Data Security

What Is Data Security?

 Data security refers to the process of protecting data from unauthorized access and
data corruption throughout its lifecycle.

 Data security includes data encryption, tokenization, and key management

practices that protect data across all applications and platforms.

Team Computers Pvt. Ltd. / 2017 2

Why Data Security Needed?
 Data is an important asset to any organization and thereby, it is essential to safeguard
it from online criminals. Organizations across the globe are investing heavily in
information technology (IT) to deploy the best of cyber defence capabilities.

 Basically, organizations are focused on protecting three common elements namely

people, processes, and technology. This inwardly protects intellectual capital, critical
infrastructure, customer information, brand and much more. Data security is not just
important for organizations. Data protection comes into play on the personal
computer, tablet, and mobile devices which could be the next target of cybercriminals.

Team Computers Pvt. Ltd. / 2017 3

Why Data Security Needed?

 Normally, remote devices that connect with an organization get targeted by

attackers to tap the sensitive information. This is where the endpoint
protection, endpoint security comes into play, it helps to protect and maintain the
devices connecting the network.

 Data breaches and cyber-attacks are anticipated to increase in the due course of
time as the computer networks expand. It is important to have the right Data
Security Solutions in place to meet the challenging threats.

Team Computers Pvt. Ltd. / 2017 4

Types Of Data Security And Their Importance -
• Data security software protects a computer/network from online threats when
connected to the internet.

• The data security software may also protect other areas such as programs or
operating-system for an entire application.

• Its goal is to recognize rules and actions to apply against strikes on internet security

Team Computers Pvt. Ltd. / 2017 5

Several Types Of Security
 Network Layer Security

The cryptographic techniques also protect TCP/IP (Internet protocol) alongside other
internet protocols that have been designed for protecting emails on the internet.
The techniques include SSL and TLS for the traffic of the website, PGP for email and
for network security it’s backed by IPSec .

Team Computers Pvt. Ltd. / 2017 6

Several Types Of Security
 Email Security

The protective measures employed to safeguard the access and content of an

email account or service is called Email Security. Basically, the electronic mail is
composed, saved, and delivered in multiple step-by-step procedures that start with
the message’s structure. An email security software is implemented by the service
provider to secure subscriber email accounts and data from hackers.

Team Computers Pvt. Ltd. / 2017 7

Several Types Of Security
 IPSec Protocol

The IPSec Protocol was initially developed for guarding interaction using TCP/IP. It was
designed by the IETF, and it provides security and verification by using the method of
cryptography, the data is modified using security methods. The two main aspects of
modification that form the reasons for IPSec are Authentication Header (AH) and
Encapsulating Security Payload (ESP).

Team Computers Pvt. Ltd. / 2017 8

Data Security Vs. System Security
1. Data security refers to the efforts that an organization takes to guarantee that the
information stored isn’t deliberately accessed or accidentally deleted or modified,
manipulated or otherwise abused for illegal money-making.

2. System security works closely associating with data security. System security
protects everything that an organization wants to ensure in its networks and
resources.

3. Simply put, data security is meant to protect the information and system security is
what protects the information containing the devices and network.

Team Computers Pvt. Ltd. / 2017 9

Some Common Techniques Of Cyber-attacks
Backdoor Attack – Not all the computer networks are secure as they seem. Seldom
programmers leave codes open that enable the troublemakers to access a network
completely. As a matter of fact, cybercriminals look for such exploits and make use of
the weak points. Always be vigilant to review the code for any customized software
used on your organization and that software-as-a-service and platform-as-a-service
suppliers are not vulnerable to these kinds of attacks.

Team Computers Pvt. Ltd. / 2017 10

Some Common Techniques Of Cyber-attacks
Denial of Service (DoS) Attack- Instead of sneaking into a computer network to loot
valuable data, malicious people may try overpowering the network by trafficking it with
loads of requests for service, slowing access and network-reliant operations to a crawl.
A usual denial of service attack can be stopped by blocking the attacker’s IP address.
However, a more complicated attack type, distributed denial of service (DDoS) attack,
is difficult to hold, as it includes numerous IP addresses. But, today many vendor’s
market solutions that decrease the effects of DDoS attacks.

Team Computers Pvt. Ltd. / 2017 11

Some Common Techniques Of Cyber-attacks
Direct Access Attack- People accessing physical assets in your organization would easily
access your most confidential information. Fraudsters who desperately want to lift the
data can easily steal hard drives, flash drives, and laptops or break into your office, and
copy the information they want. Thereby, it is safer to heighten security by providing
employee training, and information encryption.

