*Chapter – 5*

Malware

1. What is Malware? Types of Malwares?

Answer- You know how every year the medical community campaigns for everyone to get a
flu shot? That’s because flu outbreaks typically have a season—a time of year when they start
spreading and infecting people. In contrast, there are no predictable seasonal infections for
PCs, smartphones, tablets, and enterprise networks. For them, it’s always flu season. But
instead of suffering chills and body aches, users can fall ill from a kind of machine malady—
malware. Malware, or ―malicious software,‖ is an umbrella term that describes any malicious
program or code that is harmful to systems.

Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable
computers, computer systems, networks, tablets, and mobile devices, often by taking partial
control over a device’s operations. Like the human flu, it interferes with normal functioning.

The motives behind malware vary. Malware can be about making money off you, sabotaging
your ability to get work done, making a political statement, or just bragging rights. Although
malware cannot damage the physical hardware of systems or network equipment (with one
known exception—see the Google Android section below), it can steal, encrypt, or delete
your data, alter or hijack core computer functions, and spy on your computer activity without
your knowledge or permission.

Types of malware

Here are the most common offenders in the rogues’ gallery of malware:

 Adware is unwanted software designed to throw advertisements up on your screen,

most often within a web browser. Typically, it uses an underhanded method to either
disguise itself as legitimate, or piggyback on another program to trick you into
installing it on your PC, tablet, or mobile device.
 Spyware is malware that secretly observes the computer user’s activities without
permission and reports it to the software’s author.
 A virus is malware that attaches to another program and, when executed—usually
inadvertently by the user—replicates itself by modifying other computer programs
and infecting them with its own bits of code.
 Worms are a type of malware similar to viruses. Like viruses, worms are self-
replicating. The big difference is that worms can spread across systems on their own,
whereas viruses need some sort of action from a user in order to initiate the infection.
 A Trojan, or Trojan horse, is one of the most dangerous malware types. It usually
represents itself as something useful in order to trick you. Once it’s on your system,
the attackers behind the Trojan gain unauthorized access to the affected computer.
From there, Trojans can be used to steal financial information or install other forms of
malware, often ransomware.

Page | 1
  Ransomware is a form of malware that locks you out of your device and/or encrypts
your files, then forces you to pay a ransom to regain access. Ransomware has been
called the cybercriminal’s weapon of choice because it demands a quick, profitable
payment in hard-to-trace cryptocurrency. The code behind ransomware is easy to
obtain through online criminal marketplaces and defending against it is very difficult.
While ransomware attacks on individual consumers are down at the moment, attacks
on businesses are up 365 percent for 2019. As an example, the Ryuk ransomware
specifically targets high-profile organizations that are more likely to pay out large
ransoms. For more, check out the Malwarebytes Labs Ransomware Retrospective.
 Rootkit is a form of malware that provides the attacker with administrator privileges
on the infected system, also known as ―root‖ access. Typically, it is also designed to
stay hidden from the user, other software on the system, and the operating system
itself.
 A keylogger is malware that records all the user’s keystrokes on the keyboard,
typically storing the gathered information and sending it to the attacker, who is
seeking sensitive information like usernames, passwords, or credit card details.
 Malicious cryptomining, also sometimes called drive-by mining or cryptojacking, is
an increasingly prevalent malware usually installed by a Trojan. It allows someone
else to use your computer to mine cryptocurrency like Bitcoin or Monero. So instead
of letting you cash in on your own computer’s horsepower, the cryptominers send the
collected coins into their own account and not yours. Essentially, a malicious
cryptominer is stealing your resources to make money.
 Exploits are a type of malware that takes advantage of bugs and vulnerabilities in a
system in order to give the attacker access to your system. While there, the attacker
might steal your data or drop some form of malware. A zero-day exploit refers to a
software vulnerability for which there is currently no available defense or fix.

2. What is the process of OS hardening? What is the most basic step in OS hardening?

Answer- It is a type of system hardening. It involves patching and applying advanced system
security procedures to secure the server's OS. Automatically installing updates, patches, and
service packs are some of the most effective methods to harden the OS.

An OS hardening is similar to application hardening in that the OS is a type of software.

Operating system hardening provides basic software that grants those applications access to
specific activities on your server.

Operating system developers frequently perform a good job of issuing OS updates and
encouraging users to install them on Microsoft, Linux, and iOS. These frequent updates can
help to keep your system secure and resilient to cyber-attacks.

Hardening an operating system usually includes:

1. Following security practices and making sure your configuration is secure.

Page | 2
 2. Additional security measures are implemented, including endpoint protection systems,
firewalls, and OS security extensions like AppArmor for Linux.
3. Patches and service packs are automatically applied to the operating system.
4. It removes the unnecessary drivers.
5. It limits and authenticates system access permissions.
6. It encrypts the SSD or HDD that stores and hosts the OS.

Operating System Hardening Tips

There are various operating system hardening tips. Some tips for the operating system
hardening are as follows:

1. Pitch Management

It includes planning, testing, timely installation, and ongoing auditing to guarantee that client
computer' operating systems and particular programs are always patched with the most recent
versions.

2. Service Packs

Service packs keep updated applications and install the most recent version. There is no
single activity that can protect against all types of attacks, including zero-day assaults;
however, applying service packs minimizes these risks.

3. Endpoint Protection

Windows Defender is a powerful endpoint protection solution included with the OS.
Endpoint protection platforms (EPP) provide numerous levels of protection for OS, including
email and social engineering protection, malware prevention, detection of malicious
processes, and automated OS isolation in the case of an infection.

4. Access Control

Use features to limit access to networks, files, and some other resources. Its management
features for individuals and groups are available in all major OS, such as Linux, Windows,
and OS X. As the default settings are typically less stringent than required, you must
configure access to use the principle of least privilege.

5. Security Templates

Use templates to handle and enforce security configurations in a good manner. Templates
may be used to keep track of group policies and guarantee consistency.

What is the most basic step in OS hardening?

There are five main types of system hardening:

Page | 3
 Server hardening
 Software application hardening
 Operating system hardening
 Database hardening
 Network hardening

It’s important to note that the types of system hardening are broad enough to be universal and
translate well across different server and computer system configurations; however, the
methods and tools used to practically achieve a hardened or secure-by-design state vary
widely.

But for now, let’s review the purpose of each type of system hardening.

Server hardening

Server hardening is a general system hardening process that involves securing the data, ports,
components, functions, and permissions of a server using advanced security measures at
the hardware, firmware, and software layers.

These general server security measures include, but are not limited to:

 Keeping a server’s operating system patched and updated

 Regularly updating third-party software essential to the operation of the server and removing
third-party software that doesn’t conform to established cybersecurity standards
 Using strong and more complex passwords and developing strong password policies for users
 Locking user accounts if a certain number of failed login attempts are registered and
removing needless accounts
 Disabling USB ports at boot
 Implementing multi-factor authentication
 Using self-encrypting drives or AES encryption to conceal and protect sensitive information
 Using firmware resilience technology, memory encryption, antivirus and firewall protection,
and advanced cybersecurity suites specific to your operating system, such as Titanium Linux

Software application hardening

Software application hardening, or just application hardening, involves updating or

implementing additional security measures to protect both standard and third-party
applications installed on your server.

