1.

Write detail about intrusion detection /prevention system (IDS/IPS)

What is an intrusion detection system (IDS)

An IDS is either a hardware device or software application that uses known intrusion
signatures to detect and analyze both inbound and outbound network traffic for
abnormal activities.

This is done through:

System file comparisons against malware signatures.

Scanning processes that detect signs of harmful patterns.

Monitoring user behavior to detect malicious intent.

Monitoring system settings and configurations.

Upon detecting a security policy violation, virus or configuration error, an IDS is able
to kick an offending user off the network and send an alert to security personnel.

Despite its benefits, including in-depth network traffic analysis and attack detection,
an IDS has inherent drawbacks. Because it uses previously known intrusion signatures
to locate attacks, newly discovered (i.e., zero-day) threats can remain undetected.

Furthermore, an IDS only detects ongoing attacks, not incoming assaults. To block
these, an intrusion prevention system is required.

What is an intrusion prevention system (IPS)

An IPS complements an IDS configuration by proactively inspecting a system’s

incoming traffic to weed out malicious requests. A typical IPS configuration uses web
application firewalls and traffic filtering solutions to secure applications.

An IPS prevents attacks by dropping malicious packets, blocking offending IPs and
alerting security personnel to potential threats. Such a system usually uses a
preexisting database for signature recognition and can be programmed to recognize
attacks based on traffic and behavioral anomalies.

1
While being effective at blocking known attack vectors, some IPS systems come with
limitations. These are commonly caused by an overreliance on predefined rules,
making them susceptible to false positive

Using Imperva to bolster your IPS configurations

Imperva cloud WAF intrusion prevention solutions are fully customizable tools that
block zero-day and existing web application security threats while reducing false
positives.

Imperva cloud WAF IPS features include:

Web Application Firewall (WAF) – The Imperva cloud WAF is a cloud-based

firewall deployed on your network’s edge. It bolsters your existing IPS through
signature, reputational and behavioral heuristics that filter malicious incoming
requests and application attacks—including remote file inclusions and SQL injections.

Advanced features, such as access control, dynamic profiling and application-aware

technologies help minimize false positives. Meanwhile, global crowdsourcing
provides a continually updated database of new threats, thereby ensuring protection
from zero-day threats.

Custom rules – IncapRules expands Imperva cloud WAF capabilities by enabling you
to implement your own security and access control policies.

This high degree of customization helps minimize false positives while rooting out
hidden threats specific to your organization.

Two-factor authentication (2FA) – 2FA is a security process requiring users to

provide two means of verification when logging into an account, such as a password
and one-time passcode (OTP) sent to a mobile device. It bolsters intrusion prevention
by adding an extra layer of protection to your application’s sensitive data.

Imperva cloud WAF allows you to deploy two-factor authentication gateways for any
URL in your web application. This solution is fully customizable, letting you choose
your verification method and easily manage a database of approved users.

It can also be configured in seconds and requires no code changes or additional

integration.

2
Two factor authentication helps to prevent intrusions by requiring users to provide
two means of verification when logging into an account.

Backdoor protection – IDS configurations typically identify backdoors based on

known malware signatures. At best, it’s a halfway measure, as most perpetrators
obfuscate the code and alias of their backdoor shells to avoid all recognition.

Imperva cloud WAF Backdoor Protection solves this problem by intercepting

connection requests to hidden backdoor shells, instead of simply scanning for code
signatures. Since the nature of such requests can’t be disguised, monitoring them
enables quick identification of backdoors within your syste.

2. Write in detail about enterprise and cybersecurity.

Cyber threats and data leaks can be prevented and mitigated using good enterprise
cybersecurity practices, such as developing and defining your scope of security,
studying enterprise architecture, and utilizing traditional cybersecurity methods.
These practices can help protect your organization from cybersecurity breaches

Here are two major cyber threats you need to be aware of:

SQL Injection: This injection technique targets the site and database directly. When
successful, the assailant can enter a piece of SQL code that, when executed, allows
access to sensitive information or even gives database editing privileges to the cyber
criminal.

DDoS (Distributed-Denial-of-Service) Attack: This is a direct attack on your

network. It targets a server with an intent to bring it offline for various purposes.
Cyber attackers can also use this attack type to hide other attack vectors, which are
more difficult to identify since everyone is focused on the DDoS attack and fixing the
offline server.

Data Leaks

A data leak is a breach of security. Confidential or sensitive data is stolen or copied

by individuals that are not authorized to do so. Weak passwords can often be the root
cause of this, but it can also be caused by:

3
Phishing: Phishing is one of the most popular types of scams on the web. Emails are
sent under the guise of a fellow employee asking you to immediately act to prevent
some unwanted event. An example would be an email telling you that you will lose
access to your computer if you do not provide your password. With this information,
they can use the data to create more havoc and steal even more sensitive data.