Team Computers Pvt. Ltd. / 2017 12

Some Common Techniques Of Cyber-attacks
Malware Attack- Malicious software/malware attack are very common these days. An
intruder gains access to the computer network and then encrypts all the valuable data
without a trace. In order to access your data, you need to get the encryption key, and
you must pay a ransom. The payments are made through bitcoin and there are
possibilities that the ransom escalates in price over time. Malicious programs sneak into
your system or network through a virus or worm, so instruct the employees about the
online threat of clicking on suspicious linking or opening unknown attachments.

Team Computers Pvt. Ltd. / 2017 13

How To Secure Organization’s Data
Identify Security Risks

 The number of security risks associated with your company data will depend on the data
you store. It’s extremely important that all risks are covered by some sort of protection. A
good way to start this is by ensuring your security policy complies with data protection and
privacy laws. You should also appoint a trained data protection officer with good
knowledge of recent threats to manage your security.

 Knowing your security risks will allow you to carry out data landscaping and estimate the
value of your data should it be lost or compromised. This will give you a better
understanding of the impact on your organisation following misrepresentation or
unauthorised entities accessing valuable information. Team Computers Pvt. Ltd. / 2017 14
How To Secure Organization’s Data
Analyse the Information
 Ensure you have a good understanding of the information accessed across the
business, who accesses it and what it is used for. A gap analysis provides a point of
reference and will help you determine security areas that need improvement.
 It’s important to remember that data security is not just digital, but physical too.
Review where your data is stored, screen visibility and the vetting of new staff.

Team Computers Pvt. Ltd. / 2017 15

How To Secure Organization’s Data
Employ an Army
 Many organisations make the mistake of keeping staff in the dark about known
security risks, but if staff are made aware of the value of data and the importance of
protecting it, they can play a part in safeguarding it.
 The more security education you deploy on your staff, the better. It’s also important
to encourage employees to report potential data loss or breaches by dispelling fear of
being reprimanded.

Team Computers Pvt. Ltd. / 2017 16

How To Secure Organization’s Data
Invest in Management Information System
 A good management information system (MIS) allows data to be created, collected,
filtered and distributed using set patterns. It provides information that organisations
require to manage themselves efficiently and effectively and in turn, makes
compliance regulation much easier to monitor.
 The six primary components of an MIS are hardware, software, firmware, data,
procedures and people. Regular scheduled reports allow organisations to track
strengths and weaknesses.

Team Computers Pvt. Ltd. / 2017 17

How To Secure Organization’s Data
Enforce Strong Password
 Weak passwords can be a hacker’s best friend and can be the key to cracking a
system. Ensuring your staff all have strong and secure passwords can help protect
your organisation.
 A strong password should be one that is difficult to guess either through human
guessing or specialised software. A strong password should:
o Be at least 8 characters in length

o Contain both upper and lowercase letters (A-Z)

o Have at least one numeric character (1,2,3)

Team Computers Pvt. Ltd. / 2017 18
How To Secure Organization’s Data
Create an Action Plan
 Preparing for disaster will help you greatly, should any data become lost or
compromised. A fast reaction to a breach can make a huge difference to legal
ramifications, costs and your organisation’s reputation.
Encrypt Everything
• All confidential information should be encrypted to keep information inaccessible
without authority. It also helps if you can remote wipe devices that are accidentally
left in a taxi or public place.

Team Computers Pvt. Ltd. / 2017 19

How To Secure Organization’s Data
Secure Data and Multifunction devices
 Documents printed in the workplace can often contain sensitive data, so built in
functions such as disc encryption and image overwriting are in place to protect data
stored on a device’s hard disk. Using the ‘secure print’ option will allow staff to set a
password on their file when printing, which will need to be entered to release the
document at the device.

Team Computers Pvt. Ltd. / 2017 20

What Is Attack ?
 An attack is an information security threat that involves an attempt to obtain, alter,
destroy, remove, implant or reveal information without authorized access or
permission.
 It happens to both individuals and organizations. There are many different kinds of
attacks, including but not limited to passive, active, targeted, click jacking, brand
jacking, botnet, phishing, spamming, inside and outside.
 A passive attack is one that does not affect any system, although information is
obtained. A good example of this is wiretapping.

Team Computers Pvt. Ltd. / 2017 21

What Is Attack ?
 An active attack has the potential to cause major damage to an individual’s or
organization’s resource because it attempts to alter system resources or affect how
they work. A good example of this might be a virus or other type of malware.

Team Computers Pvt. Ltd. / 2017 22

Types Of Attacks
1. Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks-

 A denial-of-service attack overwhelms a system’s resources so that it cannot respond

to service requests. A DDoS attack is also an attack on system’s resources, but it is
launched from a large number of other host machines that are infected by malicious
software controlled by the attacker.

Team Computers Pvt. Ltd. / 2017 23

Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks-

 Unlike attacks that are designed to enable the attacker to gain or increase access,
denial-of-service doesn’t provide direct benefits for attackers. For some of them, it’s
enough to have the satisfaction of service denial. However, if the attacked resource
belongs to a business competitor, then the benefit to the attacker may be real
enough. Another purpose of a DoS attack can be to take a system offline so that a
different kind of attack can be launched. One common example is session hijacking,
which I’ll describe later.