Unlike server hardening, which focuses more broadly on securing the entire server system by
design, application hardening focuses on the server’s applications, specifically, including, for
example, a spreadsheet program, a web browser, or a custom software application used for a
variety of reasons.

Page | 4
 At a basic level, application hardening involves updating existing or implementing new
application code to further secure a server and implementing additional software-based
security measures.

Examples of application hardening include, but are not limited to:

 Patching standard and third-party applications automatically

 Using firewalls
 Using antivirus, malware, and spyware protection applications
 Using software-based data encryption
 Using CPUs that support Intel Software Guard Extensions (SGX)
 Using an application like LastPass to manage and encrypt passwords for improved password
storage, organization, and safekeeping
 Establishing an intrusion prevention system (IPS) or intrusion detection system (IDS)

Operating system hardening

Operating system hardening involves patching and implementing advanced security measures
to secure a server’s operating system (OS). One of the best ways to achieve a hardened state
for the operating system is to have updates, patches, and service packs installed
automatically.

OS hardening is like application hardening in that the OS is technically a form of software.

But unlike application hardening’s focus on securing standard and third-party applications,
OS hardening secures the base software that gives permissions to those applications to do
certain things on your server.

Oftentimes, operating system developers, such as Microsoft and Linux, do a fine and
consistent job of releasing OS updates and reminding users to install these updates. These
frequent updates - and we’ve all ignored them - can actually help keep your system secure
and resilient to cyberattacks.

Other examples of operating system hardening include:

 Removing unnecessary drivers

 Encrypting the HDD or SSD that stores and hosts your OS
 Enabling and configuring Secure Boot
 Limiting and authenticating system access permissions
 Limiting or eliminating the creation and logging in of user accounts

Database hardening

Database hardening involves securing both the contents of a digital database and the database
management system (DBMS), which is the database application users interact with to store
and analyze information within a database.

Page | 5
 Database hardening mainly involves three processes:

1. Controlling for and limiting user privileges and access

2. Disabling unnecessary database services and functions
3. Securing or encrypting database information and resources

Types of database hardening techniques include:

 Restricting administrators and administrative privileges and functions

 Encrypting in-transit and at-rest database information
 Adhering to a role-based access control (RBAC) policy
 Regularly updating and patching database software, or the DBMS
 Turning off needless database services and functions
 Locking database accounts if suspicious login activity is detected
 Enforcing strong and more complex database passwords

Network hardening

Network hardening involves securing the basic communication infrastructure of multiple

servers and computer systems operating within a given network.

Two of the main ways that network hardening is achieved are through establishing an
intrusion prevention system or intrusion detection system, which are usually software-based.
These applications automatically monitor and report suspicious activity in a given network
and help administrators prevent unauthorized access to the network.

Network hardening techniques include properly configuring and securing network firewalls,
auditing network rules and network access privileges, disabling certain network protocols and
unused or unnecessary network ports, encrypting network traffic, and disabling network
services and devices not currently in use or never in use.

Using these techniques in combination with an intrusion prevention or intrusion detection

system reduces the network’s overall attack surface, and thus, bolsters its resistance to
network-based attacks.

3. What are the Benefits of Operating System (OS) Hardening & Why is it Important?

Answer-

Hardening the operating system improves security and reduces the system’s attack surface.
When the system’s attack surface is smaller, the risk of exploitation, malware being injected,
or an attacker gaining entry into an entity’s environment is smaller as well.
Well-architected systems can have design gaps and vulnerabilities. Default settings on out-of-
the-box operating systems are made to cater to the largest customer base. Therefore,
hardening includes researching and updating default settings to better fit the organization.

Page | 6
Hardening is expansive and includes performing modifications to the system based on
the risk of the system, the organization, the industry, etc.
In order to reduce the system’s attack surface, a reasonable understanding of the system’s
vulnerabilities should be understood. Similar to a control environment risk assessment for
a SOC 2 report, a risk assessment for your operating system should be performed. Identify
areas of your operating system with the most risk along with which operating system risks
keep you up at night. Gaps should also be detected through vulnerability assessments and
penetration testing to determine if there are risks unique to the environment.
Once the risks of your system are assessed, consider the extent of hardening that is
appropriate for the organization. As a plan is developed to harden the system, rank the level
of impact on business operations and day-to-day usage for each change being made. Organize
the hardening changes into categories of low, medium, and high impact. The processes which
have a low impact should be implemented, while the processes with a higher impact should
be investigated thoroughly prior to making the changes.
The level of impact will be unique to each entity, however, here are examples:

 Low Impact: Enable encryption and set up a strong passphrase.

 Medium Impact: Implement two-factor authentication, install a password manager
tool, and restrict removable media and USB devices.
 High Impact: Configure exploit protection and calibrate network activity.
Learn more about vulnerability and penetration testing from our related blogs:

 External Penetration Testing & SOC 2 Reports: How Are They Related?
 Types of Penetration Tests: A Look at Different Pentest Techniques & Tools
 Vulnerability Scanning: Importance of Vulnerability Scans in SOC 2 Audits
 Vulnerability Management Program: Insights From an Auditor
 Vulnerability Management Maturity Model, Procedures, Threats, & More

4. What is the Difference Between OS Hardening & Patching?

Answer-

Patching a computer system (whether it is a computer or an embedded controller like a PLC)

takes care of critical vulnerabilities (holes where malware might be able to get into a system
or where a hacker might be able to gain access) for the most part by keeping the operating
system, firmware, and applications up to date with vendor releases. Vendors fix
vulnerabilities when they are made aware of them and release a patch. Sometimes a patch is
rolled up into a release for convenience by a vendor.

Unfortunately, the more obscure the device, the vendor may not release patches or updates
publicly. Fortunately, very public companies that provide common computers, operating
systems and applications release their patches and updates publicly. You can download the
patches and updates or turn on automatic download and update in many cases. This works
great for computers that are running off the shelf common software. It does not work so well

Page | 7
for computers that are running proprietary or custom applications. I those cases, you often
need to download a patch and test it on a test machine to insure that it will not break the
critical system. Only after it is tested and validated will it be installed and even then the
system should be backed up before just in case.

Hardening includes additional steps beyond patching to limit the ways a hacker or malware
could gain entry. Hardening is accomplished by turning on only the ports and services
required, obfuscating system components such as SNMP, and additional steps to limit system
access. This is usually done by a configuration script or manual checklist.

Hardening is required in addition to patch management to protect a system. During our

vulnerability assessments, we check that devices are patched and hardened correctly and that
the team understands why and what they are doing.

5. What are the open-source tools for dynamic malware analysis?

Answer-

It is the process of determining functionality. origin and the impact of the malware variants
that include viruses, worms, ransomware, adware, and spyware.

We all know very well that circulating malware is one of the well-known and big businesses
in the internet world, and the constantly rising malware plague is only going to increase in the
coming years.

With the commercialization of cybercrime, malware varieties continue to grow at an alarming

rate, and this is placing several protectors on their back foot. Malware analysis
concepts have grown into a complicated mix of technologies in data science and human
understanding.

This has caused the cost of owning malware code analysis tools generally be out of range for
the average business organizations and groups. Hence, by using open-source malware
analysis tools, the analyst can easily test and identify all the necessary documents of different
variants of ill-disposed activities while learning about the various attacks in the lifecycle.

