Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security Technology

Published by명수 예 Modified over 6 years ago

Similar presentations

Presentation on theme: "Cyber Security Technology"— Presentation transcript:

1 Cyber Security Technology
Cross 11, Tapovan Enclave Nala pani Road, Dehradun : ,

2 INDEX Sr No Topic 1 Introduction 2 Importance 3 History 4 Goals 5
Cyber Attacks Cyber crime laws 6 Cyber Security Principles 7 Cyber Security Technologies 8 Cyber Security Policies 9 Cyber Security Challenges 10 Risk Analysis

3 Cyber Security Introduction
Cyber security is the protection of Internet-connected systems, including hardware, software, and data from cyber attacks. It is made up of two words one is cyber and other is security. Cyber is related to the technology which contains systems, network and programs or data. Whereas security related to the protection which includes systems security, network security and application and information security. Cyber security is the combination of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. We can also define cyber security as the set of principles and practices designed to protect our online information against cyber threats.

4 Why is cyber security important?
We all live in a world which is networked together, from internet banking to government infrastructure, where data is stored on computers and other devices. A portion of that data can be sensitive information, whether that be financial data, personal information, or other types of data for which unauthorized access or exposure could have negative consequences. Cyber-attack is now an international concern and has given many concerns that hacks and other security attacks could endanger the global economy. Organizations transmit sensitive data across networks and to other devices in the course of doing businesses, and cyber security describes to protect that information and the systems used to process or store it. As the volume of cyber-attacks grows, companies and organizations, especially those that deal information related to national security, health, or financial records, need to take steps to protect their sensitive business and personal information.

5 History of Cyber Security
The origin of cyber security began with a research project. It only came into existence because of the development of viruses. How did we get here? In 1970's, Robert (Bob) Thomas who was a researcher for BBN Technologies in Cambridge, Massachusetts created the first computer worm (virus). He realized that it was possible for a computer program to move across a network, leaving a small trail (series of signs) wherever it went. He named the program Creeper, and designed it to travel between terminals on the early ARPANET, printing the message "I'M THE CREEPER: CATCH ME IF YOU CAN. An American computer programmer named Ray Tomlinson, the inventor of , was also working for BBN Technologies at the time. He saw this idea and liked it. He tinkered (an act of attempting to repair something) with the program and made it self-replicating "the first computer worm." He named the program Reaper, the first antivirus software which would found copies of The Creeper and delete it.

6 Where are we now? Nowadays, There are cyber security offices where you can go and file a complaint if there has been a cyber fraud with you a inquiry will be carried out and if found guilty a strict action would be taken against the person firm or organization according to the information technology act (IT ACT 2008)

7 Cyber Security Goals The objective of Cyber security is to protect information from being stolen, compromised or attacked. Cyber security can be measured by at least one of three goals- 1. Protect the confidentiality of data. 2. Preserve the integrity of data. 3. Promote the availability of data for authorized users.

8 1. Confidentiality Confidentiality is equivalent to privacy and avoids the unauthorized disclosure of information. It involves the protection of data, providing access for those who are allowed to see it while disallowing others from learning anything about its content. It prevents essential information from reaching the wrong people while making sure that the right people can get it. Data encryption is a good example to ensure confidentiality. Tools for Confidentiality Encryption Encryption is a method of transforming information to make it unreadable for unauthorized users by using an algorithm. It protects sensitive data such as credit card numbers by encoding and transforming data into unreadable cipher text. This encrypted data can only be read by decrypting it. Asymmetric-key and symmetric-key are the two primary types of encryption.

9 Access control Authentication
Access control defines rules and policies for limiting access to a system. It is a process by which users are granted access and certain privileges to systems, resources or information. In access control systems, users need to present credentials before they can be granted access such as a person's name or a computer's serial number. In physical systems, these credentials may come in many forms, but credentials that can't be transferred provide the most security. Authentication An authentication is a process that ensures and confirms a user's identity or role that someone has. It can be done in a number of different ways, but it is usually based on a combination of- * something the person has (like a smart card or a radio key for storing secret keys), * something the person knows (like a password), * something the person is (like a human with a fingerprint). Authorization It is used to determine a person or system is allowed access to resources, based on an access control policy, including computer programs, files, services, data and application features. It is normally preceded by authentication for user identity verification. System administrators are typically assigned permission levels covering all system and user resources. During authorization, a system verifies an authenticated user's access rules and either grants or refuses resource access. Physical Security Physical security describes measures designed to deny the unauthorized access of IT assets like facilities, equipment, personnel, resources and other properties from damage. It protects these assets from physical threats including theft, vandalism, fire and natural disasters.

10 2. Integrity Integrity refers to the methods for ensuring that data is real, accurate and safeguarded from unauthorized user modification. It is the property that information has not be altered in an unauthorized way, and that source of the information is genuine.  Backups It is a process of making copies of data or data files to use in the event when the original data or data files are lost or destroyed. Checksums It is the computation of a function that maps the contents of a file to a numerical value. They are typically used to compare two sets of data to make sure that they are the same. A checksum function depends on the entire contents of a file. It is designed in a way that even a small change to the input file (such as flipping a single bit) likely to results in different output value. Data Correcting Codes It is a method for storing data in such a way that small changes can be easily detected and automatically corrected.

11 3 . Availability Availability is the property in which information is accessible and modifiable in a timely fashion by those authorized to do so. It is the guarantee of reliable and constant access to our sensitive data by authorized people. Tools for Availability Physical Protections Computational Redundancies Physical safeguard means to keep information available even in the event of physical challenges. It ensure sensitive information and critical information technology are housed in secure areas. Computational redundancies It is applied as fault tolerant against accidental faults. It protects computers and storage devices that serve as fallbacks in the case of failures.

12   Types of Cyber Attacks A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter computer code, logic or data and lead to cybercrimes, such as information and identity theft. Cyber-attacks can be classified into the following categories: Web-based attacks These are the attacks which occur on a website or web applications. Some of the important web-based attacks are as follows- 1. Injection attacks It is the attack in which some data will be injected into a web application to manipulate the application and fetch the required information. Example- SQL Injection, code Injection, log Injection, XML Injection etc. 2. DNS Spoofing DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the attackers computer or any other computer. The DNS spoofing attacks can go on for a long period of time without being detected and can cause serious security issues.

