retrieval costs

Disadvantages of using Databases

There are many disadvantages of databases
 Although databases allow businesses to store and access data efficiently, they also have certain
disadvantages
 Complexity
 Cost
 Security
 Compatibility
Some examples of Databases Some of the most popular databases are
1. Oracle Database
2. Sybase
3. MySQL

Database Management System

A database management system (DBMS) is a software package designed to define, manipulate,
retrieve and manage data in a database. A DBMS generally manipulates the data itself, the data
format, field names, record structure, and file structure. It also defines rules to validate and
manipulate this data.

There are 4 major types of DBMS.

Let's look into them in detail.
 Hierarchical - this type of DBMS employs the "parent-child" relationship of storing data. This
type of DBMS is rarely used nowadays. Its structure is like a tree with nodes representing records
and branches representing fields.
 Network DBMS - this type of DBMS supports many-to-many relations. This usually results in
complex database structures. RDM Server is an example of a database management system that
implements the network model
.  Relational DBMS - this type of DBMS defines database relationships in the form of tables, also
known as relations. Unlike network DBMS, RDBMS does not support many to many relationships.
Relational DBMS usually have pre-defined data types that they can support. This is the most
21
 Object-Oriented DBMS - this type supports the storage of new data types. The data to be stored
is in the form of objects. The objects to be stored in the database have attributes (i.e. gender, ager)
and methods that define what to do with the data. PostgreSQL is an example of an object-oriented
relational DBMS

Database Security
Database security refers to the collective measures used to protect and secure a database or database
management software from illegitimate use and malicious cyber threats and attacks. Database
security procedures are aimed at protecting not just the data inside the database, but the database
management system and all the applications that access it from intrusion, misuse of data, and
damage.

Database security covers and enforces security on all aspects and components of databases.
This includes:
 Data stored in database.
 Database server.
 Database management system (DBMS).
 Other database workflow applications.

Security requirements of databases

Database security requirements arise from the need to protect data: first, from accidental loss and
corruption, and second, from deliberate unauthorized attempts to access or alter that data.
Secondary concerns include protecting against undue delays in accessing or using data, or even
against interference to the point of denial of service. The global costs of such security breaches run
to billions of dollars annually, and the cost to individual companies can be severe, sometimes
catastrophic. These requirements are dynamic.

Designing Database security

Database designers and engineers are always concerned about speed and performance. However,
during the database design process, performance concerns sometimes undermine security issues. In
today’s data-driven world, that’s dangerous. Cybercriminals and hackers are no longer hacking for
fun. They have discovered massive profits in data breaches. Highly skilled hackers are launching
sophisticated cyber-attacks that affect millions of people every day.

A database designer needs to ensure the security on these three levels:

Data: Hackers can create security threats by corrupting, manipulating and stealing data. So
database designers have to look at all possible scenarios where the information can be
compromised.
Systems: Database depends on various software and hardware systems. These systems play direct
and indirect roles. Developers and DB engineers need to evaluate the systems to find out vulnerable
endpoints.
Users: Database customers can be internal or external to the organization. The database models
should account for access control and authorization processes. It will prevent hackers from taking
advantage of broken authentication.

Using the CIA Triad Concept

The following three concepts should further clarify what’s at stake:
22
Confidentiality: Databases need to keep private information secure. Even internal servers should
have some form of encryption. So if hackers get physical or network access to the databases, they
wouldn’t be able to use the data.

Integrity: Corrupted data will deteriorate customer trust. So data integrity is a priority for database
designers.

Availability: Data that can’t be reached is useless. An impenetrable wall that cuts off the data from
the rest of the world is not the goal. Rather, the objective is to use proper access control to make the
data available to the customers.

Practical Steps to Ensure Database Security

Even though every organization is different and your database design will differ significantly from
another company, here are some practical steps every organization can take to keep their data safe:

Secure Servers Physically

Use physical locks and bolts for database servers. Monitor datacenters with security cameras.
Moreover, make sure your data is encrypted, so hackers can’t use the data even if they gain access
to it.