Hence, for this reason, in today’s post, we will simply share with you some of the
best malware analysis tools to consider when knowing what the malicious code is doing that
we want to analyze. So, now without wasting much time let’s get started and simply explore
the whole list that we have mentioned below.

Key Features of Malware Analysis Tools

Page | 8
Product

Cuckoo Sandbox Automated Malware Analysis Tool

Zeek Network Security Monitor

Netcat Dynamic Malware Analysis Tool

Yara Rules

Resource Hacker Malware Analysis Tool

Dependency Walker Malware Analysis

Best Malware Analysis Tools

Page | 9
  Cuckoo Sandbox Automated Malware Analysis Download
 Zeek Network Security Monitor
 Netcat Dynamic Malware Analysis Tool
 Yara Rules
 Resource Hacker Malware Analysis Tool
 Dependency Walker Malware Analysis

1. Cuckoo Sandbox Automated Malware Analysis Tool

Cuckoo Sandbox is an automated malware analysis tool, which was built-in with the
Google Summer of Code project back in 2010. Basically, it is an open-source tool that
automates ill-disposed data analysis for Windows, OS X, Linux, and Android.

Moreover, it provides specific and essential feedback about how each file conferred works in
remote environments, thus, the malware exposure and protection companies use Cuckoo to
reduce the strain of manually navigating through troves of possibly malicious data. Its
modular layout makes it easily customizable for both writing and processing stages, and
reasonably, it has become one of the most commonly used open-source tools in recent years.

Features:-

 Automatically digest artifacts

 Analyze all suspicious data
 Identify and isolate 0-day ATP threats
 Identify the attackers
 Counter-intelligence and cyber-warfare

2. Zeek Network Security Monitor

Zeek is a free and open-source security analysis tool that was developed in 1994 by Vern
Paxson. Basically, it can be used as a network intrusion detection system, but with a new live
interpretation of network events, and the most interesting thing about this security tool is, it is
published under the BSD license.

Zeek network simply analyzes the live or registered network traffic and traces files to create
uncertain events. However, it has been build to take several actions such as sending an email,

Page | 10
uplift an alert, executing a system command, updating an internal metric, and even calling
different Zeek scripts.

Features:-

 Better sources of data

 Corelight sensor
 Open-source framework

3. Netcat Dynamic Malware Analysis Tool

Netcat is a tool applied to study and write to network connections using TCP and UDP.
Netcat is also known as the Swiss Army Knife because of the various features that it
provides, like port scanning, port forwarding, tunneling, proxying, and many more.

It is basically a fantastic tool that performs Dynamic Malware Analysis, as it can play almost
any network connection when a malware analyst might ever need it. Moreover, it can be used
to make inbound and outbound connections on any port and not only that even it can also be
applied in client mode simply for joining and in server mode for listening as well.

Features:-

 Port scanning
 Tunneling
 Port forwarding
 Proxying

3. Yara Rules

Yara basically, stands for, ―Yet Another Recursive Acronym‖, and it is an open-source
malware analysis tool that is actually used to analyze individual malware based on textual or
binary models once they have been explained in Cuckoo.

tilizing Yara, researchers record classifications of malware issues simply based on patterns,
and this information is simply known as rules. Moreover, it simply enables the researchers to

Page | 11
identify and classify seemingly similar variants of malware, so that they can be combined to
use within Cuckoo.

Even, the Yara Rules have been joined into our Endpoint Detection and simply reply
framework to help us in classifying the malware samples we confront.

Features:-

 Apply the same conditions to many strings

 Counting strings
 Accessing data at a given position
 Match length
 Executable entry point

4. Resource Hacker Malware Analysis Tool

Resource Hacker is an intelligent free malware analysis tool for observing, extracting, and
usually working with resources in 32 and 64-bit Windows executables files. Basically, you
can simply use the application to start an EXE file, scan the icons or bitmaps it includes, and
you can also save it so that you can use it anywhere you want.

Basically, the Resource Hacker can also access and showcase resources of different types like
cursors, AVI videos, images, menus, dialogs, forms, version data, and many more. We all
know very well that resources can be difficult to find, and they remain covered in a DLL or
OCX file somewhere.

They may not be saved, and replacing them might produce unexpected or unwanted effects.
But the program does give you an opportunity, and proper stability, hence, it’s really worth a
try.

Features:-

 Export resources
 Modify system
 Icon resources
 Strings

Page | 12
5. Dependency Walker Malware Analysis

Dependency Walker is a free service that simply scans any 32-bit or 64-bit Windows and
creates a hierarchical tree diagram of all submodules. Moreover, it presents the minimum set
of needed files, along with specific information about every record, including a full path to
the data, base address, version numbers, machine type, debug data, and many more.

It also serves to troubleshoot system errors associated with storing and executing modules.
Apart from all these things, it also detects many common application obstacles like missing
modules, invalid modules, import/export mismatches, circular dependency flaws, mismatched
machine types of modules, and module initialization crashes.

Features:-

 Detects missing files

 Detects invalid files
 Detects mismatched CPU types of modules
 Detects circular dependency error

6. What is Phishing? Write short note on Spear Phishing, Smishing. Explain different
attacks launched with attack vector.

Answer-

**Phishing-
A technique for attempting to acquire sensitive data, such as bank account numbers, through
a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a
legitimate business or reputable person.

**Spear Phishing-

Spear-phishing is a type of phishing attack that targets specific individuals or

organizations typically through malicious emails. The goal of spear phishing is to steal
sensitive information such as login credentials or infect the targets’ device with malware.

Spear phishers carefully research their targets, so the attack appears to be from trusted
senders in the targets’ life. A spear phishing email uses social engineering techniques to
urge the victim to click on a malicious link or attachment. Once the victim completes the
intended action, the attacker can steal the credentials of a targeted legitimate user and
enter a network undetected.

Page | 13
**Smishing-
Smishing is a form of phishing in which an attacker uses a compelling text message to trick
targeted recipients into clicking a link and sending the attacker private information or
downloading malicious programs to a smartphone.

Most of the 3.5 billion smartphones in the world can receive text messages from any number
in the world. Many users are already aware of the dangers of clicking a link in email
messages. Fewer people are aware of the dangers of clicking links in text messages.

Users are much more trusting of text messages, so smishing is often lucrative to attackers
phishing for credentials, banking information and private data.

**Explain different attacks launched with attack vector.

1. Compromised Credentials

Usernames and passwords are still the most common type of access credential and continue
to be exposed in data leaks, phishing scams, and malware. When lost, stolen, or exposed,
credentials give attackers unfettered access. This is why organizations are now investing in
tools to continuously monitor for data exposures and leaked credentials. Password
managers, two-factor authentication (2FA), multi-factor authentication (MFA),
and biometrics can reduce the risk of leak credentials resulting in a security incident too.

2. Weak Credentials

Weak passwords and reused passwords mean one data breach can result in many more. Teach
your organization how to create a secure password, invest in a password manager or a single
sign-on tool, and educate staff on their benefits.

3. Insider Threats

Disgruntled employees or malicious insiders can expose private information or provide

information about company-specific vulnerabilities.

