Presented by: Prof. Aditi S.

Dahivelkar
Information Security:
• Information security is the prevention and security of computer assets from unauthorized access, use,
alteration, degradation, destruction, and several threats.

• Information security is also known as InfoSec.

• The main objective of information security is to provide the safety and privacy of critical information
such as user account details, financial record or intellectual property.

• Information can be a physical or electronic one. Information can be anything like Your details or we can
say your profile on social media, your data on mobile phone, your biometrics etc. Thus Information
Security spans so many research areas like Cryptography, Mobile Computing, Cyber Forensics, Online
Social Media, etc.

• In a simple words, we can say that Information Security is about securing information from
unauthorized access.
Why we use Information Security?
• We use information security to protect valuable information assets from a wide range of threats,
including theft and cybercrime.
• Information security is necessary to ensure the confidentiality, integrity, and availability of information.

• Information Security programs are build around 3 objectives, commonly known as

• CIA – C - Confidentiality
• I - Integrity
• A - Availability.

• Confidentiality - means information is not disclosed to unauthorized individuals, entities and

process. For example if we say I have a password for my Gmail account but someone saw while
I was doing a login into Gmail account. In that case my password has been compromised and
Confidentiality has been breached.
• 2. Integrity: means maintaining accuracy and completeness of data.
• This means data cannot be edited in an unauthorized way.
• For example if an employee leaves an organisation then in that case data for that employee in all
departments like accounts, should be updated to reflect status to JOB LEFT so that data is complete
and accurate and in addition to this only authorized person should be allowed to edit employee data.

• 3. Availability:
• Means information must be available when needed.
• For example if one needs to access information of a particular employee to check whether employee
has outstanded the number of leaves, in that case it requires collaboration from different organizational
teams like network operations, development operations, incident response and policy/change
management.
• Denial of service attack is one of the factor that can hamper the availability of information.
Security Threats and Vulnerabilities :
• The Threat, Vulnerability, and Risk these terms are interrelated but not the
same.
1. Threat:
• A cyber threat is a malicious act that seeks to steal or damage data of the digital network or system.
• Threats can also be defined as the possibility of a successful cyber attack to get access to the sensitive
data of a system unethically.
• Examples of threats include computer viruses, Denial of Service (DoS) attacks, data breaches, and
even sometimes dishonest employees.

• Types of Threats:
• Threats could be of three types, which are as follows:

1. Intentional- Malware, phishing, and accessing someone’s account illegally, etc. are examples of
intentional threats.
2. Unintentional- Unintentional threats are considered human errors, for example, forgetting to update the
firewall or the anti-virus could make the system more vulnerable.
3. Natural- Natural disasters can also damage the data, they are known as natural threats.
• 2.Vulnerability:

• A vulnerability is a weakness, flaw or other shortcoming in a system (infrastructure, database or software), but it can
also exist in a process, a set of controls, or simply just the way that something has been implemented or deployed.
• There are different types of vulnerabilities, we can sum them up generally as:

1. Technical vulnerabilities - like bugs in code or an error in some hardware or software.

2. Human vulnerabilities - such as employees falling for phishing, smishing or other common attacks.
Security Architecture:
• Security Architecture and Design describes bundle of the following components:
• A Hardware, Operating System and Software.
• It also includes a description of designing , architecting and evaluating the system to provide security.
• Security Architecture and Design is a three-part domain.
• The first part covers the hardware and software required to have a secure computer system,
• the second part covers the logical models required to keep the system secure,
• and the third part covers evaluation models that quantify how secure the system really is.

• Layering :
• Layering is a concept that arranges Hardware.
• Drivers for kernal and Devices, operating system and applications in a sequential order.
• Layering separates hardware and software functionality into modular tiers.
• Hardware is at the bottom Layer and Applications are at the top.
• The Layering Approach is used to differentiate the Hardware from the software into different Tiers.
• A generic list of security architecture layers is as follows:

• Hardware
• Kernel and device drivers
• Operating system
• Applications

• Abstraction:
• It is a process of hiding the implementation details from the user and showing only the functionality to the user.
• Abstraction hides unnecessary details from the user.
• Complexity is the enemy of security—the more complex a process is, the less secure the system it is.
• That said, computers are tremendously complex machines.
• Abstraction provides a way to manage that complexity.

