Unit 3

Cybersecurity
Cybersecurity means protecting computers from viruses and other types of malware using
anti-virus software or other security programs
Cybersecurity is the technology and process that is designed to protect networks and devices
from attacks, damage, or unauthorized access. The basic cybersecurity concepts involve
reducing cyber-attack risks and preventing unauthorized access to systems, networks, and
technologies
Cybersecurity is essential for a country’s military, hospitals, large corporations, small
businesses, and other organizations and individuals since data is now the cornerstone of any
organization. If that data is exploited, then there are a lot of risks

Fundamentals of Cybersecurity
1. Device Protection

With the rise in cyber threats, individuals and companies should prioritize device
protection. It is crucial to protect devices that connect to the internet using anti-virus
software, enables the lock-and-erase options, activate two-factor authentication, and
perform a regular automatic update of the system software, whether they are laptops, PCs,
mobile phones, AI-based devices (Alexa, smart watches, etc.), iPads, tables, or any device
that connects to the internet. Device protection will significantly reduce the risk of attacks
on individuals and their devices regardless of their location.

2. Securing Online Connection

Once an individual device is connected online, information transmitted over the Internet
requires more defenses. Furthermore, one should use VPNs: Virtual Private Networks as
they automatically encrypt internet traffic. By using a VPN, all online transactions are
secured, including the user’s identity, location, browsing details, and any sensitive
information such as passwords and bank details.

3. Securing Email Communication

Cybercriminals often use email to gather sensitive information about individuals or

companies. It is highly recommended to encrypt emails to prevent sensitive data from
being accessed by anyone other than the intended recipient since they mask the original
information. In addition, email encryption often includes one-time password
authentication.

4. Protecting and Performing Timely Backups of Files and Documents

Backups fall into two categories: Remote backups (offline) and cloud storage (online).
Solutions differ in their advantages and disadvantages.

Remote backup services are convenient and inexpensive, but it is not easily accessible
from anywhere. Alternatively, cloud solutions can be accessed from anywhere and are
suitable for an organization that operates from different locations.

Cyber threats can, however, affect anything connected to the internet. With a database and
infrastructure security management system, the cloud computing solution is highly secure,
with strong network security, application security, and cloud security. Additionally, strong
mobile security enhances cloud computing security.

Penetration Security

Penetration testing, or pen testing, is the practice of running controlled attacks on a computer
system, network, software, or other application in an attempt to find unpatched vulnerabilities
or flaws. By performing pen tests, an organization can find ways to harden their systems
against possible future real attacks, and thus make them less exploitable.

Penetration tests (pen tests) are simulated cyberattacks designed to assess the cybersecurity of
your organizational technologies and systems. Composed of multiple steps, this process:

 Tests your organization’s information security of both technologies and systems

 Identifies vulnerabilities in your cybersecurity posture before threat actors do
 Helps your organization remediate security and compliance gaps

Pen tests are performed by ethical hackers, meaning the tests involve carrying out attacks on
real systems and data using the same tools and techniques an actual attacker would. However,
the information collected is not sold to malicious third-party groups, and the organization is
not placed in actual danger.

Benefits of penetration testing?

Ideally, software and systems were designed from the start with the aim of eliminating
dangerous security flaws. A pen test provides insight into how well that aim was
achieved. Pen testing can help an organization
  Find weaknesses in systems
 Determine the robustness of controls
 Support compliance with data privacy and security regulations (e.g., PCI
DSS, HIPAA, GDPR)
 Provide qualitative and quantitative examples of current security posture and budget
priorities for management

Malware
Malware is malicious software such as spyware, ransomware, viruses and
worms. Malware is usually installed into the system when the user opens a
malicious link or email. Once installed, malware can block access to critical
components of your network, damage your system, and export confidential
information to destinations unknown

 Spyware allows attackers to obtain information about your computer activities

by transmitting data covertly from your hard drive.

 Ransomware blocks access to files on a device, rendering any files (and the
systems that rely on them) unavailable. Usually, malicious actors demand a cash
ransom in exchange for a decryption key.
 A backdoor circumvents routine authentication procedures to access a system.
This gives the attacker remote access to resources within an application, such as
databases and file servers, and allows malicious actors to issue system
commands and update malware remotely.
 Trojans are malware or code that acts as a legitimate application or file to trick
you into loading and executing the malware on your device. A trojan’s goal is to
damage or steal your organization’s data or to inflict some other harm on your
network.
 A computer virus is malicious code designed to spread from device to device.
These self-copying threats are usually intended to damage a machine or steal
data.
 Worms are malware that spread copies of themselves from computer to
computer without human interaction. They do not need to attach themselves to a
software program to cause damage..

