1.

Write in detail about enterprise and cybersecurity

Here are two major cyber threats you need to be aware of:

SQL Injection: This injection technique targets the site and database directly. When
successful, the assailant can enter a piece of SQL code that, when executed, allows
access to sensitive information or even gives database editing privileges to the cyber
criminal.

DDoS (Distributed-Denial-of-Service) Attack: This is a direct attack on your

network. It targets a server with an intent to bring it offline for various purposes.
Cyber attackers can also use this attack type to hide other attack vectors, which are
more difficult to identify since everyone is focused on the DDoS attack and fixing the
offline server.

Data Leaks

A data leak is a breach of security. Confidential or sensitive data is stolen or copied

by individuals that are not authorized to do so. Weak passwords can often be the root
cause of this, but it can also be caused by:

Phishing: Phishing is one of the most popular types of scams on the web. Emails are
sent under the guise of a fellow employee asking you to immediately act to prevent
some unwanted event. An example would be an email telling you that you will lose
access to your computer if you do not provide your password. With this information,
they can use the data to create more havoc and steal even more sensitive data.

Baiting: Baiting uses your curiosity against you. Hackers leave malware or virus on a
USB or similar device in a well traveled area or break room. This is in the hope a
curious passerby will pick it up and try to use it. Once used, it activates and installs
malware to company systems and computers.

Scareware: Scareware involves spamming the victim with threats, trying to trick
them into clicking a link. A pop up stating "Your pc is infected with malware, click
here to resolve!" is an example of scareware. Once the user clicks the erroneous link,
their company or server is injected with malware, giving the attacker access to their
system.

Reputation Loss: If your customers and partners are unable to access their data or
your systems, your reputation will suffer.

Data Loss: Depending on the type of attack, your data could be compromised, stolen,
or lose integrity.

It's imperative that businesses make an effort to practice proper enterprise

cybersecurity and prevent possible data leaks before they

Here are five crucial enterprise cybersecurity best practices you need to employ today:

1
Any software, hardware, or third-party apps should be secure and up to date.
Passwords should never be shared with anyone. Be sure to use strong passwords,
including numbers and letters that are not easily guessable.

A strong password policy should be enforced throughout your company

Delete or uninstall any software that is no longer used, and remove any unused
hardware. If you're not using an app because the company decided to upgrade to a
more streamlined version, delete the old ones off your systems.

Networks should be secured and necessary ports blocked to prevent access. Also,
think about adding a VPN to your internal network for added security. Have your
network team monitor your connections and ports to ensure traffic to your network is
valid.

Advantage of Enterprise Architecture

Enterprise architecture (EA) creates a blueprint for how and when you want to grow
your business. It analyzes the fastest way to get to your business goals by planning
and analyzing trends in existing data. This architecture type is used to improve
profitability, move a business online, or open new branches of product development.

Enterprise architecture can be used to help newly launched security departments

tackle cyber security issues. It will help you set forth a plan from conception to
implementation based on corporate data trends.

The key to enterprise architecture is to see where your business is headed, so you can
plan for the future and stay in front of any trends. Planning ahead allows you to
implement security for new features before they happen and be a leader for emerging
cyber threats.

Secure Your Data

Make sure that employees have proper training across your company to handle
sensitive information. For example, give them security training on the common
causes of a data breach, phishing, social engineering, bating, scamware, and
pretexting.

Use secure passwords and two-factor authentication to access sensitive data. Larger
companies can implement a key card system to access company grounds and establish
a VPN or internal network that is not accessible directly from the Internet.

Secure internal email gateways to prevent fraudulent and phishing emails to

unsuspecting employees. Be sure to monitor your network for threats or suspicious
activity.

Once these steps are in place, perform routine access audits to ensure those security
measures are working.

2
Each part of your scope of security and access points should be tested for
vulnerabilities. If a compromise is found, it needs to be rectified. These tests should
encompass all hardware and software elements of your data and data transfers.

Granted, data transfer will occur as you run your business. The key is to make sure
you limit how data is transferred and make sure when you do move data, it is as
securely as possible.

Limit Access Privileges

Run audits on your access to make sure only those qualified to make changes to
programs or devices are allowed access to sensitive data. If it is not necessary for
them to have administrative access, limit their use.

