Cyber Security UNIT-V
Cyber Security UNIT-V
Endpoints are physical devices that connect to and exchange information with a computer network. Some examples of
endpoints are mobile devices, desktop computers, virtual machines, embedded devices, and servers. Internet-of-Things
devices—like cameras, lighting, refrigerators, security systems, smart speakers, and thermostats—are also endpoints.
When a device connects to a network, the flow of information between, for instance, a laptop and a network, is much like
a conversation between two people over the phone.
Endpoint security, or endpoint protection, helps protect endpoints from malicious actors and exploits.
Cybercriminals target endpoints because they are doorways to corporate data and by nature vulnerable to attack. They are
outside network security and dependent on users to put security measures into place—leaving room for human error.
Protecting endpoints from attack has become more challenging as the workforce becomes more distributed, with office-
based, remote, and hybrid workers using more devices from anywhere in the world.
Businesses of all sizes are vulnerable. Forty-three percent of cyberattacks involve small businesses, according to a
Verizon Data Breach Investigations Report.1 Small businesses are prime targets because they can be entry points for
criminals to penetrate even larger companies, and they often don’t have cybersecurity defenses in place.
Endpoint security is essential because data breaches are costly, devastating ordeals for enterprises. The average cost of a
data breach is USD$4.24 million globally and USD$9.05 million in the United States, according to the Ponemon
Institute’s "Cost of a Data Breach Report 2021” (Commissioned by IBM). Breaches involving remote work cost an
average of USD$1.05 million more. Most breach costs—38%—are due to lost business, such as customer turnover, lost
revenue due to system downtime, and the cost of acquiring new business due to tarnished reputation.
Endpoint security uses a range of processes, services, and solutions to protect endpoints from cyber threats. The first
endpoint security tools were traditional antivirus and antimalware software designed to stop criminals from harming
devices, networks, and services. Endpoint security has since evolved to include more advanced, cloud-powered, and
comprehensive solutions that help detect threats, investigate, and respond to threats, and manage apps, devices, and users.
Organizations are increasingly vulnerable to endpoint security threats as more workforces become more mobile. Some of
the more common endpoint security risks include:
1. Phishing, a type of social engineering attack that manipulates targets into sharing sensitive information.
2. Ransom ware, malware that holds victim’s information until a sum of money is paid.
3. Device loss, one of the leading causes of data breaches for organizations. Lost and stolen devices can also lead
to costly regulatory fines.
4. Out-dated patches, which expose vulnerabilities in systems, creating opportunities for bad actors to exploit
systems and steal data.
5. Malware ads, or advertising, which uses online ads to spread malware and compromise systems.
6. Drive-by downloads, the automated download of software to a device without the user’s knowledge.
Safeguarding endpoints can help keep organizational data secure. Follow these best practices to defend against
cyberthreats.
Educate users
Employees are the first line of defense in endpoint security. Keep them informed with regular security and compliance
training, and alerts.
Track devices
Keep track of all devices that connect to your network. Update your inventory frequently. Make sure endpoints have the
latest software updates and patches.
AdoptZero Trust
Support a Zero Trust security model. Manage and grant access with continual verification of identities, devices, and
services.
Encryptendpoints
Strengthen security with encryption, which adds another layer of protection to devices and data.
Enforcestrongpasswords
Require complex passwords, enforce regular password updates, and prohibit the use of old passwords.
Keepsystems,software,andpatchesupdated
Mobile Device Security refers to the measures designed to protect sensitive information stored on and transmitted by
laptops, smartphones, tablets, wearables, and other portable devices. At the root of mobile device security is the goal of
keeping unauthorized users from accessing the enterprise network. It is one aspect of a complete enterprise security plan.
Endpoint security: As organizations embrace flexible and mobile workforces, they must deploy networks that allow
remote access. Endpoint security solutions protect corporations by monitoring the files and processes on every mobile
device that accesses a network. By constantly scanning for malicious behavior, endpoint security can identify threats
early on. When they find malicious behavior, endpoint solutions quickly alert security teams, so threats are removed
before they can do any damage.
VPN: A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network. The
encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from
eavesdropping on the traffic and allows the user to conduct remote work safely.
Secure web gateway: Secure web gateways provide powerful, overarching cloud security. Because 70 percent of
attacks are distinct to the organization, businesses need cloud security that identifies previously used attacks before
they are launched. Cloud security can operate at the DNS and IP layers to defend against phishing, malware, and
ransomware earlier. By integrating security with the cloud, you can identify an attack on one location and
immediately prevent it at other branches.
Email security: Email is both the most important business communication tool and the leading attack vector for
security breaches. In fact, according to the latest Cisco Midyear Cybersecurity Report, email is the primary tool for
attackers spreading ransomware and other malware. Proper email security includes advanced threat protection
capabilities that detect, block, and remediate threats faster; prevent data loss; and secure important information in
transit with end-to-end encryption.
Cloud access security broker: Your network must secure where and how your employees work, including in the cloud.
You will need a cloud access security broker (CASB), a tool that functions as a gateway between on-premises
infrastructure and cloud applications (Salesforce, Dropbox, etc.). A CASB identifies malicious cloud-based
applications and protects against breaches with a cloud data loss prevention (DLP) engine.
What are the benefits of Mobile Device Security?
Regulatory compliance
Security policy enforcement
Support of “bring your own device” (BYOD)
Remote control of device updates
Application control
Automated device registration
Data backup
How does Mobile Device Security work?
Securing mobile devices requires a multi-layered approach and investment in enterprise solutions. While there are key
elements to mobile device security, each organization needs to find what best fits its network.
Mobile device rules are only as effective as a company’s ability to properly communicate those policies to employees.