 There are different types of DoS and DDoS attacks; the most common are TCP SYN
flood attack, teardrop attack, smurf attack, ping-of-death attack and botnets.
Team Computers Pvt. Ltd. / 2017 24
Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks-

a) TCP SYN flood attack- In this attack, an attacker exploits the use of the buffer space
during a Transmission Control Protocol (TCP) session initialization handshake. The
attacker’s device floods the target system’s small in-process queue with connection
requests, but it does not respond when the target system replies to those requests.
This causes the target system to time out while waiting for the response from the
attacker’s device, which makes the system crash or become unusable when the
connection queue fills up. There are a few countermeasures to a TCP SYN flood attack:
 Place servers behind a firewall configured to stop inbound SYN packets

 Increase the size of the connection queue and decrease the timeout on open
connections.
Team Computers Pvt. Ltd. / 2017 25
Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks-

b) Teardrop attack- This attack causes the length and fragmentation offset fields in
sequential Internet Protocol (IP) packets to overlap one another on the attacked host;
the attacked system attempts to reconstruct packets during the process but fails. The
target system then becomes confused and crashes.

• If users don’t have patches to protect against this DoS attack, disable SMBv2 and block
ports 139 and 445.

Team Computers Pvt. Ltd. / 2017 26

Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks-

c) Smurf attack- This attack involves using IP spoofing and the ICMP to saturate a target
network with traffic. This attack method uses ICMP echo requests targeted at
broadcast IP addresses. These ICMP requests originate from a spoofed “victim”
address. For instance, if the intended victim address is 10.0.0.10, the attacker would
spoof an ICMP echo request from 10.0.0.10 to the broadcast address 10.255.255.255.
This request would go to all IPs in the range, with all the responses going back to
10.0.0.10, overwhelming the network. This process is repeatable, and can be
automated to generate huge amounts of network congestion.

Team Computers Pvt. Ltd. / 2017 27

Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks-

 To protect your devices from this attack, you need to disable IP-directed broadcasts at
the routers. This will prevent the ICMP echo broadcast request at the network devices.
Another option would be to configure the end systems to keep them from responding
to ICMP packets from broadcast addresses.

Team Computers Pvt. Ltd. / 2017 28

Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks-

d) Ping of death attack- This type of attack uses IP packets to ‘ping a target system with
an IP size over the maximum of 65,535 bytes. IP packets of this size are not allowed, so
attacker fragments the IP packet. Once the target system reassembles the packet, it
can experience buffer overflows and other crashes.

 Ping of death attacks can be blocked by using a firewall that will check fragmented IP
packets for maximum size.

Team Computers Pvt. Ltd. / 2017 29

Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks-

e) Botnets- Botnets are the millions of systems infected with malware under hacker
control in order to carry out DDoS attacks. These bots or zombie systems are used to
carry out attacks against the target systems, often overwhelming the target system’s
bandwidth and processing capabilities. These DDoS attacks are difficult to trace
because botnets are located in differing geographic locations.

Team Computers Pvt. Ltd. / 2017 30

2. Man-in-the-middle (Mitm) Attack -

A MitM attack occurs when a hacker inserts itself between the communications of a
client and a server. Here are some common types of man-in-the-middle attacks:

a) Session hijacking- In this type of MitM attack, an attacker hijacks a session

between a trusted client and network server. The attacking computer substitutes
its IP address for the trusted client while the server continues the session,
believing it is communicating with the client. For instance, the attack might unfold
like this:

 A client connects to a server.

 The attacker’s computer gains control of the client.

Team Computers Pvt. Ltd. / 2017 31

Man-in-the-middle (Mitm) Attack -

 The attacker’s computer disconnects the client from the server.

 The attacker’s computer replaces the client’s IP address with its own IP address and
spoofs the client’s sequence numbers.
 The attacker’s computer continues dialog with the server and the server believes it is
still communicating with the client.

Team Computers Pvt. Ltd. / 2017 32

Man-in-the-middle (Mitm) Attack -

Team Computers Pvt. Ltd. / 2017 33

Man-in-the-middle (Mitm) Attack -

b) IP Spoofing- IP spoofing is used by an attacker to convince a system that it is

communicating with a known, trusted entity and provide the attacker with access to
the system. The attacker sends a packet with the IP source address of a known, trusted
host instead of its own IP source address to a target host. The target host might accept
the packet and act upon it.

Team Computers Pvt. Ltd. / 2017 34

Man-in-the-middle (Mitm) Attack -

b) Replay- A replay attack occurs when an attacker intercepts and saves old messages and
then tries to send them later, impersonating one of the participants. This type can be
easily countered with session timestamps or nonce (a random number or a string that
changes with time).

