Cyber Security UNIT-I & UNIT-II
Cyber Security UNIT-I & UNIT-II
Cyber Security UNIT-I & UNIT-II
UNIT-I
INTRODUCTION
Overview of Cyber Security
Cyber security is the practice of defending computers, servers, mobile devices,
electronic systems, networks, and data from malicious attacks. It's also known as
information technology security or electronic information security. The term applies in
a variety of contexts, from business to mobile computing, and can be divided into a
few common categories.
· Information security protects the integrity and privacy of data, both in storage
and in transit.
· Operational security includes the processes and decisions for handling and
protecting data assets. The permissions users have when accessing a network and the
procedures that determine how and where data may be stored or shared all fall under
this umbrella.
· Disaster recovery and business continuity define how an organization responds
to a cyber-security incident or any other event that causes the loss of operations or
data. Disaster recovery policies dictate how the organization restores its operations
and information to return to the same operating capacity as before the event. Business
continuity is the plan the organization falls back on while trying to operate without
certain resources.
Cyber Threats
A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data,
or disrupt digital life in general. Cyber threats include computer viruses, data
breaches, Denial of Service (DoS) attacks, and other attack vectors. Cyber threats also
refer to the possibility of a successful cyber-attack that aims to gain unauthorized
access, damage, disrupt, or steal an information technology asset, computer network,
intellectual property, or any other form of sensitive data. Cyber threats can come from
within an organization by trusted users or from remote locations by unknown parties.
1. Cyber Warfare
2. Cyber Crime
3. Cyber Terrorism
4. Cyber Espionage
2. Cyber Crime: Cybercrime is criminal activity that either targets or uses a computer,
a computer network or a networked device. Most cybercrime is committed by
cybercriminals or hackers who want to make money. However, occasionally
cybercrime aims to damage computers or networks for reasons other than profit. These
could be political or personal.
● Crypto jacking (where hackers mine cryptocurrency using resources they do not
own).
3. Cyber Terrorism: Cyberterrorism is often defined as any premeditated, politically
motivated attack against information systems, programs and data that threatens
violence or results in violence. Cyber Terrorist acts are carried out using computer
servers, other devices and networks visible on the public internet. Secured government
networks and other restricted networks are often targets.
Vulnerabilities in Software
A software vulnerability is a defect in software that could allow an attacker to gain
control of a system. These defects can be because of the way the software is designed,
or because of a flaw in the way that it’s coded. An attacker first finds out if a system
has a software vulnerability by scanning it. The scan can tell the attacker what types of
software are on the system, are they up to date, and whether any of the software
packages are vulnerable. When the attacker finds that out, he or she will have a better
idea of what types of attacks to launch against the system. A successful attack would
result in the attacker being able to run malicious commands on the target system.
Coding errors could introduce several types of vulnerabilities, which include the
following:
Buffer overflows – These allow someone to put more data into an input field than
what the field is supposed to allow. An attacker can take advantage of this by placing
malicious commands into the overflow portion of the data field, which would then
execute.
SQL Injection – This could allow an attacker to inject malicious commands into the
database of a web application. The attacker can do this by entering specially-crafted
Structured Query Language commands into either a data field of a web application
form, or into the URL of the web application. If the attack is successful, the
unauthorized and unauthenticated attacker would be able to retrieve or manipulate
data from the database.
Third-party libraries – Many programmers use third-party code libraries, rather than
try to write all software from scratch. This can be a real time-saver, but it can also be
dangerous if the library has any vulnerabilities. Before using any of these libraries,
developers need to verify that they don’t have vulnerabilities.
System Administration
System administration refers to the management of one or more hardware and
software systems. The task is performed by a system administrator who monitors
system health, monitors and allocates system resources like disk space, performs
backups, provides user access, manages user accounts, monitors system security and
performs many other functions.
The system administrator’s responsibilities are diverse and involve many areas of an
organization’s technology systems. This IT professional may be responsible for some,
or all the areas listed below, depending on an organization’s structure and scope:
● Install and configure local area networks (LANs), wide area networks (WANs),
and network segments and servers, such as file servers, VPN gateways, and
intrusion detection systems.
● Ensure an uninterrupted internet connection and manage mail servers for
sending and receiving emails and file servers for saving and managing data.
● Oversee system performance and report generation.
● Peer-To-Peer network
● Client/Server network
Peer-To-Peer network:
together with equal privilege and responsibilities for processing the data.
