E-Security

Need of Internet Security:

Internet security consists of a range of security tactics for protecting activities and
transactions conducted online over the internet. These tactics are meant to
safeguard users from threats such as hacking into computer systems, email
addresses, or websites; malicious software that can infect and inherently damage
systems; and identity theft by hackers who steal personal data such as bank account
information and credit card numbers. Internet security is a specific aspect of broader
concepts such as cybersecurity and computer security, being focused on the specific
threats and vulnerabilities of online access and use of the internet.

Types of internet security threats

While the web presents users with lots of information and services, it also includes
several risks. Cyberattacks are only increasing in sophistication and volume, with
many cybercriminals using a combination of different types of attacks to accomplish
a single goal. Though the list of potential threats is extensive, here are some of the
most common internet security threats:

Malware: Short for "malicious software," malware comes in several forms, including
computer viruses, worms, Trojans, and dishonest spyware.

Computer worm: A computer worm is a software program that copies itself from
one computer to the next. It does not require human interaction to create these
copies and can spread rapidly and in great volume.

Spam: Spam refers to unwanted messages in your email inbox. In some cases, spam
can simply include junk mail that advertises goods or services you aren't interested
in. These are usually considered harmless, but some can include links that will install
malicious software on your computer if they're clicked on.

Phishing: Phishing scams are created by cybercriminals attempting to solicit private

or sensitive information. They can pose as your bank or web service and lure you
into clicking links to verify details like account information or passwords.

Botnet: A botnet is a network of private computers that have been compromised.

Infected with malicious software, these computers are controlled by a single user
and are often prompted to engage in nefarious activities, such as sending spam
messages or denial-of-service (DoS) attacks.
 Security breach

A security breach is any incident that results in unauthorized access to computer

data, applications, networks or devices. It results in information being accessed
without authorization. Typically, it occurs when an intruder is able to bypass
security mechanisms.

Technically, there's a distinction between a security breach and a data breach. A

security breach is effectively a break-in, whereas a data breach is defined as the
cybercriminal getting away with information. Imagine a burglar; the security
breach is when he climbs through the window, and the data breach is when he
grabs your pocketbook or laptop and takes it away.

Confidential information has immense value. It's often sold on the dark web; for
example, names and credit card numbers can be bought, and then used for the
purposes of identity theft or fraud. It's not surprising that security breaches can cost
companies huge amounts of money. On average, the bill is nearly $4m for major
corporations.

It's also important to distinguish the security breach definition from the definition
of a security incident. An incident might involve a malware infection, DDOS
attack or an employee leaving a laptop in a taxi, but if they don't result in access to
the network or loss of data, they would not count as a security breach.

Types of security breaches

There are a number of types of security breaches depending on how access has
been gained to the system:

 An exploit attacks a system vulnerability, such as an out of date operating system.

Legacy systems which haven't been updated, for instance, in businesses where
outdated and versions of Microsoft Windows that are no longer supported are
being used, are particularly vulnerable to exploits.
 Weak passwords can be cracked or guessed. Even now, some people are still
using the password 'password', and 'pa$$word' is not much more secure.
 Malware attacks, such as phishing emails can be used to gain entry. It only takes
one employee to click on a link in a phishing email to allow malicious software to
start spreading throughout the network.
 Drive-by downloads use viruses or malware delivered through a compromised or
spoofed website.
 Social engineering can also be used to gain access. For instance, an intruder
phones an employee claiming to be from the company's IT helpdesk and asks for
the password in order to 'fix' the computer.
 Breach Avoidance:

Although no one is immune to a data breach, good computer security habits can
make you less vulnerable and can help you survive a breach with less disruption.
These tips should help you prevent hackers breaching your personal security on
your computers and other devices.

 Use strong passwords, which combine random strings of upper and lower-case
letters, numbers, and symbols. They are much more difficult to crack than simpler
passwords. Don't use passwords that are easy to guess, like family names or
birthdays. Use a Password Manager to keep your passwords secure.
 Use different passwords on different accounts. If you use the same password, a
hacker who gains access to one account will be able to get into all your other
accounts. If they have different passwords, only that one account will be at risk.
 Close accounts you don't use rather than leaving them dormant. That reduces
your vulnerability to a security breach. If you don't use an account, you might
never realize that it has been compromised, and it could act as a back door to your
other accounts.
 Change your passwords regularly. One feature of many publicly reported
security breaches is that they occurred over a long period, and some were not
reported until years after the breach. Regular password changes reduce the risk you
run from unannounced data breaches.
 If you throw out a computer, wipe the old hard drive properly. Don't just
delete files; use a data destruction program to wipe the drive completely,
overwriting all the data on the disk. Creating a fresh installation of the operating
system will also wipe the drive successfully.
 Back up your files. Some data breaches lead to the encryption of files and a
ransomware demand to make them available again to the user. If you have a
separate backup on a removable drive, your data is safe in the event of a breach.
 Secure your phone. Use a screen lock and update your phone's software regularly.
Don’t root or jailbreak your phone. Rooting a device gives hackers the opportunity
to install their own software and to change the settings on your phone.
 Secure your computer and other devices by using anti-virus and anti-malware
software.Kaspersky Antivirus is a good choice to keep your computer free from
infection and ensure that hackers can't get a foothold in your system.
 Be careful where you click. Unsolicited emails which include links to websites
may be phishing attempts. Some may purport to be from your contacts. If they
include attachments or links, ensure they're genuine before you open them and use
an anti-virus program on attachments.
 When you're accessing your accounts, make sure you're using the secure
HTTPS protocol and not just HTTP.
 Monitoring your bank statements and credit reports helps keep you
safe. Stolen data can turn up on the dark web years after the original data breach.
This could mean an identity theft attempt occurs long after you've forgotten the
data breach that compromised that account.
 Know the value of your personal information and don't give it out unless
necessary. Too many websites want to know too much about you; why does a
business journal need your exact date of birth, for instance? Or an auction site your
SSN?