Baiting: Baiting uses your curiosity against you. Hackers leave malware or virus on a
USB or similar device in a well traveled area or break room. This is in the hope a
curious passerby will pick it up and try to use it. Once used, it activates and installs
malware to company systems and computers.

Scareware: Scareware involves spamming the victim with threats, trying to trick
them into clicking a link. A pop up stating "Your pc is infected with malware, click
here to resolve!" is an example of scareware. Once the user clicks the erroneous link,
their company or server is injected with malware, giving the attacker access to their
system.

Pretexting: Pretexting is done by gaining someone's trust that has access to sensitive
information. Malicious actors using pretexting will pose as someone of authority such
as a tax official, police officer, or a fellow employee. Once trust is established, they
will ask a series of questions in an effort to gain sensitive data such as credit card
numbers, accounts, and passwords.

It's imperative that businesses make an effort to practice proper enterprise

cybersecurity and prevent possible data leaks before they

Here are five crucial enterprise cybersecurity best practices you need to employ today:

Any software, hardware, or third-party apps should be secure and up to date.

Passwords should never be shared with anyone. Be sure to use strong passwords,
including numbers and letters that are not easily guessable.

A strong password policy should be enforced throughout your company

4
Delete or uninstall any software that is no longer used, and remove any unused
hardware. If you're not using an app because the company decided to upgrade to a
more streamlined version, delete the old ones off your systems.

Networks should be secured and necessary ports blocked to prevent access. Also,
think about adding a VPN to your internal network for added security. Have your
network team monitor your connections and ports to ensure traffic to your network is
valid.

Advantage of Enterprise Architecture

Enterprise architecture (EA) creates a blueprint for how and when you want to grow
your business. It analyzes the fastest way to get to your business goals by planning
and analyzing trends in existing data. This architecture type is used to improve
profitability, move a business online, or open new branches of product development.

Enterprise architecture can be used to help newly launched security departments

tackle cyber security issues. It will help you set forth a plan from conception to
implementation based on corporate data trends.

The key to enterprise architecture is to see where your business is headed, so you can
plan for the future and stay in front of any trends. Planning ahead allows you to
implement security for new features before they happen and be a leader for emerging
cyber threats.

Secure Your Data

Make sure that employees have proper training across your company to handle
sensitive information. For example, give them security training on the common
causes of a data breach, phishing, social engineering, bating, scamware, and
pretexting.

Use secure passwords and two-factor authentication to access sensitive data. Larger
companies can implement a key card system to access company grounds and establish
a VPN or internal network that is not accessible directly from the Internet.

5
Secure internal email gateways to prevent fraudulent and phishing emails to
unsuspecting employees. Be sure to monitor your network for threats or suspicious
activity.

Once these steps are in place, perform routine access audits to ensure those security
measures are working.

Each part of your scope of security and access points should be tested for
vulnerabilities. If a compromise is found, it needs to be rectified. These tests should
encompass all hardware and software elements of your data and data transfers.

Granted, data transfer will occur as you run your business. The key is to make sure
you limit how data is transferred and make sure when you do move data, it is as
securely as possible.

Limit Access Privileges

Run audits on your access to make sure only those qualified to make changes to
programs or devices are allowed access to sensitive data. If it is not necessary for
them to have administrative access, limit their use.

Backup Plan

No matter what you do, technology is always changing and improving. Even the most
up-to-date networks can suffer a data leak. A remediation plan for data backup and
disaster recovery will help any enterprise-level business to consolidate and mitigate
losses in the event of a data leak.

When you have a plan and a protocol in place before a breach in data, it will allow
you and your team the ability to deal with it as quickly as possible. Once the cause is
found, you and your team can be ready to patch and rectify the issue.

Liquid Web Knows Cybersecurity

6
As technology improves, the need for enterprise cybersecurity to protect your digital
assets from cyber threats becomes an even more imperative part of your business.
Liquid Web takes security very seriously and is dedicated to helping customers
achieve their enterprise cybersecurity goals.

What is Enterprise Security?

Enterprise security is a multi-faceted concern that includes both the internal or

proprietary business secrets of a company as well as the employee and customer data
related to privacy laws.

Enterprise security is increasingly in focus as major international companies such as

Facebook, Yahoo!, Target, Home Depot, and Equifax have all faced large fines and
government intervention due to the loss of sensitive customer data to hackers.