● Peer-To-Peer network is useful for small environments, usually up to 10
computers.
● Special permissions are assigned to each computer for sharing the resources, but
this can lead to a problem if the computer with the resource is down.
● If one computer stops working, other computers will not stop working.
● In the case of the Peer-To-Peer network, it does not contain the centralized
system. Therefore, it cannot back up the data as the data is different in different
locations.
● Client/Server network is a network model designed for the end users called
clients, to access the resources such as songs, video, etc. from a central computer
known as Server.
● The central controller is known as a server while all other computers in the
● A server performs all the major operations such as security and network
management.
● A server is responsible for managing all the resources such as files, directories,
printer, etc.
shared resources.
● A server has a Network Operating System (NOS) to provide the resources to the
Weak Authentication
The more difficult an authentication mechanism is to defeat, the stronger it is. Clearly
the authentication strength of a system should correlate to the value of the assets it is
protecting. Two-Factor and Multi-Factor Authentication solutions are appropriate for
systems that deal with highly valued assets.
Password Strength:
The “strength” of a password is related to the potential set of combinations that would
need to be searched in order to guess it.
● Length: The number of characters in the password. The greater the length, the
The broader the range of characters, the greater the strength. It is typical for
strong password schemes to require upper- and lower-case letters, digits, and
punctuation characters.
Password Policy:
Password Policy describes the rules that are enforced regarding password strength,
changes, and re-use. An effective password policy supports strong authentication. It
is generally accepted that the each of the following will increase the integrity of the
authentication process:
● Periodically changing the password for an account makes it less likely that a
Password Cracking:
There are countless hacking tools and frameworks available to help an attacker guess a
password through an automated sequence of attempts. This is called “brute forcing”
because such tools will attempt all possible password combinations given a set of
constraints in an attempt to authenticate. An application that does not protect itself
against password cracking in some manner may be considered as having a Weak
Authentication vulnerability depending the requirements and risk-level.
Dictionary Attacks:
In addition to brute force attacks, password cracking tools also typically have the
ability to test a file of candidate passwords. This is called a dictionary attack because
the file used may actually be a dictionary of words. Passwords that can be found in a
dictionary are considered weak because they can eventually be discovered using a
dictionary attack. An application that allows dictionary words as passwords may be
considered as having a Weak Authentication vulnerability depending the application
requirements and risk-level.
Popular Passwords:
Since passwords are usually freely chosen and must be remembered, and given that
humans are lazy, passwords that are easy to remember tend to be more popular than
those that are not. In fact, some passwords become very popular and are used far
more frequently than might be expected. Although the most popular entries change
over time, you can always find a “top-N” list somewhere, like here, or here, or here.
Clearly it is in the user’s best interest to avoid the most popular passwords.
Unsecure Wi-Fi
The two types of public networks are ones that are left open by businesses and ones
that are left open by individuals. An open network from a business allows customers
to use the Internet in the establishment -- such as patrons of a coffee shop using the
network to work. An open network in a home comes from a router that hasn't been
secured. Sometimes this is unintentional, if the owner doesn't know that her network is
open. However, an unsecured wireless connection isn't always bad. Some experienced
users opt to leave their Wi-Fi open for the public to access, with proper security
precautions to protect their data and bandwidth.
Every router has some wireless security features built into the settings. Log in to your
router's administration settings using your browser; if you've never done this before,
the IP address and default login details are usually on the bottom of the router. When
choosing wireless security, WPA2 is the most secure, while WEP is the easiest for
outside users to crack. Set a strong password, and only share the password with
people you trust. Some routers also offer a Guest Network setting, which allows you to
create a secure wireless network and another unsecure network, which offers you
home security and an open network for visitors or neighbors.
If you routinely access public networks, you can still browse safely. Avoid entering
anything sensitive, such as bank or credit card information. If you have to access this
data, consider using a virtual private network (VPN), which encrypts all the data you
send using an external server.
1. Outdated Software
Websites are not the only ways you can be hacked, either. Operating systems on your
computer, mobile devices or even software running your wireless network at home are
easy to compromise for hackers. Updates to software are more than just fixing
operational bugs. In many instances, these updates include fixes to vulnerabilities like
using that old copy of Windows 7 without security updates turned on could
compromise your personal data.
