What is computer security problem? What factors contribute to it?

Ans. The Internet has transformed our lives in many good ways. Unfortunately, this vast
network and its associated technologies also have brought in their wake, the increasing number
of security threats.

What is computer security?

Computer security basically is the protection of computer systems and information from harm,
theft, and unauthorized use. It is the process of preventing and detecting unauthorized use of
your computer system.

There are various types of computer security which is widely used to protect the valuable
information of an organization.

Types

 Information security is securing information from unauthorized access, modification &

deletion
 Application Security is securing an application by building security features to prevent
from Cyber Threats such as SQL injection, DoS attacks, data breaches and etc.
 Computer Security means securing a standalone machine by keeping it updated and
patched
 Network Security is by securing both the software and hardware technologies
 Cybersecurity is defined as protecting computer systems, which communicate over the
computer networks

It‘s important to understand the distinction between these words, though there isn‘t necessarily a
clear consensus on the meanings and the degree to which they overlap or are interchangeable.

So, Computer security can be defined as controls that are put in place to provide confidentiality,
integrity, and availability for all components of computer systems

o, Computer security can be defined as controls that are put in place to provide confidentiality,
integrity, and availability for all components of computer systems. Let‘s elaborate the definition.

Components of computer system

The components of a computer system that needs to be protected are:

 Hardware, the physical part of the computer, like the system memory and disk drive
 Firmware, permanent software that is etched into a hardware device‘s nonvolatile
memory and is mostly invisible to the user
 Software, the programming that offers services, like operating system, word processor,
internet browser to the user
The CIA Triad
Computer security is mainly concerned with three main areas

Computer security threats

Computer security threats are possible dangers that can possibly hamper the normal functioning
of your computer. In the present age, cyber threats are constantly increasing as the world is going
digital. The most harmful types of computer security are:

Viruses

A computer virus is a malicious program which is loaded into the user‘s

computer without user‘s knowledge. It replicates itself and infects the files and programs on the
user‘s PC. The ultimate goal of a virus is to ensure that the victim‘s computer will never be able
to operate properly or even at all.
Computer Worm

A computer worm is a software program that can copy itself from one
computer to another, without human interaction. The potential risk here is that it will use up your
computer hard disk space because a worm can replicate in greate volume and with great speed.

Phishing

Disguising as a trustworthy person or business, phishers attempt to steal sensitive financial or

personal information through fraudulent email or instant messages. Phishing in unfortunately
very easy to execute. You are deluded into thinking it‘s the legitimate mail and you may enter
your personal information

Botnet

A botnet is a group of computers connected to the internet, that have been

compromised by a hacker using a computer virus. An individual computer is called ‗zombie
computer‘. The result of this threat is the victim‘s computer, which is the bot will be used for
malicious activities and for a larger scale attack like DDoS.
Rootkit

A rootkit is a computer program designed to provide continued privileged

access to a computer while actively hiding its presence. Once a rootkit has been installed, the
controller of the rootkit will be able to remotely execute files and change system configurations
on the host machine.

Keylogger

Also known as a keystroke logger, keyloggers can track the real-time activity
of a user on his computer. It keeps a record of all the keystrokes made by user keyboard.
Keylogger is also a very powerful threat to steal people‘s login credential such as username and
password.

These are perhaps the most common security threats that you‘ll come across. Apart from these,
there are others like spyware, wabbits, scareware, bluesnarfing and many more. Fortunately,
there are ways to protect yourself against these attacks.

Why is Computer Security Important?

In this digital era, we all want to keep our computers and our personal information secure and
hence computer security is important to keep our personal information protected. It is also
important to maintain our computer security and its overall health by preventing viruses and
malware which would impact on the system performance.

Computer Security Practices

Computer security threats are becoming relentlessly inventive these days. There is much need for
one to arm oneself with information and resources to safeguard against these complex and
growing computer security threats and stay safe online. Some preventive steps you can take
include:

 Secure your computer physically by:

o Installing reliable, reputable security and anti-virus software
o Activating your firewall, because a firewall acts as a security guard between the
internet and your local area network
  Stay up-to-date on the latest software and news surrounding your devices and perform
software updates as soon as they become available
 Avoid clicking on email attachments unless you know the source
 Change passwords regularly, using a unique combination of numbers, letters and case
types
 Use the internet with caution and ignore pop-ups, drive-by downloads while surfing
 Taking the time to research the basic aspects of computer security and educate yourself
on evolving cyber-threats
 Perform daily full system scans and create a periodic system backup schedule to ensure
your data is retrievable should something happen to your computer.

Apart from these, there are many ways you can protect your computer system. Aspects such as
encryption and computer cleaners can assist in protecting your computers and its files.

Unfortunately, the number of cyber threats are increasing at a rapid pace and more sophisticated
attacks are emerging. So, having a good foundation in cybersecurity concepts will allow you to
protect your computer against ever-evolving cyber threats.

Q. What is Encryption and Decryption?

Encryption is the process of translating plain text data (plaintext) into something that appears to
be random and meaningless (ciphertext). Decryption is the process of converting ciphertext back
to plaintext.

The goal of every encryption algorithm is to make it as difficult as possible to decrypt the
generated ciphertext without using the key. If a really good encryption algorithm is used, there is
no technique significantly better than methodically trying every possible key. For such an
algorithm, the longer the key, the more difficult it is to decrypt a piece of ciphertext without
possessing the key.
In the above given example Plain Text is ― Meet me at the park‖ is ecrypted as the
MMTAEEHREAEKTTP (cipher Text)

Why use Encryption and Decryption?

Here, are important reasons for using encryption:

 Helps you to protect your confidential data such as passwords and login id
 Provides confidentiality of private information
 Helps you to ensure that that the document or file has not been altered
 Encryption process also prevents plagiarism and protects IP
 Helpful for network communication (like the internet) and where a hacker can easily
access unencrypted data.
 It is an essential method as it helps you to securely protect data that you don't want
anyone else to have access.