Your organization can prevent malware-based cyber attacks by:

 Using reputable antivirus and anti-malware solutions, email spam filters, and
endpoint security solutions.
 Ensuring that your cybersecurity updates and patches are all up to date.
 Requiring your employees to undergo regular cybersecurity awareness training
to teach them how to avoid suspicious websites and to avoid engaging with
suspicious emails.
 Limiting user access and application privileges.

Que. Explain Types of Virus

Virus
 A virus is a program which attaches itself to another program & causes
damage to the computer system or network.

 It is a type of malicious software program that spread throughout the

computer files if user install a file or open a program without the
knowledge of a user & its need human action to spread in computer. All
computer viruses are manmade.

 It is a self-replicating malicious computer program that replicates by

inserting copies of itself into other computer programs when executed. It
can also execute instructions that cause harm to the system.

Types Virus
Boot Sector Virus

Your computer drive has a sector solely responsible for pointing to the operating
system so that it can boot into the interface. A boot sector virus damages or controls
the boot sector on the drive, rendering the machine unusable. Attackers usually use
malicious USB devices to spread this computer virus. The virus is activated when
users plug in the USB device and boot their machine.

Parasitic Virus

Parasitic virus attacks the file using the extensions .exe or .com. It spreads
the virus by attaching itself to another program. It is also called a file virus.
The Parasitic virus hides them in a file and runs along with the file. To avoid
this virus, users should avoid clicking unwanted links.

Overwrite Virus – One of the most harmful viruses, the overwrite virus can
completely remove the existing program and replace it with the malicious code by
overwriting it. Gradually it can completely replace the host’s programming code with
the harmful code.

Resident Virus

A virus that can access computer memory and sit dormant until a payload is
delivered is considered a resident virus. This malware may stay dormant until a
specific date or time or when a user performs an action.
Polymorphic Virus

Malware authors can use polymorphic code to change the program’s footprint to
avoid detection. Therefore, it’s more difficult for an antivirus to detect and remove
them.

Macro Virus

Microsoft Office files can run macros that can be used to download additional
malware or run malicious code. Macro viruses deliver a payload when the file is
opened and the macro runs.

Stealth Virus

Stealth virus is computer viruses that are hidden inside a file in the operating
system. It steals the data, changes the encryption of data, and undergoes a
self-modification of the code. It is unnoticeable by the users and usually hide
in the boot part of the system

Web Scripting Virus

Most browsers have defenses against malicious web scripts, but older, unsupported
browsers have vulnerabilities allowing attackers to run code on the local device.

Browser Hijacker

A computer virus that can change the settings on your browser will hijack browser
favorites, the home page URL, and your search preferences and redirect you to a
malicious site. The site could be a phishing site or an adware page used to steal
data or make money for the attacker.

File Infector Virus

To persist on a system, a threat actor uses file infector viruses to inject malicious
code into critical files that run the operating system or important programs. The
computer virus is activated when the system boots or the program runs.

Direct Action Virus

When a user executes a seemingly harmless file attached to malicious code, direct-
action viruses deliver a payload immediately. These computer viruses can also
remain dormant until a specific action is taken or a timeframe passes.

Multipartite Virus

These malicious programs spread across a network or other systems by copying

themselves or injecting code into critical computer resources.
 Worms
Worms are malware that spread copies of themselves from computer to
computer without human interaction. They replicate itself ,They do not need to
attach themselves to a software program to cause damage..

 It is a type of malware whose primary function is to replicate itself to spread to

uninfected computers. It works same as the computer virus. Worms often
originate from email attachments that appear to be from trusted senders

 When worm replicate itself victim computer processing power , memory get
slow down , in some cases it may even cause system to crash

 In 2001, a worm named NIMDA spread across the entire network in just
22 minutes

 2. Worm

 It is a type of malware whose primary function is to replicate itself to

spread to uninfected computers. It works same as the computer virus.
Worms often originate from email attachments that appear to be from
trusted senders.

Spyware
Spyware is a type of malicious software -- or malware -- that is installed on a
computing device without the end user's knowledge. It invades the device, steals
sensitive information and internet usage data, and relays it to advertisers, data firms
or external users.