One of the most common reasons why cyber-attacks cause so much damage is because
of the lack of proper understanding. A lot of people believe themselves to be immune
from threats and don’t really put thought into how dangerous attacks can become.
Even something as simple as a web browser can lead to all kinds of problems in work
and personal lifestyles. According to Kaspersky Lab, a leader in antiviral software,
attackers used web browsers 62% of the time to spread mayhem.
3. Lack of Proper Protection
One of the leading causes to how hackers gain a foothold in your systems is due to
improper protection. Remember the comment earlier about not locking your door at
night? Essentially, a lack of security software on your computer or website would be
like removing that door entirely. More than 304 million cyber-attacks were recorded in
2015. Although most of these were thwarted, it puts it into perspective just how
virulent attacks are in the world. In fact, more than 27% of all malware pieces recorded
throughout history were produced that same year.
4. Effects of Ransomware
Ransomware has been around for quite some time, but it has grown exponentially
since 2015. Essentially, this is when someone gains control of a database or computer
system and blocks its use until a “ransom” is paid. However, these kinds of attacks
only happen less than one percent of the time. To put this into perspective, the
Hollywood Presbyterian Medical Center’s network in Los Angeles was held hostage in
2016 until a $17,000 Bitcoin ransom was paid. Because of the number of lives that are
held in the balance from attacks like this, it’s much easier to extort money.
5. Evolving Software
Some forms of attacks are extremely difficult to track down and stop, even for high-
end software. For example, a polymorphic virus delivers a new payload every time it
expands. This means it essentially mutates each time making it very difficult to spot.
As many as 32% of computers with antivirus protection are infected at any given time.
This is often from new viral variants as well as polymorphic wares. All it takes is a
minor change in coding to help a virus become something new and undetectable.
Cyber Security Safeguards
It is meant by Protective measures and controls prescribed to meet the security
requirements specified for an information system. Safeguards may include security
features, management constraints, personnel security, and security of physical
structures, areas, and devices. Some major cyber security safeguards are listed below:
5. Look Out for Fake Notification Emails from Social Media Sites
Access Control
Access control is a data security process that enables organizations to manage who is
authorized to access corporate data and resources. Secure access control uses policies
that verify users are who they claim to be and ensures appropriate control access levels
are granted to users.
1. Audit: Organizations can enforce the principle of least privilege through the access
control audit process. This enables them to gather data around user activity and
analyze that information to discover potential access violations.
3. Biometrics: A biometric access control system is one that determines whether or not
to let a person into a building or a specific room based on the individual's unique
physical biometric characteristics. It works by comparing something unique about the
person—such as face, fingerprint, iris, palm, and hand geometry—to a database of
stored biometric templates about authorized users. If there is a match, the person is
allowed in; otherwise, the person is denied access. It provides significant physical
security benefits for protecting a wide variety of locations from intruders.
5. Denial of Service Filters: The DoS Filter window is used to enable or disable the
Denial of Service filter. The DoS filter automatically scans traffic passing through the
switch for well-known frames (based on packet signature) that are typically used to
conduct Denial of Service attacks to network devices. Once a frame is identified as a
threat, it is automatically dropped.
b. To disable DoS filtering, select Disable from the DoS Filtering drop-down list.
c. To enable DoS filtering, select Enable from the DoS Filtering drop-down list.
Comparison of IDS with Firewalls: IDS and firewall both are related to network
security but an IDS differs from a firewall as a firewall looks outwardly for intrusions
in order to stop them from happening. Firewalls restrict access between networks to
prevent intrusion and if an attack is from inside the network it doesn’t signal. An IDS
describes a suspected intrusion once it has happened and then signals an alarm.
9. Response: It is a set of information security policies and procedures that you can
use to identify, contain, and eliminate cyberattacks. The goal of incident response is to
enable an organization to quickly detect and halt attacks, minimizing damage and
preventing future attacks of the same type. There are six steps to incident response.
These six steps occur in a cycle each time an incident occurs. The steps are:
➢ Identification of incidents
preparation
10. Scanning: Security scanning, or vulnerability scanning, can mean many different
things, but it can be simply described as scanning the security of a website, web-based
program, network, or file system for either vulnerabilities or unwanted file changes.
The type of security scanning required for a particular system depends on what that
system is used for. The more complicated and intricate the system or network is, the
more in-depth the security scan has to be. Security scanning can be done as a one-time
check, but most companies who incorporate this into their security practices buy a
service that continually scans their systems and networks.