Detection and Recovery

Threats are divides into four types: d irect, indirect, veiled, and condit ional.

Direct threat - a direct threat ident ifies a specific act of violence to be carried out
against a specific target. Direct threats are clear and explicit such as, “I am going to
bring a gun to school tomorrow and shoot students as they try to exit the main
doors.”

Indirect threat - an indirect threat implies violence, but the communicat ion is
vague, unclear or uses ambiguous language. A statement, “I could kill everyone in
this classroom if I decided to,” is an ind irect threat. The language usually suggests
that the student could carry out an act of violence; not that he or she necessarily
will carry out the threat.

Veiled threat - a veiled threat implies, but does not threaten vio lence. A veiled
threat is a statement like, “All the coaches are so stupid they don't deserve to
breathe air.”

Conditional threat - a condit ional threat warns that a certain violent act will
occur unless specified condit ions are met. For example, “I will put a bomb in the
cafeteria unless you fire the principal.”

What is an e-signature (electronic signature)?

An e-signature (electronic signature) is a digital version of a conventional handwritten signature.
In many countries, including the United States, an e-signature can provide the same legal
commitment as a handwritten signature if it meets certain criteria.

The terms e-signature and digital signature are often used interchangeably, although this is
incorrect. A digital signature is a type of e-signature, but not all e-signatures are digital
signatures.

An e-signature provides a quick and easy way to sign electronic documents without the need to
print paper or affix wet ink signatures. Essentially, it is a process where computers are used to
certify the integrity of a document and to authenticate the person signing the document (signer).

E-signatures don't require pen and paper but allow the parties involved to agree with or approve
a document, just like they would do with handwritten signatures.
Encryption and Decryption:

What is Encryption?

Encryption is the process of converting simple data into a coded one. In technical terms,
encryption is a method of converting plaintext into ciphertext so that only authorized users can
understand it. The process of encryption requires a key and both sender and receiver have this
key, thus the data traveling from one end to another can be secure.

What is Decryption?

Decryption is a process where the coded data is converted back to the readable form. i.e., the
ciphertext is converted into plain text. The process of decryption also requires a key so that when
the data is received at the receiver end, it can be converted into readable form.

Difference Between Encryption and Decryption

S.No. Encryption Decryption

1. It is a method of transforming a plain or It is a method of transforming ciphertext

clear text into ciphertext using a key. into plain or clear text.

2. Process of encryption takes place at the Process of decryption takes place at the
sender’s end. receiver’s end.

3. The encrypted data is called Ciphertext. Decrypted data is called Plain text.

4. A public key or secret key is used in A secret key or private key is used in the
the process of Encryption. process of Decryption.

5. In encryption the sender sends the data In decryption, the receiver decodes the
once it is encrypted. data once it is received.

What is access control?

Access control is a fundamental component of data security that dictates who’s allowed to access
and use company information and resources. Through authentication and authorization, access
control policies make sure users are who they say they are and that they have appropriate access
to company data. Access control can also be applied to limit physical access to campuses,
buildings, rooms, and datacenters.
What is Authentication?

Authentication is the process of verifying a user or device before allowing access to a

system or resources.

In other words, authentication means confirming that a user is who they say they are. This
ensures only those with authorized credentials gain access to secure systems. When a user
attempts to access information on a network, they must provide secret credentials to prove their
identity. Authentication allows you to grant access to the right user at the right time with
confidence. But this doesn’t occur in isolation.

Authentication is part of a three-step process for gaining access to digital resources:

1. Identification—Who are you?

2. Authentication—Prove it.
3. Authorization—Do you have permission?

Identification requires a user ID like a username. But without identity authentication, there’s no
way to know if that username actually belongs to them. That’s where authentication comes in—
pairing the username with a password or other verifying credentials.

The most common method of authentication is a unique login and password, but as cyber
security threats have increased in recent years, most organizations use and recommend additional
authentication factors for layered security.