Mobile device security should include clear rules about:
One of the most basic ways to prevent unauthorized access to a mobile device is to create a strong password, and yet
weak passwords are still a persistent problem that contributes to the majority of data hacks. Another common security
problem is workers using the same password for their mobile device, email, and every work-related account. It is critical
that employees create strong, unique passwords (of at least eight characters) and create different passwords for different
accounts.
Leverage biometrics
Instead of relying on traditional methods of mobile access security, such as passwords, some companies are looking to
biometrics as a safer alternative. Biometric authentication is when a computer uses measurable biological characteristics,
such as face, fingerprint, voice, or iris recognition for identification and access. Multiple biometric authentication
methods are now available on smartphones and are easy for workers to set up and use.
A mobile device is only as secure as the network through which it transmits data. Companies need to educate employees
about the dangers of using public Wi-Fi networks, which are vulnerable to attacks from hackers who can easily breach a
device, access the network, and steal data. The best defense is to encourage smart user behavior and prohibit the use of
open Wi-Fi networks, no matter the convenience.
Beware of apps
Malicious apps are some of the fastest growing threats to mobile devices. When an employee unknowingly downloads
one, either for work or personal reasons, it provides unauthorized access to the company’s network and data. To combat
this rising threat, companies have two options: instruct employees about the dangers of downloading unapproved apps, or
ban employees from downloading certain apps on their phones altogether.
There are many aspects to a complete security plan. Common elements of a mobile security solution include the
following:
Enterprise Mobile Management platform: In addition to setting up internal device policies that protect
against unauthorized access, it’s equally important to have an Enterprise Mobile Management (EMM)
platform that enables IT to gather real-time insights to catch potential threats.
Email security: Email is the most popular way for hackers to spread ransomware and other malware. To
combat such attacks, it’s critical for businesses to be armed with advanced email security that can detect,
block, and address threats faster; prevent any data loss; and protect important information in transit with
end-to-end encryption.
Endpoint protection: This approach protects enterprise networks that are remotely accessed by mobile
devices. Endpoint security protects companies by ensuring that portable devices follow security standards
and by quickly alerting security teams of detected threats before they can do damage. Endpoint protection
also allows IT administrators to monitor operation functions and data backup strategies.
VPN: A virtual private network, or VPN, extends a private network across a public network. This enables
users to send and receive data across shared or public networks as if their computing devices were directly
connected to the private network. VPNs’ encryption technology allows remote users and branch offices to
securely access corporate applications and resources.
Secure web gateway: A secure web gateway protects against online security threats by enforcing
company security policies and defending against phishing and malware in real-time. This is especially
important for cloud security as this type of protection can identify an attack on one location and
immediately stop it at other branches.
Cloud access security broker: A cloud access security broker (CASB) is a tool that sits between cloud
service consumers and cloud service providers to enforce security, compliance, and governance policies
for cloud applications. CASBs help organizations extend the security controls of their on-premises
infrastructure to the cloud.
PASSWORD POLICY:
With more of our private communication, financial transactions, and health care information being stored online, the
accessibility of this information to users comes with serious security risks. A strong password policy is the front line of
Administrators today play a more critical role than ever in educating and ensuring that users are aware of the security
risks they face, and that they need to use strong passwords as a first line of defense from scammers and hackers.
Technologies like one-time passwords, client certificates, smart cards, and biometrics can add layers to account
security. Two-factor authentication combines multiple layers of security, thereby enhancing the overall security of the
system. The more critical the system, the greater number of layers of authentication it should include.
However, the traditional password still remains the primary method of user authentication. And despite the number of
layers included in the system, they all generally rely on a username and password combination. When creating a
A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure
passwords and then store and utilize them properly. Normally, a password policy is a part of the official regulations of an
Although most users understand the nature of security risks related to simple passwords, there’s still frustration when
users are required to spend time attempting to create a password that meets an unfamiliar criteria or attempting to
password, the higher level of protection your computer has from malicious software and hackers.
A strong password isn’t just about one password, it’s important that you guarantee strong passwords for each account
that you access through your computer. When you are utilizing a corporate network, the network administrator may
To be able to create a strong password, you should be aware of the criteria to make one. These criteria basically include
the following:
Users can instead relate their passwords to things they can easily remember, like a favorite sport or hobby. For instance,
“I enjoy playing basketball” can be “IEnjoiPlay!ngB@$k3tb@ll11.” This is secure and could also be easily remembered
by users.
Password management software like LastPass and Apple Keychain takes the hassle out of managing strong passwords.
For less than the price of a soda, you can easily create and manage strong passwords . But the combinations are
numerous and by just remembering one main strong password, you can rely on a password manager to take care of the
rest.
A password may follow the traditional guidelines yet still be weak. Users who can’t remember their strong passwords
and end up writing them down or constantly having to reset their passwords undermine the benefits of a strong password
policy.
Passwords are one piece of the security puzzle in the enterprise. Keeping user accounts secure takes a combination of a
thorough process for strong password creation and an easy-to-use system for users to follow to keep those passwords
safe.
SECURITY PATCH MANAGEMENT:
Patch management is the process of applying firmware and software updates to improve functionality, close security
vulnerabilities, and optimize performance.
Why the patch management process matters
Patch management creates a centralized process for applying new patches to IT assets. These patches can improve
security, enhance performance, and boost productivity.
Security updates
Security patches address specific security risks, often by remediating a particular vulnerability.
Hackers often target unpatched assets, so the failure to apply security updates can expose a company to security breaches.
For example, the 2017 WannaCry ransomwarespread via a Microsoft Windows vulnerability for which a patch had been
issued. Cybercriminals attacked networks where admins had neglected to apply the patch, infecting more than 200,000
computers in 150 countries.
Feature updates
Some patches bring new features to apps and devices. These updates can improve asset performance and user
productivity.
Bug fixes
Bug fixes address minor issues in hardware or software. Typically, these issues don't cause security problems but do
affect asset performance.
