Unit 2 (CL)
Unit 2 (CL)
Application security - Application security is the use of software, hardware, and procedural
methods to protect applications from external threats. Security is becoming an increasingly important
concern during development as applications become more frequently accessible over networks and
are, as a result, vulnerable to a wide variety of threats. Security measures built into applications and a
sound application security routine minimize the likelihood that unauthorized code will be able to
manipulate applications to access, steal, modify, or delete sensitive data. Actions taken to ensure
application security are sometimes called countermeasures. The most basic software countermeasure
is an application firewall that limits the execution of files or the handling of data by specific installed
programs. The most common hardware countermeasure is a router that can prevent the IP address of
an individual computer from being directly visible on the Internet.
Database security - Database security concerns the use of a broad range of information security
controls to protect databases against compromises of their confidentiality, integrity and availability. It
involves various types or categories of controls, such as technical, procedural/administrative and
physical. Database security is a specialist topic within the broader realms of computer security,
information security and risk management.
• Malware infections causing incidents such as unauthorized access, leakage or disclosure of personal
or proprietary data, deletion of or damage to the data or programs, interruption or denial of authorized
access to the database, attacks on other systems and the unanticipated failure of database services; •
Overloads, performance constraints and capacity issues resulting in the inability of authorized users to
use databases as intended;
• Physical damage to database servers caused by computer room fires or floods, overheating,
lightning, accidental liquid spills, static discharge, electronic breakdowns/equipment failures and
obsolescence;
• Design flaws and programming bugs in databases and the associated programs and systems, creating
various security vulnerabilities (e.g. unauthorized privilege escalation), data loss/corruption,
performance degradation etc.;
• Data corruption and/or loss caused by the entry of invalid data or commands, mistakes in database
or system administration processes, sabotage/criminal damage etc.
Email Security - Email is vulnerable to both passive and active attacks. Passive threats include
Release of message contents, and traffic analysis while active threats include Modification of message
contents, Replay, and denial of service attack. Because email connects through many routers and mail
servers on its way to the recipient, it is inherently vulnerable to both physical and virtual
eavesdropping. To provide a reasonable level of privacy, all routers in the email pathway, and all
connections between them, must be secured. This is done through data encryption, which translates
1
the email's contents into incomprehensible text that, if designed correctly, can be decrypted only by
the recipient. There are two basic techniques for providing such secure connections.The electronic
envelope technique involves encrypting the message directly using a secure encryption standard.
These encryption methods are often a user-level responsibility, even though Enterprise versions of
OpenPGP exist. The usage of OpenPGP requires the exchange of encryption keys. Even if an
encrypted email is intercepted and accessed, its contents are meaningless without the decryption key.
There are also examples of secure messaging solutions available built on purely symmetric keys for
encryption. These methods are also sometimes tied with authorization in the form of authentication.
Authentication just means that each user must prove who he is by using either a password, biometric
(such as a fingerprint), or other standard authentication means.
Internet security – Internet security is a tree branch of computer security specifically related to
the Internet, often involving browser security but also network security on a more general level as it
applies to other applications or operating systems on a whole. Its objective is to establish rules and
measures to use against attacks over the Internet.
[1] The Internet represents an insecure channel for exchanging information leading to a high risk of
intrusion or fraud, such as phishing.
[2] Different methods have been used to protect the transfer of data, including encryption. Data
Backup and Archive - There is often confusion between a data archive and a backup. A classic backup
application takes periodic images of active data in order to provide a method of recovering records
that have been deleted or destroyed. Most backups are retained only for a few days or weeks as later
backup images supersede previous versions.
Security Technologies
With the rapid growth in the Internet, cyber security has become a major concern to organizations
throughout the world. The fact that the information and tools & technologies needed to penetrate
the security of corporate organization networks are widely available has increased that security
concern.
Today, the fundamental problem is that much of the security technology aims to keep the attacker
out, and when that fails, the defences have failed. Every organization who uses internet needed
security technologies to cover the three primary control types - preventive, detective, and
corrective as well as provide auditing and reporting. Most security is based on one of these types
of things: something we have (like a key or an ID card), something we know (like a PIN or a
password), or something we are (like a fingerprint).
Some of the important security technologies used in the cyber security are described below-
Firewall
Firewall is a computer network security system designed to prevent unauthorized access to or
from a private network. It can be implemented as hardware, software, or a combination of both.
Firewalls are used to prevent unauthorized Internet users from accessing private networks
connected to the Internet. All messages are entering or leaving the intranet pass through the
firewall. The firewall examines each message and blocks those that do not meet the specified
security criteria.
2
Categories of Firewalls
Firewall can be categorised into the following types-
1. Processing mode:
The five processing modes that firewalls can be categorised are-
Packet filtering
Packet filtering firewalls examine header information of a data packets that come into a
network. This firewall installed on TCP/IP network and determine whether to forward it to
the next network connection or drop a packet based on the rules programmed in the
firewall. It scans network data packets looking for a violation of the rules of the firewalls
database.