4. Missing or Poor Encryption

Common data encryption methods like SSL certificates and DNSSEC can prevent man-in-
the-middle attacks and protect the confidentiality of data being transmitted. Missing or poor
encryption for data at rest can mean that sensitive data or credentials are exposed in the event
of a data breach or data leak.

5. Misconfiguration

Misconfiguration of cloud services, like Google Cloud Platform, Microsoft Azure, or AWS,
or using default credentials can lead to data breaches and data leaks, check your S3
permissions or someone else will. Automate configuration management where possible to
prevent configuration drift.

Page | 14
 6. Ransomware

Ransomware is a form of extortion where data is deleted or encrypted unless a ransom is

paid, such as WannaCry. Minimize the impact of ransomware attacks by maintaining
a defense plan, including keeping your systems patched and backing up important data.

7. Phishing

Phishing attacks are social engineering attacks where the target is contacted by email,
telephone, or text message by someone who is posing to be a legitimate colleague or
institution to trick them into providing sensitive data, credentials, or personally identifiable
information (PII). Fake messages can send users to malicious websites with viruses or
malware payloads.

Learn the different types of phishing attacks here.

8. Vulnerabilities

New security vulnerabilities are added to the CVE every day and zero-day vulnerabilities are
found just as often. If a developer has not released a patch for a zero-day vulnerability before
an attack can exploit it, it can be hard to prevent zero-day attacks.

Learn more about vulnerabilities here.

9. Brute Force

Brute force attacks are based on trial and error. Attackers may continuously try to gain access
to your organization until one attack works. This could be by attacking weak passwords or
encryption, phishing emails, or sending infected email attachments containing a type of
malware. Read our full post on brute force attacks.

10. Distributed Denial of Service (DDoS)

DDoS attacks are cyber attacks against networked resources like data centers, servers,
websites, or web applications and can limit the availability of a computer system. The
attacker floods the network resource with messages which cause it to slow down or even
crash, making it inaccessible to users. Potential mitigations include CDNs and proxies.

7. What do you do if you become a victim of phishing and pharming? Define virus,
worm and Trojan horse.

Answer- Signs of pharming - How to tell if you’re a victim of pharming

Signs that you have been a victim of pharming include:

1. PayPal or credit or debit card charges that you do not recognize

2. Posts or messages on your social media that you did not post
3. Friend or connection requests from your social media that you did not send

Page | 15
4. Changed passwords in any of your online accounts
5. New programs appearing on your device which you did not download or install

If you think you have already fallen victim to pharming malware or a pharming attack:

 Clear your DNS cache

 Run your antivirus program to remove and malware make sure your device is secure
 Contact your ISP if you believe your server has been compromised
 Change the password for all your online accounts
 Follow the fraud reporting procedures for your online banking, email, and social media
platforms as applicable
How to protect yourself against pharming

 Choose a reputable internet service provider (ISP). A good ISP will filter out suspicious
redirects by default – ensuring you never reach a pharming website in the first place.
 Use a reliable DNS server. For most of us, our DNS server will be our ISP. However, it is
possible to switch to a specialized DNS service, which could offer more security against DNS
poisoning.
 Only follow links that begin with HTTPS – as opposed to just HTTP. The ―s‖ stands for
―secure‖ and indicates that the site has a valid security certificate. Once on the site, check for
the padlock icon in the address bar – another indicator that the site is secure.
 Don’t click on links or open attachments from unknown senders. While you can't protect
yourself from DNS poisoning, you can take care to avoid the malicious software that enables
pharming. Avoid clicking on links or opening attachments in any email or message you are
unsure of.
 Check URLs for typos. Pharmers sometimes use spelling tricks to deceive visitors, by
replacing or adding letters to domain names. Look at the URL closely and if you spot a typo
– avoid it.
 Avoid suspicious-looking websites generally. Aside from the URL, signs to look out for
include spelling or grammatical errors, unfamiliar fonts or colors, and missing content – for
example, some pharmers don’t bother to populate the privacy policy or terms and conditions.
Check that everything is as you would expect before submitting any information.
 Avoid deals that appear too good to be true. Online scammers sometimes lure victims with
eye-catching deals – for example, discounts much lower than the legitimate competition. If
offers seem implausible, then exercise caution.
 Enable two-factor authentication where possible. Many platforms offer two-factor
authentication, and when this is available, it's a good idea to turn it on. This makes your
accounts harder to hack into – even if fraudsters have obtained your log-in details through
pharming, they won’t be able to access your account.
 Change the default settings of your Wi-Fi router. Changing the standard password and
using a strong password instead for your private network will help to protect you from DNS
poisoning. It is also essential to keep your router up to date. If your router doesn't have
automatic updates, consider replacing it with one that does.
 Use a robust anti-malware and antivirus solution and keep it up to date. For
example, Kaspersky Total Security protects you against hackers, viruses, and malware and
works 24/7 to secure your devices and data.

Page | 16
*Define- **VIRUS-

Chances are you’ve heard how important it is to keep viruses out, but what is a computer
virus exactly? A computer virus is a type of malicious software, or malware, that spreads
between computers and causes damage to data and software.

Computer viruses aim to disrupt systems, cause major operational issues, and result in data
loss and leakage. A key thing to know about computer viruses is that they are designed to
spread across programs and systems. Computer viruses typically attach to an executable host
file, which results in their viral codes executing when a file is opened. The code then spreads
from the document or software it is attached to via networks, drives, file-sharing programs, or
infected email attachments.

**WORM-

Several things may come to mind when you think of the word ―worm." You may think of
delicious soft chewie candies that are sugary and maybe a little sour. Or you may think of the
cold-blooded invertebrate animals that wiggle across the Earth’s surface. And if you’re
thinking in computing terms, the malware may spring to mind.

Similar to real worms, you can say that computer worms don’t have much of a backbone
because they often rely on trickery to infect their hosts. They may also seem a bit
coldblooded because they can be remorselessly destructive. Let’s learn more about them.

A computer worm is a subset of the Trojan horse malware that can propagate or self-replicate
from one computer to another without human activation after breaching a system. Typically,
a worm spreads across a network through your Internet or LAN (Local Area Network)
connection. Naturally, you must be wondering what is a Trojan and how does it relate to
computer worms?

To keep it brief, a Trojan uses trickery and social engineering to deceive people into running
it. For example, a Trojan may pretend to be legitimate software. A worm is a type of Trojan
because it normally relies on social engineering to attack systems.

**TROJAN HORSE-

A Trojan Horse (Trojan) is a type of malware that disguises itself as legitimate code or
software. Once inside the network, attackers are able to carry out any action that a
legitimate user could perform, such as exporting files, modifying data, deleting files or
otherwise altering the contents of the device. Trojans may be packaged in downloads for
games, tools, apps or even software patches. Many Trojan attacks also leverage social
engineering tactics, as well as spoofing and phishing, to prompt the desired action in the
user.

Page | 17
 Chapter -6
Security in Evolving Technology

1. What is biometrics in Internet of Things IoT security?

Answer- Biometrics is an advanced technology of providing authentication to the system

access through a fingerprint scanner. This is one of the most sought after ways of having an
attendance system in many Business organizations called IoT based biometric attendance
system.

**The Role of Biometric Technology on the IoT

In the 2nd blog post in our series on the Internet of Things (IoT), Henrik Knudtzon, Chief
Financial Officer at IDEX Biometrics discusses the role of biometric technology on the IoT.
The previous post in our series on IoT answered whether biometrics is the future of IoT
security.