Minimizing downtime
Most companies find it impractical to download and apply every patch for every asset as soon as it's available. That's
because patching requires downtime. Users must stop work, log out, and reboot key systems to apply patches.
A formal patch management process allows organizations to prioritize critical updates. The company can gain the
benefits of these patches with minimal disruption to employee workflows.
Regulatory compliance
Under regulations like the General Data Protection Regulation (GDPR), the Health Insurance Portability and
Accountability Act (HIPAA), and the Payment Card Industry Data Security Standard (PCI-DSS), companies must follow
certain cybersecuritypractices. Patch management can help organizations keep critical systems compliant with these
mandatory.
Most companies treat patch management as a continuous lifecycle. This is because vendors release new patches
regularly. Furthermore, a company's patching needs may change as its IT environment changes.
To outline the patch management best practices that admins and end users should follow throughout the lifecycle,
companies draft formal patch management policies.
1. Asset management
To keep tabs on IT resources, IT and security teams create inventories of network assets like third-party applications,
operating systems, mobile devices, and remote and on-premises endpoints.
IT teams may also specify which hardware and software versions employees can use. This asset standardization can help
simplify the patching process by reducing the number of different asset types on the network. Standardization can also
prevent employees from using unsafe, outdated, or incompatible apps and devices.
2. Patch monitoring
Once IT and security teams have a complete asset inventory, they can watch for available patches, track the patch status
of assets, and identify assets that are missing patches.
3. Patch prioritization
Some patches are more important than others, especially when it comes to security patches. According to Gartner, 19,093
new vulnerabilities were reported in 2021, but cybercriminals only exploited 1,554 of these in the wild (link resides
outside ibm.com).
IT and security teams use resources like threat intelligence feeds to pinpoint the most critical vulnerabilities in their
systems. Patches for these vulnerabilities are prioritized over less essential updates.
Prioritization is one of the key ways in which patch management policies aim to cut downtime. By rolling out critical
patches first, IT and security teams can protect the network while shortening the time resources spend offline for
patching.
4. Patch testing
New patches can occasionally cause problems, break integrations, or fail to address the vulnerabilities they aim to fix.
Hackers can even hijack patches in exceptional cases. In 2021, cybercriminals used a flaw in Kaseya's VSA
platform (link resides outside ibm.com) to spread ransomware to customers under the guise of a legitimate software
update.
By testing patches before installing them, IT and security teams aim to detect and fix these problems before they impact
the entire network.
5. Patch deployment
"Patch deployment" refers to both when and how patches are deployed.
Patching windows are usually set for times when few or no employees are working. Vendors' patch releases may also
influence patching schedules. For example, Microsoft typically releases patches on Tuesdays, a day known as "Patch
Tuesday" among some IT professionals.
IT and security teams may apply patches to batches of assets rather than rolling them out to the entire network at once.
That way, some employees can continue working while others log off for patching. Applying patches in groups also
provides one last chance to detect problems before they reach the whole network.
Patch deployment may also include plans to monitor assets post-patching and undo any changes that cause unanticipated
problems.
6. Patch documentation
To ensure patch compliance, IT and security teams document the patching process, including test results,
deployment results, and any assets that still need to be patched. This documentation keeps the asset inventory updated
and can prove compliance with cybersecurity regulations in the event of an audit.
DATA BACKUP:
Typically backup data means all necessary data for the workloads your server is running. This can include documents,
media files, configuration files, machine images, operating systems, and registry files. Essentially, any data that you want
to preserve can be stored as backup data.
Backup solutions and tools—while it is possible to back up data manually, to ensure systems are backed up regularly
and consistently, most organizations use a technology solution to back up their data.
Backup administrator—every organization should designate an employee responsible for backups. That employee
should ensure backup systems are set up correctly, test them periodically and ensure that critical data is actually backed
up.
Backup scope and schedule—an organization must decide on a backup policy, specifying which files and systems are
important enough to be backed up, and how frequently data should be backed up.
Recovery Point Objective (RPO)—RPO is the amount of data an organization is willing to lose if a disaster occurs, and
is determined by the frequency of backup. If systems are backed up once per day, the RPO is 24 hours. The lower the
RPO, the more data storage, compute and network resources are required to achieve frequent backups.
Recovery Time Objective (RTO)—RTO is the time it takes for an organization to restore data or systems from backup
and resume normal operations. For large data volumes and/or backups stored off-premises, copying data and restoring
systems can take time, and robust technical solutions are needed to ensure a low RTO.
To understand the potential impact of disasters on businesses, and the importance of having a data backup strategy as part
of a complete disaster recovery plan, consider the following statistics:
Cost of downtime—according to Gartner, the average cost of downtime to a business is $5,600 per minute.
Survival rate—another Gartner study found only 6% of companies affected by a disaster that did not have disaster
recovery in place survived and continued to operate more than two years after the disaster.
Causes of data loss—the most common causes of data loss are hardware/system failure (31%), human error (29%) and
viruses, and malware of ransomware (29%).
There are many ways to backup your file. Choosing the right option can help ensure that you are creating the best data
backup plan for your needs. Below are six of the most common techniques or technologies:
Removable Media
Removable media backup, such as CDs, DVDs, and flash drives, has long been a popular method of data protection. This
type of backup is affordable and easy to use, making it an attractive option for many users. Removable media is portable,
and can be stored in a safe deposit box or off-site location, providing an extra layer of security in case of a disaster.
Drawbacks of removable media for backup include the limited storage capacity compared to other backup options. As a
result, you may need to use multiple discs or drives to store larger amounts of data. Additionally, removable media can
be prone to damage, such as scratches or exposure to heat and moisture, which can result in data loss. Finally, the speed
of data transfer and backup can be slower compared to other methods, which could be a concern for users with large
amounts of data to backup.