Backup Plan

No matter what you do, technology is always changing and improving. Even the most
up-to-date networks can suffer a data leak. A remediation plan for data backup and
disaster recovery will help any enterprise-level business to consolidate and mitigate
losses in the event of a data leak.

When you have a plan and a protocol in place before a breach in data, it will allow
you and your team the ability to deal with it as quickly as possible. Once the cause is
found, you and your team can be ready to patch and rectify the issue.

Liquid Web Knows Cybersecurity

As technology improves, the need for enterprise cybersecurity to protect your digital
assets from cyber threats becomes an even more imperative part of your business.
Liquid Web takes security very seriously and is dedicated to helping customers
achieve their enterprise cybersecurity goals.

Michelle Almendarez started her love for technology at the University of Texas at San
Antonio where she pursued a degree in Computer Science. She has written several
Knowledge Base articles for Liquid Web starting in 2018. She has experience with
video editing, web design, and server management and in her free time likes to post
cute pictures of her dog “Ghost” on Facebook. She sustains her healthy lifestyle by
eating only organic farm-raised tacos with her coffee daily.

What is Enterprise Security?

Enterprise security is a multi-faceted concern that includes both the internal or

proprietary business secrets of a company as well as the employee and customer data
related to privacy laws.

Enterprise security is increasingly in focus as major international companies such as

Facebook, Yahoo!, Target, Home Depot, and Equifax have all faced large fines and
government intervention due to the loss of sensitive customer data to hackers.

3
Where enterprise corporations were previously most concerned with protecting their
proprietary code or trade secrets from competitors and counterfeiters, they are now
faced with new data privacy laws in the US and EU that can impose major financial
penalties on organizations that misuse or lose consumer data. The transition to
reliance on cloud infrastructure for business process support introduces new
challenges to corporate security in IT.

Enterprise security is focused on data center, networking, and web server operations
in practice, but technically begins with human resources. Social engineering is the
root cause of as many as two-thirds of all successful hacking attacks according to
some security researchers. In social engineering attacks, weaknesses in human nature,
employee integrity, or personal gullibility are exploited by attackers to gain access to
a network or data resources. Phishing attacks via email encourage employees to click
on links that download and install malware.

Automated hacking attacks are script-driven and target data center resources such as
web servers and online applications on a continual basis through input entry points
such as login screens, contact forms, search-to-database queries, and backend
administration processes. Common examples of script bot attacks are MySQL
injection hacks and cross-site scripting exploits.

The ability to send code to a server through unsecured forms can lead to the loss of an
entire database including all of the table information, passwords, and sensitive
customer financial data.

Why is enterprise security important?

The importance of enterprise security can be illustrated by looking at the role of

encryption in internet communications. When an email is sent, or a user password is
entered to login to a website, the data is transferred point-to-point through a series of
third-party channels where it could potentially be intercepted and read by malicious
users with unauthorized access unless encrypted.

The threat includes unauthorized agents using packet sniffing software installed on
the telecom network, the ISP, or local WIFI channels.

Although the value of information sent over these connections may vary, no
enterprise company or other complex organization would be willing to have their
trade secrets, client communication, and internal discussions monitored by third-
parties with malicious intent on open channels.

The ability to access unencrypted passwords and login information can compromise
not only individual accounts and data, but also an entire corporate network if an
intruder gains data center access.

As a consequence, most websites and mobile applications now enforce HTTPS

encryption through SSL/TLS certificates across the various channels of user
communication.

4
State-sponsored hacking may target military-industrial secrets related to engineering
in weapons programs, aeronautics, or advanced research in other sensitive industries.

State-sponsored hacking can also target media companies, such as Sony’s film studio
hack by North Korea, on the basis of propaganda activities or seek to compromise the
corrupt behavior of public officials through personal communication leaks.

The Stuxnet virus is just one example of the effects of industrial espionage and
intelligence agency hacking.

The hacking attacks that target personal consumer information can lead to identity
theft, fraudulent charges, or financial embezzlement that is difficult for authorities to
detect or stop without widespread interdiction from law enforcement groups or
international agencies.

Enterprise security architecture

Enterprise security architecture needs to target physical access, social engineering,

and script-bot attacks, while also guarding password-entry systems from cracking and
user input channels from remote code injection.

The network firewall is considered to be the main barricade against malicious hacking
attacks. Most network firewall software packages now include the ability to scan
packet data in real-time to search for potential viruses, malware, worms, and
ransomware.

