*Chapter -3*

Infrastructure and Network Security

1. Explain System Security.

Answer- The security of a computer system is a crucial task. It is a process of ensuring the
confidentiality and integrity of the OS. Security is one of most important as well as the
major task in order to keep all the threats or other malicious tasks or attacks or program
away from the computer‘s software system.
A system is said to be secure if its resources are used and accessed as intended under all the
circumstances, but no system can guarantee absolute security from several of various
malicious threats and unauthorized access.
The security of a system can be threatened via two violations:
 Threat: A program that has the potential to cause serious damage to the system.
 Attack: An attempt to break security and make unauthorized use of an asset.
Security violations affecting the system can be categorized as malicious and accidental
threats. Malicious threats, as the name suggests are a kind of harmful computer code or
web script designed to create system vulnerabilities leading to back doors and security
breaches. Accidental Threats, on the other hand, are comparatively easier to be protected
against. Example: Denial of Service DDoS attack.

2. What is Cyber security, what is the importance of cyber security?

Answer- Cybersecurity is a part of information security that relates to the protection of

computers, networks, programs and data against unauthorized access. As cybersecurity
includes the protection of both company and personal data, the fields of cybersecurity and
data protection overlap. The security objectives of confidentiality, integrity and availability
are of paramount importance to both elements of information security.

Importance of cybersecurity
An essential component of every business ecosystem
As the boundaries of business continue to expand beyond the organization—with the help of
accelerated digitization, increased connectivity and migration to cloud—it‘s critical that
security is embedded throughout your business environment. Being holistic in your approach
to security gives your company the ability and confidence to scale and more agility when it
comes to adapting to any future impacts. In the face of potential cyber risk, resilience is key.
Companies that build security into their business ecosystems by design, rather than by adding
it as an afterthought, are giving themselves the greatest opportunities to operate confidently in
today‘s evolving threat landscape. The security of supply chains is becoming an increasingly
urgent issue for businesses. We know that as many as four in ten cyber attacks are now
thought to originate in the extended supply chain, not the enterprise itself. When it comes
to cloud, being secure by design is crucial. Not only does this accelerate a company‘s
resilience, cloud security is also important for business because it enables better outcomes.
As artificial intelligence (AI) becomes a new driver of growth for organizations, attacks on
AI are continuing to emerge. Frequently, cyber risks are found to be in the areas of data
protection and integrity, and manipulation of algorithms. End-to-end cybersecurity, tailored
to your specific business, will allow you to scale to nearly any situation and adapt to future
impacts.

Page | 1
 3. What is OS security? In which ways it is approached.

Answer- Every computer system and software design must handle all security risks and
implement the necessary measures to enforce security policies. At the same time, it's critical
to strike a balance because strong security measures might increase costs while also limiting
the system's usability, utility, and smooth operation. As a result, system designers must assure
efficient performance without compromising security.

In this article, you will learn about operating system security with its issues and other
features.

What Does Operating System Security Mean?

Operating system security (OS security) is the process of ensuring OS integrity,

confidentiality and availability.

OS security refers to specified steps or measures used to protect the OS from threats, viruses,
worms, malware or remote hacker intrusions. OS security encompasses all preventive-control
techniques, which safeguard any computer assets capable of being stolen, edited or deleted if
OS security is compromised.

Techopedia Explains Operating System Security

OS security encompasses many different techniques and methods which ensure safety from
threats and attacks. OS security allows different applications and programs to perform
required tasks and stop unauthorized interference.

OS security may be approached in many ways, including adherence to the following:

 Performing regular OS patch updates

 Installing updated antivirus engines and software
 Scrutinizing all incoming and outgoing network traffic through a firewall
 Creating secure accounts with required privileges only (i.e., user management)

4. What is Physical security? Why do we need physical security along with cyber
security?

Answer- Physical security is the protection of people, property, and physical assets from
actions and events that could cause damage or loss. Though often overlooked in favor of
cybersecurity, physical security is equally important. And, indeed, it has grown into a $30
billion industry. All the firewalls in the world can‘t help you if an attacker removes your
storage media from the storage room.

The growing sophistication of physical security through technologies such as artificial

intelligence (AI) and the internet of things (IoT) means IT and physical security are
becoming more closely connected, and as a result security teams need to be working
together to secure both the physical and digital assets.

Page | 2
Why is Physical Security important?

Physical security keeps your employees, facilities, and assets safe from real-world threats.
These threats can arise from internal or external intruders that question data security.

Physical attacks can cause a safe area to break into or the invasion of a restricted area part.
An attacker can easily damage or steal critical IT assets, install malware on systems, or leave
a remote access port on the network.

It is important to have strict physical security to protect against external threats, as well as
equally effective measures to avoid the risks of any internal intruder.

The key is to understand that physical security refers to the entire space, and it should not
be restricted only to the front door, but to the entire building. Any area that is left unprotected
– such as the smoking area (with doors for example facing the outside of the building,
without the main entrance controls) or the entrance to the car park, can pose a risk.

Security experts refer to this form of protection as a deep or layered protection, since there
are several control points in the physical infrastructures.

Physical damage is as harmful as digital loss, and therefore strict physical security measures
must be taken.

5. What is packet Sniffing? What is the packet sniffer.

Answer- Sniffing- Packet sniffing is a technique whereby packet data flowing across the
network is detected and observed. Network administrators use packet sniffing tools to
monitor and validate network traffic, while hackers may use similar tools for nefarious
purposes.

NETSCOUT solutions utilize packet data to enable rapid IT troubleshooting, threat

detection, network topology & health diagnostics reporting.

Sniffers- Packet sniffers are applications or utilities that read data packets traversing the
network within the Transmission Control Protocol/Internet Protocol (TCP/IP) layer. When in
the hands of network administrators, these tools ―sniff‖ internet traffic in real-time,
monitoring the data, which can then be interpreted to evaluate and diagnose performance
problems within servers, networks, hubs and applications.

When packet sniffing is used by hackers to conduct unauthorized monitoring of internet

activity, network administrators can use one of several methods for detecting sniffers on the
network. Armed with this early warning, they can take steps to protect data from illicit
sniffers.