Types of Keys

Symmetric Key:

Symmetric-key encryption are algorithms which use the same cryptographic keys for both
encryption of plaintext and decryption of ciphertext.
Asymmetric Key:

Asymmetric encryption uses 2 pairs of key for encryption. Public key is available to anyone
while the secret key is only made available to the receiver of the message. This boots security.

Public Key:

Public key cryptography is an encryption system which is based on two pairs of keys. Public
keys are used to encrypt messages for a receiver.

Private Key:

Private key may be part of a public/ private asymmetric key pair. It can be used in asymmetric
encryption as you can use the same key to encrypt and decrypt data.

Difference between Encryption and Decryption

Parameter Encryption Decryption

It is a process of converting normal data into

It is a method of converting the
What is an unreadable form. It helps you to avoid any
unreadable/coded data into its original form.
unauthorized access to data

Whenever the data is sent between two The receiver of the data automatically allows
Process separate machines, it is encrypted you to convert the data from the codes into its
automatically using a secret key. original form.

Location of The person who is sending the data to the

The receiver receives the data and converts it.
Conversion destination.

An employee is sending essential documents The manager is receiving the essential

Example
to his/her manager. documents from his/her employee.

The only single algorithm is used for encryption

Use of The same algorithm with the same key is used
and decryption with a pair of keys where each
Algorithm for the encryption-decryption process.
use for encryption and decryption.

Transforming humanly understandable It is a conversion of an obscure message into an

Major
messages into an incomprehensible and understandable form which is easy to understand
function
obscure form that can not be interpreted. by a human.
 What are the principles of secure design?

The security design principles are considered while designing any security mechanism for a
system. These principles are review to develop a secure system which prevents the security flaws
and also prevents unwanted access to the system.

Fundamental Security Design Principles

The security design principles are considered while designing any security mechanism for a
system. These principles are review to develop a secure system which prevents the security flaws
and also prevents unwanted access to the system.

Fundamental Security Design Principles

Fundamental Security Design Principles

9th May 2020 by Neha T Leave a Comment

The security design principles are considered while designing any security mechanism for a
system. These principles are review to develop a secure system which prevents the security flaws
and also prevents unwanted access to the system.

Below is the list of fundamental security design principles provided by the National Centres of
Academic Excellence in Information Assurance/Cyber Defence, along with the U.S. National
Security Agency and the U.S. Department of Homeland Security.

Fundamental Security Design Principles

1. Economy of Mechanism
2. Fail-safe Defaults
3. Complete Mediation
4. Open Design
5. Separation of Privilege
6. Least Privilege
7. Least Common Mechanism
8. Psychological Acceptability
9. Isolation
10. Encapsulation
11. Modularity
12. Layering
13. Least Astonishment

1. Economy of Mechanism

This fundamental security principle defines that the security measures implemented in the
software and the hardware must be simple and small. This would ease the testers to test the
security measures thoroughly.

If the designed security mechanism is complex then it is likely that the tester would get a chance
to exploit the weakness in the design.

So more the design is simple less are the opportunities for the tester to discover the flaws and
more the complex is the design more are the chances to exploit flaws in the design.

When the security design is simple, it easy to update or modify the design. But when it comes to
practice, we cannot consider the economy of a mechanism as the best security design principle.
Because there is a continuous demand for adding the security features in both hardware, as well
as software.

Adding security features constantly makes the security design complex. What we can do to obey
this principle while designing security mechanism is to eliminate the less important complex
feature.

2. Fail-safe Defaults

This principle says that if any user wants access to any mechanism then whether the access is
permitted or denied should be based on authorization rather than elimination.

By default, all the mechanism should have a lack of access and the function of a security
mechanism is to identify the condition where the access to the security mechanism should be
permitted. This means by default access to all mechanism should be denied, unless any privilege
attribute is provided.
This principle denies unauthorized access. If there occurs any mistake while designing the
security mechanism which grants access based on permission or authorization. That mechanism
fails by simply denying access, which is the safest condition.

If there occurs any mistake while designing the security mechanism which grants access based
on exclusion. That mechanism fails by simply granting access which can not be considered as the
safest situation.

3. Complete Mediation

Some systems are designed to operate continuously such systems remember access decision. So,
there must be an access control mechanism which would check every access occurring on the
system.

This principle says that the system should not trust the access decisions it recovers from the
system cache. This particular security design principle says that there must be a mechanism in
the system that checks each access through the access control mechanism.

However, this is an exhaustive approach and is rarely considered while designing a security
mechanism.

4. Open Design

This security principle suggests that the security mechanism design should be open to the public.
Like in the cryptographic algorithm, the encryption key is kept secret while the encryption
algorithm is opened for a public investigation.

This principle is followed by the NIST (National Institute of Standards and Technology) to
standardize the algorithms because it helps in worldwide adoption of NIST approved algorithms.

5. Separation of Privilege

This security principle states that whenever a user tries to gain access to a system, the access
should not be granted based on a single attribute or condition.

Instead, there must be multiple situations or conditions or attribute which should be verified to
grant access to the system. We also term this as a multifactor user authentication as this principle
says that multiple techniques must be implemented to authenticate a user.

For example, while conducting online money transfer we require user-id, password, transaction
password along with OTP.
6. Least Privilege

The least privilege security design principle states that each user should be able to access the
system with the least privilege. Only those limited privileges should be assigned to the user
which are essential to perform the desired task.

An example of considering and implementing this principle is role-based access control. The
role-based designed security mechanism should discover and describe various roles of the users
or processes.

Now, the least set of privileges should be assigned to each role which is essential to perform its
functions. So, the access control mechanism enables each role only those privileges for which it
is authorized. The least set of privileges assigned to each role describes the resources available
each role can access.

In this way, unauthentic roles are unable to access the protected resources. Like, the users
accessing database has privilege only to retrieve the data they are not authorized to modify the
data.

