UNIT 2 FIREWALL& ENCRYPTION

Firewall - Components of firewall - Introduction to security, Types of Securities , Security

Tools - Viruses - Cryptography - Encryption - Substitution & Transposition Cipher - RSA
Algorithm - Internet Security Protocols and Standards -TCP/IP, UDP, ICMP, POP3, SMTP,
HTTP, FTP, SSL.
======================================================
Firewall
A firewall is a system designed to prevent unauthorized access to or from a private
network. You can implement a firewall in either hardware or software form, or in a
combination of both. Firewalls prevent unauthorized internet users from accessing private
networks connected to the internet, especially intranets.
Firewall is a network security device that monitors and filters incoming and
outgoing network traffic based on an organization's previously established security
policies. At its most basic, a firewall is essentially the barrier that sits between a private
internal network and the public Internet.
All messages entering or leaving the intranet (the local network to which you are
connected) must pass through the firewall, which examines each message and blocks
those that do not meet the specified security criteria.

Firewall History

Firewalls have existed since the late 1980’s and started out as packet filters, which were
networks set up to examine packets, or bytes, transferred between computers. Though
packet filtering firewalls are still in use today, firewalls have come a long way as
technology has developed throughout the decades.

Gen 1 Virus
Generation 1, Late 1980’s, virus attacks on stand-alone PC’s affected all
businesses and drove anti-virus products.
Gen 2 Networks
Generation 2, Mid 1990’s, attacks from the internet affected all business and drove
creation of the firewall.
Gen 3 Applications
Generation 3, Early 2000’s, exploiting vulnerabilities in applications which affected
most businesses and drove Intrusion Prevention Systems Products (IPS).
Gen 4 Payload
Generation 4, Approx. 2010, rise of targeted, unknown, evasive, polymorphic
attacks which affected most businesses and drove anti-bot and sandboxing products.
Gen 5 Mega
Generation 5, Approx. 2017, large scale, multi-vector, mega attacks using advance
attack tools and is driving advance threat prevention solutions.

Back in 1993, Check Point CEO Gil Shwed introduced the first stateful inspection firewall,
FireWall-1. Fast forward twenty-seven years, and a firewall is still an organization’s first
line of defense against cyber attacks. Today’s firewalls, including Next Generation
Firewalls and Network Firewalls support a wide variety of functions and capabilities with
built-in features, including:

 Network Threat Prevention

 Application and Identity-Based Control
 Hybrid Cloud Support
 Scalable Performance
 Types of Firewalls

 Packet filtering

A small amount of data is analyzed and distributed according to the filter’s standards.

 Proxy service

Network security system that protects while filtering messages at the application layer.

 Stateful inspection

Dynamic packet filtering that monitors active connections to determine which network
packets to allow through the Firewall.

 Next Generation Firewall (NGFW)

Deep packet inspection Firewall with application-level inspection.

What Firewalls Do?

A Firewall is a necessary part of any security architecture and takes the guesswork out of
host level protections and entrusts them to your network security device. Firewalls, and
especially Next Generation Firewalls, focus on blocking malware and application-layer
attacks, along with an integrated intrusion prevention system (IPS), these Next Generation
Firewalls can react quickly and seamlessly to detect and react to outside attacks across
the whole network. They can set policies to better defend your network and carry out quick
assessments to detect invasive or suspicious activity, like malware, and shut it down.

Why Do We Need Firewalls?

Firewalls, especially Next Generation Firewalls, focus on blocking malware and
application-layer attacks. Along with an integrated intrusion prevention system (IPS), these
Next Generation Firewalls are able to react quickly and seamlessly to detect and combat
attacks across the whole network. Firewalls can act on previously set policies to better
protect your network and can carry out quick assessments to detect invasive or suspicious
activity, such as malware, and shut it down. By leveraging a firewall for your security
infrastructure, you’re setting up your network with specific policies to allow or block
incoming and outgoing traffic.
Firewall Architecture
The firewall operation can be comprehended by considering a simple analogy, where ‘IP
addresses’ are treated as ‘houses’, and ‘port numbers’ as ‘rooms’ within the house. In
such a scenario, only trusted people (source addresses) are allowed to get into the house
(destination address) at all times. The movement of these people within the house is
further filtered or restricted as disclosed below:
a) The people entering the house are only given access to certain rooms
(destination ports), depending on whether they’re the owner or a guest.
b) The owner is allowed to venture into any room (any port), while guests are
allowed into a particular set of rooms (specific ports).
Here, the rules for the kind of activity allowed for an entire bunch of people are pre-
defined as and when the firewall is configured on a system or a network. Hence,
technically the entire firewall functionality relies on the monitoring job and allows or blocks
the packets based on a set of security protocols.

Types of Firewalls

1. Host-based Firewalls
A host-based firewall is installed on each network node, which controls each incoming and
outgoing packet. It is a software application or suite of applications that come as a part of
the operating system. Host firewall protects each host from attacks and unauthorized
access.

2. Network-based Firewalls

Network firewall functions on the network level by employing two or more network
interface cards (NICs). In other words, these firewalls filter all incoming and outgoing traffic
across the network by using firewall rules. A network-based firewall is typically a dedicated
system with proprietary software installed.

Firewall categories have evolved over the years. In addition to the above broad
classifications, here are the five distinct types of firewalls that continue to play a significant
role in network security.

A) Packet filtering firewall

Packet filtering firewalls operate in line at junction points where devices such as routers
and switches do their work. These firewalls don’t route packets but compare each packet
to a set of established criteria — such as the allowed IP addresses, packet type, port
number, and other aspects of the packet protocol headers. Packets that are flagged as
troublesome are dropped.

B) Circuit-level gateway

Circuit-level gateways monitor TCP handshakes and other network protocol session
initiation messages across the network as they are established between the local and
remote hosts to determine whether the session being initiated is legitimate, whether the
remote system is considered trusted. They don’t inspect the packets themselves.
However, they provide a quick way to identify malicious content.

C) Stateful inspection firewall

State-aware devices examine each packet and keep track of whether that packet is part of
an established TCP or other network sessions. Such provision offers more security than
packet filtering or circuit monitoring alone but takes a greater toll on network performance.