Removable media backup may be a suitable option for those who require a simple, affordable, and portable data backup
solution. However, if you have large amounts of data to protect or require a faster backup process, you may want to
consider other backup options.
Redundancy
Redundancy is a vital aspect of data backup, as it involves creating multiple copies of your data to ensure its safety and
accessibility. By having more than one copy of your data, you can minimize the risk of data loss in case of a hardware
failure, natural disaster, or other unforeseen circumstances. Redundancy can be achieved through various means, such as
using multiple hard drives, employing RAID (Redundant Array of Independent Disks) technology, or utilizing cloud
backup services.
RAID technology is a popular method of achieving redundancy in data storage. RAID combines multiple hard drives into
a single storage unit, distributing data across the drives in various ways, depending on the RAID level used. This
configuration provides increased data protection and, in some cases, improved performance. RAID levels include RAID
0, which offers increased performance but no redundancy, RAID 1, which mirrors data across two drives, and RAID 5,
which distributes data and parity information across multiple drives for both performance and redundancy.
Choosing the appropriate level of redundancy for your data backup needs depends on factors such as the importance of
the data, the potential impact of data loss, and your budget. Typically, a higher level of redundancy is needed for
mission-critical data.
External hard drives are a popular choice for data backup due to their convenience and ease of use. These devices
connect to your computer via USB or other connection types and offer a large amount of storage space for your data.
External hard drives are portable, allowing you to easily move and store your data off-site for added security. They also
provide a relatively fast backup process compared to other methods, such as removable media.
Despite their many benefits, external hard drives do have some drawbacks. One major concern is that they are susceptible
to physical damage and theft, which could result in data loss. Additionally, external hard drives can fail, just like any
other hard drive, leading to potential data loss. Finally, while external hard drives are more affordable than some other
backup options, they can still be costly, especially if you require multiple drives for redundancy or large storage
capacities.
External hard drives can be an excellent backup option for users who require a portable, easy-to-use, and relatively fast
data backup solution. However, it’s essential to consider the potential risks associated with this method and ensure that
you have adequate redundancy measures in place to protect your data.
Hardware Appliances
Hardware appliances are dedicated devices designed specifically for data backup and storage. These appliances often
come with built-in backup software and can support various storage types, such as hard drives, tape drives, or cloud
storage. Hardware appliances can provide a comprehensive, all-in-one backup solution for businesses and may include
features such as data deduplication, encryption, and automated backup scheduling.
One of the main advantages of using a hardware appliance for data backup is the convenience and ease of use they offer.
Since these devices are specifically designed for backup purposes, the setup and management process can be more
straightforward than other methods. Hardware appliances also often include features that can improve the efficiency and
security of your backup process, such as data deduplication and encryption. Additionally, many hardware appliances
support multiple backup destinations, allowing you to easily achieve redundancy and off-site storage.
The primary disadvantage of hardware appliances is their cost, as they can be quite expensive, particularly for small
businesses. Additionally, hardware appliances can become outdated over time as technology advances, potentially
requiring you to upgrade or replace the device to maintain optimal performance and data protection.
Hardware appliances can be an excellent data backup solution for businesses that require a comprehensive, easy-to-
manage, and secure backup process. However, the cost of these devices may be prohibitive for some users, and it’s
essential to consider the long-term investment and potential need for upgrades when choosing this option.
Backup Software
Backup software is an essential component of any data backup strategy, as it helps automate and streamline the backup
process. There is a wide range of backup software available, from simple, free tools to more advanced, feature-rich
offerings. Backup software can help ensure that your data is backed up efficiently and securely, allowing you to recover
your data quickly and easily in case of a disaster.
Automation: Good backup software should allow you to schedule backups automatically, ensuring that your data is
consistently protected.
Incremental and differential backups: These backup types only save changes made since the last backup, saving time
and storage space.
Encryption: Backup software should offer encryption options to ensure that your data is secure and protected from
potential breaches.
Compression: Some backup software includes compression options, which can help reduce the amount of storage space
required for backups.
Multiple backup destinations: Having the ability to backup to multiple locations or devices can provide added
redundancy and protection.
While there are many free backup software options available, paid software often includes additional features and
support that can be beneficial for businesses or those with more complex backup needs. Paid software may also offer
faster data transfer speeds and more reliable backup processes.
Cloud backup services are a popular option for data backup, providing off-site storage and accessibility via the internet.
These services store your data on remote servers, typically run by a third-party provider, allowing you to access your data
from anywhere with an internet connection. Cloud backup services often include features such as encryption,
redundancy, and automated backups.
One of the most significant benefits of cloud backup services is the convenience and accessibility they offer. Since your
data is stored remotely, you can access it from anywhere, at any time, provided you have an internet connection.
Additionally, many cloud backup services include robust security measures, such as encryption and redundancy,
providing added protection for your data. Finally, cloud backup services typically offer scalable storage options, allowing
you to increase or decrease your storage as needed.
One potential concern with cloud backup services is the potential for data breaches or other security issues. While many
providers offer robust security measures, because these services are accessible from the Internet, there is a higher risk of
misconfiguration and unauthorized access. Additionally, cloud backup services can be costly, especially for users with
large amounts of data to store.
A 3-2-1 backup strategy is a method for ensuring that your data is adequately duplicated and reliably recoverable. In this
strategy, three copies of your data are created on at least two different storage media and at least one copy is stored
remotely:
Three copies of data—your three copies include your original data and two duplicates. This ensures that a lost backup or
corrupted media do not affect recoverability.
Two different storage types—reduces the risk of failures related to a specific medium by using two different
technologies. Common choices include internal and external hard drives, removable media, or cloud storage.
One copy off-site—eliminates the risk associated with a single point of failure. Offsite duplicates are needed for robust
disaster and data backup recovery strategies and can allow for failover during local outages.