• Currently, there is no single technology or configuration to prevent all MitM attacks.

Generally, encryption and digital certificates provide an effective safeguard against
MitM attacks, assuring both the confidentiality and integrity of communications. But
a man-in-the-middle attack can be injected into the middle of communications in
such a way that encryption will not help. Team Computers Pvt. Ltd. / 2017 35
Man-in-the-middle (Mitm) Attack -

 (For example, attacker “A” intercepts public key of person “P” and substitute it with his own
public key. Then, anyone wanting to send an encrypted message to P using P’s public key is
unknowingly using A’s public key. Therefore, A can read the message intended for P and then
send the message to P, encrypted in P’s real public key, and P will never notice that the message
was compromised. In addition, A could also modify the message before

 So, how can you make sure that P’s public key belongs to P and not to A? Certificate
authorities and hash functions were created to solve this problem. When person 2 (P2)
wants to send a message to P, and P wants to be sure that A will not read or modify the
message and that the message actually came from P2, the following method must be
used. Team Computers Pvt. Ltd. / 2017 36
Man-in-the-middle (Mitm) Attack -

1. P2 creates a symmetric key and encrypts it with P’s public key.

2. P2 sends the encrypted symmetric key to P.
3. P2 computes a hash function of the message and digitally signs it.
4. P2 encrypts his message and the message’s signed hash using the symmetric key and
sends the entire thing to P.
5. P is able to receive the symmetric key from P2 because only he has the private key to
decrypt the encryption.

Team Computers Pvt. Ltd. / 2017 37

Man-in-the-middle (Mitm) Attack -

6. P, and only P, can decrypt the symmetrically encrypted message and signed hash
because he has the symmetric key.
7. He is able to verify that the message has not been altered because he can compute
the hash of received message and compare it with digitally signed one.
8. P is also able to prove to himself that P2 was the sender because only P2 can sign the
hash so that it is verified with P2 public key.

Team Computers Pvt. Ltd. / 2017 38

3. Phishing and spear phishing attacks-

 Phishing attack is the practice of sending emails that appear to be from trusted
sources with the goal of gaining personal information or influencing users to do
something. It combines social engineering and technical trickery. It could involve an
attachment to an email that loads malware onto your computer. It could also be a link
to an illegitimate website that can trick you into downloading malware or handing
over your personal information.

Team Computers Pvt. Ltd. / 2017 39

Phishing and spear phishing attacks-

 Spear phishing is a much targeted type of phishing activity. Attackers take the time to
conduct research into targets and create messages that are personal and relevant.
Because of this, spear phishing can be very hard to identify and even harder to defend
against. One of the simplest ways that a hacker can conduct a spear phishing attack is
email spoofing, which is when the information in the “From” section of the email is
falsified, making it appear as if it is coming from someone you know, such as your
management or your partner company. Another technique that scammers use to add
credibility to their story is website cloning — they copy legitimate websites to fool you
into entering personally identifiable information (PII) or login credentials.
Team Computers Pvt. Ltd. / 2017 40
To Reduce The Risk Of Being Phished, You Can Use These
Techniques -
 Critical thinking — do not accept that an email is the real deal just because you’re
busy or stressed or you have 150 other unread messages in your inbox. Stop for a
minute and analyse the email.
 Hovering over the links — Move your mouse over the link, but do not click it! Just let
your mouse cursor h over over the link and see where would actually take you. Apply
critical thinking to decipher the URL.

Team Computers Pvt. Ltd. / 2017 41

To Reduce The Risk Of Being Phished, You Can Use These Techniques :

 Analysing email headers — Email headers define how an email got to your address.
The “Reply-to” and “Return-Path” parameters should lead to the same domain as is
stated in the email.
 Sandboxing — you can test email content in a sandbox environment, logging activity
from opening the attachment or clicking the links inside the email.

Team Computers Pvt. Ltd. / 2017 42

4. Drive-by attack -

 Drive-by download attacks are a common method of spreading malware. Hackers look
for insecure websites and plant a malicious script into HTTP or PHP code on one of the
pages. This script might install malware directly onto the computer of someone who
visits the site, or it might re-direct the victim to a site controlled by the hackers. Drive-
by downloads can happen when visiting a website or viewing an email message or a
pop-up window. Unlike many other types of cyber security attacks, a drive-by doesn’t
rely on a user to do anything to actively enable the attack — you don’t have to click a
download button or open a malicious email attachment to become infected. A drive-by
download can take advantage of an app, operating system or web browser that
contains security flaws due to unsuccessful updates or lack of updates.Team Computers Pvt. Ltd. / 2017 43
4. Drive-by attack -

 To protect yourself from drive-by attacks, you need to keep your browsers and
operating systems up to date and avoid websites that might contain malicious code.
Stick to the sites you normally use — although keep in mind that even these sites can
be hacked. Don’t keep too many unnecessary programs and apps on your device. The
more plug-ins you have, the more vulnerabilities there are that can be exploited by
drive-by attacks.