Another variant of stateful inspection is the multilayer inspection firewall, which considers
the flow of transactions in process across multiple protocol layers of the seven-layer open
systems interconnection (OSI) model.

D) Application-level gateway

Application-level gateway, also known as a proxy or a proxy firewall, combines some of

the attributes of packet filtering firewalls with those of circuit-level gateways. They filter
packets according to the service they are intended for (specified by the destination port)
and certain other characteristics, such as the HTTP request string.

E) Next-generation firewall (NGFW)

NGFW combines packet inspection with stateful inspection, including a variety of deep
packet inspection, along with other network security systems, such as intrusion
detection/prevention, malware filtering, and antivirus.
Packet inspection in conventional firewalls generally looks at the protocol header of the
packet. However, deep packet inspection looks at the actual data transported by the
packet. A deep packet inspection firewall tracks the progress of a web browsing session. It
is capable of noticing whether a packet payload, when assembled with other packets in an
HTTP server reply, constitutes a legitimate HTML formatted response.

Key Benefits of Firewalls

Understanding the benefits of firewall security is the first step in helping businesses grow
safely in the ever-changing digital age. Firewalls serve as a first line of defense to external
threats, malware, and hackers trying to gain access to data and systems. Following are
some of the key benefits of deploying a firewall in a network:

1. Block spyware

In today’s data-driven world, stopping spyware from gaining access and getting into a
system is of paramount importance. As systems become more sophisticated and robust,
criminals trying to gain access to the systems also increase. One of the most common
ways unwanted people gain access is by employing spyware and malware. These are
software programs designed to infiltrate systems, control computers, and steal sensitive or
critical data. Firewalls serve as an important blockade against such malicious programs.

2. Direct virus attacks

A virus attack can shut down any enterprise’s digital operations faster and harder than
expected. As the number of threats continues to evolve and grow in complexity, it is vital
that the defenses are put in place to keep the systems healthy and up-and-running all the
while. One of the most visible benefits of firewalls is controlling the system’s entry points
and stopping virus attacks. The cost of damage from a virus attack on any system could
be immeasurably high, depending on the type of virus.

3. Maintain privacy

Another benefit of employing a firewall is the promotion of privacy. By proactively working

to keep your data and your customer’s data safe, you build an environment of privacy that
your clients can trust. No one likes their data stolen, especially when it is known that steps
could have been taken to prevent the intrusion.

4. Network traffic monitoring

All of the benefits of firewall security start with the ability to monitor network traffic. Data
coming in and out of your systems creates opportunities for threats to compromise your
operations. By monitoring and analyzing network traffic, firewalls leverage pre-established
rules and filters to keep the systems protected. With a well-trained IT team, an enterprise
can manage customized protection levels based on what is seen as coming in and out
through the firewall.

5. Prevent hacking

The trend followed by most businesses today is that of digital operations, which is inviting
more thieves and bad actors into the picture. With the rise of data theft and criminals
holding systems hostage, firewalls have become even more important, as they prevent
hackers from gaining unauthorized access to data, emails, systems, and more. A firewall
can stop a hacker completely or deter them from choosing an easier target.
Key Applications of Firewall

A firewall’s job is to prevent unauthorized connections and malicious software from

entering your network. The infiltration of unwanted traffic into a network can occur via
software, hardware, or software-based cloud means. Hence, it is important for the firewall
to mark its footprints on all possible network fronts exposed to external attacks. Broadly,
firewall applications are divided into the following types:

1. Software-based applications

Software-based applications involve securing data by using any type of firewall installed
on a local device rather than a separate piece of hardware (or a cloud server). The benefit
of such a software-based firewall is that it’s highly useful for creating defense in depth by
isolating individual network endpoints from one another.

However, maintaining individual software firewalls on different devices can be difficult and
time-consuming. Furthermore, not every device on a network may be compatible with a
single software firewall, which may mean having to use several different software firewalls
from different vendors to cover every node or device.

2. Hardware-based applications

Hardware firewalls use a physical appliance that acts as a traffic router to intercept data
packets and traffic requests before they’re connected to the network’s servers. Physical
appliance-based firewalls like this excel at perimeter security by making sure malicious
traffic from outside the network is intercepted before the company’s network endpoints are
exposed to risk.

The major weakness of a hardware-based firewall, however, is that it is often easy for
insider attacks to bypass them. Also, the actual capabilities of a hardware firewall may
vary depending on the vendor manufacturing it; some may have a more limited capacity to
handle simultaneous connections than others.

3. Cloud-based applications

Whenever a cloud solution is used to deliver a firewall, it can be called a cloud firewall or
firewall-as-a-service (FaaS). Cloud firewalls are analogous to proxy firewalls, where a
cloud server is often used in a proxy firewall setup.

The advantage of having cloud-based firewalls is that they are very easy to scale with any
organization. As the needs grow, one can add additional capacity to the cloud server to
filter larger traffic loads. Cloud firewalls provide perimeter security to network architecture.

Security:

Computer security also known as cyber security is the protection of information systems
from theft or damage to the hardware, the software and to the information on them, as
well as from disruption of the services they provide.

Signup for Free Mock Test

Security is based on the following issues:

 Privacy: The ability to keep things private/confidential.

 Trust: we trust data from an individual or a host.
 Authenticity: Are security credentials in order.
 Integrity: Has the system been compromised/altered already.

Threats classified into one of the categories below:

 Back doors : A back door in a computer system, a cryptosystem is any secret

method of bypassing normal authentication or security controls. They may exist for
a number of reasons, including by original design or from poor configuration.
 Denial-of-service attack : It designed to make a machine or network resource
unavailable to its intended users.
 Direct-access attacks : An unauthorized user gaining physical access to a
computer is most likely able to directly download data from it.
 Eavesdropping: It is the act of surreptitiously listening to a private conversation,
typically between hosts on a network.
 Spoofing : Spoofing of user identity describes a situation in which one person or
program successfully masquerades as another by falsifying data.
 Tampering: It describes a malicious modification of products. So-called "Evil Maid"
attacks and security services planting of surveillance capability into routers.
 Phishing: It is the attempt to acquire sensitive information such as usernames,
passwords and credit card details directly from users.