This strategy is considered a best practice by most information security experts and government authorities. It protects
against both accidents and malicious threats, such as ransomware, and ensures reliable data backup and restoration.
The easiest way to backup a server is with a server backup solution. These solutions can come in the form of software or
appliances.
Server backup solutions are typically designed to help you backup server data to another local server, a cloud server, or a
hybrid system. In particular, backup to hybrid systems is becoming more popular. This is because hybrid systems enable
you to optimize resources, support easy multi-region duplication, and can enable faster recovery and failover.
Support for diverse file types—should not include any file types. In particular, solutions should support documents,
spreadsheets, media, and configuration files.
Backup location—you should be able to specify backup locations. The solution should support backup to a variety of
locations and media, including on and off-site resources.
Scheduling and automation—in addition to enabling manual backups, solutions should support backup automation
through scheduling. This helps ensure that you always have a recent backup and that backups are created in a consistent
manner.
Backup management—you should be able to manage the lifecycle of backups, including number stored and length of
time kept. Ideally, solutions
also enable easy export of backups for transfer to external resources or for use in migration.
Partition selection—partitions are isolated segments of a storage resource and are often used to separate data within a
system. Solutions should enable you to independently backup data and restore partitions.
Data compression—to minimize the storage needed for numerous backups, solutions should compress backup data. This
compression needs to be lossless and maintain the integrity of all data.
Backup type selection—you should be able to create a variety of backup types, including full, differential, and
incremental backups. Differential backups create a backup of changes since the last full backup while incremental
records the changes since the last incremental backup. These types can help you reduce the size of your backups and
speed backup time.
Scaling—backup abilities should not be limited by the volume of data on your servers. Solutions should scale as your
data does and support backups of any size.
third-party software refers to reusable software components supplied or developed for a particular purpose by a different
company/person from the one that built the existing product on a particular system (source).
Third-party solutions come in various forms. Here’s our breakdown of the most common types of third-party software:
1. Libraries
Libraries come in handy for writing web or mobile applications by delivering source code for a component. They can be
open-source (available to everyone at no cost) or closed-source/proprietary (where a purchase may be necessary).
Examples:
SnapKit (iOS) – library for building application layout from code, helping developers to be more productive and
achieve more with fewer lines of code,
Lottie (Android) – library for designing animations that developers can enrich with interactions, you can find
example animations here,
Moya – (iOS) library for networking and communication with the backend, very popular among iOS developers
looking to save a few days of work.
2. Platforms
Platforms are integrated, ready-made solutions that developers can use to realize a specific feature – for example – user
logging, chat, or maps. They’re SaaS (Software as a Service) products to which developers can outsource certain
functionalities for a fee (usually monthly), or in some cases for free.
Examples:
Firebase – it delivers ready-made components for logging in, a database for storing application data that can
replace an application backend, the option to use deep links, remote configuration of application features
(perfect for A/B testing!), a space directly to Facebook.
Auth0 – this platform allows developers to rapidly integrate authentication and authorization for web, mobile,
and legacy applications so you can focus on your core business.
Google Maps Platform – the Google Maps Platform is a set of APIs and SDKs that allows developers to embed
Google Maps into mobile apps and web pages, or to retrieve data from Google Maps.
3. Tools
A variety of tools that in many ways make the app development more effective and increase the quality of the final
product.
Examples:
SwiftLint – an open-source tool for enforcing Swift style and conventions. Developers can set their coding style
rules and enforce them during development. SwiftLint has a command-line tool, Xcode plugin, AppCode, and
Atom integration. So, it always fits any development environment. It’ll show us warnings and/or errors if we
violate the linting rules (learn more here).
Danger – a tool used by many developers to automate common code review chores. You can use it to codify
your team’s norms, leaving humans to think about harder problems. Danger leaves messages inside your Pull
Requests based on rules that you create.
Zeplin – a tool for UI designers and developers, enabling them to collaborate efficiently and save time. Among
others, it allows designers to share the design system with the team, and generate development resources
automatically. Everyone in the team can access the latest design resources and gets notified of changes without
you having to ping them.
To help you safely share your data, Google lets you give third-party apps and services access to different parts of your
Google Account. Third-party apps and services are created by companies or developers that aren’t Google.
For example, you may download an app that helps you schedule workouts with friends. This app may request access to
your Google Calendar and Contacts to suggest times and friends for you to meet up with.
Learn about how data sharing works for apps with account access.
Learn about how you can share your Google data with apps to make your life easier -- and what you can do to protect
your personal information.
Review what third-party apps & services can access
You can review the access a third party has to your Google Account and the Google services you use.
If you no longer trust or want to use a third-party app or service, you can remove its access to your Google Account. It
won’t have access to any more Google Account info, but you may need to ask them to delete the data they already have.
Important: If you remove account access from a third-party app or service, it may keep the data and info that you shared
when you connected, such as data from your Google Calendar or Google Drive.
Report a third-party app or service if you believe it misuses your data, creates spam, impersonates you, or uses your data
in harmful ways.
Tip: This option may not be available if a third-party app or service only has access to your basic profile info.
Prerequisites
In Genesys terms, a third-party application is an application not instrumented with Genesys libraries. The Management
Layer can monitor, start, and stop a third-party application as long as that application:
Supports startup from a command line.
Starts if the computer it runs on is unattended (for instance, on a Windows computer with no user logged in);
however, this is not mandatory.
Works without a console window on Windows; however, this is not mandatory.
Is registered in the Configuration Database as an Application of the Third Party Server type.
Runs on an operating system that Genesys supports.
Important
You cannot perform the centralized logging and alarm-signaling functions (including switchover) over a third-party
application because they require built-in support on the application side.