• For example:
• A user double-clicks on an MP3 file containing music, and the music plays via the computer speakers. Behind the
scenes, tremendously complex actions are taking place. The operating system opens the MP3 file, looks up the
application associated with it, and sends the bits to a media player. The bits are decoded by a media player, which
converts the information into a digital stream and sends the stream to the computer's sound card. The sound card
converts the stream into sound, which is sent to the speaker output device. Finally, the speakers play sound.
Abstraction means the user simply presses the play button and hears the music.
• Security domains:
• A security domain are actually the set of subjects and objects which defines simillarity in access levels.
• More broadly defined, domains are groups of subjects and objects with similar security requirements.
“Confidential,” “secret,” and “top secret” are three security domains used by the U.S. Department of
Defense (DoD).
• for example. With respect to kernels, kernels have two levels that are - user mode and kernel mode.

• Kernel mode - (also known as supervisor mode) is where the kernel lives, allowing low-level access to
memory, CPU, disk, etc.
• It is the most trusted and powerful part of the system.
• User mode - is where user accounts and their processes are live.
 Ring Model :

The rings are (theoretically) used as follows:

Ring 0—Kernel

Ring 1—Other OS components that do not fit into ring 0

Ring 2—Device drivers

• Figure :The Ring Model. Ring 3—User applications

• Ring model - is a layering of CPU

hardware in four levels i.e. Ring 0 , Ring
1, Ring 2 and Ring 3.
• Secure Hardware Architecture :
• The security Architecture Provides Confidentiality, Integrity and Availability to the system by including the
Hardware.
• Secure Hardware Architecture focuses on the physical computer hardware required to have a secure
system.

• The system unit and motherboard:

• The system unit is the computer's case:
• It contains all of the internal electronic computer components, including motherboard, internal disk drives,
power supply, etc.
• The motherboard contains hardware, including the CPU, memory slots, firmware, and peripheral slots
such as Peripheral Component Interconnect (PCI) slots.
• The keyboard unit is the external keyboard .
Operational Models:

• These models are used for maintaining goals of security, i.e. Confidentiality, Integrity, and
Availability.
• In simple words, it deals with CIA Triad maintenance. There are 3 main types of Classic
Security Models.
• Security Models: It Means it detect us how subject communicates with the object.

1. Bell-LaPadula
2. Biba
3. Clarke Wilson Security Model
1. Bell-LaPadula
It is a first Security Model.
It is developed for Department of
Defence (DOD).
This model was Primarily focused on
Confidentiality.
1. This Model was invented by
Scientists David Elliot Bell and
Leonard .J. LaPadula.
2. Thus this model is called the Bell-
LaPadula Model.
3. This is used to maintain the
Confidentiality of Security. Here, the
classification of Subjects(Users) and
Objects(Files) are organized in a
non-discretionary fashion, with
respect to different layers of security.
It has mainly 3 Rules:
1.SIMPLE CONFIDENTIALITY RULE:
• Simple Confidentiality Rule states that the Subject can only Read the files on the Same Layer of
Secrecy and the Lower Layer of Secrecy but not the Upper Layer of Secrecy, due to which we call this
rule as NO READ-UP

2. STAR CONFIDENTIALITY RULE:

• Star Confidentiality Rule states that the Subject can only Write the files on the Same Layer of Secrecy
and the Upper Layer of Secrecy but not the Lower Layer of Secrecy, due to which we call this rule as
NO WRITE-DOWN

3. STRONG STAR CONFIDENTIALITY RULE:

• Strong Star Confidentiality Rule is highly secured and strongest which states that the Subject can Read
and Write the files on the Same Layer of Secrecy only and not the Upper Layer of Secrecy or the
Lower Layer of Secrecy, due to which we call this rule as NO READ WRITE UP DOWN
 2. Biba :
• This Model was invented by Scientist Kenneth .J.
Biba.
• Thus this model is called Biba Model.
• This is used to maintain the Integrity of Security.
Here, the classification of Subjects(Users) and
Objects(Files) are organized in a non-discretionary
fashion, with respect to different layers of secrecy.