Team Computers Pvt. Ltd. / 2017 44

5. Password attack -

Because passwords are the most commonly used mechanism to authenticate users to an
information system, obtaining passwords is a common and effective attack approach.
Access to a person’s password can be obtained by looking around the person’s desk,
‘‘sniffing’’ the connection to the network to acquire unencrypted passwords, using social
engineering, gaining access to a password database or outright guessing. The last
approach can be done in either a random or systematic manner:

• Brute-force password guessing means using a random approach by trying different

passwords and hoping that one work Some logic can be applied by trying passwords
related to the person’s name, job title, hobbies or similar items.
Team Computers Pvt. Ltd. / 2017 45
Password attack -

• In a dictionary attack, a dictionary of common passwords is used to attempt to gain

access to a user’s computer and network. One approach is to copy an encrypted file
that contains the passwords, apply the same encryption to a dictionary of commonly
used passwords, and compare the results.

 NOTE-In order to protect yourself from dictionary or brute-force attacks, you need to
implement an account lockout policy that will lock the account after a few invalid
password attempts. You can follow these account lockout best practices in order to set it
up correctly.

Team Computers Pvt. Ltd. / 2017 46

6. SQL injection attack -

 SQL injection has become a common issue with database-driven websites. It occurs
when a malefactor executes a SQL query to the database via the input data from the
client to server. SQL commands are inserted into data-plane input (for example,
instead of the login or password) in order to run predefined SQL commands.

 A successful SQL injection exploit can read sensitive data from the database, modify
(insert, update or delete) database data, execute administration operations (such as
shutdown) on the database, recover the content of a given file, and, in some cases,
issue commands to the operating system.
Team Computers Pvt. Ltd. / 2017 47
SQL injection attack -

 For example, a web form on a website might request a user’s account name and then
send it to the database in order to pull up the associated account information using
dynamic SQL like this:

 “SELECT * FROM users WHERE account = ‘“ + userProvidedAccountNumber +”’;”

• While this works for users who are properly entering their account number, it leaves a
hole for attackers. For example, if someone decided to provide an account number
of “‘ or ‘1’ = ‘1’”, that would result in a query string of:
“SELECT * FROM users WHERE account = ‘’ or ‘1’ = ‘1’;”

Team Computers Pvt. Ltd. / 2017 48

SQL injection attack -

 Because ‘1’ = ‘1’ always evaluates to TRUE, the database will return the data for all
users instead of just a single user.

 The vulnerability to this type of cyber security attack depends on the fact that SQL
makes no real distinction between the control and data planes. Therefore, SQL
injections work mostly if a website uses dynamic SQL. Additionally, SQL injection is very
common with PHP and ASP applications due to the prevalence of older functional
interfaces. J2EE and ASP.NET applications are less likely to have easily exploited SQL
injections because of the nature of the programmatic interfaces available.

Team Computers Pvt. Ltd. / 2017 49

SQL injection attack -

 In order to protect yourself from a SQL injection attacks, apply least0privilege model of
permissions in your databases. Stick to stored procedures (make sure that these
procedures don’t include any dynamic SQL) and prepared statements (parameterized
queries). The code that is executed against the database must be strong enough to
prevent injection attacks. In addition, validate input data against a white list at the
application level.

Team Computers Pvt. Ltd. / 2017 50

7. Cross-site scripting (XSS) attack -

 XSS attacks use third-party web resources to run scripts in the victim’s web browser
or scriptable application. Specifically, the attacker injects a payload with malicious
JavaScript into a website’s database. When the victim requests a page from the
website, the website transmits the page, with the attacker’s payload as part of the
HTML body, to the victim’s browser, which executes the malicious script.

Team Computers Pvt. Ltd. / 2017 51

Cross-site scripting (XSS) attack -

• For example, it might send the victim’s cookie to the attacker’s server, and the attacker
can extract it and use it for session hijacking. The most dangerous consequences occur
when XSS is used to exploit additional vulnerabilities. These vulnerabilities can enable
an attacker to not only steal cookies, but also log key strokes, capture screenshots,
discover and collect network information, and remotely access and control the victim’s
machine.

Team Computers Pvt. Ltd. / 2017 52

Cross-site scripting (XSS) attack -

 While XSS can be taken advantage of within VBScript, ActiveX and Flash, the most
widely abused is JavaScript — primarily because JavaScript is supported widely on the
web.