Where enterprise corporations were previously most concerned with protecting their
proprietary code or trade secrets from competitors and counterfeiters, they are now
faced with new data privacy laws in the US and EU that can impose major financial
penalties on organizations that misuse or lose consumer data. The transition to
reliance on cloud infrastructure for business process support introduces new
challenges to corporate security in IT.

Enterprise security is focused on data center, networking, and web server operations
in practice, but technically begins with human resources. Social engineering is the
root cause of as many as two-thirds of all successful hacking attacks according to
some security researchers. In social engineering attacks, weaknesses in human nature,
employee integrity, or personal gullibility are exploited by attackers to gain access to
a network or data resources. Phishing attacks via email encourage employees to click
on links that download and install malware.

Automated hacking attacks are script-driven and target data center resources such as
web servers and online applications on a continual basis through input entry points
such as login screens, contact forms, search-to-database queries, and backend
administration processes. Common examples of script bot attacks are MySQL
injection hacks and cross-site scripting exploits.

7
The ability to send code to a server through unsecured forms can lead to the loss of an
entire database including all of the table information, passwords, and sensitive
customer financial data.

Code injection hacks are different from password cracking which can lead to full
administration access by a hacker or the ability to establish backdoors to a server
through FTP and the command line. Successful hackers typically spend 30 to 90 days
in reconnaissance of a compromised network system with internal access before
beginning the process of transferring database information or installing malicious
remote code.

Why is enterprise security important?

The importance of enterprise security can be illustrated by looking at the role of

encryption in internet communications. When an email is sent, or a user password is
entered to login to a website, the data is transferred point-to-point through a series of
third-party channels where it could potentially be intercepted and read by malicious
users with unauthorized access unless encrypted.

The threat includes unauthorized agents using packet sniffing software installed on
the telecom network, the ISP, or local WIFI channels.

Although the value of information sent over these connections may vary, no
enterprise company or other complex organization would be willing to have their
trade secrets, client communication, and internal discussions monitored by third-
parties with malicious intent on open channels.

The ability to access unencrypted passwords and login information can compromise
not only individual accounts and data, but also an entire corporate network if an
intruder gains data center access.

As a consequence, most websites and mobile applications now enforce HTTPS

encryption through SSL/TLS certificates across the various channels of user
communication.

8
State-sponsored hacking may target military-industrial secrets related to engineering
in weapons programs, aeronautics, or advanced research in other sensitive industries.

State-sponsored hacking can also target media companies, such as Sony’s film studio
hack by North Korea, on the basis of propaganda activities or seek to compromise the
corrupt behavior of public officials through personal communication leaks.

The Stuxnet virus is just one example of the effects of industrial espionage and
intelligence agency hacking.

The hacking attacks that target personal consumer information can lead to identity
theft, fraudulent charges, or financial embezzlement that is difficult for authorities to
detect or stop without widespread interdiction from law enforcement groups or
international agencies.

Enterprise security architecture

Enterprise security architecture needs to target physical access, social engineering,

and script-bot attacks, while also guarding password-entry systems from cracking and
user input channels from remote code injection.

The network firewall is considered to be the main barricade against malicious hacking
attacks. Most network firewall software packages now include the ability to scan
packet data in real-time to search for potential viruses, malware, worms, and
ransomware.

The problem with anti-virus scanning is that it is an ex post facto approach to security
that relies on professional agencies to identify malware before it can be detected. In
“zero-day” attacks, exploit code that has never been revealed or categorized by
security experts is used to penetrate a network, software platform, firmware device, or
operating system. Because zero-day attacks cannot be defended against in advance,
companies need to implement multi-tiered security policies that isolate and contain
threats effectively after they inevitably happen.

The use of encryption on data transfers and the establishment of firewall settings for
authorized user access are the two most fundamental aspects of enterprise security

9
after physical access constraints. Most platforms with user sign-on systems now
include lock-out procedures that cut off users after 5 or more incorrect password
logins to prevent cracking attacks.

Web Application Firewalls (WAFs) can be installed that add an extra layer of
protection to web forms to prevent cross-site scripting and MySQL injection attacks.
Anti-virus software from vendors like Symantec, McAfee, Trend Micro, Kaspersky,
Bitdefender, etc. are essential aspects of enterprise security today. Many enterprise
companies also employ the services of a CDN to recognize and prevent DDoS attacks
in production.

Fundamental best practices of enterprise security

The current working paradigm of best practices in enterprise security is to apply all of
the available industry methods of physical security, firewalls, encryption, fraud
protection, intruder detection, WAF, anti-virus, etc. with the expectation that hackers
will still find methods to penetrate systems, compromise hardware, and steal data.

Micro-segmentation works to protect every individual virtual machine on an

enterprise network through isolation that prevents the lateral movement of an intruder
to other facilities from a single entry point.