The problem with anti-virus scanning is that it is an ex post facto approach to security
that relies on professional agencies to identify malware before it can be detected. In
“zero-day” attacks, exploit code that has never been revealed or categorized by
security experts is used to penetrate a network, software platform, firmware device, or
operating system. Because zero-day attacks cannot be defended against in advance,
companies need to implement multi-tiered security policies that isolate and contain
threats effectively after they inevitably happen.

The use of encryption on data transfers and the establishment of firewall settings for
authorized user access are the two most fundamental aspects of enterprise security
after physical access constraints. Most platforms with user sign-on systems now
include lock-out procedures that cut off users after 5 or more incorrect password
logins to prevent cracking attacks.

Web Application Firewalls (WAFs) can be installed that add an extra layer of
protection to web forms to prevent cross-site scripting and MySQL injection attacks.
Anti-virus software from vendors like Symantec, McAfee, Trend Micro, Kaspersky,
Bitdefender, etc. are essential aspects of enterprise security today. Many enterprise
companies also employ the services of a CDN to recognize and prevent DDoS attacks
in production.

Fundamental best practices of enterprise security

5
The current working paradigm of best practices in enterprise security is to apply all of
the available industry methods of physical security, firewalls, encryption, fraud
protection, intruder detection, WAF, anti-virus, etc. with the expectation that hackers
will still find methods to penetrate systems, compromise hardware, and steal data.

Micro-segmentation works to protect every individual virtual machine on an

enterprise network through isolation that prevents the lateral movement of an intruder
to other facilities from a single entry point.

The DMZ model relates to firewalls, barricades, and moats by separating web
processes from a LAN through increased isolation strengthened by proxy edge servers
in the outer ring of defense. VMware vSAN Datastore is used for enterprise database
encryption, while VMcrypt Encryption is used for storage, archives, and backup files.

Administrative power escalation is another critical issue that cannot be overlooked in

enterprise security practices. Super-user and administration permissions must be more
tightly controlled and detected instantly when deployed by unauthorized users.

Real-time network monitoring increasingly includes analytics supported by machine

learning and artificial intelligence to better detect intruders, sensitive unauthorized
data transfers, and administration power escalation issues.

2.Write in detail about cryptography and Web service security(4pt).

What is cryptography?

Cryptography is a method of protecting information and communications through the

use of codes, so that only those for whom the information is intended can read and
process it.

In computer science, cryptography refers to secure information and communication

techniques derived from mathematical concepts and a set of rule-based calculations
called algorithms, to transform messages in ways that are hard to decipher. These
deterministic algorithms are used for cryptographic key generation, digital signing,
verification to protect data privacy, web browsing on the internet and confidential
communications such as credit card transactions and email.

Cryptography techniques

Cryptography is closely related to the disciplines of cryptology and cryptanalysis. It

includes techniques such as microdots, merging words with images and other ways to
hide information in storage or transit. However, in today's computer-centric world,
cryptography is most often associated with scrambling plaintext (ordinary text,
sometimes referred to as cleartext) into ciphertext (a process called encryption), then
back again (known as decryption). Individuals who practice this field are known as
cryptographers.

Modern cryptography concerns itself with the following four objectives:

6
.Confidentiality. The information cannot be understood by anyone for whom it was
unintended.

.Integrity.The information cannot be altered in storage or transit between sender and

intended receiver without the alteration being detected.

.Non-repudiation. The creator/sender of the information cannot deny at a later stage

their intentions in the creation or transmission of the information.

.Authentication. The sender and receiver can confirm each other's identity and the
origin/destination of the information.

.Procedures and protocols that meet some or all of the above criteria are known as
cryptosystems. Cryptosystems are often thought to refer only to mathematical
procedures and computer programs; however, they also include the regulation of
human behavior, such as choosing hard-to-guess passwords, logging off unused
systems and not discussing sensitive procedures with outsiders.

Cryptography is the process of encrypting and decrypting data.

Cryptosystems use a set of procedures known as cryptographic algorithms, or ciphers,

to encrypt and decrypt messages to secure communications among computer systems,
devices and applications.

Types of cryptography

Single-key or symmetric-key encryption algorithms create a fixed length of bits

known as a block cipher with a secret key that the creator/sender uses to encipher data
(encryption) and the receiver uses to decipher it. One example of symmetric-key
cryptography is the Advanced Encryption Standard (AES). AES is a specification
established in November 2001 by the National Institute of Standards and Technology
(NIST) as a Federal Information Processing Standard (FIPS 197) to protect sensitive
information. The standard is mandated by the U.S. government and widely used in the
private sector.