Set Up Proper Firewalls

System and database administrators are often guilty of forgetting to close unused ports. Set up
firewalls to prevent unwanted incoming traffic. Monitor traffic with network tools to find suspicious
activities before they become huge problems.

Keep Systems Updated

Unpatched software applications and operating systems can create an opportunity for hackers to get
access. Make sure any systems attached to databases are regularly updated with the latest patches.

Identity and Access Management

Cybercriminals often use simple access management vulnerabilities to get into your database
system. If your systems administration password is “admin” or “password123”, you have a problem
on your hand.

Use Change Management and Database Auditing

Databases are fast evolving entities with changes happening in multiple directions. Sooner or later,
you have to use change management and DevOps principles to automate the monitoring of logs and
security breaches. The sooner, the better. Also, incorporate regular database auditing into your
process. It will help you find breaches faster
23
Module-4
Methods of Protection:
The network means the interconnection of two or more computers. This networking is very
beneficial in many fields like exchanging information, sharing resources such as printers and
scanners, sharing software, etc. Security means protection, safety, measures taken to be safe from
harm caused by others. Network security is similar. Network security means some measures taken
to protect computer networking from unauthorized access and risks.

Some protection methods are used to reduce security issues.

1. Authentication :
Authentication is the process of recognizing or identifying a user’s identity whether it is true, real,
or not. It’s simply a verification of claim whether you are who you say you are or not. There are
many authentication methods available nowadays like password authentication that includes using a
password, physical authentication that includes the scannable card or smart card or digital
certificate, biometric authentication that includes signatures and fingerprints, or visual
identification, and many more.

2. Authorization :
Authorization means to ensure whether you have permission to access on network or not. It’s
simply a verification of permission either user has access or not. Some authorization methods are
ACLs (Access Control Lists), Secure objects and methods, Access control for URL’s, etc.

3. Biometric System :
A Biometric system is one of the most secure systems as it provides high security to the computer
network. This system verifies the user’s identity based on some important characteristics that are
physiological and behavioral features. Physiological features include face, eyes, fingerprints, hand.
Behavioral features include voice, signature, etc.

4. Firewall :
A firewall is a method of network security that prevents the computer network from users that are
not authorized to have access to a network. It blocks the message, viruses, hackers if they do not
have authorized access and do not meet the security criteria as per requirement.
There are several types of firewall techniques:
 Packet Filter
 Application-level gateway
 Circuit-level gateway
 Stateful inspection firewall
 Next-Generation Firewall (NGFW)
 Proxy server Multilevel Security Multilevel security is a security policy that allows you to classify
objects and users based on a system of hierarchical security levels and a system of non-hierarchical
security categories.

Multilevel Security
Multilevel security is a security policy that allows you to classify objects and users based on a
system of hierarchical security levels and a system of non-hierarchical security categories.
Multilevel security provides the capability to prevent unauthorized users from accessing
24
Multilevel security offers the following advantages:

 Multilevel security enforcement is mandatory and automatic.

 Multilevel security can use methods that are difficult to express through traditional SQL views or
queries.
 Multilevel security does not rely on special views or database variables to provide row-level
security control.
 Multilevel security controls are consistent and integrated across the system, so that you can avoid
defining users and authorizations more than once.
 Multilevel security does not allow users to declassify information.

What is a multilevel database?

Briefly, a multilevel database provides granular security for data depending on the sensitivity of the
data field and clearance of the user for both writing and reading data.

Multi-level security in database management systems

Multi-level secure database management system (MLS-DBMS) security requirements are defined in
terms of the view of the database presented to users with different authorizations. These security
requirements are intended to be consistent with DoD secure computing system requirements. An
informal security policy for a multi-level secure database management system is outlined, and
mechanisms are introduced that support the policy.