Good computing practices and tips that apply to most people who use a computer.

 Use passwords that can't be easily guessed and protect your passwords.
 Minimize storage of sensitive information.
 Beware of scams.
 Protect information when using the Internet and email.
 Make sure your computer is protected with anti-virus and all necessary security
"patches" and updates.
 Secure laptop computers and mobile devices at all times: Lock them up or carry
them with you.
 Shut down, lock, log off, or put your computer and other devices to sleep before
leaving them unattended and make sure they require a secure password to start up
or wake-up.
 Don't install or download unknown or unsolicited programs/apps.
 Secure your area before leaving it unattended.
 Make backup copies of files or data you are not willing to lose.

Computer Viruses:

A virus is a parasitic program that infects another legitimate program, which is sometimes
called the host. To infect the host program, the virus modifies the host so that it contains a
copy of the virus.

 Boot sector viruses: A boot sector virus infects the boot record of a hard disk. The
virus allows the actual boot sector data to be read as through a normal start-up
were occurring.
 Cluster viruses: If any program is run from the infected disk, the program causes
the virus also to run . This technique creates the illusion that the virus has infected
every program on the disk.
  Worms: A worm is a program whose purpose is to duplicate itself.
 Bombs: This type of virus hides on the user’s disk and waits for a specific event to
occur before running.
 Trojan Horses: A Trojan Horses is a malicious program that appears to be friendly.
Because Trojan Horses do not make duplicates of themselves on the victim’s disk.
They are not technically viruses.
 Stealth Viruses: These viruses take up residence in the computer’s memory,
making them hard to detect.
 Micro Viruses: A macro virus is designed to infect a specific type of document file,
such as Microsoft Word or Microsoft Excel files. These types of documents can
include macros, which are small programs that execute commands.

The following are some well-known viruses.

 CodeRed : It is a worm that infects a computer running Microsoft IIS server. This
virus launched DOS attack on White House’s website. It allows the hacker to
access the infected computer remotely.
 Nimba : It is a worm that spreads itself using different methods. IT damages
computer in different ways. It modified files, alters security settings and degrades
performance.
 SirCam : It is distributed as an email attachment. It may delete files, degrade
performance and send the files to anyone.
 Melisa : It is a virus that is distributed as an email attachment. IT disables different
safeguards in MS Word. It sends itself to 50 people if Microsoft Outlook is installed..
 Ripper :It corrupts data from the hard disk.
 MDMA :It is transferred from one MS Word file to other if both files are in memory.
 Concept :It is also transferred as an email attachment. It saves the file in template
directory instead of its original location.
 One_Half :It encrypts hard disk so only the virus may read the data. It displays
One_Half on the screen when the encryption is half completed.

A computer system can be protected from virus by following precautions:

 The latest and updated version of Anti-Virus and firewall should be installed on
the computer.
 The Anti-Virus software must be upgraded regularly.
 USB drives should be scanned for viruses, and should not be used on infected
computers.
 Junk or unknown emails should not be opened and must be deleted straight away.
 Unauthorized or pirated software should not be installed on the computer.
 An important way of protection against virus is the use of back up of data. The
backup is used if the virus deletes data or modifies it. So back-up your data on
regular basis.
 Freeware and shareware software from the internet normally contain viruses. It is
important to check the software before using them.
 Your best protection is your common sense. Never click on suspicious links, never
download songs, videos or files from suspicious websites. Never share
your personal data with people you don’t know over the internet.

What is cyber security?

"Cyber security is primarily about people, processes, and technologies working together to
encompass the full range of threat reduction, vulnerability reduction, deterrence,
international engagement, incident response, resiliency, and recovery policies and
activities, including computer network operations, information assurance, law enforcement,
etc."
OR
Cyber security is the body of technologies, processes, and practices designed to protect
networks, computers, programs and data from attack, damage or unauthorized access.

The term cyber security refers to techniques and practices designed to protect
digital data.
The data that is stored, transmitted or used on an information system.
OR
Cyber security is the protection of Internet-connected systems, including hardware,
software, and data from cyber attacks.
It is made up of two words one is cyber and other is security.
Cyber is related to the technology which contains systems, network and programs
or data.
Whereas security related to the protection which includes systems security,
network security and application and information security.
Why is cyber security important?
Listed below are the reasons why cyber security is so important in what’s become a
predominant digital world:

Cyber attacks can be extremely expensive for businesses to endure.

In addition to financial damage suffered by the business, a data breach can also
inflict untold reputational damage.
Cyber-attacks these days are becoming progressively destructive. Cybercriminals
are using more sophisticated ways to initiate cyber attacks

Regulations such as GDPR are forcing organizations into taking better care of the
personal data they hold.

Because of the above reasons, cyber security has become an important part of the
business and the focus now is on developing appropriate response plans that minimize the
damage in the event of a cyber attack.

But, an organization or an individual can develop a proper response plan only when he
has a good grip on cyber security fundamentals.
Cyber security Fundamentals – Confidentiality:

Confidentiality is about preventing the disclosure of data to unauthorized parties.

It also means trying to keep the identity of authorized parties involved in sharing and
holding data private and anonymous.

Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle

(MITM) attacks, disclosing sensitive data.

Standard measures to establish confidentiality include:

Data encryption
Two-factor authentication
Biometric verification
Security tokens

Integrity

Integrity refers to protecting information from being modified by unauthorized parties.

Standard measures to guarantee integrity include:
Cryptographic checksums
Using file permissions
Uninterrupted power supplies
Data backups

Availability

Availability is making sure that authorized parties are able to access the information when
needed.

Standard measures to guarantee availability include:

Backing up data to external drives

Implementing firewalls
Having backup power supplies
Data redundancy
Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious

code to alter computer code, logic or data and lead to cybercrimes, such as information
and identity theft.

Cyber-attacks can be classified into the following categories:

1) Web-based attacks
2) System-based attacks Web-based attacks
These are the attacks which occur on a website or web applications. Some of the
important web-based attacks are as follows-

1. Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting
traffic to the attackers computer or any other computer. The DNS spoofing attacks can go
on for a long period of time without being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have
access to all of the user data.

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a
trustworthy entity in electronic communication.

