INDIVIDUAL ASSIGNMENT (I, II, III, & IV)

OF CYBER SECURITY

Submitted To:
Submitted by:
Mr. Noor Ahmad
Mohammad Javed

Roll No.-1701170070

Course: MBA (IV) SEM

Sec-B
 ASSIGNMENT-I

QI. What are the three basic security concept important to information on the internet?

Answer:

Three basic security concepts important to information on the internet are-

 Confidentiality

 Integrity

 Availability

Concepts relating to the people who use that information are authentication, authorization, and
non-repudiation.

CONFIDENTIALITY:

When information is read or copied by someone not authorized to do so,

the result is known as loss of confidentiality.

Examples include research data, medical and insurance records, new product specifications, and
corporate investment strategies

INTEGRITY:

Information can be corrupted when it is available on an insecure network. When

information is modified in unexpected ways, the result is known as loss of integrity.

AVAILABILITY:

Information can be erased or become inaccessible, resulting in loss of availability. This means
that people who are authorized to get information cannot get what they need. When users cannot
access the network or specific services provided on the network, they experience a denial of
service
QII. Explain authorization and authentication.

Answer:

A word Authentication means confirming your own identity, while Authorization means
granting access to the system. In simple terms, authentication is the process of verifying who you
are, while authorization is the process of verifying what you have access to.

AUTHENTICATION:

Authentication is about validating your credentials like User Name/User

ID and password to verify your identity. The system determines whether you are what you say
you are using your credentials. In public and private networks, the system authenticates the user
identity via login passwords. Authentication is usually done by a username and password, and
sometimes in conjunction with factors of authentication, which refers to the various ways to be
authenticated.

Authentication factors determine the various elements the system use to verify one’s identity
prior to granting him access to anything from accessing a file to requesting a bank transaction. A
user’s identity can be determined by what he knows, what he has, or what he is. When it comes
to security, at least two or all the three authentication factors must be verified in order to grant
someone access to the system.

Based on the security level, authentication factor can vary from one of the following:
SINGLE-FACTOR AUTHENTICATION:
It’s the simplest authentication method which
commonly relies on a simple password to grant user access to a particular system such as a
website or a network. The person can request access to the system using only one of the
credentials to verify his identity. The most common example of a single-factor authentication
would be login credentials which only require a password against a username.

TWO-FACTOR AUTHENTICATION:
As the name suggests, it’s a two-step verification
process which not only requires a username and password, but also something only the user
knows, to ensure an additional level of security, such as an ATM pin, which only the user knows.
MULTI-FACTOR AUTHENTICATION:
It’s the most advanced method of authentication
which uses two or more levels of security from independent categories of authentication to grant
user access to the system. All the factors should be independent of each other to eliminate any
vulnerability in the system. Financial organizations, banks, and law enforcement agencies use
multiple-factor authentication to safeguard their data and applications from potential threats.

For example, when you enter your ATM card into the ATM machine, the machine asks you to
enter your pin. After you enter the pin correctly, the bank then confirms your identity that the
card really belongs to you and you’re the rightful owner of the card. By validating your ATM
card pin, the bank actually verifies your identity, which is called authentication. It merely
identifies who you are, nothing else.

AUTHORIZATION:

Authorization, on the other hand, occurs after your identity is successfully

authenticated by the system, which ultimately gives you full permission to access the resources
such as information, files, databases, funds, locations, almost anything. In simple terms,
authorization determines your ability to access the system and up to what extent. Once your
identity is verified by the system after successful authentication, you are then authorized to access
the resources of the system.

Authorization is the process to determine whether the authenticated user has access to the
particular resources. It verifies your rights to grant you access to resources such as information,
databases, files, etc. Authorization usually comes after authentication which confirms your
privileges to perform. In simple terms, it’s like giving someone official permission to do
something or anything.

For example, the process of verifying and confirming employees ID and passwords in an
organization is called authentication, but determining which employee has access to which floor
is called authorization. Let’s say you are traveling and you’re about to board a flight. When you
show your ticket and some identification before checking in, you receive a boarding pass which
confirms that the airport authority has authenticated your identity. But that’s not it. A flight
attendant must authorize you to board the flight you’re supposed to be flying on, allowing you
access to the inside of the plane and its resources.

Access to a system is protected by both authentication and authorization. Any attempt to access
the system might be authenticated by entering valid credentials, but it can only be accepted after
successful authorization. If the attempt is authenticated but not authorized, the system will deny
access to the system.

############################################################################
 ASSIGNMENT-II

QI. Define packet filters, Stateful firewall, application-layer firewall, proxy firewall.

Answer:

PACKET FILTERS:

Packet filtering is a firewall technique used to control network access by

monitoring outgoing and incoming packets and allowing them to pass or halt based on the source
and destination Internet Protocol (IP) addresses, protocols and ports.