13 Session Hijacking It is a security attack on a user session over a protected network. Web applications create cookies to store the state and user sessions. By stealing the cookies, an attacker can have access to all of the user data. 4. Phishing Phishing is a type of attack which attempts to steal sensitive information like user login credentials and credit card number. It occurs when an attacker is masquerading as a trustworthy entity in electronic communication. 5. Brute force It is a type of attack which uses a trial and error method. This attack generates a large number of guesses and validates them to obtain actual data like user password and personal identification number. This attack may be used by criminals to crack encrypted data, or by security, analysts to test an organization's network security. 6. Denial of Service It is an attack which meant to make a server or network resource unavailable to the users. It accomplishes this by flooding the target with traffic or sending it information that triggers a crash. It uses the single system and single internet connection to attack a server. It can be classified into the following- 7. Dictionary attacks This type of attack stored the list of a commonly used password and validated them to get original password. 8. URL Interpretation It is a type of attack where we can change the certain parts of a URL, and one can make a web server to deliver web pages for which he is not authorized to browse. 9. File Inclusion attacks It is a type of attack that allows an attacker to access unauthorized or essential files which is available on the web server or to execute malicious files on the web server by making use of the include functionality. 10. Man in the middle attacks It is a type of attack that allows an attacker to intercepts the connection between client and server and acts as a bridge between them. Due to this, an attacker will be able to read, insert and modify the data in the intercepted connection.

14 System-based attacks These are the attacks which are intended to compromise a computer or a computer network. Some of the important system-based attacks are as follows- 1. Virus It is a type of malicious software program that spread throughout the computer files without the knowledge of a user. It is a self-replicating malicious computer program that replicates by inserting copies of itself into other computer programs when executed. It can also execute instructions that cause harm to the system. 2. Worm It is a type of malware whose primary function is to replicate itself to spread to uninfected computers. It works same as the computer virus. Worms often originate from attachments that appear to be from trusted senders. 3. Trojan horse It is a malicious program that occurs unexpected changes to computer setting and unusual activity, even when the computer should be idle. It misleads the user of its true intent. It appears to be a normal application but when opened/executed some malicious code will run in the background. 4. Backdoors It is a method that bypasses the normal authentication process. A developer may create a backdoor so that an application or operating system can be accessed for troubleshooting or other purposes. 5. Bots A bot (short for "robot") is an automated process that interacts with other network services. Some bots program run automatically, while others only execute commands when they receive specific input. Common examples of bots program are the crawler, chat room bots, and malicious bots.

15 Types of Cyber Attackers In computer and computer networks, an attacker is the individual or organization who performs the malicious activities to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. As the Internet access becomes more pervasive across the world, and each of us spends more time on the web, there is also an attacker grows as well. Attackers use every tools and techniques they would try and attack us to get unauthorized access. Cyber Criminals Cybercriminals are individual or group of people who use technology to commit cybercrime with the intention of stealing sensitive company information or personal data and generating profits. In today's, they are the most prominent and most active type of attacker. Cybercriminals use computers in three broad ways to do cybercrimes- Select computer as their target- In this, they attack other people's computers to do cybercrime, such as spreading viruses, data theft, identity theft, etc. Uses the computer as their weapon- In this, they use the computer to do conventional crime such as spam, fraud, illegal gambling, etc. Uses the computer as their accessory- In this, they use the computer to steal data illegally.

16 Hacktivists Hacktivists are individuals or groups of hackers who carry out malicious activity to promote a political agenda, religious belief, or social ideology. Hacktivists are not like cybercriminals who hack computer networks to steal data for the cash. They are individuals or groups of hackers who work together and see themselves as fighting injustice. State-sponsored Attacker State-sponsored attackers have particular objectives aligned with either the political, commercial or military interests of their country of origin. These type of attackers are not in a hurry. The government organizations have highly skilled hackers and specialize in detecting vulnerabilities and exploiting these before the holes are patched. It is very challenging to defeat these attackers due to the vast resources at their disposal. Insider Threats The insider threat is a threat to an organization's security or data that comes from within. These type of threats are usually occurred from employees or former employees, but may also arise from third parties, including contractors, temporary workers, employees or customers. Insider threats can be categorized below- Malicious Malicious threats are attempts by an insider to access and potentially harm an organization's data, systems or IT infrastructure. These insider threats are often attributed to dissatisfied employees or ex-employees who believe that the organization was doing something wrong with them in some way, and they feel justified in seeking revenge. Accidental- Accidental threats are threats which are accidently done by insider employees. In this type of threats, an employee might accidentally delete an important file or inadvertently share confidential data with a business partner going beyond companys ? policy or legal requirements. Negligent- These are the threats in which employees try to avoid the policies of an organization put in place to protect endpoints and valuable data. For example, if the organization have strict policies for external file sharing, employees might try to share work on public cloud applications so that they can work at home. There is nothing wrong with these acts, but they can open up to dangerous threats nonetheless.

17 Hacking Hacking means unauthorized attempts to bypass the security mechanisms of an information system or network. In simple words hacking is the unauthorized access to a computer system, programs, data and network resources. Who is a hacker? Hacker is someone who enjoys modifying and subverting systems, whether technological bureaucratic or sociological. Hacking tools Hacking largely is possible because of free tools disguised as network tools available on the internet tools like ping of death, Hacker Evolution, Net stat live, oph crack are commonly used.

18 Types of cyber crime Cyber bullying and trolling Identity theft
It is defined as any communication posted or sent by a minor online by instant messenger, e mail, social networking, website, interactive game, cell phone that is intended to frighten, embarrass harass or target another minor. Identity theft Identity theft is a form of fraud in which someone pretends to be someone else by assuming that persons identity. Data theft and source code theft If any person without the permission of the owner or any other person who is in charge of the computer downloads, copies or extracts any data, computer data base or information from such computer Data theft is quite simply the unauthorized copying removal of confidential information from a business or other large enterprise. Cyber Terrorism Any act of a person on the computer or network or otherwise which threatens unity, sovereignty and security of the state can be called cyber terrorism. Phishing It is the criminally fraudulent process of attempting to acquire sensitive information such as usernames passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

19 Ransomware and cyber extortion
Ransomware is a malware which enables extortion in cyber space for financial gain and generally uses crypto- currency like bitcoin for transaction. fraud Fraud whether financial, banking or social committed with the aid of an is called as fraud. Spoofing spoofing is sending an e mail to another person so that it appears that the was sent by someone else. Credit card fraud & Online banking fraud Credit card fraud is a wide ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account . Copyright Violation It is the unauthorized or prohibited use of works covered by copyright law, in a way that violates one of the copyright owners exclusive rights, such as the right to reproduce or perform the copyrighted work. Pornography The graphic, sexually explicit subordination of woman through pictorial material which describes sexual behavior that is degrading or abusive to one or more participants in such a ways as to endorse the degradation.

20 Child Pornography Online Gambling Electronic Forgery Web Jacking
It refers to images or films and in some cases writings depicting sexually explicit activities involving a child. Online Gambling Gambling is an act or practice of gambling on a game of chance. It is staking on chance where chance is the controlling factor. Gaming in the two acts would, therefore means wagering or betting on games of chance. Electronic Forgery Forgery means whoever makes any false documents or false electronic record or part of a document or electronic record, with intent to cause damage or injury to the public or to any other person, or to support ay claim or title. Denial of service attack (DoS) It involves flooding a computer with more requests than it can handle. This causes the computer to crash and results in authorized users being unable to access the service offered by the computer. Website Defacement Website defacement is an attack on a website that changes the visual appearance of the site. Web Jacking When someone forcefully takes control of a website the actual owner of the website does not have any control over what appears on that website it is known as web jacking.