MAC Security Issues

 Inference: Derivation of new information from known information. The inference problem refers
to the fact that the derived information may be classified at a level for which the user is not cleared.
 Aggregation: The result of assembling or combining distinct units of data when handling
sensitive information.
 Polyinstantiation: Polyinstantiation allows a relation to contain multiple rows with the same
primary key; the multiple instances are distinguished by their security levels.
 Referential integrity: A database has referential integrity if all foreign keys reference existing
primary keys.
 Entity integrity: A tuple in a relation cannot have a null value for any of the primary key
attributes.
 Granularity: The degree to which access to objects can be restricted. Granularity can be applied to
both the actions allowable on objects, as well as to the users allowed to perform those actions on the
object.

Exploitation of Database Software Vulnerabilities

Attackers constantly attempt to isolate and target vulnerabilities in software, and database
management software is a highly valuable target. New vulnerabilities are discovered daily, and all
open source database management platforms and commercial database software vendors issue
security patches regularly. However, if you don’t use these patches quickly, your database might be
exposed to attack

1.SQL/NoSQL Injection Attacks

A database-specific threat involves the use of arbitrary non-SQL and SQL attack strings into
database queries. Typically, these are queries created as an extension of web application forms, or
received via HTTP requests. Any database system is vulnerable to these attacks, if developers do
25

2.Buffer Overflow Attacks

Buffer overflow takes place when a process tries to write a large amount of data to a fixed-length
block of memory, more than it is permitted to hold. Attackers might use the excess data, kept in
adjacent memory addresses, as the starting point from which to launch attacks.

3. Denial of Service (DoS/DDoS) Attacks

In a denial of service (DoS) attack, the cybercriminal overwhelms the target service—in this
instance the database server—using a large amount of fake requests. The result is that the server
cannot carry out genuine requests from actual users, and often crashes or becomes unstable

How Can You Secure Your Database Server?

A database server is a physical or virtual machine running the database. Securing a database server,
also known as “hardening”, is a process that includes physical security, network security, and secure
operating system configuration. Ensure Physical Database Securit

Ensure Physical Database Security

Refrain from sharing a server for web applications and database applications, if your database
contains sensitive data. Although it could be cheaper, and easier, to host your site and database
together on a hosting provider, you are placing the security of your data in someone else’s hands

Lock Down Accounts and Privileges

Let’s consider the Oracle database server. After the database is installed, the Oracle database
configuration assistant (DBCA) automatically expires and locks most of the default database user
accounts. If you install an Oracle database manually, this doesn’t happen and default privileged
accounts won’t be expired or locked. Their password stays the same as their username, by default.
An attacker will try to use these credentials first to connect to the database.

Regularly Patch Database servers

Ensure that patches remain current. Effective database patch management is a crucial security
practice because attackers are actively seeking out new security flaws in databases, and new viruses
and malware appear on a daily basis. A timely deployment of up-to-date versions of database
service packs, critical security hotfixes, and cumulative updates will improve the stability of
database performance.

Encrypt All Files and Backups

Irrespective of how solid your defenses are, there is always a possibility that a hacker may infiltrate
your system. Yet, attackers are not the only threat to the security of your database. Your employees
may also pose a risk to your business. There is always the possibility that a malicious or careless
insider will gain access to a file they don’t have permission to access.

Test Your Database Security

Once you have put in place your database security infrastructure, you must test it against a real
threat. Auditing or performing penetration tests against your own database will help you get into the
mindset of a cybercriminal and isolate any vulnerabilities you may have overlooked. To make sure
the test is comprehensive, involve ethical hackers or recognized penetration testing services in your
Network Device
26
the security provided to a network from unauthorized access and risks. It is the duty of network
administrators to adopt preventive measures to protect their networks from potential security
threats. Computer networks that are involved in regular transactions and communication within the
government, individuals, or business require security. The most common and simple way of
protecting a network resource is by assigning it a unique name and a corresponding password.

Types of Network Security Devices

1.Active Devices
These security devices block the surplus traffic. Firewalls, antivirus scanning devices, and content
filtering devices are the examples of such devices.
2. Passive Devices
These devices identify and report on unwanted traffic, for example, intrusion detection appliances.

Preventative Devices
These devices scan the networks and identify potential security problems. For example, penetration
testing devices and vulnerability assessment appliances.
Unified Threat Management (UTM)
These devices serve as all-in-one security devices. Examples include firewalls, content filtering,
web caching, etc.
Firewalls
A firewall is a network security system that manages and regulates the network traffic based on
some protocols. A firewall establishes a barrier between a trusted internal network and the internet.