1. Static filtering: The system administrator set a rule for the firewall. These filtering
rules governing how the firewall decides which packets are allowed and which are
denied are developed and installed.
2. Dynamic filtering: It allows the firewall to set some rules for itself, such as dropping
packets from an address that is sending many bad packets.
3
MAC layer firewalls
This firewall is designed to operate at the media access control layer of the OSI network
model. It is able to consider a specific host computer's identity in its filtering decisions.
MAC addresses of specific host computers are linked to the access control list (ACL)
entries. This entry identifies specific types of packets that can be sent to each host and
all other traffic is blocked. It will also check the MAC address of a requester to determine
whether the device being used are able to make the connection is authorized to access
the data or not.
Hybrid firewalls
It is a type of firewalls which combine features of other four types of firewalls. These are
elements of packet filtering and proxy services, or of packet filtering and circuit
gateways.
VPNs
A VPN stands for virtual private network. It is a technology which creates a safe and an
encrypted connection on the Internet from a device to a network. This type of connection
helps to ensure our sensitive data is transmitted safely. It prevents our connection from
eavesdropping on the network traffic and allows the user to access a private network
securely. This technology is widely used in the corporate environments.
A VPN works same as firewall like firewall protects data local to a device wherever VPNs
protects data online. To ensure safe communication on the internet, data travel through
secure tunnels, and VPNs user used an authentication method to gain access over the
VPNs server. VPNs are used by remote users who need to access corporate resources,
consumers who want to download files and business travellers want to access a site that
is geographically restricted.
Intrusion Detection System have different types to detects the suspicious activities-
1. NIDS-
It is a Network Intrusion Detection System which monitors the inbound and outbound
traffic to and from all the devices over the network.
4
2. HIDS-
It is a Host Intrusion Detection System which runs on all devices in the network with
direct access to both internet and enterprise internal network. It can detect anomalous
network packets that originate from inside the organization or malicious traffic that a
NIDS has failed to catch. HIDS may also identify malicious traffic that arises from the
host itself.
It is a detection system which refers to the detection of an attack by looking for the
specific patterns, such as byte sequences in network traffic, or known malicious
instruction sequences used by malware. This IDS originates from anti-virus software
which can easily detect known attacks. In this terminology, it is impossible to detect new
attacks, for which no pattern is available.
This detection system primarily introduced to detect unknown attacks due to the rapid
development of malware. It alerts administrators against the potentially malicious
activity. It monitors the network traffic and compares it against an established baseline. It
determines what is considered to be normal for the network with concern to bandwidth,
protocols, ports and other devices.
Access Control
Access control is a process of selecting restrictive access to a system. It is a concept in
security to minimize the risk of unauthorized access to the business or organization. In
this, users are granted access permission and certain privileges to a system and
resources. Here, users must provide the credential to be granted access to a system.
These credentials come in many forms such as password, key card, the biometric
reading, etc. Access control ensures security technology and access control policies to
protect confidential information like customer data.
Logical access control- This type of access control limits connection to computer
networks, system files, and data.
The more secure method for access control involves two - factor authentication. The first
factor is that a user who desires access to a system must show credential and the
second factor could be an access code, password, and a biometric reading.
5
granted access whereas an authorization provides that whether a user should be
allowed to gain access to a system or denied it.
Security Threats-
What is a Malware
• Malware is the shortened form of malicious software.
• Malware is an umbrella term used to refer to a variety of forms of
hostile or intrusive software including Ransom wares, Computer
Viruses, Worms, Trojan Horses, Spyware, Adware, Scareware etc.
• This is any program or file that is harmful to a computer user.
• The term refers to software that is deployed with malicious intent.
• Malware can be deployed even remotely, and tracking the source of
malware is hard.
• It can take the form of executable code, scripts, active content, and
other software.
• These malicious programs can perform a variety of functions,
including stealing, encrypting or deleting sensitive data, altering or
hijacking core computing functions and monitoring users’ computer
activity without their permission.
• This combination has enabled commercial malware providers to
supply sophisticated black markets for both malware and the
information that it collects.
6
4. Spy on computer users for an extended period without their
knowledge, for example, Reign Malware.
5. It may be designed to cause harm, often as sabotage for example
Stuxnet.
6. Extort payment for example Cryptolocker.
7
Email Virus
An email virus is defined as an email that consists hidden malicious
program that affects the system. The malicious program inside the email
gets activated once the user opens the malicious attachments with emails
or when clicking on infected links. Email viruses are also used in order to
bring the server down by continuously sending multiple spam emails.