Network layer firewalls define packet filtering rule sets, which provide highly efficient security
mechanisms.

Packet filtering is also known as static filtering.

STATEFUL FIREWALL:

In computing, a stateful firewall is a network firewall that tracks the

operating state and characteristics of network connections traversing it. The firewall is configured
to distinguish legitimate packets for different types of connections. Only packets matching a
known active connection are allowed to pass the firewall.

Stateful packet inspection (SPI), also referred to as dynamic packet filtering, is a security feature
often included in business networks.

APPLICATION-LAYER FIREWALL:

An application firewall is a type of firewall that controls

network access to, from or by an application or service. Such products monitor the use of
applications and block any activities that don’t meet the configured policy of the firewall.
Application firewalls protect application communications in a similar manner that network
firewalls secure network communications. Because they are aware of the languages applications
use to transmit information, they can deny or modify invalid or suspicious activities—protecting
organizations against attacks.
PROXY FIREWALL:
A proxy firewall is a network security system that protects network
resources by filtering messages at the application layer. A proxy firewall may also be called
an application firewall or gateway firewall.

xxxxxxxxxxxxxxxxxxxxxxxxxxx

QII. Write a note on DMZ (De Militarized Zone)

DMZ:

Portion of the network between the border router and the non-public computing services.
In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted
as a "neutral zone" between a company's private network and the outside public network.

PERIMETER SECURITY TOPOLOGIES

 Any network that is connected (directly or indirectly) to your organization, but is not
controlled by your organization, represents a risk..
 Include demilitarized zones (DMZs) extranets, and intranets

TRUSTED NETWORKS:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 ASSIGNMENT-III

QI. What is the different b/w identification, authentication, and authorization?

Answer:

Identification, Authentication, and Authorization:

Identification:

Identification, according to a current compilation of information security terms, is "the process

That enables recognition of a user described to an automated data processing system. This is
Generally by the use of unique machine-readable names". In human terms, client and merchant
Engage in mutual identification when they for example: tell each other their names over the
Phone. In the Moldovan Trojan case, the violation of identification occurred when there was no
Provision at all for ascertaining the identity of the company running the scam.

Authentication:

Authentication is about validating your credentials like User Name/User

ID and password to verify your identity. The system determines whether you are what you say
you are using your credentials. In public and private networks, the system authenticates the user
identity via login passwords. Authentication is usually done by a username and password, and
sometimes in conjunction with factors of authentication, which refers to the various ways to be
authenticated.

Authentication factors determine the various elements the system use to verify one’s identity
prior to granting him access to anything from accessing a file to requesting a bank transaction. A
user’s identity can be determined by what he knows, what he has, or what he is. When it comes
to security, at least two or all the three authentication factors must be verified in order to grant
someone access to the system.

Authorization:

Authorization, on the other hand, occurs after your identity is successfully

authenticated by the system, which ultimately gives you full permission to access the resources
such as information, files, databases, funds, locations, almost anything. In simple terms,
authorization determines your ability to access the system and up to what extent. Once your
identity is verified by the system after successful authentication, you are then authorized to access
the resources of the system.

Authorization is the process to determine whether the authenticated user has access to the
particular resources. It verifies your rights to grant you access to resources such as information,
databases, files, etc. Authorization usually comes after authentication which confirms your
privileges to perform. In simple terms, it’s like giving someone official permission to do
something or anything.

For example, the process of verifying and confirming employees ID and passwords in an
organization is called authentication, but determining which employee has access to which floor
is called authorization. Let’s say you are traveling and you’re about to board a flight. When you
show your ticket and some identification before checking in, you receive a boarding pass which
confirms that the airport authority has authenticated your identity. But that’s not it. A flight
attendant must authorize you to board the flight you’re supposed to be flying on, allowing you
access to the inside of the plane and its resources.

Access to a system is protected by both authentication and authorization. Any attempt to access
the system might be authenticated by entering valid credentials, but it can only be accepted after
successful authorization. If the attempt is authenticated but not authorized, the system will deny
access to the system.
XXXXXXXXXXXXXXXXXXXX

QII. What is signature based IDS & statistical anomaly-based IDS?

Signature based IDS:

An Intrusion Detection System is used to detect all types of malicious

network traffic and computer usage that can't be detected by a conventional firewall. This
includes network attacks against vulnerable services, data driven attacks on applications, host
based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and
malware (viruses, trojan horses, and worms). An IDS is composed of the following three
components:

Sensors: - which sense the network traffic or system activity and generate events.

Console: - to monitor events and alerts and control the sensors,

Detection Engine: - that records events logged by the sensors in a database and uses a system of
rules to generate alerts from the received security events. There are several ways to categorize an
IDS depending on the type and location of the sensors and the methodology used by the engine
to generate alerts. In many simple IDS implementations all three components are combined in a
single device or appliance.