Required Components
If you have configured third-party applications in the Genesys Configuration Database, Management Layer can control,
monitor, start, and stop them. Even if you do not use the Management Layer to start a particular application, the
application’s runtime status is displayed. This functionality is also supported for:
Third-party applications installed as Windows Services
Third-party applications started with a script.
Device security is the defense of IT assets against harm and unauthorized use. Although the term “device security” is not
as widely used as “cybersecurity,” it is a relevant concept that denotes the full range of practices for securing desktop
PCs, laptops, smartphones, tablets, or Internet of Things (IoT) devices.
To reliably fend off modern security threats, a device security strategy must be multilayered, with multiple security
solutions working in tandem with one another and oriented around a consistent set of processes. Moreover, both security
personnel and end-users must be aligned on best practices such as keeping software up to date and using the right access
points or gateways when accessing applications remotely.
Device security has three fundamental components.
People: Security experts, whether in-house or at a cloud service provider, are the core of device security. They decide
what tools and controls are implemented and monitor environments for anomalies and threats. Security leaders are also
important in educating users about how to prevent sensitive data leakage and avoid risky behaviors, especially when
working remotely.
Processes: Effective device security requires a systematic approach to dealing with each threat, with security policies
and plans that follow best practices. For example, the National Institute of Standards and Technology offers a framework
with a continuous cycle of Identify > Protect > Detect > Respond > Recover that can be followed when confronted with
malware or ransomware.
Technologies: Many technical solutions are available for securing environments against threats. Web application
firewalls (WAFs), analytics, bot identification and management platforms, antimalware programs, email security, and
more are among the most commonly deployed for this purpose. The exact mix of tools changes over time. For
instance, secure internet access may replace a traditional virtual private network (VPN).
Device security is also important because remote work and cloud applications have become the norm. Applications are
accessed from numerous locations and mobile devices over the internet. Without the right protections for both the apps
themselves and their modes of access, organizations will be exposed to significant risks from hackers and cybercriminals.
There are several main subcategories of device security that must be integrated into any overarching cybersecurity
strategy, including but not limited to:
Network security
This is the protection of networks against the entry and spread of threats. In recent times, the secure access service edge
(SASE)has emerged as an important model for network security, as it combines the features of a software-defined WAN
(SD-WAN) with a variety of controls such as secure web gateways (SWGs) and cloud application security brokers.
Application security
Application security encompasses all of the measures for making applications themselves secure. Much of this work
happens during development, through the inclusion of relevant security features. Subsequent updates to software are then
critical to thwarting cyberattacks.
Cloud security
Cloud security includes both the mechanisms for protecting applications (e.g., encryption) and for securing access to
them. Across remote work environments, mechanisms in the latter category may include firewalls,
SWGs, malware defense, sandboxes, and more. Simultaneously, cloud service providers handle many app-specific
security controls on their end.
Data security
In addition to encryption, data security includes tokenization, key management and other measures for protecting
sensitive information and personal data. Access controls like multifactor authentication (MFA) and single sign-on, along
with data loss prevention (DLP) solutions, are also relevant to this device security subcategory.
Endpoint security
Endpoint security is used to protect end user devices and ensure they're safe to connect to corporate networks. This type
of device security especially important at organizations with BYOD (Bring Your Own Device) programs, where
employees may access corporate resources from personal devices that lack IT controls and oversight.
Mobile device management
Mobile device management refers to tools designed specifically to help IT implement mobile device security plans. This
type of device security is especially important at organizations where data, files, and applications are accessed from
personal devices
Device security threats are numerous, but there are a few that deserve particular attention.
Malware: Malware is any type of malicious software. It may be designed to harvest and exfiltrate data, make an
operating system unusable or otherwise disrupt the target device. Subtypes of malware include spyware, trojans, worms,
viruses, and ransomware.
Ransomware: Though it dates back to the 1980s, ransomware has become much more prevalent over time as digital
currencies have made it easier for cyberattack perpetrators to receive payments. Ransomware encrypts data and then
withholds the decryption key until the victim agrees to pay a ransom, typically in Bitcoin or something similar.
Phishing: A phishing attack is a social engineering technique for deceiving a victim into visiting a high-risk domain,
handing over personal information, or accessing a malicious file. It most commonly happens via email but can also occur
through SMS and social media.
Let's discuss some best practices for organizations to consider as part of their cybersecurity strategy. These nine steps can
help eliminate vulnerabilities from systems and networks.
It may be helpful to conduct a cybersecurity audit on your business to assess your current situation. What security measures
are in place? Are all employees aware of potential security risks and threats, and how to protect against them? Are all of the
company’s networks and data protected with several layers of security?
Now, it’s time to develop a people-centric cybersecurity strategy. It needs to be robust, meaning it protects all types of data
but especially sensitive and proprietary information. The strategy should also be people-centric, meaning the strategy
considers its employees and end users and acts in ways that are beneficial to them and their well-being.
Businesses need to continually update security policies as different departments and functions adopt new technology, tools,
and ways of dealing with data. Security policies are crucial to have—they must be updated regularly and employees need to
be trained to comply with each policy update.
A best practice for enforcing security policies is zero-trust architecture, which is a strategic approach to cybersecurity that
continuously validates at every stage of a digital interaction with data. Examples of this include multi-factor authentication
and computer settings that require users to enter their password whenever they’re away for 10 minutes.
Most organizations accumulate huge amounts of data on customers and users. This requires businesses to be strategic about
backing up their data—and how those backups are managed. Employees should be trained to update their software
whenever an upgraded version is available, which usually means the program added new features, fixed bugs, or improved
security.
Regular internet users might be familiar with password requirements such as using uppercase and lowercase letters,
symbols, and numbers to create a strong password. Company systems and tools tend to have similar requirements. Some
organizations might even provide complicated passwords to users to ensure maximum security.