Firewalls and Proxy Services

1. Firewall :
Firewall is software program that prevents unauthorized access to or from a private network.
All data packets in it are entering or dropping network passes through the firewall and after
checking whether the firewall allows it or not. It works on network layer of the OSI model and
uses encryption to encrypt the data before transmission.
2. Proxy Server :
Proxy Server is a server that acts as a gateway or intermediary between any device and the rest
of the internet. A proxy accepts and forwards connection requests, then returns data for those
requests. It uses the anonymous network id instead of actual IP address of client (means it
hides the IP address of client), so that the actual IP address of client couldn’t be reveal.

Difference between Firewall and Proxy Server :

SR.NO Firewall Proxy Server

Firewall can monitor and filter all the Proxy server connects an external
1 incoming and outgoing traffic on a given client with a server to communicate
local network. with each other.
SR.NO Firewall Proxy Server

It blocks connections from unauthorised It facilitates connections over

2
network. network.

It filters data by monitoring IP packets that It filters the client-side requests that
3
are traversed. are made to connect to the network.

It involves network and transport layer

4 It work on application layer data.
data.

It exist as an interface between a public It can exist with public networks on

5
and private network. both sides.

It is used to protect an internal network It is used for anonymity and to

6
against attacks . bypass restrictions.

The overhead generated in proxy

The overhead generated in firewall is more
7 server is less as compared to a
as compared to a proxy server.
firewall.

It works on application protocol

8 It works on the packet level.
level.

Secure Sockets Layer

Secure Sockets Layer (SSL) is a standard technique for transmitting documents securely across a
network. SSL technology, created by Netscape, establishes a secure connection between a Web
server and a browser, ensuring private and secure data transmission. SSL communicates using
the Transport Control Protocol (TCP).

The term "socket" in SSL refers to the method of sending data via a network between a client
and a server.
A Web server requires an SSL certificate to establish a secure SSL connection while using SSL
for safe Internet transactions. SSL encrypts network connection segments atop the transport
layer, a network connection component above the program layer.

SSL is based on an asymmetric cryptographic process in which a Web browser generates both a
public and a private (secret) key. A certificate signing request is a data file that contains the
public key (CSR). Only the recipient receives the private key.

How Does SSL Work?

SSL encrypts data communicated across the web to guarantee a high level of privacy. Anyone
attempting to intercept this data will meet a jumbled mess of characters nearly hard to decrypt.

SSL begins an authentication process known as a handshake between two communicating

devices to confirm that both devices are who they say they are.

SSL also digitally certifies data to ensure data integrity, ensuring that it has not been tampered
with before reaching its intended receiver.

SSL has gone through multiple incarnations, each one more secure than the last. TLS (Transport
Layer Security) was introduced in 1999, replacing SSL.

Objectives of SSL

The goals of SSL are as follows −

 Data integrity − Information is safe from tampering. The SSL Record Protocol, SSL
Handshake Protocol, SSL Change CipherSpec Protocol, and SSL Alert Protocol maintain
data privacy.
 Client-server authentication − The SSL protocol authenticates the client and server using
standard cryptographic procedures.
 SSL is the forerunner of Transport Layer Security (TLS), a cryptographic technology for
secure data transfer over the Internet.

How to Obtain an SSL/TLS Certificate?

Are you ready to protect your website? The following is the fundamental approach for requesting
a publicly trusted SSL/TLS website certificate −

 The individual or organization requesting the certificate generates a pair of public and
private keys, which should be stored on the server being protected.
  A certificate signing request is generated using the public key, the domain name(s) to be
protected, and (for OV and EV certificates) organizational information about the
company requesting the certificate (CSR).
 A publicly trusted CA receives the CSR (such as SSL.com). The CA verifies the
information in the CSR and generates a signed certificate that the requester can install on
their web server.

What is https?
HTTPS stands for Hyper Text Transfer Protocol Secure. It is a protocol for securing the
communication between two systems e.g. the browser and the web server.

http transfers data between the browser and the web server in the hypertext format, whereas
https transfers data in the encrypted format. Thus, https prevents hackers from reading and
modifying the data during the transfer between the browser and the web server. Even if
hackers manage to intercept the communication, they will not be able to use it because the
message is encrypted.

HTTPS established an encrypted link between the browser and the web server using the
Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols. TLS is the new
version of SSL.

http vs https

http https

Transfers data in hypertext (structured text) format Transfers data in encrypted format

Uses port 80 by default Uses port 443 by default

Not secure Secured using SSL technology

Starts with http:// Starts with https://

Advantage of https

 Secure Communication: https makes a secure connection by establishing an encrypted

link between the browser and the server or any two systems.
 Data Integrity: https provides data integrity by encrypting the data and so, even if
hackers manage to trap the data, they cannot read or modify it.
 Privacy and Security: https protects the privacy and security of website users by
preventing hackers to passively listen to communication between the browser and the
server.
 Faster Performance: https increases the speed of data transfer compared to http by
encrypting and reducing the size of the data.
 SEO: Use of https increases SEO ranking. In Google Chrome, Google shows the Not
Secure label in the browser if users' data is collected over http.
 Future: https represents the future of the web by making internet safe for users and
website owners.