NETSCOUT's Omnis Network Security platform utilizes packet-based analysis for advanced
threat analytics and response.

Page | 3
 6. What is Network Simulation? State its advantage. Describe different types of network
simulators.

Answer- Most of the commercial simulators are GUI driven, while some network simulators
are CLI driven. The network model/configuration describes the network (nodes, routers,
switches, links) and the events (data transmissions, packet error, etc.). Output results would
include network-level metrics, link metrics, device metrics etc. Further, drill down in terms of
simulations trace files would also be available. Trace files log every packet, every event that
occurred in the simulation and is used for analysis. Most network simulators use discrete
event simulation, in which a list of pending "events" is stored, and those events are processed
in order, with some events triggering future events—such as the event of the arrival of a
packet at one node triggering the event of the arrival of that packet at a downstream node.

Advantages of Network Simulation

 It is to provide practical feedback to the users while designing real-world systems.
 It allows the designers of the system to study at numerous abstraction levels.
 These are utilized in an efficient way which suggests to show otherwise demonstrate the
concepts to students.
 It integrates disparate data sources with different periods of collection.
 The tools are used to solve i.e.; both people and process problems for the best results. These
solutions are automated and are easy to use and work efficiently.

Types of Network Simulator

I. QualNet

QualNet is a dissemination and interconnection-based network simulator which uses

large networks that can be modelled and simulated with strong traffic. It contains 4
modules presented below,

 Model Setup Tool for Qualnet Scenario Designer

 Visualization and Analysis Tool for Qualnet- Animator

 Protocol Skeleton Tool for Qualnet Protocol Designer

 Debugging Tool for Square Packet Tracer

These tools handle more than 1000 nodes that run on different systems and environments.

Page | 4
II. NetSim

Netsim is obtainable both in mercantile and educational versions particularly used to develop

and simulate different network protocols such as Ethernet, Internet protocol suite, ATM

controller. Netsim enables a comparative study on Ethernet networks. The outcome of

comparative position of network power stations, a rational signal handling modeling,

exchange of deferral techniques, and collision detection and management processes can

also be examined. The foremost power of Netsim is that the module can be performed on
different operating systems.

III. Optimized Network Engineering Tool (OPNET)

It is a diplomatic event, object-riveting, universal backbone best network simulator. It is

used by the overall development environment for simulation, specification, and

comparative analysis of system and data communication frameworks.

OPNET uses a layered architecture in which each layer represents the various

characteristics of the entire system, which is investigated. The highest layer includes the

network model in which the topology is addressed. The next layer is the connection or node

layer used to explain how the data flows in a model and finally, the third layer is called the
process editor which manages control flow in a model.

OPNET has different tools and modules which are OPNET prototype, execution engine,

and system library, and investigation tools. It is often used by the networking industry for

evaluating the performance and assessment of LAN and WAN networks. Especially it has
an analysis tool that is integrated for the need of presenting output data and synthesizing.

Page | 5
7. What is Security information management? What is an intrusion prevention system
(IPS)? Types of State different types of intrusion detection and prevention system
(IDPS).

ANSWER-
Security information management- SIM products generally are software agents running on
the computer systems that are monitored. The recorded log information is then sent to a
centralized server that acts as a "security console". The console typically displays reports,
charts, and graphs of that information, often in real time. Some software agents can
incorporate local filters to reduce and manipulate the data that they send to the server,
although typically from a forensic point of view you would collect all audit and accounting
logs to ensure you can recreate a security incident.[2]
The security console is monitored by an administrator who reviews the consolidated
information and takes action in response to any alerts issued.[3][4]
The data that is sent to the server to be correlated and analyzed are normalized by the
software agents into a common form, usually XML. Those data are then aggregated in order
to reduce their overall size.[3][4]

Intrusion prevention system (IPS)- An intrusion prevention system (IPS) is a network

security tool (which can be a hardware device or software) that continuously monitors a
network for malicious activity and takes action to prevent it, including reporting, blocking, or
dropping it, when it does occur.

It is more advanced than an intrusion detection system (IDS), which simply detects malicious
activity but cannot take action against it beyond alerting an administrator. Intrusion
prevention systems are sometimes included as part of a next-generation firewall (NGFW) or
unified threat management (UTM) solution. Like many network security technologies, they
must be powerful enough to scan a high volume of traffic without slowing down network
performance.

Intrusion Detection and Prevention System Techniques with Examples

IDP systems have two levels of broad functionalities — detection and prevention. At each
level, most solutions offer some basic approaches.

Detection–level functionalities of IDPS

1. Threshold monitoring

The first step of threshold monitoring consists of setting accepted levels associated with each
user, application, and system behavior. Examples of metrics that are used during threshold
monitoring include the number of failed login attempts, the number of downloads from a

Page | 6
particular source, or even something slightly more complicated such as the accepted time of
access to a specific resource.

The monitoring system alerts admins and sometimes triggers automated responses when a
threshold is crossed.

Only having threshold monitoring instead of intrusion detection comes with its own set of
problems. More often than not, the complex infrastructure underlying an organization‘s
operations and offerings cannot be filtered down to a few metrics. These threshold values
also tend to vary as the company‘s customer base and services grow. Very stringent
implementation of threshold monitoring, in these cases, can cause a lot of false positives. A
false positive, in the context of IDP solutions, is when benign activity is identified as
suspicious.

2. Profiling

Intrusion detection and prevention systems offer two types of profiling: user profiling and
resource profiling.

User profiling involves monitoring if a user with a particular role or user group only
generates traffic that is allowed. For example, only a DevOps user can have access to the
cloud server hosting applications. A programmer can only access data in a sandbox server
environment. Short-term user profile monitoring allows administrators to view recent work
patterns while long-term profiling provides an extended view of resource usage. This comes
in handy while creating a baseline for normal behavior and for creating a user role itself.

Resource profiling measures how each system, host, and application consumes and generates
data. An application with a suddenly increased workflow might indicate malicious behavior.