21 Illegal online selling
Selling items like counterfeit currency, counterfeit branded products, narcotic drugs, weapons, wildlife online is illegal online selling. Cyber Defamation Cyber defamation is a crime conducted in cyberspace, usually through internet with the intention of defaming others. Software Piracy Software piracy is unauthorized copying and use of single user license. Simultaneous use of single user license by multiple users or loading of single user license software at multiple sites also amounts to software piracy. Digital signature related crimes A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signature of a document. Publishing a electronic signature certificate false in certain particulars is a cyber crime.

22 Cyber crime laws No. Name of Crime IT Sections IPC Sections Punishment
Category of Crime 1. Hacking 43(a) r/w Section 66 & 66-c 379 & 406 3 years imprisonment or fine 5 Lakh IT act 2000 sec 66-C Bailable Sec. 379 of IPC Non Bailable 2. Data Theft 43(b)r/w Section 66 & 43(j) 65,66,66-B 379,405 & of the copyright act IT act 2000 sec 66 Bailable IPC 379 &420 Bailable 3. Spreading Virus & Worm 43(c),(e) read with sec 66 268 3 years imprisonment or fine 5 Lakh or both IT act 2000sec 66 Bailable IPC 268 Bailable

23 Cyber crime laws NO. Name of Crime IT Sections IPC Sections Punishment
Category of Crime 4 Phishing 43 read with section 66-D 379 & 420 3 yrs imprisonment & 1 lakh fine IT act 2000 sec 66-D Bailable IPC 379 & 420 Non Bailable 5 Disruption of any Computer or Network 43(e) read with section 66 287 3 years imprisonment or fine 5 lakhs or both IT act 2000 sec 66 Bailable IPC sec 287 Bailable 6 Cyber bullying and trolling 500,506 & 507 2 years imprisonment and fine IPC 500, 506 & 507 Bailable

24 Cyber crime laws NO. Name of Crime IT Sections IPC Sections Punishment
Category of Crime 7 Identity theft 66-C 419 3 years imprisonment or fine 1 Lakh IT act C Bailable IPC Sec 419 Bailable 8 Cyber Terrorism 66-F 153A If proved imprisonment for life IT act 2000 66-F Non Bailable IPC 153A Non Bailable 9 Ransomware and Cyber Extortion 43(e) 384 3 years imprisonment or fine 5 Lakh IT act 2000 sec 66 Bailable IPC 384 Non Bailable

25 Cyber crime laws NO. Name of Crime IT Sections IPC Sections Punishment
Category of Crime 10 E mail Fraud 66-C, 66-D 415 & 420 3 yrs imprisonment & 1 Lakh fine IT act 2000 sec 66-C & 66-D Bailable IPC SEC 415 & 420 Non Bailable 11 Spoofing 66-D 417, 419 &465 IT act 2000 sec 66-D Bailable IPC sec 417, 419 &465 Bailable 12 Copyright Violation 51,63,63A,63-B 405 & 420 IT act 2000 sec 63 Bailable IPC sec 420 Non Bailable

26 Cyber crime laws NO. Name of Crime IT Sections IPC Sections Punishment
Category of Crime 13 Pornography 67-A, 66-E 292/293/294, 500,506 & 509 5 years imprisonment or fine 10 Lakh IT act 2000 sec 67 Non Bailable IPC sec 292/293/294, 500,506 & 509 Bailable 14 Child Pornography 67-B IT act 2000 sec 66-B Non Bailable IPC sec 292/292/294, 500, 506 & 509 Bailable 15 Online Gambling Bailable

27 Cyber crime laws NO. Name of Crime IT Sections IPC Sections Punishment
Category of Crime 16 Forgery 43 (i) r/w 66 463, 3 years imprisonment or fine 2 Lakh or both IT act sec 65 Non Bailable IPC 464,465 & 469 Bailable under 468 Non Bailable 17 Denial of Service of Attack 43 (f) read with sec 66 3 years imprisonment or fine 5 Lakh or both IT act 2000 ses 66 Bailable 18 Web Defacement 65 434,464,468 & 469 IT act 2000 sec 65 Non Bailable IPC 464 & 469 Bailable under 468 Non Bailable

28 Cyber crime laws NO. Name of Crime IT Sections IPC Sections Punishment
Category of Crime 19 Web Jacking 65 384 3 years imprisonment or fine 2 Lakh or both IT act 2000 sec 65 Bailable IPC 384 Non Bailable 20 Illegal Online selling Under arms & NDPS Non Bailable 21 Cyber Defamation 500 & 509 3 years imprisonment or fine IT act 2000 sec 66-A Bailable IPC Sec 500 & 509 Bailable

29 Cyber crime laws NO. Name of Crime IT Sections IPC Sections Punishment
Category of Crime 22 Software Piracy 66, Copyright act 1957 under sec. 63-B 120B, 420, 468 & 471 3 years imprisonment or fine 5 Lakh or both IT act sec 66 Bailable IPC sec 120,420,468 Non Bailable 23 Electronic/Digital Signature 65, 73 & 74 417 & 420 2 years imprisonment or fine 1 Lakh or both IT act 2000 sec 74 bailable IPC sec 417 & 420 Bailable

30 Cyber Security Principles
1. Economy of mechanism This principle states that Security mechanisms should be as simple and small as possible. If the design and implementation are simple and small, fewer possibilities exist for errors. The checking and testing process is less complicated so that fewer components need to be tested. 2. Fail-safe defaults The Fail-safe defaults principle states that the default configuration of a system should have a conservative protection scheme. This principle also restricts how privileges are initialized when a subject or object is created. Whenever access, privileges/rights, or some security-related attribute is not explicitly granted, it should not be grant access to that object. 3. Least Privilege This principle states that a user should only have those privileges that need to complete his task. Its primary function is to control the assignment of rights granted to the user, not the identity of the user. This means that if the boss demands root access to a UNIX system that you administer, he/she should not be given that right unless he/she has a task that requires such level of access. If possible, the elevated rights of a user identity should be removed as soon as those rights are no longer needed.

31 4. Open Design This principle states that the security of a mechanism should not depend on the secrecy of its design or implementation. It suggests that complexity does not add security. This principle is the opposite of the approach known as "security through obscurity." This principle not only applies to information such as passwords or cryptographic systems but also to other computer security related operations. 5. Complete mediation The principle of complete mediation restricts the caching of information, which often leads to simpler implementations of mechanisms. The idea of this principle is that access to every object must be checked for compliance with a protection scheme to ensure that they are allowed. As a consequence, there should be wary of performance improvement techniques which save the details of previous authorization checks, since the permissions can change over time. 6. Separation of Privilege This principle states that a system should grant access permission based on more than one condition being satisfied. This principle may also be restrictive because it limits access to system entities. Thus before privilege is granted more than two verification should be performed. 7. Least Common Mechanism This principle states that in systems with multiple users, the mechanisms allowing resources shared by more than one user should be minimized as much as possible. This principle may also be restrictive because it limits the sharing of resources.