5. Brute force

It is a type of attack which uses a trial and error method. This attack generates a large
number of guesses and validates them to obtain actual data like user password and
personal identification number. This attack may be used by criminals to crack encrypted
data, or by security, analysts to test an organization's network security.
 6. Denial of Service

It is an attack which meant to make a server or network resource unavailable to the users.
It accomplishes this by flooding the target with traffic or sending it information that triggers
a crash. It uses the single system and single internet connection to attack a server. It can
be classified into the following-

Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in bit per second.

Protocol attacks- It consumes actual server resources, and is measured in a packet.

Application layer attacks- Its goal is to crash the web server and is measured in request
per second.

7. Dictionary attacks

This type of attack stored the list of a commonly used password and validated them to get
original password.

8. URL Interpretation

It is a type of attack where we can change the certain parts of a URL, and one can make a
web server to deliver web pages for which he is not authorized to browse.

9. File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential files which
is available on the web server or to execute malicious files on the web server by making
use of the include functionality.

10. Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read,
insert and modify the data in the intercepted connection.

System-based attacks

These are the attacks which are intended to compromise a computer or a computer
network. Some of the important system-based attacks are as follows-

1. Virus

It is a type of malicious software program that spread throughout the computer files
without the knowledge of a user. It is a self-replicating malicious computer program that
replicates by inserting copies of itself into other computer programs when executed. It can
also execute instructions that cause harm to the system.
 2. Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected

computers. It works same as the computer virus. Worms often originate from email
attachments that appear to be from trusted senders.

3. Trojan horse

It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It
appears to be a normal application but when opened/executed some malicious code will
run in the background.

4. Backdoors

It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting
or other purposes.

5. Bots

A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they
receive specific input. Common examples of bots program are the crawler, chatroom bots,
and malicious bots.
The 7 layers of cyber security should center on the mission critical assets you are seeking
to protect.

1: Mission Critical Assets – This is the data you need to protect

2: Data Security – Data security controls protect the storage and transfer of data.
3: Application Security – Applications security controls protect access to an application, an
application’s access to your mission critical assets, and the internal security of the
application. 4: Endpoint Security – Endpoint security controls protect the connection
between devices and the network.
5: Network Security – Network security controls protect an organization’s network and
prevent unauthorized access of the network.
6: Perimeter Security – Perimeter security controls include both the physical and digital
security methodologies that protect the business overall.
7: The Human Layer – Humans are the weakest link in any cyber security posture. Human
security controls include phishing simulations and access management controls that
protect mission critical assets from a wide variety of human threats, including cyber
criminals, malicious insiders, and negligent users.

Vulnerability, threat, Harmful acts

As the recent epidemic of data breaches illustrates, no system is immune to attacks. Any
company that manages, transmits, stores, or otherwise handles data has to institute and
enforce mechanisms to monitor their cyber environment, identify vulnerabilities, and close
up security holes as quickly as possible.
Before identifying specific dangers to modern data systems, it is crucial to understand the
distinction between cyber threats and vulnerabilities.

Cyber threats are security incidents or circumstances with the potential to have a
negative outcome for your network or other data management systems.
Examples of common types of security threats include phishing attacks that result in the
installation of malware that infects your data, failure of a staff member to follow data
protection protocols that cause a data breach, or even a tornado that takes down your
company’s data headquarters, disrupting access.

Vulnerabilities are the gaps or weaknesses in a system that make threats possible and
tempt threat actors to exploit them.

Types of vulnerabilities in network security include but are not limited to SQL injections,
server misconfigurations, cross-site scripting, and transmitting sensitive data in a non-
encrypted plain text format.
When threat probability is multiplied by the potential loss that may result, cyber security
experts, refer to this as a risk.
SECURITY VULNERABILITIES, THREATS AND ATTACKS –
Categories of vulnerabilities
 Corrupted (Loss of integrity)
 Leaky (Loss of confidentiality)
 Unavailable or very slow (Loss of availability)
– Threats represent potential security harm to an asset when vulnerabilities are exploited
- Attacks are threats that have been carried out
Passive – Make use of information from the system without affecting system
resources
Active – Alter system resources or affect operation
Insider – Initiated by an entity inside the organization
Outsider – Initiated from outside the perimeter
Computer criminals
Computer criminals have access to enormous amounts of hardware, software, and data;
they have the potential to cripple much of effective business and government throughout
the world. In a sense, the purpose of computer security is to prevent these criminals from
doing damage.
We say computer crime is any crime involving a computer or aided by the use of one.
Although this definition is admittedly broad, it allows us to consider ways to protect
ourselves, our businesses, and our communities against those who use computers
maliciously.
One approach to prevention or moderation is to understand who commits these crimes
and why. Many studies have attempted to determine the characteristics of computer
criminals. By studying those who have already used computers to commit crimes, we may
be able in the future to spot likely criminals and prevent the crimes from occurring.

Motive of Attackers

The categories of cyber-attackers enable us to better understand the attackers'

motivations and the actions they take. As shown in Figure, operational cyber security risks
arise from three types of actions: i) inadvertent actions (generally by insiders) that are
taken without malicious or harmful intent; ii) deliberate actions (by insiders or outsiders)
that are taken intentionally and are meant to do harm; and iii) inaction (generally by
insiders), such as a failure to act in a given situation, either because of a lack of
appropriate skills, knowledge, guidance, or availability of the correct person to take action
Of primary concern here are deliberate actions, of which there are three categories of
motivation.

1. Political motivations: examples include destroying, disrupting, or taking control of

targets; espionage; and making political statements, protests, or retaliatory actions.
2. Economic motivations: examples include theft of intellectual property or other
economically valuable assets (e.g., funds, credit card information); fraud; industrial
espionage and sabotage; and blackmail.
3. Socio-cultural motivations: examples include attacks with philosophical,
theological, political, and even humanitarian goals. Socio-cultural motivations also
include fun, curiosity, and a desire for publicity or ego gratification.
Types of cyber-attacker actions and their motivations when deliberate
Active attacks: An active attack is a network exploit in which a hacker attempts to make
changes to data on the target or data en route to the target.

