UNIT-2: Vulnerabilities and Access Control

Q.1) What are the Cyber Security Vulnerabilities? Explain its various types with
suitable examples.
Ans:

Vulnerability in cyber security is the susceptibility of a system to attacks. In cybersecurity,

a vulnerability is a weakness that can be exploited by cybercriminals to gain unauthorized
access to a computer system. After exploiting a vulnerability, a cyberattack can run
malicious code, install malware and even steal sensitive data.
Types:

1) Weak Authentication: A lack of sound credential protection is one of the most

frequent sources of compromise and violations of this cybersecurity weakness.
People use the same password repeatedly, and many programs and utilities enable
poor security practices.
Implementing tight password controls is the key. Users should also be allowed to
use multifactor authentication to enter sensitive data or pages.

2) Poor Security Awareness: A big challenge that plagues organizations is the

vulnerability of end consumers to social engineering. (Social engineering is a
manipulation technique that exploits human error to gain private information, access,
or valuables)
A lack of sound protection awareness training and end-user confirmation is the most
prevalent source of active phishing, pretexting, and other social engineering attacks.

3) Poor Network Segmentation and Monitoring: Many attackers rely on poor network
segmentation and monitoring to gain complete access to a network subnet. This has
contributed to the considerable persistence of attackers breaching modern technologies
and retaining more extended access.
A lack of subnet surveillance is a substantial root cause of this flaw.

4) Poor Endpoint Security Defences: Zero-day attacks are becoming more widespread.
Many of the security endpoint protections have proven ineffective in tackling
sophisticated ransomware and intrusions targeting end-users and server platforms.
Traditional antivirus signature-based solutions are no longer considered sufficient
since many attackers can quickly bypass the signatures.

5) Poor Data Backup and Recovery: Organizations have a pressing need to backup and
restore data with the latest threat of malware becomes high, along with conventional
disasters and other failures. Unfortunately, many companies don’t succeed in this region
due to a lack of proper backup and recovery options.

Examples:
1) Hardware: Susceptibility to humidity, dust, soiling, natural disaster, poor encryption or
firmware vulnerability.
2) Software: Insufficient testing, lack of audit trail, design flaws, memory safety violations,
input validation errors, privilege-confusion bugs, race conditions, side channel attacks,
timing attacks and user interface failures.
UNIT-2: Vulnerabilities and Access Control

3) Network: Unprotected communication lines, man-in-the-middle attacks, insecure network

architecture, lack of authentication or default authentication.
4) Personnel: Poor recruiting policy, lack of security awareness and training, poor adherence
to security training, poor password management or downloading malware via email
attachments.
5) Physical site: Area subject to natural disaster, unreliable power source or no key card
access.
6) Organizational: Lack of audit, continuity plan, security or incident response plan.

Q.2) Write short note on

1. complex network architecture and
2. Threat management.

Ans.
Threat management: Threat management is the process used by cyber professionals
to prevent cyber-attacks, detect cyber threats and respond to security incidents.
- Many modern threat management systems use the cybersecurity framework
established by the National Institute of Standards and Technology (NIST).
- NIST provides comprehensive guidance to improve information security and
cybersecurity risk management for private sector organizations. There are five
primary functions for threat management:
They are Identify, protect, detect, respond and recover.

Identify
The identify function includes categories, such as asset management, business environment,
governance, risk assessment, risk management strategy and supply chain risk management.
Protect
The protect function covers much of the technical and physical security controls for
developing and implementing appropriate safeguards and protecting critical infrastructure.
These categories are identity management and access control, awareness and training, data
security, information protection processes and procedures, maintenance and protective
technology.
Detect
The detect function implements measures that alert an organization to cyberattacks. Detect
categories include anomalies and events, continuous security monitoring and early detection
processes.
Respond
The respond function ensures an appropriate response to cyberattacks and other cybersecurity
events. Categories include response planning, communications, analysis, mitigation and
improvements.
Recover
Recovery activities implement plans for cyber resilience and ensure business continuity in the
event of a cyberattack, security breach or another cybersecurity event. The recovery functions
are recovery planning improvements and communications.
UNIT-2: Vulnerabilities and Access Control

Q.3) Explain various cyber security safeguards w.r.t. Access control, audit
authentication, bio-Metrix, cryptography, deception, ethical hacking, denial of
service filters.
Ans:
Cybersecurity safeguards are the fundamental part of a cybersecurity investment. From the
functional perspective, there are administrative and technical safeguards. The perspective
of time allows a distinction between preventive, detective and corrective safeguards.

 Access control: Access control is a security technique that regulates who or what can view
or use resources in a computing environment. Access control systems perform identification,
authentication and authorization of users and entities by evaluating required login
credentials.
There are two types of access control: physical and logical.
Physical access control limits access to campuses, buildings, rooms and physical IT assets.
Logical access control limits connections to computer networks, system files and data.
- The goal of access control is to minimize the security risk of unauthorized access to
physical and logical systems.

 Audit: A cyber security audit is a systematic and independent examination of an

organization’s cyber security. An audit ensures that the proper security controls, policies,
and procedures are in place and working effectively.
- The purpose of a cyber security audit is to provide a ‘checklist’ in order to validate your
controls are working properly
- Audits play a critical role in helping organizations avoid cyber threats.
- Specifically, an audit evaluates: Operational security, Data Security, Network security,
System security, Physical security, etc.
- benefits of performing an audit: Identifying gaps in security, highlight weaknesses,
Compliance, Reputational value, testing controls, Improving security posture, Staying
ahead of bad actors, Assurance to vendors, employees, and clients, Confidence in your
security controls, Increased performance of your technology and security.