7. Least Common Mechanism

Following the least common mechanism, a security design principle there should be minimum
common functions to share between the different user. This principle reduces the count of
communication paths and therefore further reduces the hardware and software implementation.

Ultimately this principle reduces the threat of unwanted access to the system as it becomes easy
to verify if there are some unwanted access to the shared function.

8. Psychological Acceptability

This security design principle says that the security mechanisms design to protect the system
should not interfere with the working of the user every now and then.

As this would irritate the user ad user may disable this security mechanism on the system.
Therefore, it is suggested that the security mechanism should introduce minimum hurdles to the
user of the system.

The security mechanism should not be designed such that it becomes difficult for the user to
access the resources in the system.

9. Isolation

This security design principle is considered in three circumstances. The first condition, the
system that has critical data, processes or resources must be isolated such that it restricts public
access. It can be done in two ways.
The system with critical resources can be isolated in two ways physical and logical isolation. The
physical isolation is one where the system with critical information is isolated from the system
with public access information.

In logical isolation, the security services layers are established between the public system and the
critical systems.

The second isolation condition is that the files or data of one user must be kept isolated with the
files or data of another user. Nowadays the new operating system has this functionality.

Each user operating the system have an isolated memory space, process space, file space along
with the mechanism to prevent unwanted access.

And the third isolation condition is where the security mechanism must be isolated from such
that they are prevented from unwanted access.

10. Encapsulation

This security design principle is a form of isolation which is designed on the principle of object-
oriented principles. Here the processes of the protected system can only access the data object of
the system and these processes can only be invoked from a domain entry point.

11. Modularity

This security designing principle says that the security mechanism must be generated as separate
and protected modules and the security mechanism must be generated using the modular
architecture.

This principle helps in updating the security mechanism independently without modifying the
entire system.

12. Layering

Multiple security layers must be used in order to protect the opponent from accessing crucial
information. Applying multiple security layers provides multiple barriers to the adversary if he
tries to access the protected system.

13. Least Astonishment

This security design principle states that the user interface of the system must not amaze the user
while accessing the secure system. He should be able to understand how the security mechanism
is essential to protect the system.

So, this is all about the security design principles which should be considered while designing
the security mechanism for a system.
1. Economy of Mechanism

This fundamental security principle defines that the security measures implemented in the
software and the hardware must be simple and small. This would ease the testers to test the
security measures thoroughly.

If the designed security mechanism is complex then it is likely that the tester would get a chance
to exploit the weakness in the design.

So more the design is simple less are the opportunities for the tester to discover the flaws and
more the complex is the design more are the chances to exploit flaws in the design.

When the security design is simple, it easy to update or modify the design. But when it comes to
practice, we cannot consider the economy of a mechanism as the best security design principle.
Because there is a continuous demand for adding the security features in both hardware, as well
as software.

Adding security features constantly makes the security design complex. What we can do to obey
this principle while designing security mechanism is to eliminate the less important complex
feature.

2. Fail-safe Defaults

This principle says that if any user wants access to any mechanism then whether the access is
permitted or denied should be based on authorization rather than elimination.

By default, all the mechanism should have a lack of access and the function of a security
mechanism is to identify the condition where the access to the security mechanism should be
permitted. This means by default access to all mechanism should be denied, unless any privilege
attribute is provided.

This principle denies unauthorized access. If there occurs any mistake while designing the
security mechanism which grants access based on permission or authorization. That mechanism
fails by simply denying access, which is the safest condition.

If there occurs any mistake while designing the security mechanism which grants access based
on exclusion. That mechanism fails by simply granting access which can not be considered as the
safest situation.
3. Complete Mediation

Some systems are designed to operate continuously such systems remember access decision. So,
there must be an access control mechanism which would check every access occurring on the
system.

This principle says that the system should not trust the access decisions it recovers from the
system cache. This particular security design principle says that there must be a mechanism in
the system that checks each access through the access control mechanism.

However, this is an exhaustive approach and is rarely considered while designing a security
mechanism.

4. Open Design

This security principle suggests that the security mechanism design should be open to the public.
Like in the cryptographic algorithm, the encryption key is kept secret while the encryption
algorithm is opened for a public investigation.

This principle is followed by the NIST (National Institute of Standards and Technology) to
standardize the algorithms because it helps in worldwide adoption of NIST approved algorithms.

5. Separation of Privilege

This security principle states that whenever a user tries to gain access to a system, the access
should not be granted based on a single attribute or condition.

Instead, there must be multiple situations or conditions or attribute which should be verified to
grant access to the system. We also term this as a multifactor user authentication as this principle
says that multiple techniques must be implemented to authenticate a user.

For example, while conducting online money transfer we require user-id, password, transaction
password along with OTP.

6. Least Privilege

The least privilege security design principle states that each user should be able to access the
system with the least privilege. Only those limited privileges should be assigned to the user
which are essential to perform the desired task.

An example of considering and implementing this principle is role-based access control. The
role-based designed security mechanism should discover and describe various roles of the users
or processes.

Now, the least set of privileges should be assigned to each role which is essential to perform its
functions. So, the access control mechanism enables each role only those privileges for which it
is authorized. The least set of privileges assigned to each role describes the resources available
each role can access.

In this way, unauthentic roles are unable to access the protected resources. Like, the users
accessing database has privilege only to retrieve the data they are not authorized to modify the
data.

7. Least Common Mechanism

Following the least common mechanism, a security design principle there should be minimum
common functions to share between the different user. This principle reduces the count of
communication paths and therefore further reduces the hardware and software implementation.

Ultimately this principle reduces the threat of unwanted access to the system as it becomes easy
to verify if there are some unwanted access to the shared function.

8. Psychological Acceptability

This security design principle says that the security mechanisms design to protect the system
should not interfere with the working of the user every now and then.