Types of Active attacks:

Masquerade: in this attack, the intruder pretends to be a particular user of a system to gain
access or to gain greater privileges than they are authorized for. A masquerade may be
attempted through the use of stolen login IDs and passwords, through finding security
gaps in programs or through bypassing the authentication mechanism.

Session replay: In this type of attack, a hacker steals an authorized user’s log in
information by stealing the session ID. The intruder gains access and the ability to do
anything the authorized user can do on the website.

Message modification: In this attack, an intruder alters packet header addresses to direct
a message to a different destination or modify the data on a target machine.

In a denial of service (DoS) attack, users are deprived of access to a network or web
resource. This is generally accomplished by overwhelming the target with more traffic than
it can handle.

In a distributed denial-of-service (DDoS) exploit, large numbers of compromised

systems (sometimes called a botnet or zombie army) attack a single target.

Passive Attacks:Passive attacks are relatively scarce from a classification perspective,

but can be carried out with relative ease, particularly if the traffic is not encrypted.

Types of Active attacks:

Eavesdropping (tapping): the attacker simply listens to messages exchanged by two

entities. For the attack to be useful, the traffic must not be encrypted. Any unencrypted
information, such as a password sent in response to an HTTP request, may be retrieved
by the attacker.

Traffic analysis: the attacker looks at the metadata transmitted in traffic in order to
deduce information relating to the exchange and the participating entities, e.g. the form of
the exchanged traffic (rate, duration, etc.). In the cases where encrypted data are used,
traffic analysis can also lead to attacks by cryptanalysis, whereby the attacker may obtain
information or succeed in unencrypting the traffic.

Software Attacks: Malicious code (sometimes called malware) is a type of software

designed to take over or damage a computer user's operating system, without the user's
knowledge or approval. It can be very difficult to remove and very damaging. Common
malware examples are listed in the following table:
Attack Characteristics
Virus A virus is a program that attempts to damage a computer system and
replicate itself to other computer systems. A virus:

 Requires a host to replicate and usually attaches itself to a host file

or a hard drive sector.
 Replicates each time the host is used.
 Often focuses on destruction or corruption of data.
 Usually attaches to files with execution capabilities such as .doc,
.exe, and .bat extensions.
 Often distributes via e-mail. Many viruses can e-mail themselves
to everyone in your address book.
 Examples: Stoned, Michelangelo, Melissa, I Love You.

Worm A worm is a self-replicating program that can be designed to do any

number of things, such as delete files or send documents via e-mail. A
worm can negatively impact network traffic just in the process of
replicating itself. A worm:

 Can install a backdoor in the infected computer.

 Is usually introduced into the system through a vulnerability.
 Infects one system and spreads to other systems on the network.
 Example: Code Red.
Trojan A Trojan horse is a malicious program that is disguised as legitimate
horse software. Discretionary environments are often more vulnerable and
susceptible to Trojan horse attacks because security is user focused and
user directed. Thus the compromise of a user account could lead to the
compromise of the entire environment. A Trojan horse:

 Cannot replicate itself.

 Often contains spying functions (such as a packet sniffer) or
backdoor functions that allow a computer to be remotely controlled
from the network.
 Often is hidden in useful software such as screen savers or
games.
 Example: Back Orifice, Net Bus, Whack-a-Mole.
Logic A Logic Bomb is malware that lies dormant until triggered. A logic bomb is
Bomb a specific example of an asynchronous attack.

 A trigger activity may be a specific date and time, the launching of

a specific program, or the processing of a specific type of activity.
 Logic bombs do not self-replicate.
Hardware Attacks:
Common hardware attacks include:

 Manufacturing backdoors, for malware or other penetrative purposes; backdoors

aren’t limited to software and hardware, but they also affect embedded radio-
frequency identification (RFID) chips and memory
 Eavesdropping by gaining access to protected memory without opening other
hardware
 Inducing faults, causing the interruption of normal behavior

 Hardware modification tampering with invasive operations

 Backdoor creation; the presence of hidden methods for bypassing normal
computer authentication systems
 Counterfeiting product assets that can produce extraordinary operations and
those made to gain malicious access to systems.
Cyber Threats-Cyber Warfare:Cyber warfare refers to the use of digital attacks -- like
computer viruses and hacking -- by one country to disrupt the vital computer systems of
another, with the aim of creating damage, death and destruction. Future wars will see
hackers using computer code to attack an enemy's infrastructure, fighting alongside troops
using conventional weapons like guns and missiles.
Cyber warfare involves the actions by a nation-state or international organization to attack
and attempt to damage another nation's computers or information networks through, for
example, computer viruses or denial-of-service attacks.
Cyber Crime:
Cybercrime is criminal activity that either targets or uses a computer, a computer network
or a networked device.Cybercrime is committed by cybercriminals or hackers who want to
make money. Cybercrime is carried out by individuals or organizations.
Some cybercriminals are organized, use advanced techniques and are highly technically
skilled. Others are novice hackers.
Cyber Terrorism:
Cyber terrorism is the convergence of cyberspace and terrorism. It refers to unlawful
attacks and threats of attacks against computers, networks and the information stored
therein when done to intimidate or coerce a government or its people in furtherance of
political or social objectives.
Examples are hacking into computer systems, introducing viruses to vulnerable networks,
web site defacing, Denial-of-service attacks, or terroristic threats made via electronic
communication.
Cyber Espionage:
Cyber spying, or cyber espionage, is the act or practice of obtaining secrets and
information without the permission and knowledge of the holder of the information from
individuals, competitors, rivals, groups, governments and enemies for personal, economic,
political or military advantage using methods on the Internet.

Security Policies:

Security policies are a formal set of rules which is issued by an organization to ensure that
the user who are authorized to access company technology and information assets
comply with rules and guidelines related to the security of information.

A security policy also considered to be a "living document" which means that the
document is never finished, but it is continuously updated as requirements of the
technology and employee changes.

We use security policies to manage our network security. Most types of security policies
are automatically created during the installation. We can also customize policies to suit our
specific environment.

Need of Security policies-

1) It increases efficiency.