• This works the exact reverse of the Bell-LaPadula

Model.
• It has mainly 3 Rules:

1. SIMPLE INTEGRITY RULE:

• Simple Integrity Rule states that the Subject can only Read the files on the Same Layer of Secrecy and
the Upper Layer of Secrecy but not the Lower Layer of Secrecy, due to which we call this rule as NO
READ DOWN

2. STAR INTEGRITY RULE:

• Star Integrity Rule states that the Subject can only Write the files on the Same Layer of Secrecy and
the Lower Layer of Secrecy but not the Upper Layer of Secrecy, due to which we call this rule as NO
WRITE-UP

3. STRONG STAR INTEGRITY RULE - Strong Star Integrity Rule is highly secured and strongest
• which states that the Subject can Read and Write the files on the Same Layer of security only and not
the Upper Layer of security or the Lower Layer of security, due to which we call this rule as NO READ
WRITE UP DOWN.
• 3. Clarke Wilson Security Model
• This Model is a highly secured model. It has the
following entities.

• SUBJECT: It is any user who is requesting for

Data Items.
• CONSTRAINED DATA ITEMS: It cannot be
accessed directly by the Subject. These need to
be accessed via Clarke Wilson Security Model

• UNCONSTRAINED DATA ITEMS: It can be

accessed directly by the Subject.
• The Components of Clarke Wilson Security Model :-

• TRANSFORMATION PROCESS: Here, the Subject’s request to access the Constrained

Data Items that is handled by the Transformation process which then converts it into
permissions and then forwards it to Integration Verification Process.

• INTEGRATION VERIFICATION PROCESS: The Integration Verification Process will perform

Authentication and Authorization. If that is successful, then the Subject is given access to
Constrained Data Items.
Types of Attack:
• What is a Security attack?
• Security attacks - These are the unauthorized or illegal
actions that are taken against the government,
corporate, or private IT assets in order to destroy,
modify, or steal the sensitive data.
• They are further classified into active and passive
attacks

• Active Attacks:
• Active attacks are the type of attacks in which,
• The attacker efforts to change or modify the content of
messages.
• Active Attack is dangerous to Integrity as well as
availability. Due to active attack system is always
damaged and System resources can be changed.
• The most important thing is that, In an active attack,
Victim gets informed about the attack.
Passive Attack:

• Passive Attacks:
• Passive Attacks are the type of attacks in
which, The attacker observes the content
of messages or copies the content of
messages.
• Passive Attack is a danger to
Confidentiality.
• Due to passive attack, there is no harm to
the system. The most important thing is
that In a passive attack, Victim does not
get informed about the attack.
No.Difference between Active
Active Attack and Passive Attack:
Passive Attack
1. In an active attack, Modification in While in a passive attack, Modification in the
information takes place. information does not take place.
2. Active Attack is a danger to Integrity as well Passive Attack is a danger to Confidentiality.
as availability.
3. In an active attack, attention is on While in passive attack attention is on detection.
prevention.
4. Due to active attacks, the execution system While due to passive attack, there is no harm to the
is always damaged. system.
5. In an active attack, Victim gets informed While in a passive attack, Victim does not get
about the attack. informed about the attack.
6. In an active attack, System resources can While in passive attack, System resources are not
be changed. changing.
7. In an active attack, information collected While passive attacks are performed by collecting
through passive attacks is used during information such as passwords, and messages by
execution. themselves.
8. Can be easily detected. Very difficult to detect.
9. The purpose of an active attack is to harm The purpose of a passive attack is to learn about the
the ecosystem. ecosystem.
10. The duration of an active attack is short. The duration of a passive attack is long.
Goals of Security:
• Information security is designed and required to secure the print, digital,
and some personal, sensitive, and private information from unapproved
persons. It very well may be utilized to get information from being misused,
affirmation, destruction, modification, and interruption.

• There are the major goals of information security which are as follows −
• CIA – C - Confidentiality
• I - Integrity
• A - Availability.

• Confidentiality - means information is not disclosed to

unauthorized individuals, entities and process.
• For example if we say I have a password for my Gmail
account but someone saw while I was doing a login into
Gmail account. In that case my password has been
compromised and Confidentiality has been breached.
 2. Integrity: means maintaining accuracy and completeness of data.
• This means data cannot be edited in an unauthorized way.
• For example if an employee leaves an organisation then in that case data for that employee in all
departments like accounts, should be updated to reflect status to JOB LEFT so that data is complete
and accurate and in addition to this only authorized person should be allowed to edit employee data.