32 8. Psychological acceptability
This principle states that a security mechanism should not make the resource more complicated to access if the security mechanisms were not present. The psychological acceptability principle recognizes the human element in computer security. If security-related software or computer systems are too complicated to configure, maintain, or operate, the user will not employ the necessary security mechanisms. For example, if a password is matched during a password change process, the password changing program should state why it was denied rather than giving a cryptic error message. At the same time, applications should not impart unnecessary information that may lead to a compromise in security. 9. Work Factor This principle states that the cost of circumventing a security mechanism should be compared with the resources of a potential attacker when designing a security scheme. In some cases, the cost of circumventing ("known as work factor") can be easily calculated. In other words, the work factor is a common cryptographic measure which is used to determine the strength of a given cipher. It does not map directly to cyber security, but the overall concept does apply. 10. Compromise Recording The Compromise Recording principle states that sometimes it is more desirable to record the details of intrusion that to adopt a more sophisticated measure to prevent it.

33 Data Security Consideration
Data security is the protection of programs and data in computers and communication systems against unauthorized access, modification, destruction, disclosure or transfer whether accidental or intentional by building physical arrangements and software checks. It refers to the right of individuals or organizations to deny or restrict the collection and use of information about unauthorized access. Data security requires system managers to reduce unauthorized access to the systems by building physical arrangements and software checks. Data security uses various methods to make sure that the data is correct, original, kept confidentially and is safe. It includes- * Ensuring the integrity of data. * Ensuring the privacy of the data. * Prevent the loss or destruction of data. Data security consideration involves the protection of data against unauthorized access, modification, destruction, loss, disclosure or transfer whether accidental or intentional. Some of the important data security consideration are described below:

34 Archival Storage Backups
Data backup refers to save additional copies of our data in separate physical or cloud locations from data files in storage. It is essential for us to keep secure, store, and backup our data on a regular basis. Securing of the data will help us to prevent from- Accidental or malicious damage/modification to data. Theft of valuable information. Breach of confidentiality agreements and privacy laws. Premature release of data which can avoid intellectual properties claims. Release before data have been checked for authenticity and accuracy. Keeping reliable and regular backups of our data protects against the risk of damage or loss due to power failure, hardware failure. Archival Storage Data archiving is the process of retaining or keeping of data at a secure place for long-term storage. The data might be stored in safe locations so that it can be used whenever it is required. The archive data is still essential to the organization and may be needed for future reference. Also, data archives are indexed and have search capabilities so that the files and parts of files can be easily located and retrieved. The Data archival serve as a way of reducing primary storage consumption of data and its related costs.

35 Disposal of Data Disposal of data is the method of destroying data
which is stored on tapes, hard disks and other electronic media so that it is completely unreadable, unusable and inaccessible for unauthorized purposes. It also ensures that the organization retains records of data for as long as they are needed. When it is no longer required, appropriately destroys them or disposes of that data in some other way, for example, by transfer to an archives service. The managed process of data disposal has some essential benefits- It avoids the unnecessary storage costs incurred by using office or server space in maintaining records which is no longer needed by the organization. Finding and retrieving information is easier and quicker because there is less to search.

36 Security Technologies With the rapid growth in the Internet, cyber security has become a major concern to organizations throughout the world. The fact that the information and tools & technologies needed to penetrate the security of corporate organization networks are widely available has increased that security concern. Today, the fundamental problem is that much of the security technology aims to keep the attacker out, and when that fails, the defences have failed. Every organization who uses internet needed security technologies to cover the three primary control types - preventive, detective, and corrective as well as provide auditing and reporting. Most security is based on one of these types of things: something we have (like a key or an ID card), something we know (like a PIN or a password), or something we are (like a fingerprint). Some of the important security technologies used in the cyber security are described below-

37 Categories of Firewalls
Firewall is a computer network security system designed to prevent unauthorized access to or from a private network. It can be implemented as hardware, software, or a combination of both. Firewalls are used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All messages are entering or leaving the intranet pass through the firewall. The firewall examines each message and blocks those that do not meet the specified security criteria. Categories of Firewalls

38 1. Processing mode Packet filtering
Packet filtering firewalls examine header information of a data packets that come into a network and determine whether to forward it to the next network connection or drop a packet based on the rules programmed in the firewall. It scans network data packets looking for a violation of the rules of the firewalls database. Packet filtering firewalls can be categorized into three types- 1. Static filtering: The system administrator set a rule for the firewall. These filtering rules governing how the firewall decides which packets are allowed and which are denied are developed and installed. 2. Dynamic filtering: It allows the firewall to set some rules for itself, such as dropping packets from an address that is sending many bad packets. 3. State ful inspection: A state ful firewalls keep track of each network connection between internal and external systems using a state table. Application gateways It is a firewall proxy which frequently installed on a dedicated computer to provides network security. This proxy firewall acts as an intermediary between the requester and the protected device. This firewall proxy filters incoming node traffic to certain specifications that mean only transmitted network application data is filtered. Such network applications include FTP, Telnet, Real Time Streaming Protocol (RTSP), Bit Torrent, etc.

39 Circuit gateways MAC layer firewalls Hybrid firewalls
A circuit-level gateway is a firewall that operates at the transport layer. It provides UDP and TCP connection security which means it can reassemble, examine or block all the packets in a TCP or UDP connection. It works between a transport layer and an application layers such as the session layer. Unlike application gateways, it monitors TCP data packet handshaking and session fulfillment of firewall rules and policies. It can also act as a Virtual Private Network (VPN) over the Internet by doing encryption from firewall to firewall. MAC layer firewalls This firewall is designed to operate at the media access control layer of the OSI network model. It is able to consider a specific host computer's identity in its filtering decisions. MAC addresses of specific host computers are linked to the access control list (ACL) entries. This entry identifies specific types of packets that can be sent to each host and all other traffic is blocked. It will also check the MAC address of a requester to determine whether the device being used are able to make the connection is authorized to access the data or not. Hybrid firewalls It is a type of firewalls which combine features of other four types of firewalls. These are elements of packet filtering and proxy services, or of packet filtering and circuit gateways.

40 2. Development Era Firewall can be Categorised on the basis of the generation type. These are- First Generation Second Generation Third Generation Fourth Generation Fifth Generation The first generation firewall comes with static packet filtering firewall. A static packet filter is the simplest and least expensive forms of firewall protection. In this generation, each packet entering and leaving the network is checked and will be either passed or rejected depends on the user-defined rules. We can compare this security with the bouncer of the club who only allows people over 21 to enter and below 21 will be disallowed. Second generation firewall comes with Application level or proxy servers. This generation of firewall increases the security level between trusted and untrusted networks. An Application level firewall uses software to intercept connections for each IP and to perform security inspection. It involves proxy services which act as an interface between the user on the internal trusted network and the Internet. Each computer communicates with each other by passing network traffic through the proxy program. This program evaluates data sent from the client and decides which to move on and which to drop.