As this would irritate the user ad user may disable this security mechanism on the system.
Therefore, it is suggested that the security mechanism should introduce minimum hurdles to the
user of the system.

The security mechanism should not be designed such that it becomes difficult for the user to
access the resources in the system.

9. Isolation

This security design principle is considered in three circumstances. The first condition, the
system that has critical data, processes or resources must be isolated such that it restricts public
access. It can be done in two ways.

The system with critical resources can be isolated in two ways physical and logical isolation. The
physical isolation is one where the system with critical information is isolated from the system
with public access information.

In logical isolation, the security services layers are established between the public system and the
critical systems.

The second isolation condition is that the files or data of one user must be kept isolated with the
files or data of another user. Nowadays the new operating system has this functionality.
Each user operating the system have an isolated memory space, process space, file space along
with the mechanism to prevent unwanted access.

And the third isolation condition is where the security mechanism must be isolated from such
that they are prevented from unwanted access.

10. Encapsulation

This security design principle is a form of isolation which is designed on the principle of object-
oriented principles. Here the processes of the protected system can only access the data object of
the system and these processes can only be invoked from a domain entry point.

11. Modularity

This security designing principle says that the security mechanism must be generated as separate
and protected modules and the security mechanism must be generated using the modular
architecture.

This principle helps in updating the security mechanism independently without modifying the
entire system.

12. Layering

Multiple security layers must be used in order to protect the opponent from accessing crucial
information. Applying multiple security layers provides multiple barriers to the adversary if he
tries to access the protected system.

13. Least Astonishment

This security design principle states that the user interface of the system must not amaze the user
while accessing the secure system. He should be able to understand how the security mechanism
is essential to protect the system.

So, this is all about the security design principles which should be considered while designing
the security mechanism for a system.

What are the difference between HTTPs, SSL and TLS?

What's HTTPS?

HTTPS is the secured version of HTTP: HyperText Transfer Protocol

HTTP is the protocol used by your browser and web servers to communicate and exchange
information.

When that exchange of data is encrypted with SSL/TLS, then we call it HTTPS. The 'S' stands
for Secure.

SSL stands for 'Secure Sockets Layer'. A protocol created by Netscape.

SSL was renamed to TLS: Transport Layer Security.

(secret writing) for data immune to attack

SSL, which stands for secure sockets layer, is a cryptographic security protocol that protects your
information as it transmits across the internet. A protocol basically means a set of rules that
computers use to communicate with each other. It‘s kind of like their value system.

SSL was designed to thwart any unauthorized third party from intercepting and tampering with
sensitive data while it‘s in transit. SSL was developed and released by Netscape, and it was the
first of such cryptographic protocols. Its first version, SSL 1.0, never got released. SSL 2.0, the
second version, was released in 1995.

The second version contained some security deficiencies, and as a result, SSL 3.0 was created.
Later, this, too, was found to have security flaws. This led to the creation of another acronym
that you need to know about: TLS, or what‘s known as transport layer security. Before moving
on to what TLS entails, it‘s worth noting that SSL 2.0 & SSL 3.0 both have been deprecated and
are no longer supported by web browsers due to the flaws in their security.

TLS (Transport Layer Security): More Secure Version of SSL

Due to the recognized security flaws in SSL, security experts realized that a better and more
secure protocol needed to be developed. TLS 1.0 was a successor to SSL 3.0 and was first
defined in 1999. Since then, three more versions of TLS have been released, with TLS 1.3
(which was released in 2018) being the most current.

TLS 1.0 and 1.1 are to be deprecated by Apple Safari, Google Chrome, Microsoft Edge and
Internet Explorer, and Mozilla Firefox in early 2020.

How SSL/TLS is used in Certificates

As we saw earlier, SSL/TLS are protocols through which communication takes place between
two endpoints. Basically, they‘re a set of rules that govern the data transmission between server
and client.
SSL/TLS certificates are X.509 digital files that are installed on a web server. It‘s called a
―certificate‖ because it‘s issued by an independent third party that conducts verification of your
website and organization.
SSL/TLS certificates work as part of a framework known as public key infrastructure (PKI). This
involves the use of two keys — public and private keys. A public key, as the name suggests, is
known to everyone. A private key, on the other hand, is kept by the server receiving the message.
Both the keys come are distinct, yet they‘re mathematically related to each other. Information
encrypted by a public key can only be decrypted by private key related to it. The entire
communication happens under the rules decided by the protocol — SSL or TLS.

Now you might be wondering why, if SSL is no longer being used, it‘s still referred to an SSL
certificate and not a TLS certificate. Honestly, it‘s just because industry language tends to be
slow to change. (Or the people in it are slow to change.) Either way, SSL is more commonly
used than TLS, so people tend to stick with using that terminology.

So, What is HTTPS? (Hypertext Transfer Protocol)

. HTTPS is a secure version of HTTP because it uses SSL/TLS as a sublayer. When a website
uses HTTPS in its web address, it indicates that any communication taking place between a
browser and server is secure. In other words, if your website is using HTTPS, all the information
will be encrypted by SSL/TLS certificates.

A Side-by-Side Comparison of TLS vs SSL vs HTTPS

SSL TLS HTTPS

What It The first cryptographic The successor of SSL that‘s The secure version of
Is protocol developed in 1995. more secure. HTTP.

There are no versions of

Versions SSL 1.0, 2.0 & 3.0. TLS 1.0, 1.1, 1.2 & 1.3.
HTTPS.

Use No longer in use. Currently used, but TLS 1.0 & Browsers mark sites that
1.1 to be deprecated in early don‘t use HTTPS as ―not
 2020. secure.‖

Explain System Call Interposition?