Biometric technology has a place in our pockets and a place in protecting our data. With its
ease of integration and the difficulty of duplicating the credentials utilized by biometric
technology, it is one of the most common-sense security applications available today. With
consumer acceptance on the rise, the role of biometric technology on the Internet of Things
(IoT) is growing.

Biometric Technology and IoT

IoT is best served by a set of secure data points; it relies on the integrity of the data sent and
received. Those data points share vital information and make important connections that
establish relationships and recommendations. Those recommendations often contain sensitive
user data–this is where the security of biometrics becomes most important and a key player in
strong security for connected devices and retained data.

How Biometrics Work on the IoT

Biometric security measures exist at various points in the data pathway that makes up the
IoT. From securing a device with a fingerprint sensor to utilizing a smartcard to verify your
identity, these security points help create a seamless experience and allow data to flow freely
and quickly between points. That data arriving untampered is important. This allows for
quick and efficient connections to be made, and keeps the data used to make those
connections as secure as possible during the transfer and delivery processes.

As the number of connected devices continues to grow, the need for failsafe security becomes
more important and will continue to stay in the forefront of security expert and developers
minds.

The Role of Biometrics

Biometrics provide a secure way to transfer data as well as identify data ports and devices
and ensure that they remain secure and their data intact. Biometrics are an optimal security
measure, and their continued development will be a key component to creating difficult to
breach security protocols. Since the characteristics identified by biometric scanners do not

Page | 18
change and are unique to each individual, they make a very secure means of communicating
data and creating identifiers for sharing secured data.

Stronger than encryptions or password protections–both of which can be breached with

practice and patience–biometric characteristics are extremely difficult to duplicate or fake.
This feature alone makes them worthy of consideration in any security system.

The growth of the biometrics industry will continue at a fast pace, and biometrics will
continue to penetrate all levels of technology. With a need to keep data secure and the ease of
integration into a variety of systems, the technology will continue to expand and will help
develop seamless data transfer that is as secure as possible. Making the connections that are
important to the IoT and the recommendations that end users have come to rely on, the role of
biometrics will grow and evolve as the IoT continues to grow and evolve. The unique nature
of biometrics and the myriad of ways that they can be used is likely to play a pivotal role in
the growth of the IoT.

The previous post in our series on IoT answered whether biometrics is the future of IoT
security.

2. What is basic security for HTTP applications and services?

Answer- HTTP is used to communicate over the internet, so users, information providers,
and application developers should be aware of the limitations of security in HTTP/1.1. This
section does not provide a definitive solution to the problems mentioned here. It provides
some suggestions to reduce security risk.

Personal information

In HTTP, clients are often privy to a large amount of personal information like: name of the
user, email address, passwords, location, Encryption key, etc. We should be careful to
prevent unintentional leakage of this personal information of the client via the HTTP protocol
to other sources.

1. Abuse of Server Log Information

In this, all the personal data of the user should be stored at the server in an encrypted form.

2. Transfer of Sensitive Information

HTTP cannot regulate the content of data that is transferred. HTTP cannot have any prior
method to determine the sensitivity of any particular part of the information within the
context of any request.

Revealing any specific software version of the server might allow the server machine to
become more vulnerable to attacks against software which contains security holes.

Page | 19
The Proxies which serve as a portal through the firewall of the network should take special
precaution about the transfer of header information which is used to identify the hosts behind
the firewall.

3. Encoding Sensitive Information in URI's

The source of a link could be private information, so it is strongly recommended that the user
be able to select whether or not the field of the referer is sent.

If the page that we refer was transferred with a source protocol, clients should not include a
Referer field in an HTTP request.

4. Privacy Issues Connected to Accept Headers

Accept request-headers can reveal the client's information to all servers which are accessed.

Attacks Based On File and Path Names

The implementation of the origin server of HTTP should be careful to restrict the document,
which is returned by HTTP requests to be only that were intended by the server
administrators.

For example, Microsoft Windows, UNIX, and other operating systems use "--" as a path
component which shows a directory level above the current one. On that type of system, an
HTTP server MUST disallow any such construct in the Request-URI if it would, otherwise an
HTTP server disallow access to a resource those intended to be accessible through the HTTP
server.

DNS Spoofing

HTTP clients rely heavily on the DNS (Domain name service), and are thus generally prone
to security attacks, which are based on deliberate mis-association of IP addresses and the
name of the DNS. So the client should be careful in assuming the continuing validity of an IP
address and DNS name association.

If the clients of HTTP cache the results of hostname lookups to improve the performance,
they must observe the TTL information, which was reported by the DNS. When the IP
address of the previously accessed server is changed, then the HTTP clients could be spoofed
if they do not observe this rule.

Location Headers and Spoofing

If the multiple organizations are supported by a single server, and any of the organizations do
not trust each other, then it must check the Location value and Content-Location headers in
the response that are generated under control of said organizations. These organizations are
used to make sure that they do attempt to invalidate resources over which they have no
authority.

Page | 20
3. Which security standards can be applied to secure SOAP based web services?

Answer- The standard protocol used to accomplish this is WS-Security (Web Standards
Security) specification. WS-Security (Web Services Security or WSS) is a set of principles to
enforce the confidentiality and authentication procedures for SOAP messaging.

SOAP is a messaging protocol popular in web service APIs. SOAP uses messages in the
cross-platform XML (extensible markup language) format, bridging the gaps between
otherwise-incompatible systems and servers. Originally developed by Microsoft, SOAP is
now an open web services standard. Unlike REST (representational state transfer), which can
use programming languages like JSON and various protocols, SOAP is limited to sending
XML over HTTP or SMTP. As one of the oldest methods for exchanging data on the
internet, SOAP has developed a robust set of security standards over the years. SOAP
security is primarily concerned with preventing unauthorized access to messages and the
information contained within. The standard protocol used to accomplish this is WS-Security
(Web Standards Security) specification. WS-Security (Web Services Security or WSS) is a
set of principles to enforce the confidentiality and authentication procedures for SOAP
messaging. WS-Security-compliant practices include using passwords, X.509 certificates,
digital signatures, and XML encryption, among other things. XML encryption causes the data
to be unreadable to unauthorized users. While WS-Security, and the SOAP protocol itself,
are mature products with solid security, you need to keep in mind their role in your systems
infrastructure. SOAP APIs carry a message from one system to its destination endpoint. Even
though the message may be securely transmitted and received, the actions that follow after
that payload has been received may cause a security breach. Understanding the risks in SOAP
security is key to ensuring your organization does all it can to stay safe. There are some
basic procedures and practices that you can add to SOAP to help prevent unauthorized
access. To create a secure SOAP web service, you need to add a security layer through the
SOAP header. You can read more about how to do this here. By adding the username and
password as variables, each time you generate a SOAP message, the header will now include
these credentials. Now whenever a user calls the web service, the username and password are
required. This is just one way to secure a SOAP web service. Other methods
involve encrypting the SOAP message via X.509 certificates or authentication via services
like Kerberos.