2) It upholds discipline and accountability

3) It can make or break a business deal

4) It helps to educate employees on security literacy

There are some important cyber security policies recommendations describe below-

Virus and Spyware Protection policy:

 It helps to detect threads in files, to detect applications that exhibits suspicious

behavior.
 Removes, and repairs the side effects of viruses and security risks by using
signatures.

Firewall Policy:

 It blocks the unauthorized users from accessing the systems and networks that
connect to the Internet.
 It detects the attacks by cybercriminals and removes the unwanted sources of
network traffic.

Intrusion Prevention policy:

 This policy automatically detects and blocks the network attacks and browser
attacks.
 It also protects applications from vulnerabilities and checks the contents of one
or more data packages and detects malware which is coming through legal
ways.

Application and Device Control:

 This policy protects a system's resources from applications and manages the
peripheral devices that can attach to a system.
The device control policy applies to both Windows and Mac computers whereas
application control policy can be applied only to Windows clients.

Cryptography

Cryptography is technique of securing information and communications through use of

codes so that only those person for whom the information is intended can understand
it and process it. Thus preventing unauthorized access to information. The prefix
“crypt” means “hidden” and suffix graphy means “writing”.
In Cryptography the techniques which are use to protect information are obtained from
mathematical concepts and a set of rule based calculations known as algorithms to
convert messages in ways that make it hard to decode it. These algorithms are used
for cryptographic key generation, digital signing, verification to protect data privacy,
web browsing on internet and to protect confidential transactions such as credit card
and debit card transactions.
Techniques used For Cryptography:
In today’s age of computers cryptography is often associated with the process where
an ordinary plain text is converted to cipher text which is the text made such that
intended receiver of the text can only decode it and hence this process is known as
encryption. The process of conversion of cipher text to plain text this is known as
decryption.
Features Of Cryptography are as follows:
1. Confidentiality:
Information can only be accessed by the person for whom it is intended and no
other person except him can access it.
2. Integrity:
Information cannot be modified in storage or transition between sender and
intended receiver without any addition to information being detected.
3. Non-repudiation:
The creator/sender of information cannot deny his intention to send information at
later stage.
4. Authentication:
The identities of sender and receiver are confirmed. As well as destination/origin of
information is confirmed.
Types Of Cryptography:
In general there are three types Of cryptography:
1. Symmetric Key Cryptography:
It is an encryption system where the sender and receiver of message use a single
common key to encrypt and decrypt messages. Symmetric Key Systems are faster
and simpler but the problem is that sender and receiver have to somehow
exchange key in a secure manner. The most popular symmetric key cryptography
system is Data Encryption System(DES).
2. Hash Functions:
There is no usage of any key in this algorithm. A hash value with fixed length is
calculated as per the plain text which makes it impossible for contents of plain text
to be recovered. Many operating systems use hash functions to encrypt
passwords.
3. Asymmetric Key Cryptography:
Under this system a pair of keys is used to encrypt and decrypt information. A
public key is used for encryption and a private key is used for decryption. Public
key and Private Key are different. Even if the public key is known by everyone the
intended receiver can only decode it because he alone knows the private key.

DATA ENCRYPTION:
Data Encryption is a method of preserving data confidentiality by transforming it into
ciphertext, which can only be decoded using a unique decryption key produced at the
time of the encryption or prior to it.
Data encryption converts data into a different form (code) that can only be accessed
by people who have a secret key (formally known as a decryption key) or password.
Data that has not been encrypted is referred to as plaintext, and data that has been
encrypted is referred to as ciphertext. Encryption is one of the most widely used and
successful data protection technologies in today’s corporate world.
Encryption is a critical tool for maintaining data integrity, and its importance cannot be
overstated. Almost everything on the internet has been encrypted at some point.

Importance of Data Encryption:

The significance of encryption cannot be overstated in any way. Even though your
data is stored in a standard infrastructure, it is still possible for it to be hacked. There’s
always the chance that data will be compromised, but with data encryption, your
information will be much more secure.
Consider it this way for a moment. If your data is stored in a secure system, encrypting
it before sending it out will keep it safe. Sanctioned systems do not provide the same
level of protection.
So, how do you think this would play out in real life? Consider the case of a user of a
company’s data who has access to sensitive information while at work. The user may
put the information on a portable disc and move it anywhere they choose without any
encryption. If the encryptions are set in place ahead of time, the user can still copy the
information, but the data will be unintelligible when they try to see it someplace else.
These are the benefits of data encryption that demonstrate its genuine value.

Types of Data Encryption:

1. Symmetric Encryption
2. Asymmetric Encryption
Encryption is frequently used in one of two ways i.e. with a symmetric key or with an
asymmetric key.
Symmetric Key Encryption:

Symmetric Encryption
There are a few strategies used in cryptography algorithms. For encryption and
decryption processes, some algorithms employ a unique key. In such operations, the
unique key must be secured since the system or person who knows the key has
complete authentication to decode the message for reading. This approach is known
as “symmetric encryption” in the field of network encryption.
Asymmetric Key Encryption:

Asymmetric Encryption
Some cryptography methods employ one key for data encryption and another key for
data decryption. As a result, anyone who has access to such a public communication
will be unable to decode or read it. This type of cryptography, known as “public-key”
encryption, is used in the majority of internet security protocols. The term
“asymmetric encryption” is used to describe this type of encryption.

States of Data Encryption:

Data, whether it’s being transferred between users or stored on a server, is valuable
and must be protected at all times.
Data encryption in transit: Information that is actively traveling from one point to
another, such as via the internet or over a private network, is referred to as data in
transit. Data is deemed less safe when in transit due to the weaknesses of transfer
techniques. End-to-end encryption encrypts data throughout transmission,
guaranteeing that it remains private even if intercepted.
Encryption of data at rest: Data at rest refers to information that is not actively
moving from one device to another or from one network to another, such as
information stored on a hard drive, laptop, flash drive, or archived/stored in another
way. Due to device security features restricting access, data at rest is often less
vulnerable than data in transit, but it is still vulnerable. It also contains more valuable
information, making it a more appealing target for criminals.
Data encryption at rest reduces the risk of data theft caused by lost or stolen devices,
inadvertent password sharing, or accidental permission granting by increasing the
time it takes to access information and providing the time required to discover data
loss, ransomware attacks, remotely erased data, or changed credentials.