System call interposition is a powerful method for regulating and monitoring program behavior.
A wide variety of security tools have been developed which use this technique. However,
traditional system call interposition techniques are vulnerable to kernel attacks and have some
limitations on effectiveness and transparency

Sandboxing techniques based on system call interposition have been developed in the past...
... System calls allow virtually all of a program's interactions with the network, filesystem, and
other sensitive system resources. System call interposition is a powerful approach to restrict the
power of a program ..
... There exists a significant body of related work in the domain of system call interposition.
Implementing system call interposition tools securely can be quite subtle Garfinkel studies the
common mistakes and pitfalls, and uses the system call interposition technique to enforce
security policies in the Ostia tool .

What are difference between Discretionary Access Control and Mandatory Access Control?

Mandatory Access Control

Mandatory Access Control (MAC) is the strictest of all levels of control. The design of MAC
was defined, and is primarily used by the government.
MAC takes a hierarchical approach to controlling access to resources. Under a MAC enforced
environment access to all resource objects (such as data files) is controlled by settings defined by
the system administrator. As such, all access to resource objects is strictly controlled by the
operating system based on system administrator configured settings. It is not possible under
MAC enforcement for users to change the access control of a resource.

Mandatory Access Control begins with security labels assigned to all resource objects on the
system. These security labels contain two pieces of information - a classification (top secret,
confidential etc) and a category (which is essentially an indication of the management level,
department or project to which the object is available).
Similarly, each user account on the system also has classification and category properties from
the same set of properties applied to the resource objects. When a user attempts to access a
resource under Mandatory Access Control the operating system checks the user's classification
and categories and compares them to the properties of the object's security label. If the user's
credentials match the MAC security label properties of the object access is allowed. It is
important to note that both the classification and categories must match. A user with top secret
classification, for example, cannot access a resource if they are not also a member of one of the
required categories for that object.
Mandatory Access Control is by far the most secure access control environment but does not
come without a price. Firstly, MAC requires a considerable amount of planning before it can be
effectively implemented. Once implemented it also imposes a high system management
overhead due to the need to constantly update object and account labels to accommodate new
data, new users and changes in the categorization and classification of existing users.

Discretionary Access Control (DAC)

Unlike Mandatory Access Control (MAC) where access to system resources is controlled by the
operating system (under the control of a system administrator), Discretionary Access Control
(DAC) allows each user to control access to their own data. DAC is typically the default access
control mechanism for most desktop operating systems.
Instead of a security label in the case of MAC, each resource object on a DAC based system has
an Access Control List (ACL) associated with it. An ACL contains a list of users and groups to
which the user has permitted access together with the level of access for each user or group. For
example, User A may provide read-only access on one of her files to User B, read and write
access on the same file to User C and full control to any user belonging to Group 1.
It is important to note that under DAC a user can only set access permissions for resources which
they already own. A hypothetical User A cannot, therefore, change the access control for a file
that is owned by User B. User A can, however, set access permissions on a file that she owns.
Under some operating systems it is also possible for the system or network administrator to
dictate which permissions users are allowed to set in the ACLs of their resources.
Discretionary Access Control provides a much more flexible environment than Mandatory
Access Control but also increases the risk that data will be made accessible to users that should
not necessarily be given access.

Role Based Access Control

Role Based Access Control (RBAC), also known as Non discretionary Access Control, takes
more of a real world approach to structuring access control. Access under RBAC is based on a
user's job function within the organization to which the computer system belongs.
What is Web Security?
Web security is also known as ―Cybersecurity‖. It basically means protecting a website or
web application by detecting, preventing and responding to cyber threats.
Websites and web applications are just as prone to security breaches as physical homes, stores,
and government locations. Unfortunately, cybercrime happens every day, and great web security
measures are needed to protect websites and web applications from becoming compromised.
That‘s exactly what web security does – it is a system of protection measures and protocols that
can protect your website or web application from being hacked or entered by unauthorized
personnel. This integral division of Information Security is vital to the protection of websites,
web applications, and web services. Anything that is applied over the Internet should have some
form of web security to protect it.
Details of Web Security
There are a lot of factors that go into web security and web protection. Any website or
application that is secure is surely backed by different types of checkpoints and techniques for
keeping it safe.
There are a variety of security standards that must be followed at all times, and these standards
are implemented and highlighted by the OWASP. Most experienced web developers from top
cybersecurity companies will follow the standards of the OWASP as well as keep a close eye on
the Web Hacking Incident Database to see when, how, and why different people are hacking
different websites and services.
Essential steps in protecting web apps from attacks include applying up-to-date encryption,
setting proper authentication, continuously patching discovered vulnerabilities, avoiding data
theft by having secure software development practices. The reality is that clever attackers may be
competent enough to find flaws even in a fairly robust secured environment, and so a holistic
security strategy is advised.

Available Technology
There are different types of technologies available for maintaining the best security standards.
Some popular technical solutions for testing, building, and preventing threats include:

 Black box testing tools

 Fuzzing tools
 White box testing tools
 Web application firewalls (WAF)
 Security or vulnerability scanners
 Password cracking tools

Likelihood of Threat
Your website or web application‘s security depends on the level of protection tools that have
been equipped and tested on it. There are a few major threats to security which are the most
common ways in which a website or web application becomes hacked. Some of the top
vulnerabilities for all web-based services include:

 SQL injection
 Password breach
 Cross-site scripting
 Data breach
 Remote file inclusion
 Code injection

Preventing these common threats is the key to making sure that your web-based service is
practicing the best methods of security.
The Best Strategies
There are two big defense strategies that a developer can use to protect their website or web
application. The two main methods are as follows:

 Resource assignment – By assigning all necessary resources to causes that are dedicated
to alerting the developer about new web security issues and threats, the developer can
receive a constant and updated alert system that will help them detect and eradicate any
threats before security is officially breached.
 Web scanning – There are several web scanning solutions already in existence that are
available for purchase or download. These solutions, however, are only good for known
vulnerability threats – seeking unknown threats can be much more complicated. This
method can protect against many breaches, however, and is proven to keep websites safe
in the long run.

