Digital _Assignrnent = 2 Narne : Sushant Grapta Reg. ros 22BCE3924 Questin No. ta In fre che scenario, an email named " cardiclate Resume. zip 7 ic received. Shortly aber download and open slow performance, unauthorized transachions are noticed. Based on the above assumphen a experiences it coulel be skated thot cyber threat here ts “Trojan Horse” Tejon Hee: A TWojon Horse is a type ot rralwcpe Arguisecl as lesiitirrerle coftwore- Te tricks users into installing it grenting attackers cecess Jem. One insicle, it an steal data, mentor achiities, or to the 5° Lr the further ataeks, all while appearing harmless create backdaws to the user. Response to Prevent Further Samer + Trnmediate tcoletion of infectecl systems. + Caduct Ferensic ondlysis to trace malwore behaviour - ke access andl reset affededt crederrtrals /accounts. + Revol « Restore access trom clean beckups * Update ond patch all systems to eliminate braun threats.| | | | | | 1 | | } } | | [Desai Riecrenesa) a Wesrures ° Epforce the use of sheng, unique esswercls arcl promote the we of passurd meager. ° Require MFA for arccessing cern pent systems endl accounts. ° Test emplajee receliness with mack phising emails to reinforce haining . * Enewe systems ant onlivius scBwore are up to ole to pakch cas vulnerabilities - * Provide a clear process for reperting suspicious activity or errails immediately. GQuesin No. 1b ea Malicrous cele Cor malware) refers to any sofware intentionally designe! yo cause damage to computers, netwerks or clita. Here cre the main types of malicious cece , their irnpacts and real ~ eworlel exeirnples: 4. Virus « Pliaches to legitirade files or programs and replicates when the file is run. + Georple = TLOVE YOU Virus (2000) + Spreock threagh errai| , overwrote Ailes, ancl caused billions in dameges globally. 2. Worrns . Self replicotes ore spreacls across rebuke witha eecling o host fle + Example: WannaChy C2049): A resemutare ever Head explottecl e Cui loves vulneobility lacking up syslems in 150% ccuntrias- Po3 Trojan Horse: Bisguisedl as. legitiraste software hd performs malicious achens + Garnple: Grotet Trejar: Originally a banking trejan, aplved into a leider for other malware. 4. Ransornware * . Enerypts user clea cn a Excurmple* Colonial Pipeli halted fuel deliveg rel clemards payments fr decryphen- ye Attack (2081): Rensomware alterck phat accross the US East Coast- 5. Spyware + » Scerelly collects User information Chegshokes, browsing habits, ek) + Example: Pegasus + Sywore Hat infected srrartphenes through zero-clizk vulnerabilities Question No. 2 Potential Weaknesses _ in the Authertvccrian Setup : 4. Grreil ~ Beseol OTP Weaknesies +E obtackes gear occes to an emplajee's serail Cvin week passusereh credentiak leaks, or malware), Pep can Inkereeph OTM ond byposs WA. 2- Session Hijacking: + Attackers con intercepls OTP if emplayees use usecural petewerks. * If OTPs are stored Insecurely Cy. ieWerrai raise oy SMS kegs). altackers can reuse them3. Butte ~ Force Altrcks mel Greclershes! Shetfing: + If employees use weak a reusecl Passucercles atteck ers a easilg Compromise accourts oles pite MFA: 4. Bevice - Bosecl Vulnerabilities : » Malware ov Keplegge enph yee clevzes car apie both passvorrel s ord OTR + SIM Swapping Cif Of ove sent wa SMS) allot abeckers to hijack mobile numbers omel receive OTP a. Stronger MFR Metads + + Buthenticater Apps geneate time-based OTP>. + Herchuare Security Kops proveteo shorg, phishing - reststont « Brormetnt puftentector ockl another lager of secur. 2. Zeo Trust & Aclaphve Rutten tication: + Tinplemeot isk baseol autherttcahen, which deteds suspreiee login atlernple gind enforces chicler verification ff necessory. + Rechich cxccess to hagh— risks IGine 3, Preent Phising Alieacks: «duct emplayees on phising awareness Ce. idertpirg fake emails) + Reply ernail AHerirg anol ant - phising softwore to blck molicieus messages. 