The DMZ model relates to firewalls, barricades, and moats by separating web
processes from a LAN through increased isolation strengthened by proxy edge servers
in the outer ring of defense. VMware vSAN Datastore is used for enterprise database
encryption, while VMcrypt Encryption is used for storage, archives, and backup files.

Administrative power escalation is another critical issue that cannot be overlooked in

enterprise security practices. Super-user and administration permissions must be more
tightly controlled and detected instantly when deployed by unauthorized users.

Real-time network monitoring increasingly includes analytics supported by machine

learning and artificial intelligence to better detect intruders, sensitive unauthorized
data transfers, and administration power escalation issues.

10
3.List out the popular examples of symmetric and asymmetric encryption algorithm
and describe them detail.

Algorithms

An algorithm is basically a procedure or a formula for solving a data snooping

problem. An encryption algorithm is a set of mathematical procedure for
performing encryption on data. Through the use of such an algorithm, information is
made in the cipher text and requires the use of a key to transforming the data into its
original form. This brings us to the concept of cryptography that has long been used in
information security in communication systems.

Cryptography

Cryptography is a method of using advanced mathematical principles in storing and

transmitting data in a particular form so that only those whom it is intended can read
and process it. Encryption is a key concept in cryptography – It is a process whereby a
message is encoded in a format that cannot be read or understood by an eavesdropper.
The technique is old and was first used by Caesar to encrypt his messages using
Caesar cipher. A plain text from a user can be encrypted to a ciphertext, then send
through a communication channel and no eavesdropper can interfere with the plain
text. When it reaches the receiver end, the ciphertext is decrypted to the original plain
text.

Cryptography Terms

Encryption: It is the process of locking up information using cryptography.

Information that has been locked this way is encrypted.

Decryption: The process of unlocking the encrypted information using cryptographic

techniques.

Key: A secret like a password used to encrypt and decrypt information. There are a
few different types of keys used in cryptography.

11
Steganography: It is actually the science of hiding information from people who
would snoop on you. The difference between steganography and encryption is that the
would-be snoopers may not be able to tell there’s any hidden information in the first
place.

Asymmetric encryption takes relatively more time than the symmetric encryption.

Symmetric Encryption:

Same key is used for Encryption and Decryption

Both server and client should have same key for encryption

Examples: Blowfish, AES, RC4, DES, RC5, and RC6

Asymmetric encryption:

Server generates its own public and private key

Client generates its own public and private key

Server and client exchanges their public keys

Server uses client’s public key to encrypt data

example: EIGamal, RSA, DSA Elliptic curve techniques, PKCS.

There are quite a number of examples actually.

RC4, A5/1, A5/2, FISH, Helix, ISAAC etc are a few symmetric stream ciphers that
are commonly used in many software. And, block ciphers are used in Data Encryption
Standard or DES, RC5, Advanced Encryption Standard or AES, Blowfish etc.

And, some good examples of asymmetric encryption or public key

encryption are DSA, RSA and PGP.

4.Write in detail about network firewall security.

12
What is firewall in network security?

The firewall monitors and controls incoming and outgoing network traffic, and based
on specific security rules decides whether certain traffic should be allowed or
blocked. Almost 25 years ago, firewalls were introduced as the first line of defense in
network security.

Firewalls are barriers that hold back traffic going both ways. By installing a firewall, a
local system or network of computers can be protected from network-based threats
while providing easy access to the Internet and wide-area networks outside the
system.

What is firewall and its types in network security?

It is a security tool that protects networks by filtering network traffic. Network nodes
can be separated from external traffic sources, internal traffic sources, or even specific
applications using firewall.

Network security devices such as firewalls, which monitor incoming and outgoing
traffic and allow or block data packets in accordance with policies, are designed to
help ensure network security.

How can a firewall enhance network security?

The firewall is a tool that helps manage the network traffic on your computer and
protect your data. Incoming network traffic that is unsolicited and unwanted is
blocked by this mechanism. By assessing inbound traffic, a firewall prevents your
computer from being infected with malware or hacked.

Firewall Categorization Methods:

• Firewalls can be categorized by processing mode, development era, or structure.

• There are FIVE major processing –mode categories of firewalls: Packet filtering

Firewalls, Application gateways, Circuit gateways, MAC layer firewalls and

13
Hybrids.(Hybrid firewalls use a combination of other three methods, and in

practice, most firewalls fall into this category)

• Firewalls categorized by which level of technology they employ are identified by

generation, with the later generations being more complex and more recently

developed.

• Firewalls categorized by intended structure are typically divided into categories

including residential-or commercial-grade, hardware-based, software-based, or

appliance-based devices.