Spyware is one of the most common threats to internet users. Once installed, it
monitors internet activity, tracks login credentials and spies on sensitive
information. The primary goal of spyware is usually to obtain credit card numbers,
banking information and passwords.

What does spyware do

 Spyware spy on users’s behaviours , They can watch web pages you visit
& report that information to server or person

 It shows unwanted advertising popup ads. As it spy pusesh ads that user
likes
  Spyware can use unwanted memory & bring performance slow.

 They can allow installation of backdoors, can change settings, hijack your
browse

Mobile Protection
Mobile security is the protection of smartphones, tablets, laptops and other portable
computing devices, and the networks they connect to, from threats and vulnerabilities
associated with wireless computing.

Mobile Device Security refers to the measures designed to protect sensitive information
stored on and transmitted by laptops, smartphones, tablets and other portable devices. At the
root of mobile device security is the goal of keeping unauthorized users from accessing the
enterprise network.

How does Mobile Device Security work?

Securing mobile devices requires a multi-layered approach and investment in enterprise

solutions. While there are key elements to mobile device security, each organization needs to
find what best fits its network.

 Enabled autolock atleast min 2 minutes.

 Use Software & OS Upto date-New Version
 Disable Location services
 Avoid Installing Third Party Application(Beware of App)
 Security Training must be given
 Avoid Public Wifi
 Mobile Device Encryption
 Leverage biometrics
 Use of Untrusted Content like QR
 Dont interact with other system

 Password/Pin protection

One of the most basic ways to prevent unauthorized access to a mobile device is to create a
strong password, and yet weak passwords are still a persistent problem that contributes to the
majority of data hacks. Another common security problem is workers using the same
password for their mobile device, email, and every work-related account. It is critical that
employees create strong, unique passwords (of at least eight characters) and create different
passwords for different accounts.

 Leverage biometrics

Instead of relying on traditional methods of mobile access security, such as passwords, some
companies are looking to biometrics as a safer alternative. Biometric authentication is when a
computer uses measurable biological characteristics, such as face, fingerprint, voice, or iris
recognition for identification and access. Multiple biometric authentication methods are now
available on smartphones and are easy for workers to set up and use.

 Avoid public Wi-Fi

A mobile device is only as secure as the network through which it transmits data. Companies
need to educate employees about the dangers of using public Wi-Fi networks, which are
vulnerable to attacks from hackers who can easily breach a device, access the network, and
steal data. The best defense is to encourage smart user behavior and prohibit the use of open
Wi-Fi networks, no matter the convenience.

 Beware of apps

Malicious apps are some of the fastest growing threats to mobile devices. When an employee
unknowingly downloads one, either for work or personal reasons, it provides unauthorized
access to the company’s network and data. To combat this rising threat, companies have two
options: instruct employees about the dangers of downloading unapproved apps, or ban
employees from downloading certain apps on their phones altogether.

 Mobile device encryption:

Most mobile devices are bundled with a built-in encryption feature. Users need to
locate this feature on their device and enter a password to encrypt their device. With
this method, data is converted into a code that can only be accessed by authorized
users. This is important in case of theft, and it prevents unauthorized access.

Why is Mobile Device Security important?

With more than half of business PCs now mobile, portable devices present distinct challenges
to network security, which must account for all of the locations and uses that employees
require of the company network. Potential threats to devices include malicious mobile apps,
phishing scams, data leakage, spyware, and unsecure Wi-Fi networks. On top of that,
enterprises have to account for the possibility of an employee losing a mobile device or the
device being stolen. To avoid a security breach, companies should take clear, preventative
steps to reduce the risk.
Benifits :- The most obvious benefit to mobile security is preventing sensitive data from
being leaked or stolen. Another important benefit, however, is that by diligently adhering to
security best practices, an organization may be able to prevent ransomware attacks that target
mobile devices.

Que. Discuss Working of Firewall & Characteristics of Firewall & also writes its Goal.

Que. Explain Firewall Design Principles, What are the different Types of Firewall.

Firewall
A firewall is a network security device that monitors incoming and outgoing
network traffic and decides whether to allow or block specific traffic based on a
defined set of security rules.
All communication must pass through firewall
The firewall permits only traffic that is athorized

Why Firewall
Firewalls are primarily used to prevent malware and network-based attacks.
Additionally, they can help in blocking application-layer attacks. They monitor
every attempt between our computer and another network. They do not allow
data packets to be transferred through them unless the data is coming or going
from a user-specified trusted source.