4. Grherce Srorger Pesswok Policies : + Require long, unkyve Poss cxrds ane encourage. pasword re nagers. + Tinplement possworclless authenticeten cobere posible 2Qassion No 8 Funcionit & reference month : * Corplele _Meclicdion : ~ The reference menitering is invokect for ervey acess aHempt to rescurces, ensuving that all accesses ore checkeck ggeinst fhe security poligy- | * Tam per proof : ~ Ib rust be protededd fier unauthorized! modification maintain | ids integrity anol trustwer thiness . —¢ Assurance: - The ate implementing fhe mepitor's responses shoulel be sir | amd small enough fo be throug hy tested ond oneilyzeed re correctness - Role in Enforcing Secuity Policres : |. Recess Cobol : The reference moniter checks the Privileges of the | users oF process attempting t access a resawee. If the access doesnot comply with the sured foligh, the eve arhion is Hocleel. ° Policy Fofrcoment? Tt can enforce a wide range of security policies by sig predicates to chlemine if an operalicn should proceeel besed | ao the current state and the required access: | + elon + By emuring that Hre mentor ord is able exe celled pe eee | fron wterference , it maintains He secuvity,[a Ropest C ‘eae! jo) / FEST Puthendiention Results ACL Validate Fersission Verify Tenby ee ect Rerrnission Evaluation AlLow) = Medisles all access requests - Gofirces scawity polleg ~ Prevents unautherized access fig: Reference Meniter AnteractionA Firewoa)l ods as a bamier between triste? intemal nehwerks ancl untrusted! eternal nehworks Clike the intemet). Ib months ancl controls incerning end aubgoing traffic based om pro-cletinech seeunty ruleo, helpig prevent unouthersed’ access, clake breaches, and malicious attacks. Types_of Frewelle A. Packet Filtering « * Checks Meockrs of pockets Ue _Gse » Goch fer sivmple celusorks = Beesn't inspect paglazch | | 2: Stalefal Inspectin: + Toke comnection stele ord allows packet aceerclingly Use Case + Maye secure than pa deb fHlerieg . Corman in enterprises 3. Rosp Firewal) : ee ore - Inspects troffic at applectin lee). Use Case S Usk for ccrtant Fileritg ond user-level carted. ropecten, stall filescg,intusen, prevention, + Combines perket ard threat intelligence - opplicatian uae ness > Use_Gse + Rest for connpler enviionments with phiing, malware, obeSeurly Becker | boone Ohl] Pel) Br] Socket Fillerivg Cherraclerishes + Lager 3/4 FiHering + Sxnce [Best notin IP * Rak Number Checks + Static Rule- Based * Lowest Perforencince Stoteful Inspectier Prosy Fire wlll | Chomdershes © Appleahin Layer Filtering * Beep Packet Inspechen * Nehwork Aeblress Tans laden * Coching Gpabilites * High Security Gromulenty P Chavaclerishies \ Gerectenistes > Lomecten State Tackig Byoamte Rule Adjustment «Lager 3-5 Filtering + Conted ~ Aware + Moderate Performance Lmpoct + Ahanced Threct Pastechion 2 User Iclertity Awereness + Tnlepede IP5/ L905 + SSL/TLS Inspecin + Highest Security Crmplenity fig: Firewall Type Seculy BicepamsQuestion No. 5 This scenario is a cose of S8L igjecten attack, where malreiaus SOL code is inserlecd info a yoy via user input fo manipulate the datetbase Hew SBL Injecten verks: > Identification of Vlnecble Inpubs : + Attackers fired inpubls tpt are not properly garitizecl o velideted. = Coot hig Malicious SOL + yoferced queg) : > opexig Guurity : « Techniqueo like Smeg concatenation or camiurting oub parts of the arigina) query are useol be bypass secu} measures: > xecution = | + The malicious SOL Is executech by the dotabase, potersreelly revealieg o moclefying olakt. | Bomple: Lets sq the univesity pared has a corle likes | SELECT * FROM grades WHERE student id =" " + inpuk+ oe TE a shdent enters + 1234' og ‘4'=* The resulting qyery becorned: SELECT * FROM gracleo WHERE shudenbicl = '1234' OR '1' 224" 3 This always relums tue,so all recerds from the greides fuble ove shows - exposing sensihe dala of other stuckrs.Seatrty Measures to Prevent S@L Tnjecten ~ Tops Validation ome! Sanitizeren : *Goswe all user inputs ave validetecl Er etpected formals cnc} sanitized to verve oy eteccle harmbil characters — Use of Parameterized Queries: * Grpleg prepared cfedernents cy porernclevieed! queries te ao SEL legie fron date. > Stored Procedures : Use shred procedure +o encapsulate SRL loyt, reclucing the risk of inyechens * Limit dertibase uses privileges fo the minitum a > Web Appliceten Five Wall (wp): «Reply a WAF fo cktech a blck SL injechtrn atempls | | > beast Rivilege Principle » |2o.Ravs Query SELECT * Fray UseRs| Unauthorized Recess 1. Malicious Input vikere user =| OR ae) Bone 7 4b No res; Hi In Web Applraaen reals User_Tnpett 2b. Safe‘ Quey, ‘ Ve] 2 GELECT * FROM Users eee yan where yser 2 Escopin \ eg Rare] pOR Iles) fig : SQL Injeckon Fly Stograyn ig i ag)