4. What are web services using REST and HTTP?

Answer-
Web services based on REST Architecture are known as RESTful web services. These
webservices uses HTTP methods to implement the concept of REST architecture. A RESTful
web service usually defines a URI, Uniform Resource Identifier a service, provides resource
representation such as JSON and set of HTTP Methods.
REST stands for REpresentational State Transfer. REST is web standards based architecture
and uses HTTP Protocol. It revolves around resource where every component is a resource
and a resource is accessed by a common interface using HTTP standard methods. REST was
first introduced by Roy Fielding in 2000.
In REST architecture, a REST Server simply provides access to resources and REST client
accesses and modifies the resources. Here each resource is identified by URIs/ global IDs.
REST uses various representation to represent a resource like text, JSON, XML. JSON is the
most popular one.

Page | 21
HTTP methods
Following four HTTP methods are commonly used in REST based architecture.
 GET − Provides a read only access to a resource.
 POST − Used to create a new resource.
 DELETE − Used to remove a resource.
 PUT − Used to update a existing resource or create a new resource.

5. What is the full form of SOAP? What is the full form of REST? What is identity
management services?

Answer- The full form of SOAP is simple object access protocol.

The full form of Rest is Representational State Transfer (REST)

**Identity management services-

dentity management (IdM), also known as identity and access management (IAM) ensures
that authorized people – and only authorized people – have access to the technology
resources they need to perform their job functions. It includes polices and technologies that
encompass an organization-wide process to properly identify, authenticate, and authorize
people, groups of people, or software applications through attributes including user access
rights and restrictions based on their identities.

An identity management system prevents unauthorized access to systems and resources, helps
prevent exfiltration of enterprise or protected data, and raises alerts and alarms when access
attempts are made by unauthorized personnel or programs, whether from inside or outside the
enterprise perimeter.

Identity management solutions not only protect software and data access, they also protect the
hardware resources in an enterprise, such as servers, networks, and storage devices from
unauthorized access which could lead to a ransomware attack. Identity management has
gained importance over the past decade due to the growing number of global regulatory,
compliance, and governance mandates that seek to protect sensitive data from exposure of
any kind.

IdM and IAM systems generally are part of IT security and IT Data management within the
enterprise, and identity and access management tools are widely available for the broad range
of devices that users rely on to perform business functions from phones and tablets to desktop
computers running Windows, Linux, iOS or Android.

IdM and IAM are terms often used interchangeably, however identity management is more
focused on a user identity (or username), and the roles, permissions, and groups that user
belongs to. IdM also focuses on protecting identities through a variety of technologies such as

Page | 22
passwords, biometrics, multi-factor authentication, and other digital identities. This is usually
achieved by the adoption of identity management software applications and platforms.

6. What are authorization patterns security considerations? What are the different
authorization patterns? What are authorization methods?

Answer- What Are Authorization Patterns?

These are security mechanisms that you can use to decide your client’s privileges related to
system resources. These system resources could be files, services, data, and application
features built on your client’s identity. One such is OAuth2.0, it is related to the access
delegation, you can understand more about it in relation to OpenID Connect here.

Check out how OAuth 2.0 is important in authorization patterns as given below.

OAuth 2.0 for user access delegation

Let us imagine a situation where you want a third-party application to read your status
messages on your Facebook wall. So, you would like to delegate a third-party application to
have access to your Facebook wall. One of the ways to give access is via sharing your
Facebook credentials with a third-party application that can directly access your Facebook
wall. It is termed access delegation by sharing the credentials.

Although it tends to solve the problem of access delegation, once the credentials are shared
with the third-party application, it can be utilized to carry out any action, thus creating
security problems.

OAuth 2.0 solves the problem of access delegation. It does not allow users to share
credentials with third-party applications, but you can share a temporary time-bound token
that serves a definite purpose. It defines the following four grant types:

 Authorization code grant type

 Implicit grant type
 Resource owner password credentials grant type
 Client credentials grant type

I will not be going through each grant type in this blog but will focus on patterns.

1. Scattered data and scattered logic pattern

In this pattern, the data required to make authorization decisions get scattered across the
different microservices. In addition to data, the logic behind deciding whether access is to be
given to the requestor or not is spread across the service.

The pattern given above works for a small number of microservices, but problems start
appearing when the number of services increases. The call to get data for making
authorization decisions is putting an unnecessary load on underline services, as shown in the
above diagram.

Page | 23
2. Centralized data and logic patterns

We can try putting all the authorization data and logic in one place as a solution. We can then
separate it from services that require authorization. We can implement this pattern by
following a common way of building a dedicated authorization service. Another option could
be to use an off-the-shelf solution like Keycloak or Open Policy agent. Whenever services
have to perform permission checks, they turn around and ask for the authorization service.

Having a single system in charge of authorization is quite appealing. But you should consider
some essential points before finalizing the pattern as mentioned below:

 The entire authorization data is in a single place now. There could be one possibility:
either the authorization service turns into the data’s single source of truth, or you can
copy and synchronize the data from your applications to a central place.
 The authorization data should understand the entire data model underlying
permissions related to groups, shares, folders, guests, and projects. The system can
become a bottleneck for new development if the models are constantly changing. Any
change in any microservice can ask for an update to the authorization service. Thus,
breaking the separation of concerns.
 A single service that has the responsibility for securing every type of request needs
high availability as well as low latency. Every request gets denied if the system goes
down, and every request gets slow if the system starts responding to the queries
slowly.

3. Scattered logic and central gateway data Pattern

We put all the data required for authorization as part of every request in this pattern. Then
each service will not have to fetch data separately, which will reduce the load on underline
services.

I have observed that this pattern is used widely. The advantage of this pattern is its
architectural simplicity, and it gives them the freedom to developers to not be concerned
about the roles data or org data origin. You can get the authorization data quickly on request,
and you can also perform a permission check instantly without any additional roundtrips.

One of the caveats of adding data in request as the header is that it opens a new path of
attack. You should fully be aware that malicious clients cannot inject their headers. To avoid
this, you can add your user’s role or other data related to access control in their authentication
token, called JWT (JSON Web Token).

Authorization Types
There are four types of Authorization – API keys, Basic Auth, HMAC, and OAuth.

1. API keys
In order to utilize most APIs, you must first sign up for an API key. The API key is a long

string that is typically included in the request URL or header. The API key is mostly used to

Page | 24
identify the person who is performing the API call (authenticating you to use the API). The

API key could potentially be linked to a specific app you’ve registered. You may receive both

public and private keys from APIs. The public key is normally included in the request,

whereas the private key is used primarily for server-to-server communication and is treated

more like a password. When you log in to some API documentation sites, your API key is

automatically supplied into the sample code and API Explorer.

2. Basic Auth
Basic Auth is another type of authorization. The sender inserts a username: password into the

request header using this way. Base64 is an encoding technique that turns the login and

password into a set of 64 characters to ensure secure transmission. APIs that support Basic

Auth will also support HTTPS, which encrypts the message content within the HTTP

transport protocol. (Without HTTPS, hackers could easily decipher the username and

password.) The API server decrypts the message and checks the header when it receives it. It

chooses whether to accept or refuse the request after decoding the string and assessing the

username and password. HTTP Basic authentication (BA) implementation is the simplest

technique for enforcing access controls to web resources because it does not require cookies,

session identifiers, or login pages; rather, HTTP Basic authentication uses standard fields in

the HTTP header.