Executable profiling tells administrators what kind of programs are usually installed and run
by individual users, applications, and systems. For example, a host can be running an
application that accesses only certain files. Any other file or a rogue database request
indicates foul play. This kind of profiling makes it easy to trace malware, ransomware, or
Trojan downloaded by mistake.

Sometimes, profiling may make it difficult to interpret overall network traffic and the bumps
that come along with it. The sweet spot for profiling lies between profiles that are too broad
and allow bad actors and those too narrow, which hinder productivity.

Prevention–level functionalities of IDPS

1. Stopping the attack

Otherwise known as ‗banishment vigilance‘, intrusion prevention systems prevent incidents

before they occur. This is done by blocking users or traffic originating from a particular IP
address. It also involves terminating or resetting a network connection. For example, when a
particular user is scanning data too frequently, it makes sense to revoke access until these
requests have been investigated.

2. Security environment changes

Page | 7
This involves changing security configurations to prevent attacks. An example is the IPS
reconfiguring the firewall settings to block a particular IP address.

3. Attack content modification

Malicious content can be introduced into a system in various forms. One way of making this
content more benign is to remove the offending segments. A basic example is
removing suspicious-looking attachments in emails. A more intricate example is repackaging
incoming payloads to a common and pre-designed lot, such as removing unnecessary header
information.

Techniques of IDPS

1. Signature-based detection

A signature is a specific pattern in the payload. This specific pattern can be anything from the
sequence of 1s and 0s to the number of bytes. Most malware and cyberattacks come with
their own identifiable signature. Another example of a signature is something as simple as the
name of the attachment in a malicious email.

The IDP system maintains a database of known malware signatures with signature-based
detection. Each time new malware is encountered, this database is updated. The detection
system works by checking the traffic payload against this database and alerting when there‘s
a match.

Signature-based detection obviously cannot work if the malware isn‘t previously known. It
does not check for the payload‘s nature and cannot give administrators information such as
the preceding request to a malicious response.

2. Anomaly-based detection

Anomaly detection works on threshold monitoring and profiling. The ‗normal‘ behavior of all
users, hosts, systems, and applications is configured. Any deviation from this norm is
considered an anomaly and alerted for. For example, if an email ID generates hundreds of
emails within a few hours, the chances of that email account being hacked are high.

Anomaly detection is better than signature-based detection when considering new attacks that
aren‘t in the signature database. Creating these baseline profiles takes a lot of time (also
known as the ‗training period‘). Even then, the rates of false positives may be high, especially
in dynamic environments.

3. Stateful protocol analysis

Anomaly detection uses host- or network-specific profiles to determine suspicious activity.

Stateful protocol analysis goes one step further and uses the predefined standards of each
protocol state to check for deviations.

For example, file transfer protocol (FTP) only allows logins when unauthenticated. Once a
session is authenticated, users can view, create, or modify files based on their permissions.
This information is part of the FTP protocol definition. The intrusion detection system

Page | 8
analyzes if these norms are met. This kind of stateful protocol analysis makes it easy to keep
track of the authenticator in each session and subsequent activity associated with this
request.

Stateful protocol analysis relies heavily on vendor-driven protocol definitions. The granular
nature means that it is also resource-intensive, taking up precious bandwidth while tracking
simultaneous sessions. Each of these techniques either ensures the prevention of incoming
attacks or helps administrators spot security vulnerabilities in their systems. Most IDP
solutions offer a combination of more than one approach.

Page | 9
 *Chapter -4*
Cyber Security Vulnerabilities& Safe Guards

1. What is cloud security? States different Advantages of cloud security.

Answer- Preparing your business for future success starts with switching from on-
premises hardware to the cloud for your computing needs. The cloud gives you access to
more applications, improves data accessibility, helps your team collaborate more effectively,
and provides easier content management. Some people may have reservations about
switching to the cloud due to security concerns, but a reliable cloud service provider (CSP)
can put your mind at ease and keep your data safe with highly secure cloud services.
Find out more about what cloud security is, the main types of cloud environments you'll need
security for, the importance of cloud security, and its primary benefits.
loud security, also known as cloud computing security, is a collection of security measures
designed to protect cloud-based infrastructure, applications, and data. These measures ensure
user and device authentication, data and resource access control, and data privacy protection.
They also support regulatory data compliance. Cloud security is employed in cloud
environments to protect a company's data from distributed denial of service (DDoS) attacks,
malware, hackers, and unauthorized user access or use.

Advantages of working with the Content Cloud

Box has powered a safer way to work from anywhere, with anyone, and from any
application, for over a decade. Box provides a single platform for secure file access, sharing,
and collaborationwith internal teams and with partners, vendors, and customers. You can
reduce the surface area of risk while securing access with enterprise-grade security
controls by centralizing your content in the Content Cloud.

Some of the top benefits of our secure cloud computing offerings include:

1. Improved security and protection

IT teams can secure access to content with granular permissions, SSO support for all major
providers, native password controls, and two-factor authentication for internal and external
users. Companies can rely on enterprise-grade infrastructure that‘s scalable and resilient —
data centers are FIPS 140-2 certified, and every file is encrypted using AES 256-bit
encryption in diverse locations. Customers also have the option to manage their own
encryption keys for complete control.

2. Simpler compliance and governance

Box provides simplified governance and compliance with in-region storage. Our platform
also features easy-to-configure policies that retain, dispose of, and preserve content. These
policies help you avoid fines and meet the most demanding global compliance and privacy
requirements.

3. Greater threat detection and data leakage prevention

The Content Cloud offers native data leakage prevention and threat detection through Box
Shield, enabling you to place precise controls closer to your sensitive data. These

Page | 10
controls prevent leaks in real time by automatically classifying information, while
maintaining a simple, frictionless experience for end users. Shield also empowers your
security team with intelligent detection, providing rich alerts on suspicious behavior and
malicious content so your team can act swiftly if needed. In the event malware does enter
Box, we contain proliferation by restricting downloads while also allowing you to remain
productive by working with the file in preview mode.

4. More secure content migration

Deciding to transfer your data and content to the cloud is a big decision, and you'll want the
transition to be as safe as possible. Box Shuttle makes the move to the Content Cloud simple
and secure. Migrating your data to the Content Cloud means you'll have all the benefits of our
threat detection and security protections, and our team will ensure the data transfer process is
as secure as possible.