41 Third Generation The third generation firewall comes with the state ful inspection firewalls. This generation of the firewall has evolved to meet the major requirements demanded by corporate networks of increased security while minimizing the impact on network performance. The needs of the third generation firewalls will be even more demanding due to the growing support for VPNs, wireless communication, and enhanced virus protection. The most challenging element of this evolution is maintaining the firewall's simplicity (and hence its maintainability and security) without compromising flexibility. Fourth Generation The fourth generation firewall comes with dynamic packet filtering firewall. This firewall monitors the state of active connections, and on the basis of this information, it determines which network packets are allowed to pass through the firewall. By recording session information such as IP addresses and port numbers, a dynamic packet filter can implement a much tighter security posture than a static packet filter. Fifth Generation The fifth generation firewall comes with kernel proxy firewall. This firewall works under the kernel of Windows NT Executive. This firewall proxy operates at the application layer. In this, when a packet arrives, a new virtual stack table is created which contains only the protocol proxies needed to examine the specific packet. These packets investigated at each layer of the stack, which involves evaluating the data link header along with the network header, transport header, session layer information, and application layer data. This firewall works faster than all the application-level firewalls because all evaluation takes place at the kernel layer and not at the higher layers of the operating system.

42 3.Intended deployment structure
Firewall can also be categorized based on the structure. These are- Commercial Appliances It runs on a custom operating system. This firewall system consists of firewall application software running on a general-purpose computer. It is designed to provide protection for a medium-to-large business network. Most of the commercial firewalls are quite complex and often require specialized training and certification to take full advantage of their features. Small Office Home Office The SOHO firewall is designed for small office or home office networks who need protection from Internet security threats. A firewall for a SOHO (Small Office Home Office) is the first line of defence and plays an essential role in an overall security strategy. SOHO firewall has limited resources so that the firewall product they implement must be relatively easy to use and maintain, and be cost-effective. This firewall connects a user's local area network or a specific computer system to the Internetworking device. Residential Software Residential-grade firewall software is installed directly on a user's system. Some of these applications combine firewall services with other protections such as antivirus or intrusion detection. There are a limit to the level of configurability and protection that software firewalls can provide.

43 4.Architectural Implementation
The firewall configuration that works best for a particular organization depends on three factors: the objectives of the network, the organization's ability to develop and implement the architectures, and the budget available for the function. There are four common architectural implementations of firewalls: Packet-filtering routers Packet filtering firewall is used to control the network access by monitoring the outgoing and incoming packets. It allows them to pass or halt based on the source and destination IP addresses, protocols and ports. During communication, a node transmits a packet; this packet is filtered and matched with the predefined rules and policies. Once it is matched, a packet is considered secure and verified and are able to be accepted otherwise blocked them. Screened host firewalls This firewall architecture combines the packet-filtering router with a separate and dedicated firewall. The application gateway needs only one network interface. It is allowing the router to pre-screen packets to minimize the network traffic and load on the internal proxy. The packet-filtering router filters dangerous protocols from reaching the application gateway and site systems. Dual-homed host firewalls The network architecture for the dual-homed host firewall is simple. Its architecture is built around the dual-homed host computer, a computer that has at least two NICs. One NIC is to be connected with the external network, and other is connected to the internal network which provides an additional layer of protection. With these NICs, all traffic must go through the firewall in order to move between the internal and external networks. Screened Subnet Firewalls This architecture adds an extra layer (perimeter network) of security to the screened host architecture by adding a perimeter network that further isolates the internal network from the Internet. In this architecture, there are two screening routers and both connected to the perimeter net. One router sits between the perimeter net and the internal network, and the other router sits between the perimeter net and the external network. To break into the internal network, an attacker would have to get past both routers. There is no single vulnerable point that will compromise the internal network.

44 VPNs A VPN stands for virtual private network. It is a technology which creates a safe and an encrypted connection on the Internet from a device to a network. This type of connection helps to ensure our sensitive data is transmitted safely. It prevents our connection from eavesdropping on the network traffic and allows the user to access a private network securely. This technology is widely used in the corporate environments. A VPN works same as firewall like firewall protects data local to a device wherever VPNs protects data online. To ensure safe communication on the internet, data travel through secure tunnels, and VPNs user used an authentication method to gain access over the VPNs server. VPNs are used by remote users who need to access corporate resources, consumers who want to download files and business travellers want to access a site that is geographically restricted.

45 Intrusion Detection System (IDS)
An IDS is a security system which monitors the computer systems and network traffic. It analyses that traffic for possible hostile attacks originating from the outsider and also for system misuse or attacks originating from the insider. A firewall does a job of filtering the incoming traffic from the internet, the IDS in a similar way compliments the firewall security. Like, the firewall protects an organization sensitive data from malicious attacks over the Internet, the Intrusiondetection system alerts the system administrator in thecase when someone tries to break in the firewall security and tries to have access on any network in the trusted side. Intrusion Detection System have different types to detects the suspicious activities- 1. NIDS- It is a Network Intrusion Detection System which monitors the inbound and outbound traffic to and from all the devices over the network. 2. HIDS- It is a Host Intrusion Detection System which runs on all devices in the network with direct access to both internet and enterprise internal network. It can detect anomalous network packets that originate from inside the organization or malicious traffic that a NIDS has failed to catch. HIDS may also identify malicious traffic that arises from the host itself. 3. Signature-based Intrusion Detection System- It is a detection system which refers to the detection of an attack by looking for the specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware. This IDS originates from anti-virus software which can easily detect known attacks. In this terminology, it is impossible to detect new attacks, for which no pattern is available. 4. Anomaly-based Intrusion Detection System- This detection system primarily introduced to detect unknown attacks due to the rapid development of malware. It alerts administrators against the potentially malicious activity. It monitors the network traffic and compares it against an established baseline. It determines what is considered to be normal for the network with concern to bandwidth, protocols, ports and other devices.

46 Access Control Access control is a process of selecting restrictive access to a system. It is a concept in security to minimize the risk of unauthorized access to the business or organization. In this, users are granted access permission and certain privileges to a system and resources. Here, users must provide the credential to be granted access to a system. These credentials come in many forms such as password, keycard, the biometric reading, etc. Access control ensures security technology and access control policies to protect confidential information like customer data. The access control can be categories into two types- Physical access control Logical access control Physical Access Control- This type of access control limits access to buildings, rooms, campuses, and physical IT assets. Logical access control- This type of access control limits connection to computer networks, system files, and data. The more secure method for access control involves two - factor authentication. The first factor is that a user who desires access to a system must show credential and the second factor could be an access code, password, and a biometric reading. The access control consists of two main components: authorization and authentication. Authentication is a process which verifies that someone claims to be granted access whereas an authorization provides that whether a user should be allowed to gain access to a system or denied it.