Web Security also protects the visitors from the below-mentioned points –

 Stolen Data: Cyber-criminals frequently hacks visitor‘s data that is stored on a website
like email addresses, payment information, and a few other details.
 Phishing schemes: This is not just related to email, but through phishing, hackers design a
layout that looks exactly like the website to trick the user by compelling them to give
their sensitive details.
 Session hijacking: Certain cyber attackers can take over a user‘s session and compel them
to take undesired actions on a site.
 Malicious redirects. Sometimes the attacks can redirect visitors from the site they visited
to a malicious website.
 SEO Spam. Unusual links, pages, and comments can be displayed on a site by the
hackers to distract your visitors and drive traffic to malicious websites.

Thus, web security is easy to install and it also helps the business people to make their website
safe and secure. A web application firewall prevents automated attacks that usually target small
or lesser-known websites. These attacks are born out by malicious bots or malware that
automatically scan for vulnerabilities they can misuse, or cause DDoS attacks that slow down or
crash your website.
Thus, Web security is extremely important, especially for websites or web applications that deal
with confidential, private, or protected information. Security methods are evolving to match the
different types of vulnerabilities that come into existence.
Give three benefits of IPsec?
Internet Protocol Security - Applications and Benefits
IPsec delivers the following benefits:
 Reduced key negotiation overhead and simplified maintenance by supporting the IKE
protocol. IKE provides automatic key negotiation and automatic IPsec security association
(SA) setup and maintenance.
 Good compatibility. You can apply IPsec to all IP-based application systems and services
without modifying them.
 Encryption on a per-packet rather than per-flow basis. Per-packet encryption allows for
flexibility and greatly enhances IP security.

Internet Protocol Security - Applications and Benefits

By SimplilearnLast updated on Feb 17, 202134245

Internet Protocol Security (IPSec) is a framework of open standards for ensuring private, secure
communications over Internet Protocol (IP) networks, through the use of cryptographic
security services. IPSec is a suite of cryptography-based protection services and security
protocols. Because it requires no changes to programs or protocols, you can easily deploy IPSec
for existing networks.

The driving force for the acceptance and deployment of secure IP is the need for business and
government users to connect their private WAN/ LAN infrastructure to the Internet for providing
access to Internet services and use of the Internet as a component of the WAN transport system.
As we all know, users need to isolate their networks and at the same time send and receive traffic
over the Internet. The authentication and privacy mechanisms of secure IP provide the basis for a
security strategy for us.

IPsec protects one or more paths between a pair of hosts, a pair of security gateways, or a
security gateway and a host. A security gateway is an intermediate device, such as a switch or
firewall, that implements IPsec. Devices that use IPsec to protect a path between them are called
peers.

IPsec requires a PCI Accelerator Card (PAC) to provide hardware data compression and
encryption. A PAC is a hardware processing unit the switch‘s CPU controls.

IPsec provides the following security services for traffic at the IP layer:
 Data origin authentication—identifying who sent the data.

 Confidentiality (encryption)—ensuring that the data has not been read en route.

 Connectionless integrity—ensuring the data has not been changed en route.

 Replay protection—detecting packets received more than once to help protect against denial
of service attacks.

Applications of IPSec

As we all know to help in the security of a network the Internet community has done lot of work
and developed application-specific security mechanisms in numerous application areas,
including electronic mail (Privacy Enhanced Mail, Pretty Good Privacy [PGP]), network
management (Simple Network Management Protocol Version 3[SNMPv3]), Web access (Secure
HTTP, Secure Sockets Layer [SSL]), and others. However, users have some security concerns
that cut across protocol layers. For example, an enterprise can run a secure, private TCP/IP
network by disallowing links to untrusted sites, encrypting packets that leave the premises, and
authenticating packets that enter the premises. By implementing security at the IP level, an
organization can ensure secure networking not only for applications that have security
mechanisms but also for the many security-ignorant applications.

Benefits of IPSec

When IPSec is implemented in a firewall or router, it provides strong security whose application
is to all traffic crossing this perimeter. Traffic within a company or workgroup does not incur the
overhead of security-related processing.

IPSec is below the transport layer (TCP, UDP), and is thus transparent to applications. There is
no need to change software on a user or server system when IPSec is implemented in the firewall
or router.

Even if IPSec is implemented in end systems, upper layer software, including applications is not
affected. IPSec can be transparent to end users.

There is no need to train users on security mechanisms, issue keying material on a per-user basis,
or revoke keying material when users leave the organization. IPSec can provide security for
individual users if needed. This feature is useful for offsite workers and also for setting up a
secure virtual subnetwork within an organization for sensitive applications.
What is SQL injection?

SQL Injection

SQL injection is a code injection technique that might destroy your database.

SQL injection is one of the most common web hacking techniques.

SQL injection is the placement of malicious code in SQL statements, via web page input.

SQL in Web Pages

SQL injection usually occurs when you ask a user for input, like their username/userid, and
instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your
database.

Look at the following example which creates a SELECT statement by adding a variable
(txtUserId) to a select string. The variable is fetched from user input (getRequestString):

Example
txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;

The rest of this chapter describes the potential dangers of using user input in SQL statements.

SQL Injection Based on 1=1 is Always True

Look at the example above again. The original purpose of the code was to create an SQL
statement to select a user, with a given user id.

If there is nothing to prevent a user from entering "wrong" input, the user can enter some "smart"
input like this:

105 OR 1=1
UserId:

Then, the SQL statement will look like this:

SELECT * FROM Users WHERE UserId = 105 OR 1=1;

The SQL above is valid and will return ALL rows from the "Users" table, since OR 1=1 is
always TRUE.
Does the example above look dangerous? What if the "Users" table contains names and
passwords?

The SQL statement above is much the same as this:

SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1;

A hacker might get access to all the user names and passwords in a database, by simply inserting
105 OR 1=1 into the input field.

What is an Intrusion Detection System? What are the difficulties in Anomaly detection?