Firewalls categorized by processing mode:

The FIVE processing modes are:

1.Packet Filtering

2.Application Gateways

3.Circuit Gateways

5.Write in detail about cryptography and Web service security.

What is cryptography?

Cryptography is a method of protecting information and communications through the

use of codes, so that only those for whom the information is intended can read and
process it.

In computer science, cryptography refers to secure information and communication

techniques derived from mathematical concepts and a set of rule-based calculations
called algorithms, to transform messages in ways that are hard to decipher. These
deterministic algorithms are used for cryptographic key generation, digital signing,

14
verification to protect data privacy, web browsing on the internet and confidential
communications such as credit card transactions and email.

Cryptography techniques

Cryptography is closely related to the disciplines of cryptology and cryptanalysis. It

includes techniques such as microdots, merging words with images and other ways to
hide information in storage or transit. However, in today's computer-centric world,
cryptography is most often associated with scrambling plaintext (ordinary text,
sometimes referred to as cleartext) into ciphertext (a process called encryption), then
back again (known as decryption). Individuals who practice this field are known as
cryptographers.

Modern cryptography concerns itself with the following four objectives:

.Confidentiality. The information cannot be understood by anyone for whom it was

unintended.

.Integrity. The information cannot be altered in storage or transit between sender and
intended receiver without the alteration being detected.

.Non-repudiation. The creator/sender of the information cannot deny at a later stage

their intentions in the creation or transmission of the information.

.Authentication. The sender and receiver can confirm each other's identity and the
origin/destination of the information.

Procedures and protocols that meet some or all of the above criteria are known as
cryptosystems. Cryptosystems are often thought to refer only to mathematical
procedures and computer programs; however, they also include the regulation of
human behavior, such as choosing hard-to-guess passwords, logging off unused
systems and not discussing sensitive procedures with outsiders.

Cryptography is the process of encrypting and decrypting data.

15
Cryptosystems use a set of procedures known as cryptographic algorithms, or ciphers,
to encrypt and decrypt messages to secure communications among computer systems,
devices and applications.

Types of cryptography

Single-key or symmetric-key encryption algorithms create a fixed length of bits

known as a block cipher with a secret key that the creator/sender uses to encipher data
(encryption) and the receiver uses to decipher it. One example of symmetric-key
cryptography is the Advanced Encryption Standard (AES). AES is a specification
established in November 2001 by the National Institute of Standards and Technology
(NIST) as a Federal Information Processing Standard (FIPS 197) to protect sensitive
information. The standard is mandated by the U.S. government and widely used in the
private sector.

Public-key or asymmetric-key encryption algorithms use a pair of keys, a public

key associated with the creator/sender for encrypting messages and a private key that
only the originator knows (unless it is exposed or they decide to share it) for
decrypting that information.

Examples of public-key cryptography include:

RSA, used widely on the internet

Elliptic Curve Digital Signature Algorithm (ECDSA) used by Bitcoin

Digital Signature Algorithm (DSA) adopted as a Federal Information Processing

Standard for digital signatures by NIST in FIPS 186-4

Diffie-Hellman key exchange

To maintain data integrity in cryptography, hash functions, which return a

deterministic output from an input value, are used to map data to a fixed data size.
Types of cryptographic hash functions include SHA-1 (Secure Hash Algorithm 1),
SHA-2 and SHA-3.

16
Securing Web Services

Because of its nature (loosely coupled connections) and its use of open access (mainly
HTTP), SOA implemented by Web services adds a new set of requirements to the
security landscape. Web services security includes several aspects:

Authentication—Verifying that the user is who she claims to be. A user's identity is
verified based on the credentials presented by that user, such as:

Authorization (or Access Control)—Granting access to specific resources based on an

authenticated user's entitlements. Entitlements are defined by one or several attributes.
An attribute is the property or characteristic of a user, for example, if "Marc" is the
user, "conference speaker" is the attribute.

Confidentiality, privacy—Keeping information secret. Accesses a message, for

example a Web service request or an email, as well as the identity of the sending and
receiving parties in a confidential manner. Confidentiality and privacy can be
achieved by encrypting the content of a message and obfuscating the sending and
receiving parties' identities.

Integrity, non repudiation—Making sure that a message remains unaltered during

transit by having the sender digitally sign the message. A digital signature is used to
validate the signature and provides non-repudiation. The timestamp in the signature
prevents anyone from replaying this message after the expiration.

Web services security requirements also involve credential mediation (exchanging

security tokens in a trusted environment), and service capabilities and constraints
(defining what a Web service can do, under what circumstances).

Web services security requirements are supported by industry standards both at the
transport level (Secure Socket Layer) and at the application level relying on XML
frameworks.