Hardware and Software Firewalls

Hardware firewalls are standalone products. These are also found in broadband routers. Most
hardware firewalls provide a minimum of four network ports to connect other computers. For larger
networks − e.g., for business purpose − business networking firewall solutions are available.

Software firewalls are installed on your computers. A software firewall protects your computer from
internet threats.

Antivirus
An antivirus is a tool that is used to detect and remove malicious software. It was originally
designed to detect and remove viruses from computers. Modern antivirus software provide
protection not only from virus, but also from worms, Trojan-horses, adwares, spywares, keyloggers,
etc.

Content Filtering
Content filtering devices screen unpleasant and offensive emails or webpages. These are used as a
part of firewalls in corporations as well as in personal computers. These devices generate the
message "Access Denied" when someone tries to access any unauthorized web page or email.
Content filtering can be divided into the following categories −
 Web filtering
 Screening of Web sites or pages
 E-mail filtering
 Screening of e-mail for spam
 Other objectionable content

Intrusion Detection Systems

27
Intrusion Detection Systems, also known as Intrusion Detection and Prevention Systems, are the
appliances that monitor malicious activities in a network, log information about such activities, take
steps to stop them, and finally report them. Intrusion detection systems can also perform the
following actions −
 Correct Cyclic Redundancy Check (CRC) errors
 Prevent TCP sequencing issues
 Clean up unwanted transport and network layer option

Digital Signature
A digital signature is a technique to validate the legitimacy of a digital message or a document. A
valid digital signature provides the surety to the recipient that the message was generated by a
known sender, such that the sender cannot deny having sent the message. Digital signatures are
mostly used for software distribution, financial transactions, and in other cases where there is a risk
of forgery.

Electronic Signature
An electronic signature or e-signature, indicates either that a person who demands to have created a
message is the one who created it. A signature can be defined as a schematic script related with a
person. A signature on a document is a sign that the person accepts the purposes recorded in the
document. In many engineering companies digital seals

Digital Signature to Electronic Signature

The concept of Electronic Signature is broader than Digital Signature. Section 3 of the Act delivers
for the verification of Electronic Records by affixing Digital Signature. As per the amendment,
verification of electronic record by electronic signature or electronic authentication technique shall
be considered reliable. According to the United Nations Commission on International Trade Law
(UNCITRAL), electronic authentication and signature methods may be classified into the following
categories −
 Those based on the knowledge of the user or the recipient, i.e., passwords, personal identification
numbers (PINs), etc.
 Those bases on the physical features of the user, i.e., biometrics.
 Those based on the possession of an object by the user, i.e., codes or other information stored on a
magnetic card.

According to the UNCITRAL MODEL LAW on Electronic Signatures, the following

technologies are presently in use
−  Digital Signature within a public key infrastructure (PKI)
 Biometric Device
 PINs
 Passwords
 Scanned handwritten signature
 Signature by Digital Pen
 Clickable “OK” or “I Accept” or “I Agree” click boxes

Tele communication Security:

The telecommunications management network (TMN) The TMN is separate and isolated from the
public network infrastructure so that any disruptions due to security threats in the end-user plane of
the public network do not spread to the TMN. As a result of this separation, it is relatively easy to
secure the management network traffic because access to this plane is restricted to authorized
28
network administrators and traffic is restricted to valid management activities. With the introduction
of next generation networks, traffic for an end-user application may sometimes be combined with
management traffic. While this approach minimizes costs by requiring only a single integrated
network infrastructure, it introduces many new security challenges.

Security Considerations
Before the great explosion of interest in the World Wide Web, it was common practice to run
utilities or programs on the Internet that would interrogate specified remote computers to locate
friends or colleagues and see if they were logged on. You could then communicate with them in
real-time over the network or connect temporarily to their disk drive to exchange files.