An intrusion detection system (IDS) is a device or software application that monitors a network
for malicious activity or policy violations. Any malicious activity or violation is typically
reported or collected centrally using a security information and event management system. Some
IDS‘s are capable of responding to detected intrusion upon discovery. These are classified as
intrusion prevention systems (IPS).

IDS Detection Types

There is a wide array of IDS, ranging from antivirus software to tiered monitoring systems that
follow the traffic of an entire network. The most common classifications are:

 Network intrusion detection systems (NIDS): A system that analyzes incoming network
traffic.
 Host-based intrusion detection systems (HIDS): A system that monitors important
operating system files.

There is also subset of IDS types. The most common variants are based on signature detection
and anomaly detection.

 Signature-based: Signature-based IDS detects possible threats by looking for specific

patterns, such as byte sequences in network traffic, or known malicious instruction
sequences used by malware. This terminology originates from antivirus software, which
refers to these detected patterns as signatures. Although signature-based IDS can easily
detect known attacks, it is impossible to detect new attacks, for which no pattern is
available.
 Anomaly-based: a newer technology designed to detect and adapt to unknown attacks,
primarily due to the explosion of malware. This detection method uses machine learning
to create a defined model of trustworthy activity, and then compare new behavior against
this trust model. While this approach enables the detection of previously unknown
 attacks, it can suffer from false positives: previously unknown legitimate activity can
accidentally be classified as malicious.

IDS Usage in Networks

When placed at a strategic point or points within a network to monitor traffic to and from all
devices on the network, an IDS will perform an analysis of passing traffic, and match the traffic
that is passed on the subnets to the library of known attacks. Once an attack is identified, or
abnormal behavior is sensed, the alert can be sent to the administrator.

Evasion Techniques

Being aware of the techniques available to cyber criminals who are trying to breach a secure
network can help IT departments understand how IDS systems can be tricked into not missing
actionable threats:

 Fragmentation: Sending fragmented packets allow the attacker to stay under the radar,
bypassing the detection system's ability to detect the attack signature.
 Avoiding defaults: A port utilized by a protocol does not always provide an indication to
the protocol that‘s being transported. If an attacker had reconfigured it to use a different
port, the IDS may not be able to detect the presence of a trojan.
 Coordinated, low-bandwidth attacks: coordinating a scan among numerous attackers, or
even allocating various ports or hosts to different attackers. This makes it difficult for the
IDS to correlate the captured packets and deduce that a network scan is in progress.
 Address spoofing/proxying: attackers can obscure the source of the attack by using
poorly secured or incorrectly configured proxy servers to bounce an attack. If the source
is spoofed and bounced by a server, it makes it very difficult to detect.
 Pattern change evasion: IDS rely on pattern matching to detect attacks. By making slight
adjust to the attack architecture, detection can be avoided.

Why Intrusion Detection Systems are Important

Modern networked business environments require a high level of security to ensure safe and
trusted communication of information between various organizations. An intrusion detection
system acts as an adaptable safeguard technology for system security after traditional
technologies fail. Cyber attacks will only become more sophisticated, so it is important that
protection technologies adapt along with their threats.

Anomaly detection is a technique for finding an unusual point or pattern in a given set. The term
anomaly is also referred to as outlier. Earlier, the data mining researchers were focused on other
techniques like classification and clustering. Outlier are found as a part of data cleansing process.
However, view underwent a change in 2000 when researchers found detection of abnormal
things can help solving the real world problems seen in damage detection, fraud detection,
detection of abnormal health condition and intrusion detection. There are three kinds of
anomalies which are referred to viz., point anomaly, contextual anomaly, and collective
anomalies. If a single instance in a given dataset is different from others with respect to its
attributes, it is called a point anomaly. If the data is anomalous in some context, it is called
contextual anomaly. In the absence of a context, all the data points look normal.

Challenges in anomaly detection include appropriate feature extraction, defining normal

behaviors, handling imbalanced distribution of normal and abnormal data, addressing the
variations in abnormal behavior, sparse occurrence of abnormal events, environmental
variations, camera movements, etc

Why is security hard?

Security is all about ensuring that bad things never happen. In security, not only do you have
to find ―bugs‖ that make the system behave differently than expected, you have to identify
any features of the system that are susceptible to misuse and abuse, even if your programs
behave exactly as you expect them to.

Security is very hard because it consists of many fields like

Networking

System Administration

Digital Security

Audit and compliance

Forensics

Command Line

Reverse Engineering

Cyber operations. Etc

each with their own unique stack of skills. Every component within each skill stack could be a
concept tool or even an entirely new field.

Lets take networking there are many more. So we can be good in network but may not as much
good in Forensics. So it is very hard .And now days equipment are more complex than the
earlier. Lets take a example of mobile before we did only for calling now smart phone do many
things like calling,netbanking,video calling and many more things.So we have to do security for
all these.

Hiring company for security is very expensive rather than hacker do work in less amount. So we
can say that security is very hard.We have done all aspects for security just one thing miss and
hacker break the security.
What is Access Control list (ACL) and also defined what are the technologies used in access
control?

In the computer networking world, an ACL is one of the most fundamental components of
security.

An Access Control Lists ―ACL‖ is a function that watches incoming and outgoing traffic and
compares it with a set of defined statements.

ACLs work on a set of rules that define how to forward or block a packet at the router‘s
interface.

An ACL is the same as a Stateless Firewall, which only restricts, blocks, or allows the packets
that are flowing from source to destination.

When you define an ACL on a routing device for a specific interface, all the traffic flowing
through will be compared with the ACL statement which will either block it or allow it.

The criteria for defining the ACL rules could be the source, the destination, a specific protocol,
or more information.

ACLs are common in routers or firewalls, but they can also configure them in any device that
runs in the network, from hosts, network devices, servers, etc.

Why Use An ACL?