17
Oracle has been instrumental in contributing to emerging standards, in particular the
specifications hosted by the OASIS Web Services Secure Exchange technical
committee.

Transport-level Security

Secure Socket Layer (SSL), otherwise known as Transport Layer Security (TLS), the
Internet Engineering Task Force (IETF) officially standardized version of SSL, is the
most widely used transport-level data-communication protocol providing:

Application-level Security

Application-level security complements transport-level security. Application-level

security is based on XML frameworks defining confidentiality, integrity, authenticity;
message structure; trust management and federation.

Data confidentiality is implemented by XML Encryption. XML Encryption defines

how digital content is encrypted and decrypted, how the encryption key information is
passed to a recipient, and how encrypted data is identified to facilitate decryption.

Data integrity and authenticity are implemented by XML Signature. XML Signature
binds the sender's identity (or "signing entity") to an XML document. Signing and
signature verification can be done using asymmetric or symmetric keys.

Signature ensures non-repudiation of the signing entity and proves that messages have
not been altered since they were signed. Message structure and message security are
implemented by SOAP and its security extension, WS-Security. WS-Security defines
how to attach XML Signature and XML Encryption headers to SOAP messages. In
addition, WS-Security provides profiles for 5 security tokens: Username (with
password digest), X.509 certificate, Kerberos ticket, Security Assertion Markup
Language (SAML) assertion, and REL (rights markup) document.

Web Services' Security StandardsXML Encryption : A W3C recommendation.

Provides syntax and processing rules for encrypting an XML document. This provides
the confidentiality to selected portions of a message, keeping other parts accessible
for intermediaries.

18
XML Signature : A W3C recommendation. Provides syntax and processing rules for
signing an XML document. Different parts of a document can be signed to ensure
integrity and to provide authentication.

6.Write in detail about wired or wireless public key infrastructure(PKI).

Public Key Infrastructure (PKI) is important because it significantly increases the

security of a network and provides the foundation for securing all internet-connected
things.

PKI is a core component of data confidentiality, information integrity, authentication,

and data access control. PKI is the foundation required to secure communication
between IoT devices and platforms.

PKI increases trust on the internet because it provides a system and infrastructure to
secure data, user and device identities and ensure the integrity of the data has
remained intact and is authentic. With PKI, you can issue digital certificates that
authenticate the identity of users, devices, or services. These certificates work for both
public web pages and private internal services (e.g., to authenticate devices
connecting with your VPN, Wiki, Wi-Fi, etc.)

Wireless public key infrastructure (WPKI) is a technology that provides public key
infrastructure functionality using a mobile secure Elements such as a SIM card .it can
be used for example for two-factor authentication.

PKI provides "trust services" - in plain terms trusting the actions or outputs of entities,
be they people or computers. Trust service objectives respect one or more of the
following capabilities: Confidentiality, Integrity and Authenticity (CIA).

Confidentiality: Assurance that no entity can maliciously or unwittingly view a

payload in clear text. Data is encrypted to make it secret, such that even if it was read,
it appears as gibberish. Perhaps the most common use of PKI for confidentiality
purposes is in the context of Transport Layer Security (TLS). TLS is a capability
underpinning the security of data in transit, i.e. during transmission. A classic
example of TLS for confidentiality is when using an internet browser to log on to a
service hosted on an internet based web site by entering a password.

19
Integrity: Assurance that if an entity changed (tampered) with transmitted data in the
slightest way, it would be obvious it happened as its integrity would have been
compromised. Often it is not of utmost importance to prevent the integrity being
compromised (tamper proof), however, it is of utmost importance that if integrity is
compromised there is clear evidence of it having done so (tamper evident).

Authenticity: Assurance that you have certainty of what you are connecting to, or
evidencing your legitimacy when connecting to a protected service. The former is
termed server-side authentication - typically used when authenticating to a web server
using a password. The latter is termed client-side authentication - sometimes used
when authenticating using a smart card (hosting a digital certificate and private key).

Public key cryptography is a cryptographic technique that enables entities to securely

communicate on an insecure public network, and reliably verify the identity of an
entity via digital signatures.

A public key infrastructure (PKI) is a system for the creation, storage, and distribution
of digital certificates which are used to verify that a particular public key belongs to a
certain entity. The PKI creates digital certificates which map public keys to entities,
securely stores these certificates in a central repository and revokes them if needed

A PKI consists of:

A certificate authority (CA) that stores, issues and signs the digital certificates;
A registration authority (RA) which verifies the identity of entities requesting their
digital certificates to be stored at the CA; A central directory—i.e., a secure location
in which keys are stored and indexed;

A certificate management system managing things like the access to stored

certificates or the delivery of the certificates to be issued;

A certificate policy stating the PKI's requirements concerning its procedures. Its
purpose is to allow outsiders to analyze the PKI's trustworthiness. The term trusted
third party (TTP) may also be used for certificate authority (CA). Moreover, PKI is
itself often used as a synonym for a CA implementation.