Public-key or asymmetric-key encryption algorithms use a pair of keys, a public

key associated with the creator/sender for encrypting messages and a private key that
only the originator knows (unless it is exposed or they decide to share it) for
decrypting that information.

Examples of public-key cryptography include:

RSA, used widely on the internet

Elliptic Curve Digital Signature Algorithm (ECDSA) used by Bitcoin

Digital Signature Algorithm (DSA) adopted as a Federal Information Processing

Standard for digital signatures by NIST in FIPS 186-4

Diffie-Hellman key exchange

7
To maintain data integrity in cryptography, hash functions, which return a
deterministic output from an input value, are used to map data to a fixed data size.
Types of cryptographic hash functions include SHA-1 (Secure Hash Algorithm 1),
SHA-2 and SHA-3.

Securing Web Services

Because of its nature (loosely coupled connections) and its use of open access (mainly
HTTP), SOA implemented by Web services adds a new set of requirements to the
security landscape. Web services security includes several aspects:

Authentication—Verifying that the user is who she claims to be. A user's identity is
verified based on the credentials presented by that user, such as:

Authorization (or Access Control)—Granting access to specific resources based on an

authenticated user's entitlements. Entitlements are defined by one or several attributes.
An attribute is the property or characteristic of a user, for example, if "Marc" is the
user, "conference speaker" is the attribute.

Confidentiality, privacy—Keeping information secret. Accesses a message, for

example a Web service request or an email, as well as the identity of the sending and
receiving parties in a confidential manner. Confidentiality and privacy can be
achieved by encrypting the content of a message and obfuscating the sending and
receiving parties' identities.

Integrity, non repudiation—Making sure that a message remains unaltered during

transit by having the sender digitally sign the message. A digital signature is used to
validate the signature and provides non-repudiation. The timestamp in the signature
prevents anyone from replaying this message after the expiration.

Web services security requirements also involve credential mediation (exchanging

security tokens in a trusted environment), and service capabilities and constraints
(defining what a Web service can do, under what circumstances).

Web services security requirements are supported by industry standards both at the
transport level (Secure Socket Layer) and at the application level relying on XML
frameworks.

Oracle has been instrumental in contributing to emerging standards, in particular the

specifications hosted by the OASIS Web Services Secure Exchange technical
committee.

Transport-level Security

Secure Socket Layer (SSL), otherwise known as Transport Layer Security (TLS), the
Internet Engineering Task Force (IETF) officially standardized version of SSL, is the
most widely used transport-level data-communication protocol providing:

8
Application-level Security

Application-level security complements transport-level security. Application-level

security is based on XML frameworks defining confidentiality, integrity, authenticity;
message structure; trust management and federation.

Data confidentiality is implemented by XML Encryption. XML Encryption defines

how digital content is encrypted and decrypted, how the encryption key information is
passed to a recipient, and how encrypted data is identified to facilitate decryption.

Data integrity and authenticity are implemented by XML Signature. XML Signature
binds the sender's identity (or "signing entity") to an XML document. Signing and
signature verification can be done using asymmetric or symmetric keys.

Signature ensures non-repudiation of the signing entity and proves that messages have
not been altered since they were signed. Message structure and message security are
implemented by SOAP and its security extension, WS-Security. WS-Security defines
how to attach XML Signature and XML Encryption headers to SOAP messages. In
addition, WS-Security provides profiles for 5 security tokens: Username (with
password digest), X.509 certificate, Kerberos ticket, Security Assertion Markup
Language (SAML) assertion, and REL (rights markup) document.

Web Services' Security Standards

Due to limitations mentioned earlier, several standards have been developed to secure
Web services. Rather than having application specific, ad-hoc workarounds, it was
necessary to find a common solution that could be used at the enterprise level.

XML Encryption : A W3C recommendation. Provides syntax and processing rules for
encrypting an XML document. This provides the confidentiality to selected portions
of a message, keeping other parts accessible for intermediaries.

XML Signature : A W3C recommendation. Provides syntax and processing rules for
signing an XML document. Different parts of a document can be signed to ensure
integrity and to provide authentication.