5. Safer signature collection

Collecting and managing signatures is essential to many businesses. Box Sign features native
integration to put all your e-signatures where your content lives, allowing users to have a
seamless signing experience. These e-signature capabilities also come with a secure content
layer to ensure critical business documents aren't compromised during the signing process.
Box is the only cloud-based platform to provide users secure and compliant signatures while
still offering the ability to define consistent governance and information security policy
through the entire content journey.

2. What is social network security? What are the issues are involved in it?

ANSWER- With fast-growing technology, online social networks (OSNs) have exploded in
popularity over the past few years. The pivotal reason behind this phenomenon happens to be
the ability of OSNs to provide a platform for users to connect with their family, friends, and
colleagues. The information shared in social network and media spreads very fast, almost
instantaneously which makes it attractive for attackers to gain information. Secrecy and
surety of OSNs need to be inquired from various positions. There are numerous security and
privacy issues related to the user‘s shared information especially when a user uploads
personal content such as photos, videos, and audios. The attacker can maliciously use shared
information for illegitimate purposes. The risks are even higher if children are targeted. To
address these issues, this paper presents a thorough review of different security and privacy
threats and existing solutions that can provide security to social network users. We have also
discussed OSN attacks on various OSN web applications by citing some statistics reports. In
addition to this, we have discussed numerous defensive approaches to OSN security. Finally,
this survey discusses open issues, challenges, and relevant security guidelines to achieve
trustworthiness in online social networks.

Network security issues-

When businesses connect their systems and computers, one user's problems may affect
everyone on the network. Despite the many benefits of using networks, networking raises a
greater potential for security issues such as:

Page | 11
  data loss
 security breaches
 malicious attacks, such as hacking and viruses
You can implement measures to reduce your network's vulnerability to unauthorised access
or damage. It may not be possible, or economically practical, to eliminate all vulnerabilities,
so performing an IT risk assessment is important in deciding what measures to implement.

Dealing with common network security issues

Typical preventive measures to help you avoid network security threats include:

 security devices such as firewalls and anti-virus/anti-malware software

 security settings in the router or the operating system
 patch management to ensure firmware and software is updated regularly
 data encryption systems for sensitive data
 data backup, including the use of off-site backup
 restricting access to the network infrastructure to authorised personnel only
 training staff in the safe and secure use of the equipment
As well as training staff, you should also implement policies and rules for computer use in
the workplace. You should let your staff know that misuse of networked equipment can be
regarded as misconduct and may result in disciplinary action.

3. State different types of Vulnerabilities in Cyber Security.

ANSWER- Types of Cyber Security Vulnerabilities

Here are a few common types of cybersecurity vulnerabilities:

System Misconfigurations

Network assets can cause system mistakes with incompatible security settings or restrictions.
Networks are frequently searched for system errors and vulnerable spots by cybercriminals.
Network misconfigurations are increasing as a result of the quick digital revolution. Working
with knowledgeable security professionals is crucial when implementing new technology.
Cybercriminals frequently search networks for vulnerabilities and misconfigurations in the
system that they can exploit.

Out-of-date or Unpatched Software

Hackers frequently scour networks for vulnerable, unpatched systems that are prime targets,
just as system configuration errors do. Attackers may use these unpatched vulnerabilities to
steal confidential data, which is a huge threat to any organization. Establishing a patch
management strategy that ensures all the most recent system updates are applied as soon as
they are issued is crucial for reducing these types of threats.

Page | 12
Missing or Weak Authorization Credentials

Attackers frequently utilize brute force methods, such as guessing employee passwords, to
gain access to systems and networks. Therefore, they must therefore train employees on
cybersecurity best practices to prevent the easy exploitation of their login credentials. An
endpoint system security will be a great addition to all laptop or desktop devices.

Malicious Insider Threats

Employees with access to vital systems may occasionally share data that enables hackers to
infiltrate the network, knowingly or unknowingly. Because all acts seem genuine, insider
threats can be challenging to identify. Consider purchasing network access control tools and
segmenting your network according to employee seniority and experience to counter these
risks.

Missing or Poor Data Encryption

If a network has weak or nonexistent encryption, it will be simpler for attackers to intercept
system communications and compromise them. Cyber adversaries can harvest crucial
information and introduce misleading information onto a server when there is weak or
unencrypted data. This may result in regulatory body fines and adversely jeopardize an
organization‘s efforts to comply with cyber security regulations.

Zero-day Vulnerabilities

Zero-day vulnerabilities are specific software flaws that the attackers are aware of but that a
company or user has not yet identified.

Since the vulnerability has not yet been identified or reported by the system manufacturer,
there are no known remedies or workarounds in these situations. These are particularly risky
because there is no protection against them before an attack occurs. Exercising caution and
checking systems for vulnerabilities is crucial to reducing the risk of zero-day attacks.

Vulnerability Management

The process of identifying, classifying, resolving, and mitigating security vulnerabilities is

known as vulnerability management. Vulnerability management consists of three key
components:

1. Vulnerability detection
2. Vulnerability assessment
3. Addressing Vulnerabilities
Vulnerability Detection

The process of vulnerability detection has the following three methods:

Page | 13
  Vulnerability scanning
 Penetration testing
 Google hacking

Cyber Security Vulnerability Scan

The Cyber Security Vulnerability Scan is performed to discover computer, program, or

network vulnerabilities. A scanner (software) is used to find and pinpoint network
vulnerabilities resulting from improper configuration and poor programming.

SolarWinds Network Configuration Manager (NCM), ManageEngine Vulnerability Manager

Plus, Rapid7 Nexpose, TripWire IP 360, and others are some common vulnerability detection
solutions.

Penetration Testing

Testing an IT asset for security flaws that an attacker might be able to exploit is known as
penetration testing or pen testing. Manual or automated penetration testing is available.
Additionally, it can evaluate adherence to compliance standards, staff security knowledge,
security policies, and the capacity to recognize and address security events.