Certificate revocation

20
Authorities in the WebPKI provide revocation services to allow invalidation of
previously issued certificates.

7.Write in detail about application security (vulnerabilities of programming or

scripting language).

What is application security?

Application security, or appsec, is the practice of using security software, hardware,

techniques, best practices and procedures to protect computer applications from
external security threats.

Security was once an afterthought in software design. Today, it's an increasingly

critical concern for every aspect of application development, from planning through
deployment and beyond. The volume of applications developed, distributed, used
and patched over networks is rapidly expanding. As a result, application security
practices must address an increasing variety of threats.

How does application security work?

Security measures include improving security practices in the software development

lifecycle and throughout the application lifecycle. All appsec activities should
minimize the likelihood that malicious actors can gain unauthorized access to
systems, applications or data. The ultimate goal of application security is to prevent
attackers from accessing, modifying or deleting sensitive or proprietary data.

Any action taken to ensure application security is a countermeasure or security

control. The National Institute of Standards and Technology (NIST) defines a security
control as: "A safeguard or countermeasure prescribed for an information system or
an organization designed to protect the confidentiality, integrity, and availability of its
information and to meet a set of defined security requirements."

An application firewall is a countermeasure commonly used for software. Firewalls

determine how files are executed and how data is handled based on the specific
installed program. Routers are the most common countermeasure for hardware. They
prevent the Internet Protocol (IP) address of an individual computer from being
directly visible on the internet.

21
Other countermeasures include the following:

conventional firewalls

encryption and decryption programs

antivirus programs

spyware detection and removal programs

biometric authentication systems

Why is application security important?

Application security -- including the monitoring and managing of application

vulnerabilities -- is important for several reasons, including the following:

Finding and fixing vulnerabilities reduces security risks and doing so helps reduce an
organization's overall attack surface.

Software vulnerabilities are common. While not all of them are serious, even
noncritical vulnerabilities can be combined for use in attack chains. Reducing the
number of security vulnerabilities and weaknesses helps reduce the overall impact of
attacks.

Taking a proactive approach to application security is better than reactive security

measures. Being proactive enables defenders to identify and neutralize attacks earlier,
sometimes before any damage is done.

As enterprises move more of their data, code and operations into the cloud, attacks
against those assets can increase. Application security measures can help reduce the
impact of such attacks.Neglecting application security can expose an organization to
potentially existential threats.

Application security testing should be done at all phases of application development.

What is threat modeling?

Threat modeling or threat assessment is the process of reviewing the threats to an

enterprise or information system and then formally evaluating the degree and nature

22
of the threats. Threat modeling is one of the first steps in application security and
usually includes the following five steps:

rigorously defining enterprise assets;

identifying what each application does or will do with respect to these assets;

creating a security profile for each application;

identifying and prioritizing potential threats; and

documenting adverse events and the actions taken in each case.

In this context, a threat is any potential or actual adverse event that can compromise
the assets of an enterprise. These include both malicious events, such as a denial-of-
service attack, and unplanned events, such as the failure of a storage device.

Common application security weaknesses and threats

The most common application security weaknesses are well-known. Various

organizations track them over time. The Open Web Application Security Project
(OWASP) Top Ten list and the Common Weakness Enumeration (CWE) compiled by
the information security community are two of the best-known lists of application
weaknesses.

The OWASP list focuses on web application software. The CWE list focuses on
specific issues that can occur in any software context. Its goal is to provide developers
with usable guidance on how to secure their code.

The top 10 items on the CWE list and their CWE scores are the following:

Application weaknesses can be mitigated or eliminated and are under control of the
organization that owns the application. Threats, on the other hand, are generally
external to the applications. Some threats, like physical damage to a data center due to
adverse weather or an earthquake, are not explicitly malicious acts. However, most
cybersecurity threats are the result of malicious actors' actions taken.

Threats exploit weaknesses and vulnerabilities. Common application security threats

include the following:

23
Software injection attacks exploit vulnerabilities in application code that enable
attackers to insert code into the application through ordinary user input.

Cross-site scripting attacks exploit vulnerabilities in the way web applications handle
cookies to steal or forge cookies so that the attacker can impersonate authorized users.

Buffer overflow attacks exploit vulnerabilities in the way applications store working
data in system buffers. Secure development best practices minimize these attacks.
These include using data validation and programming languages that safely manage
memory allocations, keeping software updated with the latest patches and relying on
the principal of least privilege.