47 Threat to E-Commerce E-Commerce refers to the activity of buying and selling things over the internet. Simply, it refers to the commercial transactions which are conducted online. E-commerce can be drawn on many technologies such as mobile commerce, Internet marketing, online transaction processing, electronic funds transfer, supply chain management, electronic data interchange (EDI), inventory management systems, and automated data collection systems. E-commerce threat is occurring by using the internet for unfair means with the intention of stealing, fraud and security breach. There are various types of e-commerce threats. Some are accidental, some are purposeful, and some of them are due to human error. The most common security threats are an electronic payments system, e-cash, data misuse, credit/debit card frauds, etc.

48 Electronic payments system
With the rapid development of the computer, mobile, and network technology, e-commerce has become a routine part of human life. In e-commerce, the customer can order products at home and save time for doing other things. There is no need of visiting a store or a shop. The customer can select different stores on the Internet in a very short time and compare the products with different characteristics such as price, colour, and quality. The electronic payment systems have a very important role in e-commerce. E-commerce organizations use electronic payment systems that refer to paperless monetary transactions. It revolutionized the business processing by reducing paperwork, transaction costs, and labour cost. E-commerce processing is user-friendly and less time consuming than manual processing. Electronic commerce helps a business organization expand its market reach expansion. There is a certain risk with the electronic payments system. The Risk of Fraud An electronic payment system has a huge risk of fraud. The computing devices use an identity of the person for authorizing a payment such as passwords and security questions. These authentications are not full proof in determining the identity of a person. If the password and the answers to the security questions are matched, the system doesn't care who is on the other side. If someone has access to our password or the answers to our security question, he will gain access to our money and can steal it from us.

49 The Risk of Tax Evasion The Risk of Payment Conflicts
The Internal Revenue Service law requires that every business declare their financial transactions and provide paper records so that tax compliance can be verified. The problem with electronic systems is that they don't provide cleanly into this paradigm. It makes the process of tax collection very frustrating for the Internal Revenue Service. It is at the business's choice to disclose payments received or made via electronic payment systems. The IRS has no way to know that it is telling the truth or not that makes it easy to evade taxation. The Risk of Payment Conflicts In electronic payment systems, the payments are handled by an automated electronic system, not by humans. The system is prone to errors when it handles large amounts of payments on a frequent basis with more than one recipients involved. It is essential to continually check our pay slip after every pay period ends in order to ensure everything makes sense. If it is a failure to do this, may result in conflicts of payment caused by technical glitches and anomalies.

50 E-cash E-cash is a paperless cash system which facilitates the transfer of funds anonymously. E-cash is free to the user while the sellers have paid a fee for this. The e-cash fund can be either stored on a card itself or in an account which is associated with the card. The most common examples of e-cash system are transit card, PayPal, GooglePay, Paytm, etc. E-cash has four major components- Issuers - They can be banks or a non-bank institution. Customers - They are the users who spend the e-cash. Merchants or Traders - They are the vendors who receive e-cash. Regulators - They are related to authorities or state tax agencies.

51 Backdoors Attacks It is a type of attacks which gives an attacker to unauthorized access to a system by bypasses the normal authentication mechanisms. It works in the background and hides itself from the user that makes it difficult to detect and remove. Denial of service attacks A denial-of-service attack (DoS attack) is a security attack in which the attacker takes action that prevents the legitimate (correct) users from accessing the electronic devices. It makes a network resource unavailable to its intended users by temporarily disrupting services of a host connected to the Internet. Direct Access Attacks Direct access attack is an attack in which an intruder gains physical access to the computer to perform an unauthorized activity and installing various types of software to compromise security. These types of software loaded with worms and download a huge amount of sensitive data from the target victims. Eavesdropping This is an unauthorized way of listening to private communication over the network. It does not interfere with the normal operations of the targeting system so that the sender and the recipient of the messages are not aware that their conversation is tracking.

52 Credit/Debit card fraud A credit card allows us to borrow money from a recipient bank to make purchases. The issuer of the credit card has the condition that the cardholder will pay back the borrowed money with an additional agreed-upon charge. A debit card is of a plastic card which issued by the financial organization to account holder who has a savings deposit account that can be used instead of cash to make purchases. The debit card can be used only when the fund is available in the account. Some of the important threats associated with the debit/credit card are-

53 ATM (Automated Teller Machine)
It is the favourite place of the fraudster from there they can steal our card details. Some of the important techniques which the criminals opt for getting hold of our card information is: Skimming- It is the process of attaching a data-skimming device in the card reader of the ATM. When the customer swipes their card in the ATM card reader, the information is copied from the magnetic strip to the device. By doing this, the criminals get to know the details of the Card number, name, CVV number, expiry date of the card and other details. Unwanted Presence- It is a rule that not more than one user should use the ATM at a time. If we find more than one people lurking around together, the intention behind this is to overlook our card details while we were making our transaction. Vishing/Phishing Phishing is an activity in which an intruder obtained the sensitive information of a user such as password, usernames, and credit card details, often for malicious reasons, etc. Vishing is an activity in which an intruder obtained the sensitive information of a user via sending SMS on mobiles. These SMS and Call appears to be from a reliable source, but in real they are fake. The main objective of vishing and phishing is to get the customer's PIN, account details, and passwords. Online Transaction Online transaction can be made by the customer to do shopping and pay their bills over the internet. It is as easy as for the customer, also easy for the customer to hack into our system and steal our sensitive information. Some important ways to steal our confidential information during an online transaction are- By downloading software which scans our keystroke and steals our password and card details. By redirecting a customer to a fake website which looks like original and steals our sensitive information. By using public Wi-Fi POS Theft It is commonly done at merchant stores at the time of POS transaction. In this, the salesperson takes the customer card for processing payment and illegally copies the card details for later use.

54 Security Policies 1 It increases efficiency
The best thing about having a policy is being able to increase the level of consistency which saves time, money and resources. The policy should inform the employees about their individual duties, and telling them what they can do and what they cannot do with the organization sensitive information. 2 It upholds discipline and accountability When any human mistake will occur, and system security is compromised, then the security policy of the organization will back up any disciplinary action and also supporting a case in a court of law. The organization policies act as a contract which proves that an organization has taken steps to protect its intellectual property, as well as its customers and clients. 3 It can make or break a business deal It is not necessary for companies to provide a copy of their information security policy to other vendors during a business deal that involves the transference of their sensitive information. It is true in a case of bigger businesses which ensures their own security interests are protected when dealing with smaller businesses which have less high-end security systems in place. 4 It helps to educate employees on security literacy A well-written security policy can also be seen as an educational document which informs the readers about their importance of responsibility in protecting the organization sensitive data. It involves on choosing the right passwords, to providing guidelines for file transfers and data storage which increases employee's overall awareness of security and how it can be strengthened.