Firewalls are designed in such a way that they can react quickly to detect and
counter-attacks throughout the network. They can work with rules configured to
protect the network and perform quick assessments to find any suspicious
activity. In short, we can point to the firewall as a traffic controller.
Functions of Firewall
o Network Threat Prevention
o Application and Identity-Based Control
o Hybrid Cloud Support
o Scalable Performance
o Network Traffic Management and Control
o Access Validation
o Record and Report on Events

Firewall Design Principles

1. Developing Security Policy
Security policy is a very essential part of firewall design. Security policy is
designed according to the requirement of the company or client to know which
kind of traffic is allowed to pass. Without a proper security policy, it is
impossible to restrict or allow a specific user or worker in a company network
or anywhere else.

2. Simple Solution Design

If the design of the solution is complex. then it will be difficult to implement
it. If the solution is easy. then it will be easier to implement it. A simple design
is easier to maintain. we can make upgrades in the simple design according to
the new possible threats leaving it with an efficient but more simple structure.
The problem that comes with complex designs is a configuration error that
opens a path for external attacks.
3. Choosing the Right Device
Every network security device has its purpose and its way of implementation.
if we use the wrong device for the wrong problem, the network becomes
vulnerable. if the outdated device is used for a designing firewall, it exposes
the network to risk and is almost useless. Firstly the designing part must be
done then the product requirements must be found out, if the product is already
available then it is tried to fit in a design that makes security weak.
4. Layered Defense
A network defense must be multiple-layered in the modern world because if
the security is broken, the network will be exposed to external attacks.
Multilayer security design can be set to deal with different levels of threat. It
gives an edge to the security design and finally neutralizes the attack on the
system.
5. Consider Internal Threats
While giving a lot of attention to safeguarding the network or device from
external attacks. The security becomes weak in case of internal attacks and
most of the attacks are done internally as it is easy to access and designed
weakly. Different levels can be set in network security while designing
internal security. Filtering can be added to keep track of the traffic moving
from lower-level security to higher level.

Types of Firewall:
Firewalls are categorized into eight main types concerning their general structure and
operation behaviour. All the types are listed and briefly described below.

1. Packet Filtering
2. Circuit Level Gateways
3. Application Level Firewalls

1. Packet Filtering:

As the “simple” and “earliest” firewall architecture type, packet-filtering

gateways essentially create a barrier at a communication router or switch.
Router as part of a firewall usually performs a packet filtering. Packet filtering
firewall applies some set of rules to each incoming IP packets & then forward or
discard the packets. The gateway performs a fast analysis of the data packets passing
through the router without manipulating the packet to determine its structure,
evaluating data such as the destination and source IP address, packet sorting,
port number, and other surface-level information. If the data packet does not fulfil
the requirements it will be dropped in that case.
Rules are based on information contained in a network packet.
Source IP Adress: The system IP address that originated the IP packets
 Destination I{P address: IP address of the another system the IP packet is
trying to reach.
Advantages: Simplicity, Transparency to the user, High Speed
Disadvantages: Difficulty of setting up packet filtering rules
,Lack of authentication

2. Application Level Firewall:

Application level gateway also called as proxy server, This is because it act like
a proxy and decide about the flow of application level traffic. An internal user
contacts the application level gateway using a TCP/IP application, such as
Telnet or FTP or HTTP.

The type of filter is present between the clients’ network and the source where
incoming traffic will be filtered. The firewall operates at the application layer.
That is why the type of firewall is known as an application-level gateway. The
functionality of such kinds of firewalls can be achieved through clouds or
proxy devices. Proxies develop a connection with the traffic source and
evaluate the data packets, then dispatch each packet after verification to the
destination. Stateful inspection firewall evaluates the packets in the same
manner that monitors both the data packets along with TCP protocol.

Advantages:
Higher security that packet filtering,
Easy to log & audit all incoming traffics
3. Circuit Level Gateways:
Circuit-level gateways serve as a key gateway group by testing the consensus
of the transmission control protocol (TCP) that is designed to allow or deny
data easily and effectively without needing considerable computational power.
 This quest for TCP contact is intended to guarantee that the packet is from a
valid link.
Though extremely resource-efficient, these gateways don’t test the data packet
itself. So if a packet is harmful, but had the correct TCP arrangement, it must
pass through it positively. Therefore, circuit-level firewalls are not adequate to
secure the entity alone.