11. Security Policy: Cybersecurity procedures explain the rules for how employees,
consultants, partners, board members, and other end-users access online applications
and internet resources, send data over networks, and otherwise practice responsible
security. For large organizations or those in regulated industries, a cybersecurity policy
is often dozens of pages long. For small organizations, however, a security policy
might be only a few pages and cover basic safety practices. Such practices might
include:
● Lower risk with faster threat detection, consistent investigations and faster
response
In this, all the personal data of the user should be stored at the server in an encrypted
form.
HTTP cannot regulate the content of data that is transferred. HTTP cannot have any
prior method to determine the sensitivity of any particular part of the information within
the context of any request. Revealing any specific software version of the server might
allow the server machine to become more vulnerable to attacks against software which
contains security holes. The Proxies which serve as a portal through the firewall of the
network should take special precaution about the transfer of header information which
is used to identify the hosts behind the firewall.
3. Encoding Sensitive Information in URL's
The source of a link could be private information, so it is strongly recommended that the
user be able to select whether or not the field of the referrer is sent.
If the page that we refer to was transferred with a source protocol, clients should not
include a Referrer field in an HTTP request.
Accept request-headers can reveal the client's information to all servers which are
accessed.
On average, businesses lose $3.9 million in malware and ransomware attacks (3).
SOAP Security protects the sensitive data in companies’ charge from access by the
wrong hands. Basically, you integrate security into your API infrastructure to protect
the interests of your customers or clients.
SOAP Security Risks
There are several kinds of cyber-attacks and vulnerabilities, and those uniquely
targeting APIs make the bulk of SOAP security risks. Some of them include:
1. Code Injections – in SOAP, XML code injections introduce malicious code into
You must ensure SOAP messages are shown to authorized users only.
3. (Distributed) Denial of Service – DoS or DDoS attacks overwhelm web
services with overly many or long messages. Limiting message length and
volume in SOAP security prevents these attacks.
4. Cross-Site Scripting – code injection, but happens from the web application
• An IDMS will close IT security gaps related to enrolling and terminating employees.
• Physical security can leverage the defined corporate roles by defining access control
privileges to match, aligning physical security more tightly with the organization's job
roles. This doesn't require the access control system to be integrated to any other
system.
Web Services:
Web services technology is being used to address business needs in following ways:
• Enterprise Application Integration (this is the category for PACS and IDMS
integration)
• Improved Application Development Efficiency Business Partner Integration
(suppliers, distributors, channels, etc.)
Authorization Patterns
These are security mechanisms that you can use to decide your client’s privileges
related to system resources. These system resources could be files, services, data, and
application features built on your client’s identity. One such is OAuth2.0.
Authorization Patterns are mentioned below:
1. Scattered data and scattered logic pattern: In this pattern, the data required to make
authorization decisions get scattered across the different microservices. In addition to
data, the logic behind deciding whether access is to be given to the requestor or not is
spread across the service.
The pattern given above works for a small number of microservices, but problems start
appearing when the number of services increases. The call to get data for making
authorization decisions is putting an unnecessary load on underline services, as shown
in the above diagram.
2. Centralized data and logic patterns: We can try putting all the authorization data
and logic in one place as a solution. We can then separate it from services that require
authorization. We can implement this pattern by following a common way of building
a dedicated authorization service. Another option could be to use an off-the-shelf
solution like Key cloak or Open Policy agent. Whenever services have to perform
permission checks, they turn around and ask for the authorization service.
Having a single system in charge of authorization is quite appealing. But we should
consider some essential points before finalizing the pattern as mentioned below:
● The entire authorization data is in a single place now. There could be one
possibility: either the authorization service turns into the data’s single source of
truth, or you can copy and synchronize the data from your applications to a
central place.
● The authorization data should understand the entire data model underlying
permissions related to groups, shares, folders, guests, and projects. The system
can become a bottleneck for new development if the models are constantly
changing. Any change in any microservice can ask for an update to the
authorization service. Thus, breaking the separation of concerns.
● A single service that has the responsibility for securing every type of request
needs high availability as well as low latency. Every request gets denied if the
system goes down, and every request gets slow if the system starts responding to
the queries slowly.
3. Scattered logic and central gateway data Pattern: We put all the data required for
authorization as part of every request in this pattern. Then each service will not have to
fetch data separately, which will reduce the load on underline services.