 Authentication: The process of giving access to an individual to certain resources based on

the credentials of an individual is known as authorization.
- A typical method for authentication over internet is via username and password.
- In two-factor authentication method, it requires two types of evidence to authenticate
an individual to provide an extra layer of security for authentication. Some other popular
techniques for two-way authentication are: biometric data, physical token, etc.
- Some of the larger organizations also use VPN (Virtual Private Network), which is one of
the methods to provide secure access via hybrid security authentication to the company
network over internet.

 Biometrics: Biometrics is the measurement and statistical analysis of people's unique

physical and behavioural characteristics.
- The term biometrics is derived from the Greek words’ bio - meaning life, and metric
meaning - to measure.
UNIT-2: Vulnerabilities and Access Control

- Types of Biometrics: Facial recognition, Fingerprints, Finger geometry (the size and
position of fingers), Vein recognition, Retina scanning, DNA matching, digital signatures,
etc.

 Cryptography: Cryptography is technique of securing information and communications

through use of codes so that only those persons for whom the information is intended can
understand it and process it. Thus, preventing unauthorized access to information. The
prefix “crypt” means “hidden” and suffix grapy means “writing”.
- Cryptography is associated with the process of converting ordinary plain text into
unintelligible text (Cipher text) (the process is known as Encryption) and vice-versa. It is
a method of storing and transmitting data in a particular form so that only those for
whom it is intended can read and process it.
- The process of conversion of cipher text to plain text this is known as decryption.
- Features Of Cryptography: Confidentiality, Integrity, Non-repudiation, Authentication,
etc.
- Three types of cryptographic techniques used in general: Symmetric-key cryptography,
Hash functions, Public-key cryptography.

 Deception: Deception technology is an emerging category of cyber security defence.

Deception technology products can detect, analyse, and defend against zero-day and
advanced attacks, often in real time.
- The aim of deception technology is to prevent a cybercriminal that has managed to
infiltrate a network from doing any significant damage. The technology works by
generating traps or deception decoys that mimic legitimate technology assets
throughout the infrastructure.

 Ethical Hacking: Gaining access to a system that you are not supposed to have access is
considered as hacking.
- Ethical hacking is also known as White hat Hacking or Penetration Testing. Ethical
hacking involves an authorized attempt to gain unauthorized access to a computer
system or data. Ethical hacking is used to improve the security of the systems and
networks by fixing the vulnerability found while testing.
- Advantages: It is used to recover the loss of information, especially when you lost your
password, It is used to perform penetration testing to increase the security of the
computer and network and It is used to test how good security is on your network.

Q.4) Explain the concept of Intrusion detection system?

Ans:
An Intrusion Detection System (IDS) is a monitoring system that detects suspicious activities and
generates alerts when they are detected. Based upon these alerts, a security operations canter (SOC)
analyst or incident responder can investigate the issue and take the appropriate actions to
remediate the threat.
- Examples of IDSs in real life - Car alarms, Fire detectors, House alarms, Surveillance
systems, etc.

- Intrusion detection systems can be classified as- host-based or network-based.

UNIT-2: Vulnerabilities and Access Control

Host-Based IDS (HIDS): A host-based IDS is deployed on a particular endpoint and designed to
protect it against internal and external threats. Such an IDS may have the ability to monitor network
traffic to and from the machine, observe running processes, and inspect the system’s logs.
A host-based IDS’s visibility is limited to its host machine, decreasing the available context for
decision-making, but has deep visibility into the host computer’s internals.

Network-Based IDS (NIDS): A network-based IDS solution is designed to monitor an entire

protected network. It has visibility into all traffic flowing through the network and makes
determinations based upon packet metadata and contents.
This wider viewpoint provides more context and the ability to detect widespread threats; however,
these systems lack visibility into the internals of the endpoints that they protect.

Detection Method of IDS Deployment:

Signature Detection: Signature-based IDS solutions use fingerprints of known threats to identify
them. Once malware or other malicious content has been identified, a signature is generated and
added to the list used by the IDS solution to test incoming content. This enables an IDS to achieve a
high threat detection rate with no false positives.
- Can’t detect zero-day vulnerabilities.

Anomaly Detection: Anomaly-based IDS solutions build a model of the “normal” behaviour of the
protected system. All future behaviour is compared to this model, and any anomalies are labelled as
potential threats and generate alerts.
- While this approach can detect novel or zero-day threats, the difficulty of building an
accurate model of “normal” behaviour.

Hybrid Detection: A hybrid IDS uses both signature-based and anomaly-based detection. This
enables it to detect more potential attacks with a lower error rate than using either system in
isolation.

Q.5) What would be the security policy of an organization? Explain in detail.

Ans.
- Security policies are a formal set of rules which is issued by an organization to ensure
that the user who are authorized to access company technology and information assets
comply with rules and guidelines related to the security of information.
- It is a written document in the organization which is responsible for how to protect the
organizations from threats and how to handles them when they will occur.
- Security policies are living documents that are continuously updated and changing
as technologies, vulnerabilities and security requirements change.

Need of Security policy: It increases efficiency, It upholds discipline and accountability, It

can make or break a business deal, It helps to educate employees on security literacy, etc.

A Security policy of organization must include the following details:

The policy can be structured as one document or as a hierarchy, with one

overarching master policy and many issue-specific policies
UNIT-2: Vulnerabilities and Access Control

 Acceptable encryption policy

 Data breach response policy
 Internet usage policy
 Remote access policy
 Risk assessment policy
 Social engineering awareness policy
 Virtual private network policy.