3.Write in detail about wired or wireless public key infrastructure(PKI)(4pt).

Public Key Infrastructure (PKI) is important because it significantly increases the
security of a network and provides the foundation for securing all internet-
connected things.
PKI is a core component of data confidentiality, information integrity,
authentication, and data access control. PKI is the foundation required to secure
communication between IoT devices and platforms.
PKI increases trust on the internet because it provides a system and infrastructure to
secure data, user and device identities and ensure the integrity of the data has
remained intact and is authentic. With PKI, you can issue digital certificates that
authenticate the identity of users, devices, or services. These certificates work for

9
both public web pages and private internal services (e.g., to authenticate devices
connecting with your VPN, Wiki, Wi-Fi, etc.)
Wireless public key infrastructure (WPKI) is a technology that provides public key
infrastructure functionality using a mobile secure Elements such as a SIM card .it can
be used for example for two-factor authentication.
PKI provides "trust services" - in plain terms trusting the actions or outputs of
entities, be they people or computers. Trust service objectives respect one or more
of the following capabilities: Confidentiality, Integrity and Authenticity (CIA).
Confidentiality: Assurance that no entity can maliciously or unwittingly view a
payload in clear text. Data is encrypted to make it secret, such that even if it was
read, it appears as gibberish. Perhaps the most common use of PKI for confidentiality
purposes is in the context of Transport Layer Security (TLS). TLS is a capability
underpinning the security of data in transit, i.e. during transmission. A classic
example of TLS for confidentiality is when using an internet browser to log on to a
service hosted on an internet based web site by entering a password.
Integrity: Assurance that if an entity changed (tampered) with transmitted data in
the slightest way, it would be obvious it happened as its integrity would have been
compromised. Often it is not of utmost importance to prevent the integrity being
compromised (tamper proof), however, it is of utmost importance that if integrity is
compromised there is clear evidence of it having done so (tamper evident).
Authenticity: Assurance that you have certainty of what you are connecting to, or
evidencing your legitimacy when connecting to a protected service. The former is
termed server-side authentication - typically used when authenticating to a web
server using a password. The latter is termed client-side authentication - sometimes
used when authenticating using a smart card (hosting a digital certificate and private
key).
Public key cryptography is a cryptographic technique that enables entities
to securely communicate on an insecure public network, and reliably verify the
identity of an entity via digital signatures.
A public key infrastructure (PKI) is a system for the creation, storage, and distribution
of digital certificates which are used to verify that a particular public key belongs to a
certain entity. The PKI creates digital certificates which map public keys to entities,
securely stores these certificates in a central repository and revokes them if needed
A PKI consists of:[8][10][11]
A certificate authority (CA) that stores, issues and signs the digital

10
4.Write in detail about protocol version 4/6 and Enterprise security
architecture(4pt).

Internet Protocol version 4 (IPv4) is the set of protocols that most TCP/IP networks
use. A new generation of protocols has been developed called Internet Protocol
version 6 (IPv6).
IPv4 is now approximately 20 years old and beginning to exhibit problems. The most
significant issue surrounding IPv4 is the growing shortage of IPv4 addresses, which
are needed by all machines attached to the Internet.
IPv4 uses 32-bit addresses. In theory, 32 bits allows over 4 billion nodes, each with a
globally-unique address.

IPv6 uses 128-bit addresses, an address space large enough to last for the foreseeable
future. It also adds many improvements to IPv4 in areas such as routing and network
autoconfiguration.
IPv6 is expected to gradually replace IPv4, with the two coexisting for a number of
years during a transition period.
The TCP/IP for z/VM IPv6 support improves the guest LAN support for the OSA-
Express adapter simulation in QDIO mode and for HiperSockets simulation.

Virtual machines (z/VM® and other guest operating systems) in the guest LAN
environment are able to define and to use simulated devices that support both the IPv4
and IPv6 protocols.
The IP Assist Simulation for QDIO-based and HiperSockets-base network adapters
has been updated to allow virtual machines to detect that their OSA-
Express adapters support IPv4 and IPv6 and interact with these devices according to
the IP Assists architecture.
The current IPv6 support in TCP/IP for z/VM is at the network (IP) layer. (For more
information about TCP/IP functions grouped by layer, see TCP/IP Protocols and
Functions.)
TCP/IP for z/VM currently supports the following IPv6-related RFCs:
RFC 2460, Internet Protocol, Version 6 (IPv6), Specification
The IPv6 specification defines the basic IPv6 header and the IPv6 extension headers and
options. The specification also discusses packet size issues, the semantics of flow labels
and traffic classes, and the effects of IPv6 on upper-layer protocols.

RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture

The IPv6 Addressing Architecture specification defines the addressing architecture of the
IPv6 protocol. It includes a detailed description of the currently defined address formats
for IPv6.

RFC 2461, Neighbor Discovery for IP Version 6 (IPv6)

z/VM stack.

The TCP/IP for z/VM stack implements both the host and router parts of the neighbor
discovery protocol. When configured as a router, router advertisements can be sent to
provide autoconfiguration information for other hosts-prefixes, parameters and default
routes.

Restriction: The TCP/IP for z/VM stack cannot be configured as a tunnel endpoint
for tunneling IPv6 traffic over IPv4 networks.

11
 The specification defines the steps a host takes in deciding how to autoconfigure its
interfaces in IPv6.

Restriction: The TCP/IP for z/VM stack participates in multicast listener discovery
performing the host function of registering multicast addresses needed for neighbor discovery.
However, the TCP/IP for z/VM stack is not a router of IPv6 multicast traffic (a multicast
router).
Restriction: The TCP/IP for z/VM stack uses the source address selection algorithm only.
Restriction: The TCP/IP for z/VM stack does not support SEcure Neighbor
Discovery; the specification about forbidding IPv6 Fragmentation with IPv6 SEcure Neighbor
Discovery is ignored.
Architectures of IPv4 and IPv6 In 1980 IPv4 was designed to replace the Network
Control Protocol on the ARPANET. The IPv6 protocol was designed with IPv4’s
deficienciess.IPv6 is not only a superset of the IPv4 protocol; But also it is a new
design. The IP’s design is so wide and the important parts of the architecture related
to security that are discussed in detail.
Attacks through the IPv4 There are four main attributes for computer security.
These attributes are confidentiality, integrity, privacy, and availability. In the
confidentiality attribute the following are the attack methods 1. Hacking 2. Phishing
3. IP spoofing In this attribute IDS, firewall, Cryptographic systems, IPSec are the
technologies used for Internet security. Viruses, Worms, Trojans are the attack
methods in the integrity attribute. IDS, Firewall, Anti-Malware software are the
technologies used for Internet security.
For privacy attribute e-mail bombing, spamming, DoS and cookies are the attack
methods and IPSec, SSL are the technologies for Internet security. a. Common
Internet A
Architecture of IPv4 The problems that are mentioned to gain an understanding of IP
and its deficiencies. The reasons of problems with the protocol are: 1. QoS(Quality Of
Service) 2. Security 3. Routing According to the information transmitted through the
network QoS was standardized. The original transfer of information was text-based.
The QoS of standard text is different than video streaming and music. Within the IPv4
protocol there is a lack of embedded security which lead to many attacks. To secure
IPv4, the mechanisms are exist but there is no use of the requirements.IPSec is the
special mechanism to secure the protocol. By using of cryptography IPSec secures the
packet data stream. Routing tables are increased in size, then the routing becomes a
problem for this protocol. The maximum size of the global routing table was 2.1
million entries .To reduce the size of the routing table there are methods to be