Google Hacking

Google hacking is using a search engine to identify security flaws. Google hacking is
accomplished by using complex search operators in queries that can find difficult information
or data that has unintentionally been made public due to cloud service misconfiguration.
These focused queries are typically used to find sensitive data not meant for public exposure.

Vulnerability Assessment

A cybersecurity vulnerability assessment is the next step after identifying vulnerabilities to

determine the danger they pose to your organization. Using vulnerability assessments, you
can prioritize remediation activities by assigning risk levels to detected threats. Effective
assessments support compliance efforts by ensuring that vulnerabilities are fixed before they
can use them against the organization.

Addressing Vulnerabilities

Once a vulnerability‘s risk level has been determined, you then need to treat the vulnerability.
There are different ways in which you can treat a vulnerability. These include:

 Remediation
Remediation is a process where a vulnerability is completely fixed or patched as part of
vulnerability repair. Since it reduces risk, this is one of the most preferred methods of treating
vulnerabilities.

Page | 14
  Mitigation
To mitigate a vulnerability, one must take action to make it less likely to be exploited.
Usually, vulnerability mitigation is done to purchase time until a suitable patch is released.

 Acceptance
When an organization determines that a vulnerability carries a minimal risk, it is acceptable
to take no action to resolve it. Acceptance is also acceptable if fixing the vulnerability will
cost more than fixing it if it is exploited. Such a situation or process is called Acceptance.

4. Explain different Network Security Safeguards.

ANSWER-

1. Network security safeguards are means which network security threats can be
reduced, avoided or prevented
2. Depending on level of security required there are many techniques used for network
security
3. As using Internet access and computer systems to manage business continues to rise,
security vendors continue to come out with new products to assist in safeguarding
networks.

1) Secure Network Equipment

 The first safeguards back to the earliest buildings where locks were used to protect
possessions
 Your network equipment needs to be secured behind a door access limited to
authorised personnel
 Following provides a facility access checklist
o Do network cables or power lines run through exposed vulnerable areas?
o Who has physical and logical access to computers?
o Who has access to your administrative passwords and how often they are
changed?

2) Passwords Procedures

 Passwords are required to access almost every resource in a network environment but
poorly selected passwords can be determined easily
 Software‘s are available to break poorly selected passwords so implementing policies
on passwords, so implementing policies on passwords is an important step in security
 Certain Do‘s and Don‘ts on creating a password
 Do‘s
o Use a password of mixed case alphabets
o Use a password with non-alphabetic characters
o Use a password that is easy to remember
 Don‘ts
o Use your logic name in any form
o Use your first, middle or last name in any form
o Use other information easily available about you.

Page | 15
 o Use passwords of all digits and password should not be less than six to eight
characters

3) Antivirus Software’s

 A virus is hacker program. It can attack operating system directly

 A virus can be just an annoyance such as those that modify display or replicate email
to your entire distribution list or reformat hard disk drive or modify data
 More and more viruses are being transmitted through defects in email programs
 Many take advantages of scripting languages built into systems such as Microsoft
outlook
 A Trojan Horse is a hacker program that searches out other programs and infects them
by embedding a copy of itself in them so that they become ―Trojan Horses‘
 Precautionary steps should be taken to prevent problems but antivirus software is a
minimum requirement

4) Implement a firewall

 Firewall is simply some type of mechanism for protecting your network from outside
world
 Firewall needs constant updates and attention
 Functions of firewall are broken into following areas
o Packet Filtering
o Application Proxies
o Stateful Inspection or dynamic packet Filtering

5) Implement a Virtual Private Network

 A VPN is implemented to secure remote access or communication between facilities

over Internet
 A VPN is a private connection between two or more network elements over a shared
infrastructure
 A virtual in VPN defines a logical definition between network not a separate physical
network
 The private in VPN defines separate address and routing
 A VPN is used to describe service provide services of frame relay and ATM and also
encrypted tunnel between network over and IP infrastructure
 Encryption is process of using a secret code to alter data to make it run intelligible to
unauthorized parties
 There are three types of VPN
o Secure remote access
o Intranet access (site to site)
o Extranet access (site to site or site to internet)

5. What is OWASP and how it works?

ANSWER- The Open Web Application Security Project (OWASP) is a nonprofit foundation
dedicated to improving software security. It operates under an ―open community‖ model,
which means that anyone can participate in and contribute to OWASP-related online chats,

Page | 16
projects, and more. For everything from online tools and videos to forums and events, the
OWASP ensures that its offerings remain free and easily accessible through its website.
The OWASP Top 10 provides rankings of—and remediation guidance for—the top 10 most
critical web application security risks. Leveraging the extensive knowledge and experience of
the OWASP‘s open community contributors, the report is based on a consensus among
security experts from around the world. Risks are ranked according to the frequency of
discovered security defects, the severity of the uncovered vulnerabilities, and the magnitude
of their potential impacts. The purpose of the report is to offer developers and web
application security professionals insight into the most prevalent security risks so that they
may fold the report‘s findings and recommendations into their own security practices, thereby
minimizing the presence of known risks in their applications.

How is the OWASP Top 10 list used and why is it important?

The OWASP has maintained its Top 10 list since 2003, updating it every two or three years
in accordance with advancements and changes in the AppSec market. The list‘s importance
lies in the actionable information it provides in serving as a checklist and internal web
application development standard for many of the world‘s largest organizations.
Auditors often view an organization‘s failure to address the OWASP Top 10 as an indication
that it may be falling short on other compliance standards. Conversely, integrating the Top 10
into the software development life cycle (SDLC) demonstrates an organization‘s overall
commitment to industry best practices for secure development.

1. Broken Access Control (A01:2021).

Previously number 5 on the list, broken access control—a weakness that allows an attacker to
gain access to user accounts—moved to number 1 for 2021. The attacker in this context can
function as a user or as an administrator in the system.
Example: An application allows a primary key to be changed, and when this key is changed
to another user‘s record, that user‘s account can be viewed or modified.
Solution: An interactive application security testing (IAST) solution, such as Seeker®, can
help you effortlessly detect cross-site request forgery or insecure storage of your sensitive
data. It also pinpoints any bad or missing logic being used to handle JSON Web
Tokens. Penetration testing can serve as a manual supplement to IAST activities, helping to
detect unintended access controls. Changes in architecture and design may be warranted to
create trust boundaries for data access.