TYPES OF INTRUSION-DETECTION SYSTEMS:

I. Network Intrusion Detection System:

Identifies intrusions by examining network traffic and

monitors multiple hosts. Network Intrusion Detection Systems gain access to network traffic by
connecting to a hub, network switch configured for port mirroring, or network tap. An example
of a NIDS is Snort.

II. Host-based Intrusion Detection System:

Consists of an agent on a host which identifies intrusions by

analysing system calls, application logs, file-system modifications (binaries, password files,
capability/acl databases) and other host activities and state.

III. Hybrid Intrusion Detection System:

Combines one or more approaches. Host agent data is combined with

network information to form a comprehensive view of the network. An example of a Hybrid IDS
is Prelude.
 ASSIGNMENT-IV

QI. Explain the concepts of security vulnerabilities.

Answer:

Concepts of security vulnerabilities:

In computer security, a vulnerability is a weakness which can

be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a
computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or
technique that can connect to a system weakness. In this frame, vulnerability is also known as
the attack surface.

Vulnerability management is the cyclical practice of identifying, classifying, remediating, and

mitigating vulnerabilities. This practice generally refers to software vulnerabilities in computing
systems.

A security risk is often incorrectly classified as a vulnerability. The use of vulnerability with the
same meaning of risk can lead to confusion. The risk is the potential of a significant impact
resulting from the exploit of a vulnerability. Then there are vulnerabilities without risk: for
example when the affected asset has no value. A vulnerability with one or more known instances
of working and fully implemented attacks is classified as an exploitable vulnerability

A vulnerability for which an exploit exists. The window of vulnerability is the time from when
the security hole was introduced or manifested in deployed software, to when access was
removed, a security fix was available/deployed, or the attacker was disabled—zero-day attack.

Security bug (security defect) is a narrower concept: there are vulnerabilities that are not related
to software: hardware, site, personnel vulnerabilities are examples of vulnerabilities that are not
software security bugs.

Constructs in programming languages that are difficult to use properly can be a large source of
vulnerabilities

xxxxxxxxxxxxxxxxxxxxxxxxx
QII. How are computer viruses spread? What are worms?

Answer:

Computer viruses usually spread in one of three ways: from removable media; from
downloads off the Internet; and from e-mail attachments.

Although the Internet gets a bad rap as a source of viruses, you're no more likely to contract a
virus from the Web than you are from packaged software. Still, scan everything you download,
and update your antivirus software regularly.

E-mail is not the virus breeding ground it's made out to be, either. In fact, it's nearly impossible
for a virus to be transmitted by plain-text e-mail. Most viruses can only spread via attachments
either rich-text e-mail or attached applications. Using antivirus software, scan attachments from
people you know, and never open attachments from people you don't. If you're a Microsoft
Outlook user, you can also select security preferences that keep e-mail-borne viruses from
exploiting the close relationship between Outlook and the Windows operating system.

For information on specific types of computer viruses, check out Understanding Computer
Viruses.

These precautions will minimize the risk of infecting your computer as well as keep you from
spreading viruses onto others. If you find that your computer is infected, make sure to
read Responding to and Recovering from a Virus for tips on recovery

WORMS:

A computer worm is a type of malware that spreads copies of itself from computer to computer.
A worm can replicate itself without any human interaction, and it does not need to attach itself to
a software program in order to cause damage.

How do computer worms work?

Worms can be transmitted via software vulnerabilities. Or

computer worms could arrive as attachments in spam emails or instant messages (IMs). Once
opened, these files could provide a link to a malicious website or automatically download the
computer worm. Once it’s installed, the worm silently goes to work and infects the machine
without the user’s knowledge.

Worms can modify and delete files, and they can even inject additional malicious software onto
a computer. Sometimes a computer worm’s purpose is only to make copies of itself over and over
depleting system resources, such as hard drive space or bandwidth, by overloading a shared
network. In addition to wreaking havoc on a computer’s resources, worms can also steal data,
install a backdoor, and allow a hacker to gain control over a computer and its system settings.

Stuxnet: the most famous computer worm:

In July 2010, the first computer worm used as a cyber-

weapon was discovered by two security researchers after a long string of incidents in Iran.
Dubbed “Stuxnet,” this worm appeared to be much more complex than the worms researchers
were used to seeing. This attracted the interest of high-profile security specialists around the
world, including Liam O’Murchu and Eric Chien of the Security Technology and Response
(STAR) team at Symantec. Their extensive research led them to conclude that the worm was
being used to attack an Iranian power plant, with the ultimate goal of sabotaging nuclear weapon
production. Although the attack ultimately failed, this computer worm is still active on the threat
landscape today.

THE
END