Another common practice these days is to use multi-factor authentication, where you’ll need to verify your identity on two
different devices (usually your phone and computer) to decrease the likelihood of fraudulent activity.
Business leaders can benefit from working with their IT department and support staff to manage cyberattacks. They can also
prevent these risks and threats from happening in the first place. What those preventative measures look like will vary
depending on the organization’s size, industry, and other factors. This might involve working with a cybersecurity
consultant alongside your IT team to determine strategies like whether to use cloud technologies, which types of security
measures to take, and how to best roll out a plan for employees and end users.
6. Conduct regular cybersecurity audits.
In addition to collaborating with the IT team, it is wise to conduct regular cybersecurity audits. A cybersecurity audit
establishes criteria that organizations and employees can use to check they are consistently defending against risks,
especially as cybersecurity risks grow more sophisticated.
Audits should be conducted at least once a year, though experts recommend that businesses dealing with personal
information and big data should audit twice a year at minimum [1]. Cybersecurity auditing helps businesses keep up with
compliance and legal requirements. Auditors might encourage an organization to simplify and streamline their tools and
processes, which contribute to greater defense against cyberattacks.
In every organization, the IT team is responsible for managing who gets access to information, and that includes controlling
access to security passwords, highly classified information, and more. At times, only a handful of people can be entrusted
with the company’s financial data and trade secrets. Most employees are granted the fewest access rights possible, and
sometimes given access only upon request or during specific circumstances.
Third-party users with access to your organization’s systems and applications have the ability to steal your data, whether or
not it is intentional. Either way, they can cause cybersecurity breaches. By monitoring user activity, taking care to restrict
access to sensitive information, and providing one-time passwords, you can detect malicious activity and prevent breaches
from occurring.
Finally, all of these cybersecurity best practices are meant for businesses to implement—but much of it relies on employees
to make sure they’re creating strong passwords and upholding all security policies. Cybersecurity and IT training should be
provided when employees receive onboarding at the start of their journey with your organization.
Ongoing education, IT support, and security updates should be ingrained in their workflow to continue to ensure
cybersecurity measures are taken. Companies should raise awareness to employees that they are complying with
cybersecurity practices, explain why they’re important, and provide clear guidelines on what’s expected of them.
Firewall: Firewall is the specified version of router. In this all data packets are entering or leaving the network pass
through firewall and after examine firewall decide whether to allow or not.In firewall all traffic must pass through it and
only authorized traffic should be allow to pass. Firewall should be strong.
Antivirus: Antivirus is an application or software which provides security from the malicious software coming from the
internet. An antivirus chases the method in which it performs 3 actions which are:
Detection
Identification
Removal
Antivirus deals with both external threats and internal threats. It is implemented only software not in hardware also.
1. Firewall is implemented in both hardware and software. Antivirus is implemented in software only.
In firewall counter attacks are possible such as IP In antivirus no counter attacks are possible after
3.
Spoofing and routing attacks. removing the malware.>
5. Firewall checks the threat from incoming packets. Antivirus checks the threat from malicious software.
Firewall management is the process of configuring and monitoring a firewall to maintain a secure network. Firewalls are
an integral part of protecting private networks in both a personal and business setting.
To understand the tasks needed to manage firewalls, organizations should first understand the different available firewall
options. Organizations utilize a range of different firewall types to protect their networks. The different types of firewalls
will have a shared goal: protect the network and infrastructure from malicious external traffic. However, each type will
vary in the process of achieving this aim.
These firewalls can be in the form of software or hardware, and increasingly are cloud-based. There are three common
types of firewalls in use by organizations, each with a different way of functioning. Each firewall type has its benefits
and drawbacks when protecting a private network. Individual types also vary in terms of complexity and security. The
three main types of firewall are:
1. Proxy firewalls
A proxy firewall acts as a sort of ‘go-between’, preventing a direct connection between a device and network. A device
will first connect to the proxy, and then the proxy will make the relevant connection to the network destination. Because
it prevents a direct connection, it is one of the most secure types of firewall.
This type of firewall can be on a proxy device or can be cloud-based. A proxy server will act as a bottleneck for requests,
so will often cache commonly requested content and keep logs. However, as the gateway for numerous devices, the
speed of connection can sometimes be an issue.
2. Traditional firewalls
Stateful and stateless inspection firewalls are both often described as ‘traditional firewalls’. These firewalls control and
filter the flow of network traffic based on pre-set conditions such as source, destination, or port address. These firewalls
will allow only trusted traffic to enter and leave a network.
Rules can be created and enforced on specific traffic flows, and traffic with suspicious sources can be barred. These types
of firewalls are common in out-of-the-box solutions and products.
Older traditional firewalls tend to offer stateless inspection, which identifies and checks traffic based on static criteria.
Newer traditional firewalls offer ‘stateful’ inspection, which allows firewalls to gauge the state or context of connections
and traffic.
As the name suggests, next generation firewalls (NGFW) are more advanced versions of traditional firewalls. Many next
generation firewalls have the added ability to filter traffic based on applications. This helps organizations protect against
more advanced threats. They can also act as an anti-virus, blocking specific malware from accessing networks. These
systems combine traditional firewalls with an intrusion detection system, which actively monitors the network for
malicious activity.
Next generation firewalls may also be updated in line with up-to-date cybersecurity threats, helping to identify and
mitigate emerging risks. For this reason, next generation firewalls offer high levels of security to organizations when
implemented.
Here are five best practice tips for getting the most out of firewall management, including setting up the firewall itself
and embedding the policies.
When configuring a firewall, it’s important to start by blocking access to the network from all traffic. Rules and policies
can then be introduced to highlight the traffic that is permitted to connect to the network.
Blocking all devices and traffic by default lowers the risk of a data breach, as only trusted traffic is given access. Any
rules which give access to traffic should be tightly controlled, with close parameters. This will lower the risk of
unauthorized traffic entering or leaving the network.