2. Cryptographic Failures (A02:2021).

Previously in position number 3 and formerly known as sensitive data exposure, this entry
was renamed as cryptographic failures to accurately portray it as a root cause, rather than a
symptom. Cryptographic failures occur when important stored or transmitted data (such as a
social security number) is compromised.
Example: A financial institution fails to adequately protect its sensitive data and becomes an
easy target for credit card fraud and identity theft.

Page | 17
Solution: Seeker‘s checkers can scan for both inadequate encryption strength and weak or
hardcoded cryptographic keys, and then identify any broken or risky cryptographic
algorithms. The Black Duck® cryptography module surfaces the cryptographic methods used
in open source software (OSS) so they can be further evaluated for strength.
Both Coverity® static application security testing (SAST) and Black Duck software
composition analysis (SCA) have checkers that can provide a ―point in time‖ snapshot at the
code and component levels. However, supplementing with IAST is critical for providing
continuous monitoring and verification to ensure that sensitive data isn‘t leaked during
integrated testing with other internal and external software components.

3. Injection (A03:2021).

Injection moves down from number 1 to number 3, and cross-site scripting is now considered
part of this category. Essentially, a code injection occurs when invalid data is sent by an
attacker into a web application in order to make the application do something it was not
designed to do.
Example: An application uses untrusted data when constructing a vulnerable SQL call.
Solution: Including SAST and IAST tools in your continuous integration / continuous
delivery (CI/CD) pipeline helps identify injection flaws both at the static code level and
dynamically during application runtime testing. Modern application security testing (AST)
tools such as Seeker can help secure the software application during the various test stages
and check for a variety of injection attacks (in addition to SQL injections). For example, it
can identify NoSQL injections, command injections, LDAP injections, template injections,
and log injections. Seeker is the first tool to provide a new, dedicated checker designed to
specifically detect Log4Shell vulnerabilities, determine how Log4J is configured, test how it
actually behaves, and validate (or invalidate) those findings with its patented Active
Verification engine.

4. Insecure Design (A04:2021).

Insecure design is a new category for 2021 that focuses on risks related to design flaws. As
organizations continue to ―shift left,‖ threat modeling, secure design patterns and principles,
and reference architectures are not enough.
Example: A movie theater chain that allows group booking discounts requires a deposit for
groups of more than 15 people. Attackers threat model this flow to see if they can book
hundreds of seats across various theaters in the chain, thereby causing thousands of dollars in
lost income.
Solution: Seeker IAST detects vulnerabilities and exposes all the inbound and outbound API,
services, and function calls in highly complex web, cloud, and microservices-based
applications. By providing a visual map of the data flow and endpoints involved, any
weaknesses in the design of the app design are made clear, aiding in pen testing and threat
modeling efforts.

5. Security Misconfiguration (A05:2021).

Page | 18
The former external entities category is now part of this risk category, which moves up from
the number 6 spot. Security misconfigurations are design or configuration weaknesses that
result from a configuration error or shortcoming.
Example: A default account and its original password are still enabled, making the system
vulnerable to exploit.
Solution: Solutions like Coverity SAST include a checker that identifies the information
exposure available through an error message. Dynamic tools like Seeker IAST can detect
information disclosure and inappropriate HTTP header configurations during application
runtime testing.

6. Vulnerable and Outdated Components (A06:2021).

This category moves up from number 9 and relates to components that pose both known and
potential security risks, rather than just the former. Components with known vulnerabilities,
such as CVEs, should be identified and patched, whereas stale or malicious components
should be evaluated for viability and the risk they may introduce.
Example: Due to the volume of components used in development, a development team might
not know or understand all the components used in their application, and some of those
components might be out-of-date and therefore vulnerable to attack.
Solution: Software composition analysis (SCA) tools like Black Duck can be used alongside
static analysis and IAST to identify and detect outdated and insecure components in an
application. IAST and SCA work well together, providing insight into how vulnerable or
outdated components are actually being used. Seeker IAST and Black Duck SCA together go
beyond identifying a vulnerable component, uncovering details like whether that component
is currently loaded by an application under test. Additionally, metrics such as developer
activity, contributor reputation, and version history can give users an idea of the potential risk
that a stale or malicious component may pose.

6. What is system administration in cyber security? What is administrative system

vulnerabilities? What are the different Network Security Vulnerabilities that System
Administrators must know?

ANSWER- system administration in cyber security-

This role responsible for setting up and maintaining a system or specific components of a
system (e.g. for example, installing, configuring, and updating hardware and software;
establishing and managing user accounts; overseeing or conducting backup and recovery
tasks; implementing operational and technical security controls; and adhering to
organizational security policies and procedures).

Personnel performing this role may unofficially or alternatively be called:

 Local Area Network (LAN) Administrator

 Security Administrator
 Server Administrator

Page | 19
  System Operations Personnel
 Website Administrator
 Identity Access Manager
 UNIX/Windows System administrator
 Application Security Administrator
 System Security Administrator

Administrative system vulnerabilities-

Vulnerabilities are flaws in a computer system that weaken the overall security of the
device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software
that runs on the hardware. Vulnerabilities can be exploited by a threat actor, such as an
attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a computer
system. To exploit a vulnerability, an attacker must have at least one applicable tool or
technique that can connect to a system weakness. In this frame, vulnerabilities are also known
as the attack surface.
Vulnerability management is a cyclical practice that varies in theory but contains common
processes which include: discover all assets, prioritize assets, assess or perform a complete
vulnerability scan, report on results, remediate vulnerabilities, verify remediation - repeat.
This practice generally refers to software vulnerabilities in computing systems.[1] Agile
vulnerability management refers preventing attacks by identifying all vulnerabilities as
quickly as possible.[2]
A security risk is often incorrectly classified as a vulnerability. The use of vulnerability with
the same meaning of risk can lead to confusion. The risk is the potential of a significant
impact resulting from the exploit of a vulnerability. Then there are vulnerabilities without
risk: for example when the affected asset has no value. A vulnerability with one or more
known instances of working and fully implemented attacks is classified as an exploitable
vulnerability—a vulnerability for which an exploit exists. The window of vulnerability is the
time from when the security hole was introduced or manifested in deployed software, to
when access was removed, a security fix was available/deployed, or the attacker was
disabled—see zero-day attack.
** What are the different Network Security Vulnerabilities that System Administrators
must know?