The main idea of using an ACL is to provide security to your network. Without it, any traffic is
either allowed to enter or exit, making it more vulnerable to unwanted and dangerous traffic.

To improve security with an ACL you can, for example, deny specific routing updates or provide
traffic flow control.

The use of access control technologies has grown tremendously in recent years. However, they
have appeared on the market many solutions that do not meet the minimum requirements for
security, reliability and stability that these systems require.

Access control is a security technique that regulates who or what can view or use resources in a
computing environment. It is a fundamental concept in security that minimizes risk to the
business or organization.

There are two types of access control: physical and logical. Physical access control limits access
to campuses, buildings, rooms and physical IT assets. Logical access control limits connections
to computer networks, system files and data.
To secure a facility, organizations use electronic access control systems that rely on user
credentials, access card readers, auditing and reports to track employee access to restricted
business locations and proprietary areas, such as data centers. Some of these systems incorporate
access control panels to restrict entry to rooms and buildings, as well as alarms and lockdown
capabilities, to prevent unauthorized access or operations.

Access control systems perform identification authentication and authorization of users and
entities by evaluating required login credentials that can include passwords, personal
identification numbers (PINs), biometric scans, security tokens or other authentication factors.
Multifactor authentication (MFA), which requires two or more authentication factors, is often an
important part of a layered defense to protect access control systems.

Types of access control

The main models of access control are the following:

 Mandatory access control (MAC). This is a security model in which access rights are
regulated by a central authority based on multiple levels of security. Often used in
government and military environments, classifications are assigned to system
resources and the operating system (OS) or security kernel. It grants or denies access
to those resource objects based on the information security clearance of the user or
device. For example, Security Enhanced Linux (SELinux) is an implementation of MAC
on the Linux OS.

 Discretionary access control (DAC). This is an access control method in which

owners or administrators of the protected system, data or resource set the policies
defining who or what is authorized to access the resource. Many of these systems
enable administrators to limit the propagation of access rights. A common criticism
of DAC systems is a lack of centralized control.

 Role-based access control (RBAC). This is a widely used access control mechanism
that restricts access to computer resources based on individuals or groups with
defined business functions -- e.g., executive level, engineer level 1, etc. -- rather than
the identities of individual users. The role-based security model relies on a complex
 structure of role assignments, role authorizations and role permissions developed
using role engineering to regulate employee access to systems. RBAC systems can be
used to enforce MAC and DAC frameworks.

 Rule-based access control. This is a security model in which the system

administrator defines the rules that govern access to resource objects. Often, these
rules are based on conditions, such as time of day or location. It is not uncommon to
use some form of both rule-based access control and RBAC to enforce access policies
and procedures.

 Attribute-based access control (ABAC). This is a methodology that manages access

rights by evaluating a set of rules, policies and relationships using the attributes of
users, systems and environmental conditions.
Implementing access control
Access control is a process that is integrated into an organization's IT environment. It can
involve identity management and access management systems. These systems provide
access control software, a user database, and management tools for access control
policies, auditing and enforcement.

When a user is added to an access management system, system administrators use an

automated provisioning system to set up permissions based on access control
frameworks, job responsibilities and workflows.

The best practice of least privilege restricts access to only resources that employees
require to perform their immediate job functions.

Challenges of access control

Many of the challenges of access control stem from the highly distributed nature of
modern IT. It is difficult to keep track of constantly evolving assets as they are spread out
both physically and logically. Some specific examples include the following:

 dynamically managing distributed IT environments;

 password fatigue;

 compliance visibility through consistent reporting;

 centralizing user directories and avoiding application-specific silos; and

 data governance and visibility through consistent reporting.

Modern access control strategies need to be dynamic. Traditional access control strategies
are more static because most of a company's computing assets were held on premises.
Modern IT environments consist of many cloud-based and hybrid implementations,
which spreads assets out over physical locations and over a variety of unique devices. A
singular security fence that protects on-premises assets is becoming less useful because
assets are becoming more distributed.

To ensure data security, organizations must verify individuals' identities because the
assets they use are more transient and distributed. The asset itself says less about the
individual user than it used to.

Organizations often struggle with authorization over authentication. Authentication is the

process of verifying an individual is who they say they are through the use of biometric
identification and MFA. The distributed nature of assets gives organizations many
avenues for authenticating an individual.

The process that companies struggle with more is authorization, which is the act of giving
individuals the correct data access based on their authenticated identity. One example of
where this might fall short is if an individual leaves a job but still has access to that
company's assets. This can create security holes because the asset the individual uses for
work -- a smartphone with company software on it, for example -- is still connected to the
company's internal infrastructure but is no longer being monitored because the individual
is no longer with the company. Left unchecked, this can cause problems for an
organization.
If the ex-employee's device were to be hacked, the hacker could gain access to sensitive
company data unbeknownst to the company because the device is no longer visible to the
company in many ways but still connected to company infrastructure. The hacker may be
able to change passwords, view sensitive information or even sell employee credentials
or consumer data on the dark web for other hackers to use.

One solution to this problem is strict monitoring and reporting on who has access to
protected resources so that, when a change occurs, it can be immediately identified and
access control lists (ACLs) and permissions can be updated to reflect the change.

Another often overlooked challenge of access control is the user experience (UX) design
of access control technologies. If a particular access management technology is difficult
to use, an employee may use it incorrectly or circumvent it entirely, which creates
security holes and compliance gaps. If a reporting or monitoring application is difficult to
use, then the reports themselves may be compromised due to an employee mistake, which
then would result in a security gap because an important permissions change or security
vulnerability went unreported.

Access control software

There are many types of access control software and technology, and often, multiple
components are used together to maintain access control. The software tools may be on
premises, in the cloud or a hybrid of both. They may focus primarily on a company's
internal access management or may focus outwardly on access management for
customers. Some of the types of access management software tools include the following:

 reporting and monitoring applications

 password management tools

 provisioning tools

 identity repositories

 security policy enforcement tools