The advantage of this pattern is its architectural simplicity, and it gives them the
freedom to developers to not be concerned about the roles data or org data origin. We
can get the authorization data quickly on request, and you can also perform a
permission check instantly without any additional roundtrips.
Security Considerations
Data security consideration requires the security of data and system resources against
unauthorized access, disclosure, or corruption. Data breaches may be intentional or
unintentional but ultimately cause huge losses to the organization hence need to be
taken seriously.
1. Backing up Data
The purpose of data backup is to create extra copies of important files in a separate
storage location to act as a backup during any failure. Various factors like human
carelessness, malicious attack, or system faults trigger failure in an infrastructure.
Physical storage or cloud storage stores the backed-up data.
As a business grows, keeping track of huge amounts of data and managing them can
be tricky. Data archiving is the process of retaining inactive data at a secure place for a
long time. Such data may or may not be used in the future but are required to be stored
for its intended purpose. Archives have search facilities. Indexed makes the retrieval
fast and easy. Archives hold old information that is unnecessary for everyday tasks.
Storing such inactive information in primary storage can reduce its efficiency. Data
archive helps in reducing the load on primary storage by moving unused resources to
the archive.
3. Disposal of Data
An organization should wipe out data regularly, whether that’s cleaning inboxes or
getting rid of old databases that are no longer relevant. Data stored on physical storage
devices like hard drives, USBs, tapes must be purged before discarding.
The information stored in the cloud is destroyed to keep the organization’s private
data out of reach from criminals. Every company must do this whenever they get rid of
something that holds data.
4. Location Security
For example, the warehouse located in a disaster-prone area poses a huge risk of data
compromise during a calamity.
5. Redundant Utilities
The data center has critical data and facilities required to keep the business up and
running. To restrict unwanted intruders from entering the data center’s perimeter,
strong security barriers must be set up. These barriers can be two-factor authentication,
access control, or leveraging CCTV surveillance. But no matter how complex the
security is there will always be some data loss. This can be due to various reasons like
employee negligence or malicious activity. Hence duplication of critical components of
the system becomes necessary. This increases the reliability of the system, improves
performance, and provides a fail-safe backup.
Challenges
For security teams, the number of controls they can implement to secure a web
application in production is limited while for the attackers, there is no limit on the
number of attack vectors they can exploit. Five most common web application security
challenges faced are:
1. Injection: Injection or SQL injection is a type of security attack in which the malicious
attacker inserts or injects a query via input data (as simple as via filling a form on the
website) from the client-side to the server. If it is successful, the attacker can read data
from the database, add new data, update data, delete some data present in the database,
issue administrator commands to carry out privileged database tasks, or even issue
commands to the operating system in some cases.
4. XML External Entities: This type is common to web applications that parse XML
input. It is carried out when the input in the form of XML references an external entity
but is processed by a weak XML parser. It can cause a huge loss to the brand as it can in
turn allow distributed denial of service, port scanning, server-side request forgery,
disclosure of sensitive information, etc.
5. Broken Access Control: Access control specifies limits or boundaries in which a user
is allowed to operate. For example, the root privileges are usually given to the
administrator and not the actual users. Having a broken or leaking access control system
can result in unintended information leaks, modifying details of other user accounts,
manipulating metadata, acting as the admin, unauthorized API access, etc.
● Employee security breaches that are unintentional (like moving a secure file
Physical Theft
A physical threat is a potential cause of an incident that can result in loss or physical
harm to the computer systems. Physical security is represented as the security of
personnel, hardware, programs, networks, and data from physical situations and
events that can support severe losses or harm to an enterprise, departments, or
organization. This contains security from fire, natural disasters, robbery, theft,
elimination, and terrorism.
Accidents − Accidental misuse or damage will be influenced over time by the attitude
and disposition of the staff in addition to the environment. Human errors have a higher
impact on information system security than do man made threats caused by purposeful
attacks. But most accidents that are serious threats to the security of information
systems can be diminished.
Abuse of Privileges
Privileged account abuse occurs when the privileges associated with a particular user
account are used inappropriately or fraudulently, either maliciously, accidentally or
through willful ignorance of policies. Privileged accounts are a gateway to critical
systems and data. Abuse of these powerful accounts can lead to the loss of sensitive
data and business intelligence, as well as downtime of systems and applications
essential for business operations.