 To defend against XSS attacks, developers can sanitize data input by users in an HTTP
request before reflecting it back. Make sure all data is validated, filtered or escaped
before echoing anything back to the user, such as the values of query parameters
during searches. Convert special characters such as ?, &, /, <, > and spaces to their
respective HTML or URL encoded equivalents. Give users the option to disable client-
side scripts.
Team Computers Pvt. Ltd. / 2017 53
8. Eavesdropping attack -

• Eavesdropping attacks occur through the interception of network traffic. By

eavesdropping, an attacker can obtain passwords, credit card numbers and other
confidential information that a user might be sending over the network.

Eavesdropping can be passive or active:

• Passive eavesdropping — A hacker detects the information by listening to the

message transmission in the network.
• Active eavesdropping — A hacker actively grabs the information by disguising
himself as friendly unit and by sending queries to transmitters. This is called
probing, scanning or tampering
Team Computers Pvt. Ltd. / 2017 54
9. Birthday attack -

 Birthday attacks are made against hash algorithms that are used to verify the
integrity of a message, software or digital signature.

 A message processed by a hash function produces a message digest (MD) of fixed

length, independent of the length of the input message; this MD uniquely
characterizes the message.

 The birthday attack refers to the probability of finding two random messages that
generate the same MD when processed by a hash function.

Team Computers Pvt. Ltd. / 2017 55

Birthday attack -

• If an attacker calculates same MD for his message as the user has, he can safely replace
the user’s message with his, and the receiver will not be able to detect the replacement
even if he compares MDs.

Team Computers Pvt. Ltd. / 2017 56

10. Malware attack -

Malicious software can be described as unwanted software that is installed in your system
without your consent. It can attach itself to legitimate code and propagate; it can lurk in
useful applications or replicate itself across the Internet. Here are some of the most
common types of malware:

 Macro viruses — these viruses infect applications such as Microsoft Word or Excel.
Macro viruses attach to an application’s initialization sequence. When the application is
opened, the virus executes instructions before transferring control to the application.
The virus replicates itself and attaches to other code in the computer system.

Team Computers Pvt. Ltd. / 2017 57

 Malware attack -

 File infectors — File infector viruses usually attach themselves to executable code,
such as .exe files. The virus is installed when the code is loaded. Another version of a
file infector associates itself with a file by creating a virus file with the same name,
but an .exe extension. Therefore, when the file is opened, the virus code will
execute.

 System or boot-record infectors — a boot-record virus attaches to the master boot

record on hard disks. When the system is started, it will look at the boot sector and
load the virus into memory, where it can propagate to other disks and computers.

Team Computers Pvt. Ltd. / 2017 58

 Malware attack -

 Polymorphic viruses — these viruses conceal themselves through varying cycles of

encryption and decryption. The encrypted virus and an associated mutation engine are
initially decrypted by a decryption program. The virus proceeds to infect an area of
code. The mutation engine then develops a new decryption routine and the virus
encrypts the mutation engine and a copy of the virus with an algorithm corresponding
to the new decryption routine. The encrypted package of mutation engine and virus is
attached to new code, and the process repeats. Such viruses are difficult to detect but
have a high level of entropy because of the many modifications of their source code.
Anti-virus software or free tools like Process Hacker can use this feature to detect them.
Team Computers Pvt. Ltd. / 2017 59
 Malware attack -

 Stealth viruses — Stealth viruses take over system functions to conceal themselves.
They do this by compromising malware detection software so that the software will
report an infected area as being uninfected. These viruses conceal any increase in the
size of an infected file or changes to the file’s date and time of last modification.

 Trojans — A Trojan or a Trojan horse is a program that hides in a useful program and
usually has a malicious function. A major difference between viruses and Trojans is that
Trojans do not self-replicate. In addition to launching attacks on a system, a Trojan can
establish a back door that can be exploited by attackers. For example, a Trojan can be
programmed to open a high-numbered port so the hacker can use it to listen and then
perform an attack. Team Computers Pvt. Ltd. / 2017 60
 Malware attack -
 Logic bombs — a logic bomb is a type of malicious software that is appended to an
application and is triggered by a specific occurrence, such as a logical condition or a
specific date and time.

 Worms — Worms differ from viruses in that they do not attach to a host file, but are
self-contained programs that propagate across networks and computers. Worms are
commonly spread through email attachments; opening the attachment activates the
worm program. A typical worm exploit involves the worm sending a copy of itself to
every contact in an infected computer’s email address In addition to conducting
malicious activities, a worm spreading across the internet and overloading email
servers can result in denial-of-service attacks against nodes on the network.
Team Computers Pvt. Ltd. / 2017 61
 Malware attack -

 Droppers — a dropper is a program used to install viruses on computers. In many

instances, the dropper is not infected with malicious code and, therefore might not be
detected by virus-scanning software. A dropper can also connect to the internet and
download updates to virus software that is resident on a compromised system.