3. HMAC
HMAC stands for Hash-based Message Authentication Code. It is a digital signature

algorithm designed to reuse the message digest Algorithm like MD5 and SHA-1 and provide

an efficient data integrity protocol mechanism. As HMAC is used to encrypt the plain text in

a secure manner, it is being used in Secure Socket Layer protocol, SSL certificate and has

been chosen as a mandatory security implementation for the internet protocol, i.e. IP. There

are 7 steps involved in the Hash-based Message Authentication Code.

Page | 25
Step 1: Make the length of the symmetric key equal to several bits in each block.

Step 2: XOR symmetric with a pad.

Step 3: Append the original message to S1.

Step 4: Apply the message-digest algorithm.

Step 5: XOR symmetric key with a pad.

Step 6: Append H to S2.

Step 7: Message digest algorithm.

The important point is that only the sender and receiver have access to the secret key (which

is required to reconstruct the hash). The request does not include the secret key. When you

want to make sure a request is both authentic and hasn’t been tampered with, you use HMAC

security.

4. OAuth
Another type of authorization is OAuth, open access delegation standard that allows Internet

users to grant websites or applications access to their information on other websites without

having to give them their passwords. Companies like Amazon, Google, Facebook, Microsoft,

and Twitter employ this technology to let users to exchange information about their accounts

with third-party applications or websites. On behalf of a resource owner, OAuth grants clients

―secure delegated access‖ to server resources. It outlines how resource owners can grant

third-party access to their server resources without having to provide credentials. OAuth is a

protocol that allows an authorization server to provide access tokens to third-party clients

with the permission of the resource owner. It was created expressly for use with the

Page | 26
Hypertext Transfer Protocol (HTTP). The third party then uses the access token to gain

access to the resource server’s protected resources.

Methods

Name Description

Authentic Authenticates an anonymous user against the service using

ateAnony
the scheme specified in the AuthenticationType property. T
mousAsy
nc he user remains logged in until LogoutAsync() is
called or until the token returned by the service expires and requires a
fresh authentication.

Authentic Authenticates a user with the given credentials against

ateAsync
the service using the scheme specified in the AuthenticationType property.
The user remains logged in until LogoutAsync() is called
or until the token returned by the service expires and requires a fresh authentication.

ClearCac Clears any credentials cached in the Windows PasswordVault.

hedCrede
ntials

CreateHtt Creates a new instance of IHttpFilter that callers can use with an HttpClient
pFilter
object to add auth headers to service calls.
The filter can be chained with other IHttpFilter objects.
If no other filter is provided then HttpBaseProtocolFilter will be used.

Equals Determines whether the specified object is equal to the current object.
(Inherited from Object.)

Finalize Allows an object to try to free resources and perform other cleanup operations
before it is reclaimed by garbage collection.
(Inherited from Object.)

GetCurre Returns the user resource associated with the logged in user.
ntUserAs
ync

GetHashC Serves as the default hash function.

Page | 27
 ode (Inherited from Object.)

GetType Gets the Type of the current instance.

(Inherited from Object.)

LogoutAs Logs out the current user and clears cached credentials and tokens.
ync()

LogoutAs Logs out the current user.

ync(Boole
an)

Memberw Creates a shallow copy of the current Object.

iseClone
(Inherited from Object.)

RefreshT Refreshes the authentication token if it has expired. The authentication

okenAsyn
scheme should support refresh.
c

ToString Returns a string that represents the current object.

(Inherited from Object.)

7. What is REST and SOAP and their implementations? What is basic security for
HTTP application? What is the security comparison between Android and IOS?

Answer-
What is REST and SOAP and their implementations-

REST is a set of architectural principles attuned to the needs of lightweight web

services and mobile applications. Because it's a set of guidelines, it leaves the implementation
of these recommendations to developers.

When a request for data is sent to a REST API, it’s usually done through hypertext transfer
protocol (commonly referred to as HTTP). Once a request is received, APIs designed for
REST (called RESTful APIs or RESTful web services) can return messages in a variety of
formats: HTML, XML, plain text, and JSON. JSON (JavaScript object notation) is favored as
a message format because it can be read by any programming language (despite the name), is
human- and machine-readable, and is lightweight. In this way, RESTful APIs are more
flexible and can be easier to set up.

An application is said to be RESTful if it follows 6 architectural guidelines. A RESTful

application must have:

1. A client-server architecture composed of clients, servers, and resources.

2. Stateless client-server communication, meaning no client content is stored on the server
between requests. Information about the session’s state is instead held with the client.

Page | 28
3. Cacheable data to eliminate the need for some client-server interactions.
4. A uniform interface between components so that information is transferred in a standardized
form instead of specific to an application’s needs. This is described by Roy Fielding, the
originator of REST, as ―the central feature that distinguishes the REST architectural style
from other network-based styles.‖
5. A layered system constraint, where client-server interactions can be mediated by hierarchical
layers.
6. Code on demand, allowing servers to extend the functionality of a client by transferring
executable code (though also reducing visibility, making this an optional guideline).
SOAP: simple object access protocol
SOAP is a standard protocol that was first designed so that applications built with different
languages and on different platforms could communicate. Because it is a protocol, it imposes
built-in rules that increase its complexity and overhead, which can lead to longer page load
times. However, these standards also offer built-in compliances that can make it preferable
for enterprise scenarios. The built-in compliance standards include security, atomicity,
consistency, isolation, and durability (ACID), which is a set of properties for ensuring
reliable database transactions.

Common web service specifications include:

 Web services security (WS-security): Standardizes how messages are secured and
transferred through unique identifiers called tokens.
 WS-ReliableMessaging: Standardizes error handling between messages transferred across
unreliable IT infrastructure.
 Web services addressing (WS-addressing): Packages routing information as metadata
within SOAP headers, instead of maintaining such information deeper within the network.
 Web services description language (WSDL): Describes what a web service does, and
where that service begins and ends.
When a request for data is sent to a SOAP API, it can be handled through any of the
application layer protocols: HTTP (for web browsers), SMTP (for email), TCP, and others.
However, once a request is received, return SOAP messages must be returned as XML
documents—a markup language that is both human- and machine-readable. A completed
request to a SOAP API is not cacheable by a browser, so it cannot be accessed later without
resending to the API.

SOAP vs. REST

Many legacy systems may still adhere to SOAP, while REST came later and is often viewed
as a faster alternative in web-based scenarios. REST is a set of guidelines that offers flexible
implementation, whereas SOAP is a protocol with specific requirements like XML
messaging.

REST APIs are lightweight, making them ideal for newer contexts like the Internet of Things
(IoT), mobile application development, and serverless computing. SOAP web services offer
built-in security and transaction compliance that align with many enterprise needs, but that
also makes them heavier. Additionally, many public APIs, like the Google Maps API, follow
the REST guidelines.

**What is basic security for HTTP application-

Page | 29
Basic authentication is a built-in HTTP authentication method. When a client sends an HTTP
request to a server that requires Basic authentication, the server will respond with a 401
HTTP response and a WWW-Authenticate header containing the value Basic.

HTTP is used to communicate over the internet, so users, information providers, and
application developers should be aware of the limitations of security in HTTP/1.1. This
section does not provide a definitive solution to the problems mentioned here. It provides
some suggestions to reduce security risk.