Ask your friends whether they have ever accessed information they shouldn’t have
seen. I’m sure you’ll find that many of them have. This happens because privilege
assignment is often seen as a one-time task, which it shouldn’t be. Instead, on a regular
basis, you make sure to:
● Review access rights and remove excessive permissions in accordance with the
least-privilege principle.
● Review and update permissions whenever a user’s role in the organization
changes.
● Make sure your sensitive data is not overexposed by verifying that access to it is
Would you know if there was a suspiciously high number of failed attempts to access a
critical file or database, or an unauthorized modification to your security groups? If
not, this step is especially important to you. Without a thorough monitoring of all
changes and user activity in the IT environment, it is impossible to detect threats,
including privilege abuse, in their early stages.
It’s one thing to collect data. It’s totally another to get meaningful insights out of it.
Can you tell when your users exercise their privileges outside of normal working
hours? Do you know whether their current behavior deviates from the norm? User
behavior analysis will show you anomalies that are not always obvious if you just look
at event logs.
Unauthorized Access by Outsider
Unauthorized access is when a person gains entry to a computer network, system,
application software, data, or other resources without permission. Any access to an
information system or network that violates the owner or operator’s stated security
policy is considered unauthorized access. Unauthorized access is also when legitimate
users access a resource that they do not have permission to use. The most common
reasons for unauthorized entry are to:
Fraudulent use of access cards: Access cards that are lost, stolen, copied or shared
pose an unauthorized access risk.
Door propping: While incredibly simple, propping open a door or window is one of
the most effective ways for an insider to help a perpetrator gain unauthorized access to
restricted buildings or spaces.
Malware Infection
Malware (short for “malicious software”) is a file or code, typically delivered over a
network, that infects, explores, steals or conducts virtually any behavior an attacker
wants. And because malware comes in so many variants, there are numerous methods
to infect computer systems. Though varied in type and capabilities, malware usually
has one of the following objectives:
Web Application Firewall (WAF) – The Imperva cloud WAF is a cloud-based firewall
deployed on your network’s edge. It bolsters your existing IPS through signature,
reputational and behavioral heuristics that filter malicious incoming requests and
application attacks—including remote file inclusions and SQL injections.
Anti-Malware Software
Anti-malware is a type of software developed to scan, identify and eliminate malware,
also known as malicious software, from an infected system or network.
Benefits Of Anti-Malware:
● Real-time protection
● Boot-time scan
● Scanning of individual files
● Protection of sensitive information
● Restoration of corrupted data
● Protection from spam and identity theft
● Provides robust web protection
● Provides quick scan of the removable device
The majority of NIPSs utilize one of the three detection methods as follows:
preconfigured. This detection method monitors the network traffic and compares
it with the preconfigured signatures so as to find a match. On successfully
locating a match, the NIPS takes the next appropriate action. This type of
detection fails to identify zero-day error threats. However, it has proved to be
very good against single packet attacks.
● Anomaly-based detection: This method of detection creates a baseline on
average network conditions. Once a baseline has been created, the system
intermittently samples network traffic on the basis of statistical analysis and
compares the sample to the created baseline. If the activity is found to be outside
the baseline parameters, NIPS takes the necessary action.
● Protocol state analysis detection: This type of detection method identifies
HIPS settings can be found in Advanced setup (F5) > Detection engine > HIPS >
Basic. The HIPS state (enabled/disabled) is shown in the ESET Endpoint Security main
program window, in the Setup > Computer.
The SIM tool (system) acts as a software agent which sends the reports about the events to the
centralized server. By which admins are updated about the reports. That’s all about Security
Information Management.
Though we’ve advanced considerably from radio technology, the principle of traffic
analysis remains the same. Communication traffic patterns are scrutinized for
information that will help keep assets secure. By monitoring network traffic, abnormal
activity from threat actors can be detected early on, thwarting attackers before they
achieve their goal of destruction or theft.
Countermeasures:
There are various countermeasures that can be used for effective security which include
physical security, logical security, and cryptographic security.
as files, network access, and so on. Logical controls help prevent unauthorized
or improper access to a computer system.
● Examples of logical controls are passwords, such as encryption algorithms
as limiting the ability of an authorized user to access data from another user.
● Physical security protects items by ensuring that physical intrusions are
properly locked down and that doors and windows are tightly secured.
● Cryptographic security controls ensure the proper transmission of