This post aims to help you familiarize with the top 15 commonly known network and system
security vulnerablitis. If you are a new administrator, you can have a look at the following
list.

ACLs on the border router

The ACLs you place in your router, especially in the border router, should not allow
inadequate access to your other devices connected to your router. A few misconfigured router
ACLs can potentially allow information leakage through ICMP, IP, NetBIOS, and lead to
unauthorized access to services on your DMZ server. So, make sure your border router has
appropriate ACL in place in the right interface.

Page | 20
Remote Access Point

You may have to set remote access point to facilitate remote users to login to your network.
But remember that unsecured and unmonitored remote access points are one of the easiest
ways to get access to your network. The devices telecommuters using to connect to your
network may not have adequate protection and may already have been comprised. Make sure
the people accessing your network remotely have proper knowledge on Internet security and
have antivirus/Internet security software installed in it.

Information leakage

The operating system and application versions, users, groups, shares, DNS information, via
zone transfers, and running services like SNMP finger, SMTP, telnet, rusers, rpcinfo,
NetBIOS etc. can provide the attackers valuable information. Figure out the ways to block
information leakage from your organization.

Running services

Every server runs applications that depend on specific server. If a host runs unnecessary
services such as RPC, FTP, DNS, SMTP, you can simply stop or delete them. Run only the
services that you need to run your applications.

Weak passwords

Make sure nobody using weak, reused and easily guessed passwords. Enforce a password
complexity policy in your server.

Default users

You may have to install test servers for development purposes. Make sure all the test users‘
accounts do not have excessive administrative privileges. Also make sure there are no default
users in your routers, firewalls, servers and other networking devices.

Misconfigured servers

Make sure you do not have single misconfigured Internet servers, especially CGI and ASP
scripts on web servers, web folders with global-writable permission, and XSS vulnerabilities
in your web application. A single misconfigured server can make your entire network
vulnerable to attack and other sorts of vulnerabilities.

Misconfigured network device

Page | 21
The internal networks may have misconfigured firewall and router. A misconfigured ACL is
enough to allow outsiders to your internal systems directly. Pay attention to how your DMZ
and internal firewall talk. Are there any ACL that you do not need?

Software update

Application software that is unpatched, outdate, vulnerable, or left in default configurations,

especially web servers can make your network vulnerable.

File shares and access control

You may file sever shared with everyone in the network. Make sure that shared directories
are restricted to the internal users only. Do you need to allow the remote users to access your
shared folder?

Domain trust

Excessive trust relationships between originations can provide attackers with unauthorized
access to sensitive systems.

Unauthenticated services

Your system may have unauthenticated services/software that captures remote keystrokes.

Inadequate logging detection

If you have not detection capability to monitor how is logging your network and host
machine, you have no way to know when your server/devices is compromised.

Lack of documentation and guidelines

If you do not have well-accepted and well-promulgated security policies, procedures,

standards, and guidelines in your organization, your IT staffs‘ usage of IT equipment can
make your organization vulnerable to attack or compromised.

Unknown vulnerabilities

Even if you implement the best security practices and framework to secure your IT
infrastructure and data, you will not be complacent that your IT is secure. We still don‘t have
the name and signature of the latest viruses and malwares released in the last few minutes.
So, you are never secure. Once you are familiar with the command vulnerabilities and threats,
the next thing you can do it to keep monitoring and improvise your vulnerability detection
mechanism and keep learning to stay fresh about latest security threats.

Page | 22
7. What is unprotected broadband connection? State how poor Cyber security
awareness can harm us. State different types of access control and modern in cyber-
Security.

ANSWER- unprotected broadband connection-

If you get a warning ―Your Wi-Fi connection is unsecured‖, then you have connected to an
unprotected wireless network. Information transferred through this network will be
unencrypted. This means that your logins, passwords, messages, and other sensitive
information can be intercepted.

**State how poor Cyber security awareness can harm us.

1. Data loss

Inadequate end-user security, employee negligence, and poor password management are just
some of the reasons hackers succeed in infiltrating systems. Once cybercriminals breach an
organization‘s network, data can be stolen or corrupted. Loss of data integrity is disastrous if
a business does not have a backup and disaster recovery plan. Without the customer,
application, or network data needed to run a business, operations grind to a halt, which has
resulted in demise for certain organizations.

2. Productivity loss due to downtime

Downtime caused by cyberattacks leads to productivity loss. When systems become infected
with malware, for instance, team members cannot perform routine tasks while the issue is
remediated and systems are restored. Unplanned downtime negatively impacts the corporate
supply chain, which causes production bottlenecks and missed deadlines.

3. Noncompliance fines

Governing bodies and regulations such as the General Data Protection Regulation (GDPR)
and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) set the
standards for data protection.

Should a company be found to have violated government regulations because of poor

cybersecurity management, it is likely to pay fines and penalties according to the severity of
violation and level of culpability.

4. Ransomware extortion

Poor cybersecurity management can allow systems to be infected by ransomware, a type of

malware that encrypts files and prevents the original owner from accessing data. Perpetrators
usually threaten to delete important data, publish sensitive information, or block access unless
a ransom is paid.

Experts highly discourage paying ransomware fees because there is no certainty that hackers
will restore access to data even after the ransom is paid. However, the number of ransomware

Page | 23
attacks continue to escalate since some companies with inadequate backup and disaster
recovery plans have determined that paying a hefty ransom and hoping to recover data was
the best option given the circumstances.

5. Reputational damage

If an organization falls prey to cyberattack, it can suffer reputational damage in the public
eye. A company experiencing a damaged reputation may suffer multiple financial pain
vectors in the form of declining customer patronage and falling stock price, since trust wavers
in a company that is unable to protect consumer data.