12
established. The methods are helpful for a short period of time, but a change needs to
solve the problem b.
Architecture of IPv6 To develop the IPv6 protocol that needed it is important to
improve IPv4 protocol. The development efforts which involved in the following
areas: 1. Security Architecture 2. Multiprotocol architecture 3. Routing and
addressing IPSec is surrounded within the IPv6 protocol. IPSec functionality is
similar to IPv4 and IPv6. IPv6 can use the security mechanisms throughout the route.
The IPv6 protocol’s address space was extended to support 128 bit addresses. With
128 bit addresses, the protocol can support up to 3.4 *(10)^38 machines. The address
bits are used less efficiency because it simplifies the configuration of addressing.
The IPv6 has more efficient routing system and which enables smaller routing tables.
The configuration of host is simplified. The Host which can automatically configure
itself
Attacks through the IPv4 There are four main attributes for computer security. These
attributes are confidentiality, integrity, privacy, and availability. In the confidentiality
attribute the following are the attack methods 1. Hacking 2. Phishing 3.
IP spoofing In this attribute IDS, firewall, Cryptographic systems, IPSec are the
technologies used for Internet security. Viruses, Worms, Trojans are the attack
methods in the integrity attribute. IDS, Firewall, Anti-Malware software are the
technologies used for Internet security. For privacy attribute e-mail bombing,
spamming, DoS and cookies are the attack methods and IPSec, SSL are the
technologies for Internet security. a. Common Internet Attack Methods These attacks
methods are divided into following categories. a.1.1 Viruses Viruses are self
reproduced programs. These programs use files to infect and disseminate[5].
The virus will activate, once the file is opened. a.1.2 Trojans For the user Trojans
appear to mild, but it have some malicious purpose, Trojans carry some virus[5]. a.1.3
Denial of Service This is an attack when the system receives requests and it cannot
return any reply with the requestors [6].
The system use all types of resources and these resources complete their handshake.
Finally , the system cannot respond to any requests that interpreting it. b. Technology
for Internet Security Threats will continue to be an important issue in the world as
long as the information is transmitted across the Internet.
There are different detection mechanisms to deal with these attacks. b.2.1
Cryptographic systems Cryptography is a powerful used tool for security engineers

13
which converts the codes and ciphers to transform them into unintelligible data. b.2.2
Intrusion Detection Systems An IDS is an additional protection measure.
IDS systems can be used to detect an attack in the hardware and software devices.
IDS are used to monitor to determine whether attacks International Journal of
Engineering Science and Computing, August 2016 2716 http://ijesc.org/ are been
present. Some IDS systems are identify and alert of an attack, whereas the other IDS
are try to block the attack. b.2.3 Secure Socket Layer (SSL) The Secure Socket Layer
(SSL) is a group of protocols to provide security between a web browser and a
website.
To create a channel with security or tunnel SSL is designed between a web browser
and the web server. So that any information transmitted is protected within the
channel. SSL provides access of users to server through the use of certificates.
To prove their identity Clients provide a certificate. IPv6 Security Issues IPv6 is more
advanced mechanisms over the IPv4 internet protocol from the point of security. But
in the IPv6 security mechanis ms still continue to be vulnerable to threats. The new IP
does not secured against the misconfigured servers, less efficient applications, or poor
secured sites. The following are the causes of security problems [4]: 1. Port scanning
issues 2.
Mobility issues The port scanning occurs when a network is scanned to discover
targets with open services [4]. The IPv6 protocol address space is large but the
protocol is not invulnerable to this attack. Mobility feature is included into the internet
protocol IPv6. This feature requires some special security measures. When the
Network administrators using IPv6 mobility feature they need to be aware of these
security needs.
Security in Different Networks In today’s world to create “intranets ” use the
combinations of firewalls, encryption and authentication mechanis ms, and that are
used with protection when they are connected to the internet .
Intranet is a privately owned network that uses IP protocols. Intranets and "Extranets”
are both distinct concepts where intranets are generally protected to employees of the
organization.
Extranets are generally accessed by the customers, or other authorized parties. These
parties do not access any of the organization's internal network. When such access is
provided through gateway with firewall, user authentication, encryption and virtual
private networks(VPNs). Figure 3 represents a graphical representation of an

14
organization and VPN network. Figure 3: A typical VPN connecting remote offices
and LAN headquarters of the company. [8] VPN is a private network used to connect
remote sites or multiple users. Instead of using a leased line, a VPN uses "virtual"
connections which are connected through the Internet from the organization's private
network to the remote site.
Developments in Network Security Some network security methodologies are used
with biometric identification. Compare to password method Biometrics provide a
better method of authentication. This might be an efficient method to minimize the
unauthorized access.
Smart card is also a new technology in research on network security. New firewall
techniques and encryption are also being implemented. This research being performed
to understand the current development and project the future developments of the
network security. 1. Hardware Developments in Network Security Biometric systems
and smart cards are the new hardware technologies that are widely Used security
methods.
Biometric authentication is s type of system that consists of the biological
characteristics of individuals to verify identity for secure access to electronic system.
The Biometric network security is to replace the password system.
Smart cards are plastic cards and a credit ‐card ‐sized digital electronic media. The card
is designed to occupy encryption keys and other information are used in
authentication and other identification processes. The smart cards are used as
repository for passwords. The security features are built into smartcards to prevent
someone to stolen the card.
The smart card is cost effective but not much efficient than the biometric devices.

15