 Ransomware — Ransomware is a type of malware that blocks access to the victim’s

data and threatens to publish or delete it unless a ransom is paid. While some simple
computer ransomware can lock the system in a way that is not difficult for a
knowledgeable person to reverse, more advanced malware uses a technique called
crypto viral extortion, which encrypts the victim’s files in a way that makes them nearly
impossible to recover without the decryption key. Team Computers Pvt. Ltd. / 2017 62
 Malware attack -

 Adware — Adware is a software application used by companies for marketing

purposes; advertising banners are displayed while any program is running. Adware can
be automatically downloaded to your system while browsing any website and can be
viewed through pop-up windows or through a bar that appears on the computer screen
automatically.

 Spyware — Spyware is a type of program that is installed to collect information about

users, their computers or their browsing habits. It tracks everything you do without
your knowledge and sends the data to a remote user. It also can download and install
other malicious programs from the internet.
Team Computers Pvt. Ltd. / 2017 63
Ways To Prevent Data And Security –
1. Protect Information: Sensitive information must be protected wherever it is stored sent
or used. Do not reveal personal information inadvertently.

2. Reduce transfer of data: The organisation should ban shifting data from one device to
another external device. Losing removable media will put the data on the disk under risk.
3. Restrict download: Any media that may serve as an allegiance to the hackers should be
restricted to download. This could reduce the risk of transferring the downloadable media
to an external source.
4. Shred files: The organisation should shred all the files and folder before disposing a
storage equipment. There are application which can retrieve information after formatting.
Team Computers Pvt. Ltd. / 2017 64
Ways To Prevent Data And Security –
5. Ban unencrypted device: The institution should have a ban on the device that are
unencrypted. Laptops and other portable devices that are unencrypted are prone to
attack.
6. Secure transfer: The use of secure courier services and tamper proof packaging while
transporting bulk data will help in preventing a breach.
7. A good password: The password for any access must be unpredictable and hard to
crack. Change of password from time to time
8. Automate security: Automating systems that regularly check the password settings,
server and firewall configuration might bring about reduction of risk in the sensitive
information. Team Computers Pvt. Ltd. / 2017 65
Ways To Prevent Data And Security –
9. Identify threats: The security team should be able to identify suspicious network
activity and should be prepared if there is an attack from the network.
10. Monitor data leakage: Periodically checking security controls will allow the security
team to have a control on the network. Regular check on internet contents to locate if
any private data is available for public viewing is also a good measure to monitor data.
11. Track data: Tracking the motion of data within the organisational network will
prevent any unintentional use of sensitive information.

Team Computers Pvt. Ltd. / 2017 66

Ways To Prevent Data And Security –
12. Define accessibility: Defining accessibility to those who are working on company’s
sensitive data will bring down the risk of malicious users.
13. Security training: Providing privacy and security training to all employees, clients and
others related to data related activities will bring about awareness on data breach.
14. Stop incursion: Shutting down the avenues to the company’s warehouse will prevent
incursions by the hacker. Management, production and security solutions must be
combined to prevent the targeted attacks.
15. Breach response: Having a breach response plan will help in triggering quick response
to data breaches and help in the reduction of harm. The plan could contain steps
involving notification of the concerned staff or the agency who could contain the breach.
Team Computers Pvt. Ltd. / 2017 67
What Is Cyber Security?
 Cyber security is a common term concerned with all aspects of cyber space. It is a
subset of information security that deals with protecting the integrity of networks,
devices, and programs from attack, damage, or unauthorized outside access.

 It refers to a set of techniques, technologies, and processes designed to protect

systems and networks from potential cyber-attacks. It protects the integrity of
networks from unauthorized electronic access by implementing various security
measures and controls in place.

Team Computers Pvt. Ltd. / 2017 68

What Is Cyber Security?
 The cyber security professionals monitor all incoming and outgoing traffic to reduce
the risk of Cyber-attacks all the while protecting the organization from unauthorized
exploitation of systems.

 Network security is a subset of information/cyber security which deals with planning

and implementing network security measures to protect the integrity of networks
and programs against hacking and unauthorized access.

Team Computers Pvt. Ltd. / 2017 69

What is Network Security?
 It protects the organization’s IT infrastructure and network-accessible resources from
all kinds of cyber threats such as viruses, Trojans, malware, spamware, spyware, etc.

 ID and passwords, internet access, firewalls, backup, encryption, comes under

network security. The job of a network security professional is to make your network
more secure by providing technical expertise including help with intrusion detection
systems, encryption, firewalls, and digital certificates.

Team Computers Pvt. Ltd. / 2017 70

Types of network security -
Access control
Not every user should have access to your network. To keep out potential attackers,
you need to recognize each user and each device. Then you can enforce your security
policies. You can block noncompliant endpoint devices or give them only limited
access. This process is network access control (NAC).