Personal information

In HTTP, clients are often privy to a large amount of personal information like: name of the
user, email address, passwords, location, Encryption key, etc. We should be careful to
prevent unintentional leakage of this personal information of the client via the HTTP protocol
to other sources.

1. Abuse of Server Log Information

2. Transfer of Sensitive Information

HTTP cannot regulate the content of data that is transferred. HTTP cannot have any prior
method to determine the sensitivity of any particular part of the information within the
context of any request.

Revealing any specific software version of the server might allow the server machine to
become more vulnerable to attacks against software which contains security holes.

The Proxies which serve as a portal through the firewall of the network should take special
precaution about the transfer of header information which is used to identify the hosts behind
the firewall.

3. Encoding Sensitive Information in URI's

The source of a link could be private information, so it is strongly recommended that the user
be able to select whether or not the field of the referer is sent.

If the page that we refer was transferred with a source protocol, clients should not include a
Referer field in an HTTP request.

4. Privacy Issues Connected to Accept Headers

Accept request-headers can reveal the client's information to all servers which are accessed.

**What is the security comparison between Android and IOS

it’s little surprise that as consumers increasingly use their smartphones and mobile devices
for banking, chatting on social media, and making online purchases, cybercriminals are more
often aiming their virus and malware attacks on iPhones, iPads, and Android devices.

Page | 30
The operating systems that power these devices—iOS and Android—then, have become
tempting targets for cyberthieves eager to access the most personal information of users.
If safety is your main concern, and you want to keep your Android or iOS device free of
viruses and malware, which operating system should you choose? Is Android or iOS the
better system when it comes to security?
Unfortunately, there is no simple answer.

Android vs. iOS: The threat level

In some circles, Apple’s iOS operating system has long been considered the more secure of
the two operating systems. Why? iOS is a closed system. Apple doesn’t release its source
code to app developers, and the owners of iPhones and iPads can't easily modify the code on
their phones themselves. This makes it more difficult for hackers to find vulnerabilities on
iOS-powered devices.
Android devices are the opposite, relying on an open-source code, meaning that the owners of
these devices can tinker with the operating system of their phones and tablets. Too much
tinkering, and owners might create a weakness in their devices’ security. Then there are
manufacturers themselves. If a phone maker puts out a new device with a modification to the
Android operating system and there’s a vulnerability in that code, hackers will find it.
Android is more often targeted by hackers, too, because the operating system powers so many
mobile devices today. The global popularity of the Android operating system makes it a more
attractive target for cybercriminals. Android devices, then, are more at risk of the malware
and viruses that these criminals unleash.
But this doesn’t tell the entire story of which system is better when it comes to
security. While iOS may be considered more secure, it’s not impossible for cybercriminals to
hit iPhones or iPads with malicious software. Because of this, the owners of both Android
and iOS devices need to be aware of possible malware and viruses, and be careful when
downloading apps from third-party app stores. It’s safest to download apps from trusted
sources, such as Google Play and the Apple App Store, which vet the apps they sell.
Then there are the social engineering attacks in which cybercriminals attempt to trick users
into giving up log-in information, access to bank accounts, and other personal data. It doesn't
matter what mobile operating system you are using: both iOS and Android users can be
equally vulnerable to these types of phishing attacks.

Android and iOS software updates and security updates

Want to help keep your Android phone or tablet safe? Always upgrade your mobile devices
to the latest version of the Android OS. Android regularly releases updates. It can be
tempting to skip them, especially when life gets busy, and updates take long to install. But
these updates are designed to help protect your Android devices against the latest
security threats. Ignoring these updates could put your phone or tablet at risk.
Apple’s iOS updates tend to be bigger events, typically prompting iPhone and iPad users to
install them as soon as they are released.

Page | 31
Of course, the owners of both Android and iOS devices can turn on automatic updating on
their mobile devices. This way, when Android or iOS updates are released, their devices will
automatically update to the latest versions of their operating systems. This is a smart choice
and will offer you the best protection against viruses.

Hardware integration

Much of the security of an Android device depends on the hardware. Simply put,
some manufacturers are better at making sure Android’s built-in security features work
correctly.
A good example is Samsung. The Samsung Knox security solution comes pre-installed in all
of the company’s phones, tablets, and wearable devices. This platform provides a more
secure booting process, helping to prevent unauthorized software from loading when a user
turns on a Samsung mobile device.

How to stay safe on Android and iOS

Many users find Android attractive because it is a more open operating system. This means,
though, that you need to be more cautious. But keep in mind, you also must be cautious with
iOS.
Consider all the apps you download. Downloading a rogue app is the easiest way to infect
your Android phone, tablet, or wearable device with malware or a virus. The same can be
true for iOS, especially if you download an app from a third-party source. That’s why it’s
important to download apps only from reputable sources.
Your best bet? For Android, stick to the Google Play store. Google Play features countless
apps. You really have no reason to download Android apps from any other location. If you
do venture outside Google Play, you could likely increase your chances of downloading an
infected app. The same goes for iOS. It’s always the better choice to go to the Apple App
Store for your apps.

Android vs. iOS: How does the mobile operating system of each impact their security?

Android operating system

Popularity: The Android operating system is hugely popular. This means that developers are
constantly building new apps designed to run on the system. That’s good for users ... mostly.
The problem comes when hackers create apps designed to infect your mobile devices.
There is an app review process for Google Play. Unfortunately, the process is far
less stringent than what developers face when adding apps to Apple’s App Store. It's easier,
then, for malicious apps to sneak onto the Google Play store and easier for users to
accidentally install one. One of the main issues is that the end user can go into an Android
device and enable the installation of software from unknown sources. This means that you
can install software on the Android device that does not come from the Google PlayStore.

Page | 32
The software—or APK, as it’s called—can be downloaded and installed from a website
bypassing the Google PlayStore review.
Open source: Android owners can modify the source code of their Android devices. This
makes the system a better choice for users who want the flexibility to change the way their
mobile devices run. But it can also make Android devices vulnerable to attacks. When
altering their device’s source code, users could accidentally leave an opening for
cybercriminals.
Fragmented: Unlike the iOS operating system that only runs on Apple-branded products, the
Android operating system runs on mobile devices manufactured by a host of companies.
Some companies might provide hardware that is more secure than others. Moreover, the
manufacturer of the device can use a custom ROM or base operating system that has
software installed that cannot be easily removed or analyzed for malicious intent.

Apple’s iOS

More stringent controls: It’s more difficult for developers to get apps into the App Store.
That’s because the review process is more stringent. Because of this, it’s less likely for a
malicious app to sneak into Apple’s store.
Less flexibility: Apple doesn’t allow the owners of its devices to modify its iOS operating
system or custom ROMs to be loaded on their devices. That makes the system more secure
since Apple controls the complete experience. This doesn’t stop some owners from
―jailbreaking‖ their Apple mobile devices, modifying their source code on their own.
Jailbreaking opens new capabilities on the devices — such as changing digital-assistant Siri’s
voice, for instance. Be careful if you do this: Apple won’t provide support to such devices.
A less tempting target: Because the iOS operating system powers fewer mobile devices,
hackers don’t target the system as often. This makes sense: Hackers and cybercriminals can
ensure more victims if they focus more of their attacks on the more popular Android
operating system.

Page | 33