How the Data Encryption takes place?

Assume a person possesses a box containing a few documents. The individual looks
after the box and secures it with a lock. The individual sends this box of paperwork to
his or her pal after a few days. The key is also kept by a buddy. This signifies that both
the sender and the recipient have the same key. The buddy has now been given
permission to open the box and see the document. The encryption method is the
same as we mentioned in the sample. Encryption is performed on digital
communications, though. This technological procedure is designed to prevent a third
party from deciphering the signal’s secret content.
Consumers conduct transactions for goods purchases over the internet. There are
millions of web services that can help various trained employees do their
responsibilities. Furthermore, to utilize these services that demand personal
information, most websites require substantial identification. One of the most common
ways, known as “encryption,” is to keep such information safe and secure.

Encryption Process
The security of networks is intimately related to encryption. Encryption is useful for
concealing data, information, and things that are incomprehensible to a normal
human. Because both encryption and decryption are effective ways of cryptography,
which is a scientific procedure for performing secure communication, the encrypted
information may be transformed back to its original condition following the decryption
process. There are a variety of algorithms for data encryption and decryption.
However, “keys” can also be utilized to obtain high-level data security.

Uses of Data Encryption:

Using digital signatures, Encryption is used to prove the integrity and authenticity of
the information. Digital-rights management and copy protection both require
encryption.
Encryption can be used to erase data. But since data recovery tools can sometimes
recover deleted data, if you encrypt the data first and then throw away the key, the
only thing anyone can recover is the ciphertext, not the original data.
Data Migration is used when transferring data over a network to ensure that no one
else on the network can read it.
VPNs (Virtual Private Networks) uses encryption, and you should encrypt everything
you store in the cloud. This can encrypt the entire hard drive as well as voice calls.
Given the importance of data security, many organizations, governments, and
businesses require data to be encrypted in order to protect the company or user data.
Employees will not have unauthorized access to user data as a result of this.

Advantages of Data Encryption:

1. Encryption is a low-cost solution.

2. Data encryption keeps information distinct from the security of the device on which
it is stored. Encryption provides security by allowing administrators to store and
send data via insecure channels.
3. Regulatory Fines Can Be Avoided With Encryption
4. Remote Workers Can Benefit from Encryption
5. If the password or key is lost, the user will be unable to open the encrypted file.
Using simpler keys in data encryption, on the other hand, makes the data insecure,
and anybody may access it at any time.
6. Encryption improves the security of our information.
7. Consumer Trust Can Be Boosted by Encryption

Disadvantages of Data Encryption:

1. If the password or key is lost, the user will be unable to open the encrypted file.
Using simpler keys in data encryption, on the other hand, makes the data insecure,
and anybody may access it at any time.
2. Data encryption is a valuable data security approach that necessitates a lot of
resources, such as data processing, time consumption, and the use of numerous
encryption and decryption algorithms. As a result, it is a somewhat costly
approach.
3. Data protection solutions might be difficult to utilize when the user layers them for
contemporary systems and applications. This might have a negative influence on
the device’s normal operations.
4. If a company fails to realize any of the restrictions imposed by encryption
techniques, it is possible to set arbitrary expectations and requirements that might
undermine data encryption protection.

Examples of Data Encryption algorithms:

Depending on the use case, there are a variety of data encryption algorithms to
choose from, but the following are the most commonly used:
 DES (Data Encryption Standard) is an old symmetric encryption algorithm that is
no longer considered suitable for modern applications. As a result, DES has been
superseded by other encryption algorithms.
 Triple DES (3DES or TDES): Encrypts, decrypts, and encrypts again to create a
longer key length by running the DES algorithm three times. It may be run with a
single key, two keys, or three separate keys to increase security. 3DES is
vulnerable to attacks such as block collisions since it uses a block cipher.
 RSA is a one-way asymmetric encryption algorithm that was one of the first public-
key algorithms. Because of its long key length, RSA is popular and widely used on
the Internet. It is used by browsers to create secure connections over insecure
networks and is part of many security protocols such as SSH, OpenPGP, S/MIME,
and SSL/TLS.
 Twofish is one of the fastest algorithms, with sizes of 128, 196, and 256 bits and a
complex key structure for added security. It is available for free and is included in
some of the best free software, including VeraCrypt, PeaZip, and KeePass, as well
as the OpenPGP standard.
 Elliptic Curve Cryptography (ECC) was created as an upgrade to RSA and offers
better security with significantly shorter key lengths. In the SSL/TLS protocol, ECC
is an asymmetric method.
 The Advanced Encryption Standard (AES) is the encryption standard used by
the US government. The AES algorithm is a symmetric-key algorithm that employs
block cipher methods. It comes in sizes of 128, 192, and 256 bits, with the number
of rounds of encryption increasing as the size increases. It was designed to be
simple to implement in both hardware and software.

RSA algorithm

RSA algorithm is asymmetric cryptography algorithm. Asymmetric actually means that it

works on two different keys i.e. Public Key and Private Key. As the name describes
that the Public Key is given to everyone and Private key is kept private.
An example of asymmetric cryptography :
1. A client (for example browser) sends its public key to the server and requests for
some data.
2. The server encrypts the data using client’s public key and sends the encrypted data.
3. Client receives this data and decrypts it.
Since this is asymmetric, nobody else except browser can decrypt the data even if a
third party has public key of browser.
The idea! The idea of RSA is based on the fact that it is difficult to factorize a large
integer. The public key consists of two numbers where one number is multiplication of
two large prime numbers. And private key is also derived from the same two prime
numbers. So if somebody can factorize the large number, the private key is
compromised. Therefore encryption strength totally lies on the key size and if we double
or triple the key size, the strength of encryption increases exponentially. RSA keys can
be typically 1024 or 2048 bits long, but experts believe that 1024 bit keys could be
broken in the near future. But till now it seems to be an infeasible task.
Let us learn the mechanism behind RSA algorithm :

>> Generating Public Key :

 Select two prime no's. Suppose P = 53 and Q = 59.
 Now First part of the Public key : n = P*Q = 3127.

 We also need a small exponent say e :

 But e Must be

 An integer.

 Not be a factor of n.