Team Computers Pvt. Ltd. / 2017 71

Types of network security -
Antivirus and antimalware software
"Malware," short for "malicious software," includes viruses, worms, Trojans, ransomware,
and spyware. Sometimes malware will infect a network but lie dormant for days or even
weeks. The best antimalware program snot only scan for malware upon entry, but also
continuously track files afterward to find anomalies, remove malware, and fix damage.

Team Computers Pvt. Ltd. / 2017 72

Types of network security -
Application security
Any software you use to run your business needs to be protected, whether your IT staff
builds it or whether you buy it. Unfortunately, any application may contain holes, or
vulnerabilities, that attackers can use to infiltrate your network. Application security
encompasses the hardware, software, and processes you use to close those holes.

Team Computers Pvt. Ltd. / 2017 73

Types of network security -
Behavioural analytics
To detect abnormal network behaviour, you must know what normal behaviour looks
like. Behaviour analytics tools automatically discern activities that deviate from the
norm. Your security team can then better identify indicators of compromise that pose a
potential problem and quickly remediate threats.

Team Computers Pvt. Ltd. / 2017 74

Types of network security -
Data loss prevention
Organizations must make sure that their staff does not send sensitive information
outside the network. Data loss prevention, or DLP, technologies can stop people from
uploading, forwarding, or even printing critical information in an unsafe manner.

Email security
Email gateways are the number one threat vector for a security breach. Attackers use
personal information and social engineering tactics to build sophisticated phishing
campaigns to deceive recipients and send them to sites serving up malware. An email
security application blocks incoming attacks and controls outbound messages to prevent
the loss of sensitive data. Team Computers Pvt. Ltd. / 2017 75
Types of network security -
Firewalls
Firewalls put up a barrier between your trusted internal network and untrusted outside
networks, such as the Internet. They use a set of defined rules to allow or block traffic. A
firewall can be hardware, software, or both. Cisco offers unified threat
management (UTM) devices and threat-focused next-generation firewalls.

Team Computers Pvt. Ltd. / 2017 76

Types of network security -
Intrusion prevention systems
An intrusion prevention system (IPS) scans network traffic to actively block attacks.
Cisco Next-Generation IPS (NGIPS) appliances do this by correlating huge amounts of
global threat intelligence to not only block malicious activity but also track the
progression of suspect files and malware across the network to prevent the spread of
outbreaks and reinfection.

Team Computers Pvt. Ltd. / 2017 77

Types of network security -
Mobile device security
Cybercriminals are increasingly targeting mobile devices and apps. Within the next 3
years, 90 percent of IT organizations may support corporate applications on personal
mobile devices. Of course, you need to control which devices can access your network.
You will also need to configure their connections to keep network traffic private.

Team Computers Pvt. Ltd. / 2017 78

Types of network security -
Network segmentation
Software-defined segmentation puts network traffic into different classifications and
makes enforcing security policies easier. Ideally, the classifications are based on
endpoint identity, not mere IP addresses. You can assign access rights based on role,
location, and more so that the right level of access is given to the right people and
suspicious devices are contained and remediated.

Team Computers Pvt. Ltd. / 2017 79

Types of network security -
Security information and event management
SIEM products pull together the information that your security staff needs to identify and
respond to threats. These products come in various forms, including physical and virtual
appliances and server software.
VPN
A virtual private network encrypts the connection from an endpoint to a network, often
over the Internet. Typically, a remote-access VPN uses IPsec or Secure Sockets Layer to
authenticate the communication between device and network.

Team Computers Pvt. Ltd. / 2017 80

Types of network security -
Web security
A web security solution will control your staff’s web use, block web-based threats, and
deny access to malicious websites. It will protect your web gateway on site or in the
cloud. "Web security" also refers to the steps you take to protect your own website.

Team Computers Pvt. Ltd. / 2017 81

Types of network security -
Wireless security
Wireless networks are not as secure as wired ones. Without stringent security measures,
installing a wireless LAN can be like putting Ethernet ports everywhere, including the
parking lot. To prevent an exploit from taking hold, you need products specifically
designed to protect a wireless network.

Team Computers Pvt. Ltd. / 2017 82

Ways to Prevent Attacks-
 Train employees in cyber security principles.
 Install, use and regularly update antivirus and antispyware software on every computer
used in your business.
 Use a firewall for your Internet connection.
 Download and install software updates for your operating systems and applications as
they become available.
 Make backup copies of important business data and information.
 Control physical access to your computers and network components.

Team Computers Pvt. Ltd. / 2017 83

Ways to Prevent Attacks-
 Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace make sure
it is secure and hidden.
 Require individual user accounts for each employee.
 Limit employee access to data and information and limit authority to install software.
 Regularly change passwords.

Team Computers Pvt. Ltd. / 2017 84