55 Security Standards To make cyber security measures explicit, the written norms are required. These norms are known as cyber security standards: the generic sets of prescriptions for an ideal execution of certain measures. The standards may involve methods, guidelines, reference frameworks, etc. It ensures efficiency of security, facilitates integration and interoperability, enables meaningful comparison of measures, reduces complexity, and provide the structure for new developments. A security standard is "a published specification that establishes a common language, and contains a technical specification or other precise criteria and is designed to be used consistently, as a rule, a guideline, or a definition." The goal of security standards is to improve the security of information technology (IT) systems, networks, and critical infrastructures. The Well-Written cyber security standards enable consistency among product developers and serve as a reliable standard for purchasing security products. Security standards are generally provided for all organizations regardless of their size or the industry and sector in which they operate. This section includes information about each standard that is usually recognized as an essential component of any cyber security strategy. 1. ISO ISO stands for International Organization for Standardization. International Standards make things to work. These standards provide a world-class specification for products, services and computers, to ensure quality, safety and efficiency. They are instrumental in facilitating international trade. ISO standard is officially established On 23 February It is an independent, non-governmental international organization. Today, it has a membership of 162 national standards bodies and 784 technical committees and subcommittees to take care of standards development. ISO has published over International Standards and its related documents which covers almost every industry, from information technology, to food safety, to agriculture and healthcare.

56 The ISO 27000 series can be categorized into many types. They are-
It is the family of information security standards which is developed by the International Organization for Standardization and the International Electro technical Commission to provide a globally recognized framework for best information security management. It helps the organization to keep their information assets secure such as employee details, financial information, and intellectual property. The need of ISO series arises because of the risk of cyber-attacks which the organization face. The cyber-attacks are growing day by day making hackers a constant threat to any industry that uses technology. The ISO series can be categorized into many types. They are- ISO This standard allows us to prove the clients and stakeholders of any organization to managing the best security of their confidential data and information. This standard involves a process-based approach for establishing, implementing, operating, monitoring, maintaining, and improving our ISMS. ISO This standard provides an explanation of terminologies used in ISO ISO This standard provides guidelines for organizational information security standards and information security management practices. It includes the selection, implementation, operating and management of controls taking into consideration the organization's information security risk environment(s). ISO This standard supports the general concepts specified in It is designed to provide the guidelines for implementation of information security based on a risk management approach. To completely understand the ISO/IEC 27005, the knowledge of the concepts, models, processes, and terminologies described in ISO/IEC and ISO/IEC is required. This standard is capable for all kind of organizations such as non-government organization, government agencies, and commercial enterprises. ISO It is the international Standard which focuses explicitly on cybersecurity. This Standard includes guidelines for protecting the information beyond the borders of an organization such as in collaborations, partnerships or other information sharing arrangements with clients and suppliers.

57 2. IT Act The Information Technology Act also known as ITA-2000, or the IT Act main aims is to provide the legal infrastructure in India which deal with cybercrime and e-commerce. The IT Act is based on the United Nations Model Law on E-Commerce 1996 recommended by the General Assembly of United Nations. This act is also used to check misuse of cyber network and computer in India. It was officially passed in 2000 and amended in It has been designed to give the boost to Electronic commerce, e-transactions and related activities associated with commerce and trade. It also facilitate electronic governance by means of reliable electronic records. IT Act 2000 has 13 chapters, 94 sections and 4 schedules. The first 14 sections concerning digital signatures and other sections deal with the certifying authorities who are licenced to issue digital signature certificates, sections 43 to 47 provides penalties and compensation, section 48 to 64 deal with appeal to high court, sections 65 to 79 deal with offences, and the remaining section 80 to 94 deal with miscellaneous of the act.

58 Mere variations of typographic ornamentation, lettering, or coloring
3. Copyright Act The Copyright Act 1957 amended by the Copyright Amendment Act 2012 governs the subject of copyright law in India. This Act is applicable from 21 January Copyright is a legal term which describes the ownership of control of the rights to the authors of "original works of authorship" that are fixed in a tangible form of expression. An original work of authorship is a distribution of certain works of creative expression including books, video, movies, music, and computer programs. The copyright law has been enacted to balance the use and reuse of creative works against the desire of the creators of art, literature, music and monetize their work by controlling who can make and sell copies of the work. The copyright act covers the following- Rights of copyright owners Works eligible for protection Duration of copyright Who can claim copyright The copyright act does not covers the following- Ideas, procedures, methods, processes, concepts, systems, principles, or discoveries Works that are not fixed in a tangible form (such as a choreographic work that has not been notated or recorded or an improvisational speech that has not been written down) Familiar symbols or designs Titles, names, short phrases, and slogans Mere variations of typographic ornamentation, lettering, or coloring 4. Patent Law Patent law is a law that deals with new inventions. Traditional patent law protect tangible scientific inventions, such as circuit boards, heating coils, car engines, or zippers. As time increases patent law have been used to protect a broader variety of inventions such as business practices, coding algorithms, or genetically modified organisms. It is the right to exclude others from making, using, selling, importing, inducing others to infringe, and offering a product specially adapted for practice of the patent. In general, a patent is a right that can be granted if an invention is: Not a natural object or process New Useful Not obvious.

59 Types of Digital Signature
Digital Signature A digital signature is a mathematical technique which validates the authenticity and integrity of a message, software or digital documents. It allows us to verify the author name, date and time of signatures, and authenticate the message contents. The digital signature offers far more inherent security and intended to solve the problem of tampering and impersonation (Intentionally copy another person's characteristics) in digital communications. Types of Digital Signature Different document processing platform supports different types of digital signature. They are described below

60 Certified Signatures The certified digital signature documents display a unique blue ribbon across the top of the document. The certified signature contains the name of the document signer and the certificate issuer which indicate the authorship and authenticity of the document. Approval Signatures The approval digital signatures on a document can be used in the organization's business workflow. They help to optimize the organization's approval procedure. The procedure involves capturing approvals made by us and other individuals and embedding them within the PDF document. The approval signatures to include details such as an image of our physical signature, location, date, and official seal. Visible Digital Signature The visible digital signature allows a user to sign a single document digitally. This signature appears on a document in the same way as signatures are signed on a physical document. Invisible Digital Signature The invisible digital signatures carry a visual indication of a blue ribbon within a document in the taskbar. We can use invisible digital signatures when we do not have or do not want to display our signature but need to provide the authenticity of the document, its integrity, and its origin.

61 Cyber Security Tools Protecting our IT environment is very critical. Every organization needs to take cyber security very seriously. There are numbers of hacking attacks which affecting businesses of all sizes. Hackers, malware, viruses are some of the real security threats in the virtual world. It is essential that every company is aware of the dangerous security attacks and it is necessary to keep themselves secure. There are many different aspects of the cyber defence may need to be considered. Here are six essential tools and services that every organization needs to consider to ensure their cybersecurity is as strong as possible. They are described below

62 1. Firewalls As we know, the firewall is the core of security tools, and it becomes one of the most important security tools. Its job is to prevent unauthorized access to or from a private network. It can be implemented as hardware, software, or a combination of both. 2. Antivirus Software Antivirus software is a program which is designed to prevent, detect, and remove viruses and other malware attacks on the individual computer, networks, and IT systems. It also protects our computers and networks from the variety of threats and viruses such as Trojan horses, worms, key loggers , browser hijackers, root kits, spyware, bot nets, adware, and ransom ware. 3. PKI Services PKI stands for Public Key Infrastructure. This tool supports the distribution and identification of public encryption keys. It enables users and computer systems to securely exchange data over the internet and verify the identity of the other party. 4.Managed Detection and Response Service (MDR) Today's cybercriminals and hackers used more advanced techniques and software to breach organization security So, there is a necessity for every businesses to be used more powerful forms of defence of cyber security. 5. Penetration Testing Penetration testing, or pen-test, is an important way to evaluate our business's security systems and security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities exist in operating systems, services and application, improper configurations or risky end-user behavior.