6. Lawsuits

Class-action lawsuits are becoming more common in relation to cyberattacks. Victims may
demand compensation for the inconvenience a company allowed through inadequate data
security practices. In such cases, businesses incur attorney fees, settlement amounts, court
costs, and other charges.

**State different types of access control and modern in cyber-Security.

Access control is the process of:

 identifying a person doing a specific job

 authenticating them by looking at their identification
 granting a person only the key to the door or computer that they need access to and
nothing more

In information security, one would look at this as:

 granting an individual permission to get onto a network via a username and password
 allowing them access to files, computers, or other hardware or software they need
 ensuring they have the right level of permission to do their job

So, how does one grant the right level of permission to an individual so that they can perform
their duties? This is where access control models come into the picture.

Access control models have four flavors:

Mandatory Access Control (MAC)

Role-Based Access Control (RBAC)

Discretionary Access Control (DAC)

Rule-Based Access Control (RBAC or RB-RBAC)

Page | 24
Let’s look at each of these and what they entail

1. The Mandatory Access Control, or MAC, model gives only the owner and custodian
management of the access controls. This means the end user has no control over any settings
that provide any privileges to anyone. Now, there are two security models associated with
MAC: Biba and Bell-LaPadula.

The Biba model is focused on the integrity of information, whereas the Bell-LaPadula model
is focused on the confidentiality of information. Biba is a setup where a user with low-level
clearance can read higher-level information (called ―read up‖) and a user with high-level
clearance can write for lower levels of clearance (called ―write down‖). The Biba model is
typically utilized in businesses where employees at lower levels can read higher-level
information and executives can write to inform the lower-level employees.

Bell-LaPadula, on the other hand, is a setup where a user at a higher level (i.e. Top Secret)
can only write at that level and no lower (called ―write up‖), but can also read at lower levels
(called ―read down‖). Bell-LaPadula was developed for governmental and/or military
purposes where if one does not have the correct clearance level and does not need to know
certain information, they have no business with the information.

At one time, MAC was associated with a numbering system that would assign a level number
to files and level numbers to employees. This system made it so that if a file (i.e. myfile.ppt)
had is level 400, another file (i.e. yourfile.docx) is level 600 and the employee had a level of
500, the employee would not be able to access ―yourfile.docx‖ due to the higher level (600)
associated with the file.

MAC is the highest access control there is and is utilized in military and/or government
settings utilizing the classifications of Classified, Secret, and Unclassified in place of the
numbering system previously mentioned.

2. The Role-Based Access Control, or RBAC, model provides access control based on the
position an individual fills in an organization. So, instead of assigning Alice permissions as a
security manager, the position of security manager already has permissions assigned to it. In
essence, Alice would just need access to the security manager profile.

RBAC makes life easier for the system administrator of the organization. The big issue with
this access control model is that if Alice requires access to other files, there has to be another
way to do it since the roles are only associated with the position; otherwise, security
managers from other organizations could possibly get access to files for which they are
unauthorized.

3. The Discretionary Access Control, or DAC, model is the least restrictive model
compared to the most restrictive MAC model. DAC allows an individual complete control
over any objects they own along with the programs associated with those objects.

This gives DAC two major weaknesses. First, it gives the end-user complete control to set
security level settings for other users which could result in users having higher privileges than
they‘re supposed to. Secondly, and worse, the permissions that the end-user has are inherited
into other programs they execute. This means the end-user can execute malware without

Page | 25
knowing it and the malware could take advantage of the potentially high-level privileges the
end-user possesses.

4. The fourth and final access control model is Rule-Based Access Control, also with the
acronym RBAC or RB-RBAC. Rule-Based Access Control will dynamically assign roles to
users based on criteria defined by the custodian or system administrator. For example, if
someone is only allowed access to files during certain hours of the day, Rule-Based Access
Control would be the tool of choice.

The additional ―rules‖ of Rule-Based Access Control requiring implementation may need to
be ―programmed‖ into the network by the custodian or system administrator in the form of
code versus ―checking the box.‖

Logical access control methods

Logical access control is done via access control lists (ACLs), group policies, passwords, and
account restrictions. We will take a look at each of these to see how they provide controlled
access to resources.

Access Control Lists (ACLs) are permissions attached to an object (i.e. spreadsheet file) that
a system will check to allow or deny control to that object. These permissions range from full
control to read-only to ―access denied.‖ When it comes to the various operating systems (i.e.
Windows®, Linux, Mac OS X®), the entries in the ACLs are named ―access control entry,‖
or ACE, and are configured via four pieces of information: a security identifier (SID), an
access mask, a flag for operations that can be performed on the object, and another set of
flags to determine inherited permissions of the object. So, as one can see, ACLs provide
detailed access control for objects. However, they can become cumbersome when changes
occur frequently, and one needs to manage many objects.

Group policies are part of the Windows® environment and allow for centralized
management of access control to a network of computers utilizing the directory services of
Microsoft called Active Directory. This eliminates the need to go to each computer and
configure access control. These settings are stored in Group Policy Objects (GPOs) which
make it convenient for the system administrator to be able to configure settings. Although
convenient, a determined cybercriminal can get around these group policies and make life
miserable for the system administrator or custodian.

Passwords are ―the most common logical access control. . .sometimes referred to as a logical
token‖ (Ciampa, 2009). Passwords need to be tough to hack in order to provide an essential
level of access control. If one makes the password easy to guess or uses a word in the
dictionary, they can be subject to brute-force attacks, dictionary attacks, or other attacks using
rainbow tables.Keeping this in mind, experts agree that the longer the password is, the harder
it is to crack, provided the user remembers it and used many different characters and non-
keyboard type characters in creating it. Utilizing this concept also makes it more difficult for
a cybercriminal to crack the password with the use of rainbow tables.In addition, ensuring
patches are accomplished regularly, deleting, or disabling unnecessary accounts, making the
BIOS password-protected, ensuring the computer only boots from the hard drive, and keeping
your door locked with your computer behind it will help ensure your passwords are protected.

Page | 26