These spam emails are designed by hackers in such a way that they are
difficult to detect by the users. The email virus not only affects the victim’s
system but all the systems in the address book of the victims.
Email virus consists of executable files that have extensions such as .exe,
.pdf, .dot, .com, .xls, .scr
How Does Email Virus Harm?
• Steal the personal data present in the system or device.
• Crash the system.
• Execute attacks such as ransomware .
• Marks the system of the victim as a botnet .
• Create continuous unwanted pop-ups.
Types of Email Virus
An email virus is spread across multiple systems through some common
methods such as:
1. Spam Emails
The most common method for the spread of email viruses is spam emails.
These emails are prepared in such a way that they look as of they are
legitimate and useful emails. The email consists of links for redirections
and the victim cannot resist clicking them. The subjects that are prepared
are useful and attractive. For example, subjects regarding interview calls
offers on purchases, etc. Once the user clicks on malicious links provided
within the email the malicious program gets installed in the system.
2. Hoax Mails
Hoax Mail Virus are emails that consist of warnings and alert-related
content. The main aim of Hoax mail is to panic the victims. The email is
attached with security precautions for viruses and hacks. They advise
installing the attachments for providing security and once the attachments
are installed the malicious program gets access to the systems.
3. Whaling/Business Email Compromise
Whaling is an email virus for organizational institutions. whaling is majorly
used for scam. The email looks like a genuine email and is sent to the
person who looks for transactions in the organization. The draft consists
of sending the specified amount of money for some mentioned reasons.
whaling commonly takes place with big organizations.
4. Ransomware
Ransomware encrypts the victim’s data and then demands payment to get
it decrypted. It is typically distributed through emails. Attacks using
8
ransomware typically have a financial motivation, and in contrast to other
forms of attacks, the victim of a ransomware assault is typically informed
of an exploit and provided instructions on how to recover from the attack.
5. Phishing
Phishing is the practise of tricking victims into divulging sensitive
information such as logon data or other information so that criminals can
use it or sell it for their own evil objectives. A socially crafted message and
an authentic-looking sender are the typical components of a phishing
attempt
Macro Virus
Macro viruses a malicious code specifically designed by the hacker or
attacker using the macro language (A language that is used to build
applications such as Microsoft Word, Excel, or PowerPoint). Macro
viruses attach themselves to documents and spreadsheets, and when
these files are opened or edited, they infect other documents as well. The
dangerous thing about macro viruses is that they can infect any computer,
regardless of the operating system it runs on. This means that whether
your computer is running Windows, macOS, or Linux, it is vulnerable to a
macro virus attack.
Malicious Software
The words “Malicious Software” coin the word “Malware” and the meaning
remains the same. Malicious Software refers to any malicious program that
causes harm to a computer system or network. Malicious Malware
Software attacks a computer or network in the form of viruses, worms,
trojans, spyware, adware or rootkits.
9
Worms
Trojan Horses
Spyware/Adware
Rootkit
10
computers and routers to crash and links to bog down. The most famous DoS
technique is the Ping of Death. The Ping of Death attack works by generating and
sending special network messages (specifically, ICMP packets of non-standard
sizes) that cause problems for systems that receive them. In the early days of the
Web, this attack could cause unprotected Internet servers to crash quickly. It is
strongly recommended to try all described activities on virtual machines
rather than in your working environment.
Following is the command for performing flooding of requests on an IP.
ping ip_address –t -65500
HERE,
• “ping” sends the data packets to the victim.
• “ip_address” is the IP address of the victim.
• “-t” means the data packets should be sent until the program is stopped.
• “-l(65500)” specifies the data load to be sent to the victim.
Other basic types of DoS attacks involve.
• Flooding a network with useless activity so that genuine traffic cannot get
through. The TCP/IP SYN and Smurf attacks are two common examples.
• Remotely overloading a system’s CPU so that valid requests cannot be
processed.
• Changing permissions or breaking authorization logic to prevent users from
logging into a system. One common example involves triggering a rapid series
of false login attempts that lockout accounts from being able to log in.
• Deleting or interfering with specific critical applications or services to prevent
their normal operation (even if the system and network overall are functional).
Threat to E-Commerce
E-Commerce refers to the activity of buying and selling things over the internet. Simply,
it refers to the commercial transactions which are conducted online. E-commerce can be
drawn on many technologies such as mobile commerce, Internet marketing, online
transaction processing, electronic funds transfer, supply chain management, electronic
data interchange (EDI), inventory management systems, and automated data collection
systems.
E-commerce threat is occurring by using the internet for unfair means with the intention
of stealing, fraud and security breach. There are various types of e-commerce threats.
Some are accidental, some are purposeful, and some of them are due to human error.
The most common security threats are an electronic payments system, e-cash, data
misuse, credit/debit card frauds, etc.