 1 < e < Φ(n) [Φ(n) is discussed below],
 Let us now consider it to be equal to 3.

 Our Public Key is made of n and e

>> Generating Private Key :

 We need to calculate Φ(n) :
 Such that Φ(n) = (P-1)(Q-1)
 so, Φ(n) = 3016

 Now calculate Private Key, d :

 d = (k*Φ(n) + 1) / e for some integer k
 For k = 2, value of d is 2011.
Now we are ready with our – Public Key ( n = 3127 and e = 3) and Private Key(d =
2011)
Now we will encrypt “HI” :
 Convert letters to numbers : H = 8 and I = 9

 Thus Encrypted Data c = 89e mod n.

 Thus our Encrypted Data comes out to be 1394

Now we will decrypt 1394 :

 Decrypted Data = cd mod n.

 Thus our Encrypted Data comes out to be 89

8 = H and I = 9 i.e. "HI".

Internet Security

Internet security refers to securing communication over the internet. It includes specific
security protocols such as:
 Internet Security Protocol (IPSec)
 Secure Socket Layer (SSL)
Internet Security Protocol (IPSec)
It consists of a set of protocols designed by Internet Engineering Task Force (IETF). It
provides security at network level and helps to create authenticated and confidential
packets for IP layer.
Secure Socket Layer (SSL)
It is a security protocol developed by Netscape Communications Corporation. ). It
provides security at transport layer. It addresses the following security issues:
 Privacy
 Integrity
 Authentication

Threats

Internet security threats impact the network, data security and other internet connected
systems. Cyber criminals have evolved several techniques to threat privacy and
integrity of bank accounts, businesses, and organizations.
Following are some of the internet security threats:
 Mobile worms
 Malware
 PC and Mobile ransomware
 Large scale attacks like Stuxnet that attempts to destroy infrastructure.
 Hacking as a Service
 Spam
 Phishing

Email Phishing

Email phishing is an activity of sending emails to a user claiming to be a legitimate

enterprise. Its main purpose is to steal sensitive information such as usernames,
passwords, and credit card details.
Such emails contains link to websites that are infected with malware and direct the user
to enter details at a fake website whose look and feels are same to legitimate one.
What a phishing email may contain?
Following are the symptoms of a phishing email:
Spelling and bad grammar
Most often such emails contain grammatically incorrect text. Ignore such emails, since it
can be a spam.
Beware of links in email
Don’t click on any links in suspicious emails.
Threats
Such emails contain threat like “your account will be closed if you didn’t respond to an
email message”.
Spoofing popular websites or companies
These emails contain graphics that appear to be connected to legitimate website but
they actually are connected to fake websites.

Types of Internet Security Protocols

n today’s world, we transfer the data in bulk, and the security of this data is very
important, so Internet security provides that feature i.e., protection of data. There are
different types of protocol exist like routing, mail transfer, and remote communication
protocol. But the Internet security protocol helps in the security and integrity of data
over the internet. There are many protocols that exist that help in the security of data
over the internet such as Secure Socket Layer (SSL), Transport Layer Security
(TLS).
Now, let us look at the various types of Internet Security Protocols :
1. SSL Protocol :
 SSL Protocol stands for Secure Sockets Layer protocol, which is an encryption-
based Internet security protocol that protects confidentiality and integrity of
data.
 SSL is used to ensure the privacy and authenticity of data over the internet.
 SSL is located between the application and transport layers.
 At first, SSL contained security flaws and was quickly replaced by the first
version of TLS that’s why SSL is the predecessor of the modern TLS
encryption.
 TLS/SSL website has “HTTPS” in its URL rather than “HTTP”.
 SSL is divided into three sub-protocols: the Handshake Protocol, the Record
Protocol, and the Alert Protocol.
2. TLS Protocol :
 Same as SSL, TLS which stands for Transport Layer Security is widely used for
the privacy and security of data over the internet.
 TLS uses a pseudo-random algorithm to generate the master secret which is a
key used for the encryption between the protocol client and protocol server.
  TLS is basically used for encrypting communication between online servers like
a web browser loading a web page in the online server.
 TLS also has three sub-protocols the same as SSL protocol – Handshake
Protocol, Record Protocol, and Alert Protocol.
3. SHTTP :
 SHTTP stands for Secure HyperText Transfer Protocol, which is a collection of
security measures like Establishing strong passwords, setting up a firewall,
thinking of antivirus protection, and so on designed to secure internet
communication.
 SHTTP includes data entry forms that are used to input data, which has
previously been collected into a database. As well as internet-based
transactions.
 SHTTP’s services are quite comparable to those of the SSL protocol.
 Secure HyperText Transfer Protocol works at the application layer (that defines
the shared communications protocols and interface methods used by hosts in a
network) and is thus closely linked with HTTP.
 SHTTP can authenticate and encrypt HTTP traffic between the client and the
server.
 SHTTP operates on a message-by-message basis. It can encrypt and sign
individual messages.
4. Set Protocol :
 Secure Electronic Transaction (SET) is a method that assures the security and
integrity of electronic transactions made using credit cards.
 SET is not a payment system; rather, it is a secure transaction protocol that is
used via the internet.
 The SET protocol provides the following services:
 It establishes a safe channel of communication between all parties
engaged in an e-commerce transaction.
 It provides confidentiality since the information is only available to the
parties engaged in a transaction when and when it is needed.
 The SET protocol includes the following participants:
 Cardholder
 Merchant
 Issuer
 Acquire
 Payment Gateway
 Certification Authority
5. PEM Protocol :
 PEM Protocol stands for privacy-enhanced mail and is used for email security
over the internet.
 RFC 1421, RFC 1422, RFC 1423, and RFC 1424 are the four particular papers
that explain the Privacy Enhanced Mail protocol.
 It is capable of performing cryptographic operations such as encryption,
nonrepudiation, and message integrity.
6. PGP Protocol :
 PGP Protocol stands for Pretty Good Privacy, and it is simple to use and free,
including its source code documentation.
 It also meets the fundamental criteria of cryptography.
 When compared to the PEM protocol, the PGP protocol has grown in popularity
and use.
 The PGP protocol includes cryptographic features such as encryption, non-
repudiation, and message integrity.