3. Availability:
• Means information must be available when needed.
• For example if one needs to access information of a particular employee to check whether employee
has outstanded the number of leaves, in that case it requires collaboration from different organizational
teams like network operations, development operations, incident response and policy/change
management.
• Denial of service attack is one of the factor that can hamper the availability of information.
Malicious Code :
• What is Malicious Code?
• Malicious code works like any type of software or Program.
• It is implemented as a set of instructions that are executed on a computer, and can be designed to
achieve a variety of different effects.
• Malicious code can steal sensitive information, deny access to important data or functionality, or
achieve other effects.
• Malicious code will interrupt our system operations/data/Network.
• Malicious code can cause major disruptions on your computer and in your network. Files can be
deleted, a hacker might gain control of your computer, passwords may become compromised and daily
operations can be halted.
There are different types of Malicious codes :

Malicious code comes in many forms:

• 1) virus: Computer viruses are replicate itself.
• i.e. repeat itself and spread in the system.
• it will create its own files and that will be spread into the computer system.
• If one file is affected with the virus , so automatically remaining files are corrupted.
• How virus files are entering the system ?
• Through files : Word , Excel or Exe Files .

• 2) Worms: It is type of Malicious software.

• It uses Network to spread or enter through system.
• these are entering through E-mails in the system.

• 3)Trojan Horse:
• It is look like a legitimate (valid) software.
• These are Un-Noticable by user Because it is run in the backround , so we can’t see them.
• How trojan Horse will enter into the system?
• the enter into the system through Utility software , or on attachments or malicious downloads.

4) Ransomeware:
• It is most Dangerous Software.
• It locks all the files and Folders using encryption Algorithm.
• Attacker demands money to provide decryption Tool.
• How Ransomeware are entering into the system?
• This are entering in the system through Phishing sites(Links).

5) Spyware:
• It is type of Malicious software.
• It will spy (Observed) all the activities being done on system and then sends to attacker.

6) Infostealers: Infostealers collect sensitive information from a user’s device.

This could include login credentials, credit card data, and other sensitive information.
Intrusion Detection System :
• A system called an intrusion detection system (IDS) observes network traffic for malicious
transactions and sends immediate alerts when it is observed.

• It is software that checks a network or system for malicious activities or policy violations.

• Each illegal activity or violation is often recorded either centrally using a SIEM system or
notified to an administration.

• IDS monitors a network or system for malicious activity and protects a computer network
from unauthorized access from users, including perhaps insiders.

• The intrusion detector learning task is to build a predictive model (i.e. a classifier) capable of
distinguishing between ‘bad connections’ (intrusion/attacks) and ‘good (normal) connections’.
• How does an IDS work?
• An IDS (Intrusion Detection System) monitors the traffic on a computer network to detect any
suspicious activity.

• It analyzes the data flowing through the network to look for patterns and signs of abnormal
behavior.

• The IDS compares the network activity to a set of predefined rules and patterns to identify any
activity that might indicate an attack or intrusion.

• If the IDS detects something that matches one of these rules or patterns, it sends an alert to
the system administrator.

• The system administrator can then investigate the alert and take action to prevent any
damage or further intrusion.
• So, if you set an IDS program, the system will be able to:

• Recognize attack patterns from the network packets

• Monitor the user behavior
• Identify the abnormal traffic activity
• Ensure that user and system activity do not go against security policies
• Classification of Intrusion Detection System
• IDS are classified into 5 types:

• 1 .Network Intrusion Detection System (NIDS):

• Network intrusion detection systems (NIDS) are set up at a planned point within the network to examine traffic from
all devices on the network.
• It performs an observation of passing traffic on the entire subnet and matches the traffic that is passed on the
subnets to the collection of known attacks.
• Once an attack is identified or abnormal behavior is observed, the alert can be sent to the administrator.
• An example of a NIDS is installing it on the subnet where firewalls are located in order to see if someone is trying to
crack the firewall.

• Host Intrusion Detection System (HIDS):

• Host intrusion detection systems (HIDS) run on independent hosts or devices on the network.
• A HIDS monitors the incoming and outgoing packets from the device only and will alert the administrator if suspicious
or malicious activity is detected.
• It takes a snapshot of existing system files and compares it with the previous snapshot.
• If the analytical system files were edited or deleted, an alert is sent to the administrator to investigate.
• Protocol-based Intrusion Detection System (PIDS):
• Protocol-based intrusion detection system (PIDS) comprises a system or agent that would
consistently reside at the front end of a server, controlling and interpreting the protocol
between a user/device and the server.
• It is trying to secure the web server by regularly monitoring the HTTPS protocol stream and
accepting the related HTTP protocol.
• As HTTPS is unencrypted and before instantly entering its web presentation layer then this
system would need to reside in this interface, between to use the HTTPS.