Firewall Characteristics:
Major characteristics related to firewall protection are described below.

1. Various protection levels

2. Wireless network (Wi-fi) Protection
3. Internet and network access
4. Blockage against unauthorized access
5. Protection against malware
6. Provide access only to valid data packets
7. Provision of different configurations
8. Provision of numerous security policies
9. Allowing to pass authorized traffic that fulfils a set of rules
10. Firewall functions like an immune system for malware and unauthorized
access; therefore, it ensures a secure system and an OS.

Goal of Firewall
Firewalls are commonly used to secure home networks from
threats coming external networks such as the Internet. They can prevent
outsiders from gaining access to private information and taking control of
devices on a network.
 Data packets with threats and malicious elements will be blocked from
reaching you or your device. This includes malware like Trojans.

 It will prevent hackers and automated bots from reaching your computer.
Hackers and bots can attempt to use your computer to mine
cryptocurrency, spread viruses, and perform other actions that range from
actively malicious to using up your processing power.
  Firewalls protect your privacy so third-party agents and systems can’t
access your personal data, passwords, and even your IP address.

Que. Describe various types of VPN

VPN
A virtual private network, or VPN, is an encrypted connection over the Internet
from a device to a network. The encrypted connection helps ensure that
sensitive data is safely transmitted. It prevents unauthorized people from
eavesdropping on the traffic and allows the user to conduct work remotely.
VPN technology is widely used in corporate environments.
Working of VPN
A VPN extends a corporate network through encrypted connections made over the Internet.
Because the traffic is encrypted between the device and the network, traffic remains private
as it travels. An employee can work outside the office and still securely connect to the
corporate network. Even smartphones and tablets can connect through a VPN.
A VPN hides your IP address by letting the network redirect it through a specially configured remote
server run by a VPN host. This means that if you surf online with a VPN, the VPN server becomes the
source of your data. This means your Internet Service Provider (ISP) and other third parties cannot see
which websites you visit or what data you send and receive online. A VPN works like a filter that
turns all your data into "gibberish".

What is secure remote access?

Secure remote access provides a safe, secure way to connect users and devices remotely to a
corporate network. It includes VPN technology that uses strong ways to authenticate the user
or device. VPN technology is available to check whether a device meets certain requirements,
also called a device’s posture, before it is allowed to connect remotely.

Types of VPN
There are many different types of VPNs, but you should definitely be familiar with the three
main types:

1. Remote Access VPN: A remote access VPN is designed to link remote users
securely to a corporate network. For instance when the COVID-19 pandemic
emerged in 2020, many organizations transitioned to a remote workforce, and set
up secure remote access VPNs from the remote clients to connect to critical
business operations at the corporate site.
2. Site-to-site VPN
A site-to-site VPN is essentially a private network designed to hide private intranets and
allow users of these secure networks to access each other's resources.

A site-to-site VPN is useful if you have multiple locations in your company, each with its
own local area network (LAN) connected to the WAN (Wide Area Network). Site-to-site
VPNs are also useful if you have two separate intranets between which you want to send files
without users from one intranet explicitly accessing the other.

Site-to-site VPNs are mainly used in large companies. They are complex to implement and
do not offer the same flexibility as SSL VPNs. However, they are the most effective way to
ensure communication within and between large departments.

3.Client-to-Server VPN
Connecting via a VPN client can be imagined as if you were connecting your home PC to the
company with an extension cable. Employees can dial into the company network from their
home office via the secure connection and act as if they were sitting in the office. However, a
VPN client must first be installed and configured on the computer.
This involves the user not being connected to the internet via his own ISP, but establishing a
direct connection through his/her VPN provider. This essentially shortens the tunnel phase of
the VPN journey. Instead of using the VPN to create an encryption tunnel to disguise the
existing internet connection, the VPN can automatically encrypt the data before it is made
available to the user.

4. VPN as a Service:

as a Service or a cloud VPN is a VPN hosted in cloud-based infrastructure where

packets from the client enter the Internet from that cloud infrastructure instead of
the client’s local address. Consumer VPNs commonly use this model, enabling
users to protect themselves while connecting to the Internet via insecure public Wi-
Fi and provide some anonymity while accessing the Internet.