63 Cyber Security Challenges
Today cyber security is the main component of the country's overall national security and economic security strategies. In India, there are so many challenges related to cyber security. With the increase of the cyber-attacks, every organization needs a security analyst who makes sure that their system is secured. These security analysts face many challenges related to cyber security such as securing confidential data of government organizations, securing the private organization servers, etc. The recent important cyber security challenges are described below:

64 1. Ransom ware Evolution 2. Block chain Revolution
Ransom ware is a type of malware in which the data on a victim's computer is locked, and payment is demanded before the ransomed data is unlocked. After successful payment, access rights returned to the victim. Ransom ware is the bane of cyber security, data professionals, IT, and executives. Ransom ware attacks are growing day by day in the areas of cybercrime. IT professionals and business leaders need to have a powerful recovery strategy against the malware attacks to protect their organization. 2. Block chain Revolution Block chain technology is the most important invention in computing era. It is the first time in human history that we have a genuinely native digital medium for peer-to-peer value exchange. The block chain is a technology that enables crypto currencies like Bit coin. The block chain is a vast global platform that allows two or more parties to do a transaction or do business without needing a third party for establishing trust. It is difficult to predict what block chain systems will offer in regards to cyber security. The professionals in cyber security can make some educated guesses regarding block chain. As the application and utility of block chain in a cyber security context emerges, there will be a healthy tension but also complementary integrations with traditional, proven, cyber security approaches

65 3.IoT Threats 4.AI Expansion
IoT stands for Internet of Things. It is a system of interrelated physical devices which can be accessible through the internet. The connected physical devices have a unique identifier (UID) and have the ability to transfer data over a network without any requirements of the human-to-human or human-to-computer interaction. The firmware and software which is running on IoT devices make consumer and businesses highly susceptible to cyber-attacks. When IoT things were designed, it is not considered in mind about the used in cyber security and for commercial purposes. So every organization needs to work with cyber security professionals to ensure the security of their password policies, session handling, user verification, multifactor authentication, and security protocols to help in managing the risk. 4.AI Expansion AI short form is Artificial intelligence. According to John McCarthy, father of Artificial Intelligence defined AI: "The science and engineering of making intelligent machines, especially intelligent computer programs." It is an area of computer science which is the creation of intelligent machines that do work and react like humans. Some of the activities related to artificial intelligence include speech recognition, Learning, Planning, Problem-solving, etc. The key benefits with AI into our cyber security strategy has the ability to protect and defend an environment when the malicious attack begins, thus mitigating the impact. AI take immediate action against the malicious attacks at a moment when a threats impact a business. IT business leaders and cyber security strategy teams consider AI as a future protective control that will allow our business to stay ahead of the cyber security technology curve.

66 5. Server less Apps Vulnerability
Server less architecture and apps is an application which depends on third-party cloud infrastructure or on a back-end service such as google cloud function, Amazon web services (AWS) lambda, etc. The serverless apps invite the cyber attackers to spread threats on their system easily because the users access the application locally or off-server on their device. Therefore it is the user responsibility for the security precautions while using server less application. The server less apps do nothing to keep the attackers away from our data. The server less application doesn't help if an attacker gains access to our data through a vulnerability such as leaked credentials, a compromised insider or by any other means then server less. We can run software with the application which provides best chance to defeat the cybercriminals. The server less applications are typically small in size. It helps developers to launch their applications quickly and easily. They don't need to worry about the underlying infrastructure. The web-services and data processing tools are examples of the most common server less apps.

67 Cyber Security Risk Analysis
Risk analysis refers to the review of risks associated with the particular action or event. The risk analysis is applied to information technology, projects, security issues and any other event where risks may be analyse based on a quantitative and qualitative basis. Risks are part of every IT project and business organizations. The analysis of risk should be occurred on a regular basis and be updated to identify new potential threats. The strategic risk analysis helps to minimize the future risk probability and damage. Enterprise and organization used risk analysis: To anticipates and reduce the effect of harmful results occurred from adverse events. To plan for technology or equipment failure or loss from adverse events, both natural and human-caused. To evaluate whether the potential risks of a project are balanced in the decision process when evaluating to move forward with the project. To identify the impact of and prepare for changes in the enterprise environment.

68 Benefits of risk analysis
Every organization needs to understand about the risks associated with their information systems to effectively and efficiently protect their IT assets. Risk analysis can help an organization to improve their security in many ways. These are: Concerning financial and organizational impacts, it identifies, rate and compares the overall impact of risks related to the organization. It helps to identify gaps in information security and determine the next steps to eliminate the risks of security. It can also enhance the communication and decision-making processes related to information security. It improves security policies and procedures as well as develop cost-effective methods for implementing information security policies and procedures. It increases employee awareness about risks and security measures during the risk analysis process and understands the financial impacts of potential security risks.

69 Types of Risk Analysis Qualitative Risk Analysis
The qualitative risk analysis process is a project management technique that prioritizes risk on the project by assigning the probability and impact number. Probability is something a risk event will occur whereas impact is the significance of the consequences of a risk event. The objective of qualitative risk analysis is to assess and evaluate the characteristics of individually identified risk and then prioritize them based on the agreed-upon characteristics. The assessing individual risk evaluates the probability that each risk will occur and effect on the project objectives. The categorizing risks will help in filtering them out. Qualitative analysis is used to determine the risk exposure of the project by multiplying the probability and impact. Quantitative Risk Analysis The objectives of performing quantitative risk analysis process provide a numerical estimate of the overall effect of risk on the project objectives. It is used to evaluate the likelihood of success in achieving the project objectives and to estimate contingency reserve, usually applicable for time and cost. Quantitative analysis is not mandatory, especially for smaller projects. Quantitative risk analysis helps in calculating estimates of overall project risk which is the main focus.

Download ppt "Cyber Security Technology"

Similar presentations

Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Cyber Crime & Security Raghunath M D BSNL Mobile Services,

Cyber Crime & Security Raghunath M D BSNL Mobile Services,
Cyber Crimes.

Cyber Crimes.
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.
Cyber crime & Security Prepared by : Rughani Zarana.

Cyber crime & Security Prepared by : Rughani Zarana.
Prepared by: Dinesh Bajracharya Nepal Security and Control.

Prepared by: Dinesh Bajracharya Nepal Security and Control.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Similar presentations

Ads by Google