11
Electronic payments system:
With the rapid development of the computer, mobile, and network technology, e-
commerce has become a routine part of human life. In e-commerce, the customer can
order products at home and save time for doing other things. There is no need of visiting
a store or a shop. The customer can select different stores on the Internet in a very short
time and compare the products with different characteristics such as price, colour, and
quality.
12
E-cash
E-cash is a paperless cash system which facilitates the transfer of funds anonymously.
E-cash is free to the user while the sellers have paid a fee for this. The e-cash fund can
be either stored on a card itself or in an account which is associated with the card. The
most common examples of e-cash system are transit card, PayPal, GooglePay, Paytm,
etc.
A debit card is of a plastic card which issued by the financial organization to account
holder who has a savings deposit account that can be used instead of cash to make
purchases. The debit card can be used only when the fund is available in the account.
Digital Signature
A digital signature is a mathematical technique used to validate the
authenticity and integrity of a message, software, or digital document.
1. Key Generation Algorithms: Digital signature is electronic signatures,
which assure that the message was sent by a particular sender. While
performing digital transactions authenticity and integrity should be
assured, otherwise, the data can be altered or someone can also act
as if he was the sender and expect a reply.
2. Signing Algorithms: To create a digital signature, signing algorithms
like email programs create a one-way hash of the electronic data which
is to be signed. The signing algorithm then encrypts the hash value
using the private key (signature key). This encrypted hash along with
other information like the hashing algorithm is the digital signature. This
digital signature is appended with the data and sent to the verifier. The
reason for encrypting the hash instead of the entire message or
document is that a hash function converts any arbitrary input into a
much shorter fixed-length value. This saves time as now instead of
signing a long message a shorter hash value has to be signed and
moreover hashing is much faster than signing.
13
3. Signature Verification Algorithms : Verifier receives Digital Signature
along with the data. It then uses Verification algorithm to process on
the digital signature and the public key (verification key) and generates
some value. It also applies the same hash function on the received
data and generates a hash value. If they both are equal, then the
digital signature is valid else it is invalid.
The steps followed in creating digital signature are :
1. Message digest is computed by applying hash function on the
message and then message digest is encrypted using private key of
sender to form the digital signature. (digital signature = encryption
(private key of sender, message digest) and message digest =
message digest algorithm(message)).
2. Digital signature is then transmitted with the message.(message +
digital signature is transmitted)
3. Receiver decrypts the digital signature using the public key of
sender.(This assures authenticity, as only sender has his private key
so only sender can encrypt using his private key which can thus be
decrypted by sender’s public key).
4. The receiver now has the message digest.
5. The receiver can compute the message digest from the message
(actual message is sent with the digital signature).
6. The message digest computed by receiver and the message digest
(got by decryption on digital signature) need to be same for ensuring
integrity.
Message digest is computed using one-way hash function, i.e. a hash
function in which computation of hash value of a message is easy but
computation of the message from hash value of the message is very
difficult.
14
Assurances about digital signatures
The definitions and words that follow illustrate the kind of assurances that
digital signatures offer.
1. Authenticity: The identity of the signer is verified.
2. Integration: Since the content was digitally signed, it hasn’t been
altered or interfered with.
3. Non-repudiation: demonstrates the source of the signed content to all
parties. The act of a signer denying any affiliation with the signed
material is known as repudiation.
4. Notarization: Under some conditions, a signature in a Microsoft Word,
Microsoft Excel, or Microsoft PowerPoint document that has been time-
stamped by a secure time-stamp server is equivalent to a notarization.
Benefits of Digital Signatures
• Legal documents and contracts: Digital signatures are legally
binding. This makes them ideal for any legal document that requires a
signature authenticated by one or more parties and guarantees that the
record has not been altered.
• Sales contracts: Digital signing of contracts and sales contracts
authenticates the identity of the seller and the buyer, and both parties
can be sure that the signatures are legally binding and that the terms of
the agreement have not been changed.
• Financial Documents: Finance departments digitally sign invoices so
customers can trust that the payment request is from the right seller,
not from a bad actor trying to trick the buyer into sending payments to
a fraudulent account.
• Health Data: In the healthcare industry, privacy is paramount for both
patient records and research data. Digital signatures ensure that this
confidential information was not modified when it was transmitted
between the consenting parties.
Drawbacks of Digital Signature
• Dependency on technology: Because digital signatures rely on
technology, they are susceptible to crimes, including hacking. As a
result, businesses that use digital signatures must make sure their
systems are safe and have the most recent security patches and
upgrades installed.
• Complexity: Setting up and using digital signatures can be
challenging, especially for those who are unfamiliar with the
technology. This may result in blunders and errors that reduce the
system’s efficacy. The process of issuing digital signatures to senior
citizens can occasionally be challenging.
• Limited acceptance: Digital signatures take time to replace manual
ones since technology is not widely available in India, a developing
nation.
15