• Application Protocol-based Intrusion Detection System (APIDS):

• An application Protocol-based Intrusion Detection System (APIDS) is a system or agent that
generally resides within a group of servers.
• It identifies the intrusions by monitoring and interpreting the communication on application-
specific protocols.
• For example, this would monitor the SQL protocol explicitly to the middleware as it transacts
with the database in the web server.
• Hybrid Intrusion Detection System:
• Hybrid intrusion detection system is made by the combination of two or more approaches to the intrusion
detection system.
• In the hybrid intrusion detection system, the host agent or system data is combined with network
information to develop a complete view of the network system.
• The hybrid intrusion detection system is more effective in comparison to the other intrusion detection
system.
• Prelude is an example of Hybrid IDS.
1. Network intrusion detection system (NIDS): monitors a complete protected network
through one or more Networks.

2. Host intrusion detection system (HIDS): monitors individual devices that are
connected to the internet and an organization’s internal network.

3. Protocol-based intrusion detection system (PIDS): monitors specific network

protocols, such as TCP/IP or HTTP.

4. Application protocol-based intrusion detection system (APIDS): monitors specific

applications or services, such as web servers or databases.

5. Hybrid intrusion detection system: combines two or more types of IDS to provide
comprehensive protection.
Limitations of IDS:
1. An intrusion detection system (IDS) has several limitations, including:

2. False positives: An IDS may generate alerts for normal network activity, which can lead to a high number of false
alarms and dilute the effectiveness of the system.

3. False negatives: An IDS may fail to detect a real intrusion, leading to potential security breaches.

4. Difficulty in identifying new threats: New types of attacks are constantly being developed and an IDS may not be
able to detect them if it is not regularly updated.

5. Limited ability to respond to an intrusion: An IDS may detect an intrusion, but it may not have the ability to take any
action to prevent it or mitigate its effects.

6. High maintenance cost: An IDS requires regular maintenance and updates to stay effective, which can be costly.

7. Limited ability to detect internal threats: An IDS is typically designed to detect external threats, and may not be able
to detect internal threats such as bad employees or malware.
Privacy And Security :

Privacy
− Privacy can be represented as an individual or a group's ability to cloister the information about them
and then disclose it selectively.
It define that privacy is used to sensitive or crucial information.

Security −
Security define personal freedom from outside forces. It is the state of being free from potential threats or
dangers. It is like a home security system which secure the integrity of the household, data security
protects of valuable data and information from prying eyes by safeguarding the passwords and documents.

The goals of security are confidentiality, integrity, and availability. It can strengthen the internal control and
restrict unauthorized access from both internal and external factors, thereby securing the confidentiality
and integrity of resources and assets.
Difference between Privacy And Security :
Privacy
1. Privacy defines the ability to secure personally
identifiable data.
2. Privacy denotes anyone who feels free from some
unwanted attention.
3. Privacy programs concentrate on protection
personal information just like passwords, log-in
credentials, etc.
4. Privacy defines protecting sensitive information
associated to individuals and organisations.
5. Privacy programs concentrate on protection
personal information only like passwords, log-in
credentials, etc.
6. Privacy can't be adept without security.
Security
1. Security define protecting against unauthorized
access.
2. Security is some state of being free through
possible threats or private freedom.
3. The security programs defines the set of regulations
and protocols to secure each confidential
information resources and assets that an enterprise
owns and collects.
4. Security supports protection for some types of data
and information such as the ones that are saved
electronically.
5. security programs defines the set of regulations and
protocols to secure each confidential information
resources and assets that an enterprise owns and
collects.
6. Security can be adept without privacy.
• Referrence:

• https://www.geeksforgeeks.org/introduction-to-classic-security-models/
• https://www.geeksforgeeks.org/difference-between-active-attack-and-passive-attack/
• https://en.wikibooks.org/wiki/Security_Architecture_and_Design/Security_Models
• https://www.techopedia.com/definition/72/security-architecture