2. Regularly audit firewall rules and policies
Regularly audit rules and settings to remove any unused, old rules, as well as any that conflict. Old or unused rules can
be exploited to gain access to the network, heightening the chance of cyber attacks. By highlighting and updating old
rules, firewalls can become more efficient as well as more secure.
Because a firewall may have hundreds of different rules, sometimes new rules may conflict with an existing one.
Conflicting rules may mean the firewall isn’t functioning as intended, causing unforeseen vulnerabilities. By auditing
firewalls, these conflicting rules can be resolved and replaced.
A good source of information will be the firewall logs. Changes, access, and events should be recorded within the log,
which help the process of improving firewall rules.
3. Keep the firewall up-to-date
Firewall software should be kept up-to-date so any vulnerabilities highlighted by the vendor can be fixed. The latest
version will ensure the firewall will be as efficient and secure as possible. Where possible, any software updates or
patches should be automated.
Firewall management is an important responsibility, and there’s a severe risk in allowing too many users access to
firewall settings. Those with access should be senior network administrators, and all changes to configuration should be
monitored.
Users should have varying degrees of access on a case-by-case basis. User access should be logged and audited regularly,
and only be granted if there is a business need. Control of authorized users limits the risk of accidental or malicious
changes to settings and configurations.
Changes to firewall rules should be well documented within the organization so any damaging changes can be reversed.
If rules are documented, it lessens the risk of conflicting rules causing unforeseen access issues in the network.
A clear process for recording and approving changes to firewall rules should be set as part of the management system.
Documentation should record the business requirements for any change, and the context for the decision. New rules can
be assessed for their business needs and risk levels.
Documentation and logs should be centralized in the organization so that records are accessible. A centralized approach
will help with strategic decision-making.
WI-FI SECURITY:
Wi-Fi security is the protection of devices and networks connected in a wireless environment. Without Wi-Fi security, a
networking device such as a wireless access point or a router can be accessed by anyone using a computer or mobile
device within range of the router's wireless signal.
Using open or unsecured networks can be risky for users and organizations. Adversaries using internet-connected devices
can collect users' personal information and steal identities, compromise financial and other sensitive business data,
"eavesdrop" on communications, and more.
Most devices feature default administrator passwords, which are meant to make setup of the devices easy. However, the
default passwords created by device manufacturers can be easy to obtain online.
Changing the default passwords for network devices to more-complex passwords—and changing them often—are simple
but effective ways to improve Wi-Fi security. Following are other Wi-Fi network security methods:
Media Access Control (MAC) addresses
Another basic approach to Wi-Fi security is to use MAC addresses, which restrict access to a Wi-Fi network. (A MAC
address is a unique code or number used to identify individual devices on a network.) While this tactic provides a higher
measure of security than an open network, it is still susceptible to attack by adversaries using "spoofed" or modified
addresses.
Encryption
A more common method of protecting Wi-Fi networks and devices is the use of security protocols that utilize encryption.
Encryption in digital communications encodes data and then decodes it only for authorized recipients.
There are several types of encryption standards in use today, including Wi-Fi Protected Access (WPA) and Wi-Fi
Protected Access 2 (WPA2). See the section "Types of wireless security protocols" on this page for more details about
these and other standards related to Wi-Fi security.
Most newer network devices, such as access points and Wi-Fi routers, feature built-in wireless-security encryption
protocols that provide Wi-Fi protection.
A VPN can encrypt a user's internet connection. It also can conceal a user's IP address by using a virtual IP address it
assigns to the user's traffic as it passes through the VPN server.
Security software
There are many types of consumer and enterprise software that also can provide Wi-Fi security. Some Wi-Fi protection
software is bundled with related products, such as antivirus software. For more information about Wi-Fi security
software, see the next question.
This article describes steps to configure a security policy setting on the local device, on a domain-joined device, and on a
domain controller. You must have Administrators rights on the local device, or you must have the appropriate
permissions to update a Group Policy Object (GPO) on the domain controller to perform these procedures.
When a local setting is inaccessible, it indicates that a GPO currently controls that setting.
1. To open Local Security Policy, on the Start screen, type secpol.msc, and then press ENTER.
2. Under Security Settings of the console tree, do one of the following:
Select Account Policies to edit the Password Policy or Account Lockout Policy.
Select Local Policies to edit an Audit Policy, a User Rights Assignment, or Security Options.
3. When you find the policy setting in the details pane, double-click the security policy that you want to modify.
4. Modify the security policy setting, and then select OK.
Note
Some security policy settings require that the device be restarted before the setting takes effect.
Any change to the user rights assignment for an account becomes effective the next time the owner of the account
logs on.
To configure a security policy setting using the Local Group Policy Editor console
You must have the appropriate permissions to install and use the Microsoft Management Console (MMC), and to update
a Group Policy Object (GPO) on the domain controller to perform these procedures.
2. In the console tree, click Computer Configuration, select Windows Settings, and then select Security Settings.
Select Account Policies to edit the Password Policy or Account Lockout Policy.
Select Local Policies to edit an Audit Policy, a User Rights Assignment, or Security Options.
4. In the details pane, double-click the security policy setting that you want to modify.
The following procedure describes how to configure a security policy setting for only a domain controller (from the
domain controller).
1. To open the domain controller security policy, in the console tree, locate GroupPolicyObject
[ComputerName] Policy, click Computer Configuration, click Windows Settings, and then click Security
Settings.
2. Do one of the following:
Double-click Account Policies to edit the Password Policy, Account Lockout Policy, or Kerberos
Policy.
Select Local Policies to edit the Audit Policy, a User Rights Assignment, or Security Options.
3. In the details pane, double-click the security policy that you want to modify.
Note
If this security policy has not yet been defined, select the Define these policy settings check box.