The objective of application security is to defeat attacks, while attack vectors give
attackers the means of breaching application security.

Common categories of application security

.Applications can be categorized in different ways; for example, as specific functions,

such as authentication or appsec testing. They can also be divided according to
domains, like application security for web, mobile, internet of things (IoT) and other
embedded applications..

.Security professionals use different tactics and strategies for application security,
depending on the application being developed and used. Application security
measures and countermeasures can be characterized functionally, by how they are
used, or tactically, by how they work.

.Application security controls can be classified in different ways, as well. One

approach is to categorize them based on what they do.

.Application security testing controls help keep weaknesses and vulnerabilities out of
the application as it is being developed.

.Access control safeguards prevent unauthorized access to applications. This protects

against hijacking of authenticated user accounts as well as inadvertently giving access
to restricted data to an authenticated user who is not authorized to access it.

.Authentication controls are used to ensure that users or programs accessing

application resources are who or what they say they are.

24
.Authorization controls are used to ensure that users or programs that have been
authenticated are actually authorized to access application resources. Authorization
and authentication controls are closely related and often implemented with the same
tools.

.Encryption controls are used to encrypt and decrypt data that needs to be protected.
Encryption controls can be implemented at different layers for networked
applications. For example, an application can implement encryption within the
application itself by encrypting all user input and output. Alternately, an application
can rely on encryption controls such as those provided by network layer protocols,
like IP Security or IPsec, which encrypt data being transmitted to and from the
application.

.Logging controls are used to track application activities. They are indispensable for
maintaining accountability. Without logging, it can be difficult or impossible to
identify what resources an attack has exposed. Comprehensive application logs are
also an important control for testing application performance.

Another way to classify application security controls is how they protect against
attacks.

.Preventative controls are used to keep attacks from happening. Their objective is to
protect against vulnerabilities. For example, access control and encryption are often
used to prevent unauthorized users from accessing sensitive information;
comprehensive application security testing is another preventive control that is
applied in the software development lifecycle.

Corrective controls reduce the effect of attacks or other incidents. For example,
using virtual machines, terminating malicious or vulnerable programs, or patching
software to eliminate vulnerabilities are all corrective controls.

.Detective controls are fundamental to a comprehensive application security

architecture because they may be the only way security professionals are able to
determine an attack is taking place. Detective controls include intrusion detection
systems, antivirus scanners and agents that monitor system health and availability.

25
The process of securing an application is ongoing, from the earliest stages of
application design to ongoing monitoring and testing of deployed applications.
Security teams use a broad range of tools and testing practices.

Application security testing and tools

Tools and techniques used for application security are almost as numerous and diverse
as those used for application development.

Most of these tools and techniques fall into one of the following four categories:

.Secure development platforms help developers avoid security issues by imposing and
enforcing standards and best practices for secure development.

.Code scanning tools enable developers to review new and existing code for potential
vulnerabilities or other exposures.

Application testing tools automate the testing of finished code. Application testing
tools can be used during the development process, or they can be applied to existing
code to identify potential issues. Application testing tools can be used for static,
dynamic, mobile or interactive testing.

Application shielding tools are used to protect applications that are in release. Some
examples include the following:

.threat detection tools to examine the network and environment in which an

application is running, and flag vulnerabilities and potential threats;

.encryption tools for protecting data from interception;

.code obfuscation tools to make source code hard or impossible to decipher and
reverse engineer; and

.runtime application self-protection tools, which combine elements of application

testing tools and application shielding tools to enable continuous monitoring of an
application.

Of course, application security exists within the context of OSes, networks and other
related infrastructure components that must also be secured. To be fully secure, an
application should be protected from all types of attack.

26
Best practices for application security

Best practices for application security fall into several general categories.

.What must be protected? Experts recommend security professionals map out all of
the systems, software and other computing resources -- in the cloud and on premises
-- that must a part of the application.

.What is the worst that can happen? Experts recommend understanding and
quantifying what is at stake if the worst does happen. This enables organizations to
allocate resources appropriately for avoiding risk.

.What could happen? How could a successful attack be carried out? Threats are the
things that could negatively affect the application, the organization deploying the
application or the application users.

Specific tips for application security best practices focus on identifying general
weaknesses and vulnerabilities and addressing them. Other best practices depend on
applying specific practices like adopting a security framework or implementing
secure software development practices appropriate for the application type.

Application security trends and future

While the concepts of application security are well understood, they are still not
always well implemented. Security experts have had to adjust as the computing
changed. For example, as the industry shifted from time-shared mainframes to
networked personal computers, application security professionals had to change how
they identified and addressed the most urgent vulnerabilities.

27