Common System Security Issues

The following sections discuss common security issues that you must consider when setting up
Forms Server in a networked environment:
 User Authentication
 Server Authentication
 Authorization
 Secure Transmission (Encryption)
 Firewall
 Virtual Private Network (VPN)
 Demilitarized Zone (DMZ)

User Authentication
Authentication is the process of verifying that a user who logs into a network or database has
permission to log in. Examples of authentication include the use of a user name and password when
logging into a local-area network (LAN) and the use of digital certificates when sending or
receiving secure e-mail over the Internet. An organization can use various types of authentication
processes depending on the level of security desired and the type of network or database that is
being protected.

Server Authentication
With server authentication, a client machine verifies that a server is who it claims to be. For
example, when a client sends confidential data to a server, the client can verify that the server is
secure and is the correct recipient of the client's confidential data. If you use the HTTPS
communications mode, which uses HTTP 1.1 with SSL (secure sockets layer), data transmission is
encrypted and server authentication is conducted over the Internet. Server authentication is
accomplished using digital certificates.

Secure Transmission (Encryption)

When information is transmitted over lines of communication, whether they be coaxial cable,
telephone lines, fiber optics, or satellite, there is the risk that the communication can be intercepted
by third parties. Often, the information can be intercepted without the sender or receiver ever
knowing the data was compromised. The most common method of securing transmission is to
encrypt the data. When encryption is used, the sender and receiver of the data have a "key" that can
encode and decode the information. When the data is sent, the sender's key is used to encode the
information using a mathematical algorithm. The receiver's key decodes the information.

Virtual Private Network (VPN)

29
A Virtual Private Network (VPN) is an authenticated connection between two networks or between
a network and a remote user where communication is considered completely private. Special
"tunneling" software on both the network and the remote user's computer create a secure, encrypted
connection over public lines -- even via an Internet Service Provider (ISP). I

Security of communication in the special communications systems

The Armed Forces’ communications systems and networks (so-called private or special
communications systems), in which the exchange of information is carried out at various levels of
confidentiality, play a special role in the state security system. Different types of the Armed Forces
use separate, but characterized by interoperability, information systems as part of a joint strategy for
management and command of armed forces and cooperating with other components of the state
defence system. In the types of Armed Forces, from the operational and functional point of view,
basic components of combat units (companies, battalions, brigades, divisions, etc.) are organized,
which have their own command systems (command posts) and the necessary information
infrastructure

COMMUNICATION TECHNOLOGIES The turn of the twentieth and twenty-first century, and in
particular the beginning of the twenty-first century is inextricably linked to the emergence of the
information society and the development of information and communications technology, closely
related to electronics, telecommunications and IT. In all these disciplines, great progress has been
observed in basic, research and implementation works. The most important thing is to notice that
the driving force behind the development of all these disciplines are two basic values, namely
convergence and synergy. Convergence is associated with the tendency to create systems with
universal features, as well as similar structure and functional properties. In the case of information
technology, it is evident in the modern IT systems offering various services and applications, so far
typical of classic solutions. Synergy, in turn, means the interaction of various elements of the
system leading to strengthening the efficiency and effectiveness of the entire system, as well as the
appearance of new, previously unknown properties or possibilities. Figure 3 illustrates the basic
communication technologies currently used in networks in terms of the concept of the so-called
overlay networks
30

COMMUNICATION SECURITY STRATERGIES: The issues of security of information systems,

computer networks and telecommunications networks have been given a lot of attention almost
from the very beginning of the existence of communication services. .805, and security issues have
been developed and characterized to this day in the context of protocols/techniques/technologies
used in telecommunications networks. Communications and Information Systems Security (CISS)
includes many different organizational, system and technical mechanisms, including those related
to:
✓assessing the security architecture of information systems and their integrity analysis under threat
conditions,
✓analysis of used technologies/communication protocols and security assessment of the technical
infrastructure of the telecommunications network,
✓correlation between CISS and NCW,
✓introducing various security management mechanisms/procedures, including the use of various
algorithms for cryptographic information security,
✓conducting research in the field of interoperability and compatibility of information systems,
including e.g. disclosing emissions, etc