SlideShare ist ein Scribd-Unternehmen logo

UNIT IV:Security Measurement Strategies

Als PPTX, PDF herunterladen
Arnav Chowdhury
Arnav Chowdhury

Antivirus Techniques: Firewalls, Intrusion Detection System (IDS), Intrusion Prevention System (IPS). Brief Introduction about Anti-Phishing Approach (Common Strategies Used For Secured Authentication): Authentication using passwords like One Time Password (OTP) generators, Two Factor Authentications, Secure Socket Layer (SSL), Secure Electronic Transaction (SET), Cryptography.

Technologie
1 von 43
Antivirus Techniques: Firewalls, Intrusion Detection System (IDS), Intrusion Prevention System (IPS). Brief Introduction about Anti-Phishing Approach (Common Strategies Used For Secured Authentication): Authentication using passwords like One Time Password (OTP) generators, Two Factor Authentications, Secure Socket Layer (SSL), Secure Electronic Transaction (SET), Cryptography.
 Firewall is a barrier between Local Area Network (LAN) and the Internet. It allows keeping private resources confidential and minimizes the security risks. It controls network traffic, in both directions.  The following diagram depicts a sample firewall between LAN and the internet. The connection between the two is the point of vulnerability. Both hardware and the software can be used at this point to filter network traffic.
Firewall is categorized into three basic types −  Packet filter (Stateless & Stateful)  Application-level gateway  Circuit-level gateway
Sateless & Stateful Packet Filtering Firewall In this type of firewall deployment, the internal network is connected to the external network/Internet via a router firewall. The firewall inspects and filters data packet-by-packet. Packet-filtering firewalls allow or block the packets mostly based on criteria such as source and/or destination IP addresses, protocol, source and/or destination port numbers, and various other parameters within the IP header. The decision can be based on factors other than IP header fields such as ICMP message type, TCP SYN and ACK bits, etc. Packet filter rule has two parts −  Selection criteria − It is a used as a condition and pattern matching for decision making.  Action field − This part specifies action to be taken if an IP packet meets the selection criteria. The action could be either block (deny) or permit (allow) the packet across the firewall. Packet filtering is generally accomplished by configuring Access Control Lists (ACL) on routers or switches. ACL is a table of packet filter rules. As traffic enters or exits an interface, firewall applies ACLs from top to bottom to each incoming packet, finds matching criteria and either permits or denies the individual packets.
 Stateless firewall is a kind of a rigid tool. It looks at packet and allows it if its meets the criteria even if it is not part of any established ongoing communication.  Hence, such firewalls are replaced by stateful firewalls in modern networks. This type of firewalls offer a more in-depth inspection method over the only ACL based packet inspection methods of stateless firewalls.
 An application-level gateway acts as a relay node for the application-level traffic. They intercept incoming and outgoing packets, run proxies that copy and forward information across the gateway, and function as a proxy server, preventing any direct connection between a trusted server or client and an untrusted host.  The proxies are application specific. They can filter packets at the application layer of the OSI model.
An application-specific proxy  An application-specific proxy accepts packets generated by only specified application for which they are designed to copy, forward, and filter. For example, only a Telnet proxy can copy, forward, and filter Telnet traffic.  If a network relies only on an application-level gateway, incoming and outgoing packets cannot access services that have no proxies configured. For example, if a gateway runs FTP and Telnet proxies, only packets generated by these services can pass through the firewall. All other services are blocked. Application-level Filtering  An application-level proxy gateway, examines and filters individual packets, rather than simply copying them and blindly forwarding them across the gateway. Application-specific proxies check each packet that passes through the gateway, verifying the contents of the packet up through the application layer. These proxies can filter particular kinds of commands or information in the application protocols.  Application gateways can restrict specific actions from being performed. For example, the gateway could be configured to prevent users from performing the ‘FTP put’ command. This can prevent modification of the information stored on the server by an attacker.
 The circuit-level gateway is an intermediate solution between the packet filter and the application gateway. It runs at the transport layer and hence can act as proxy for any application.  Similar to an application gateway, the circuit-level gateway also does not permit an end-to-end TCP connection across the gateway. It sets up two TCP connections and relays the TCP segments from one network to the other. But, it does not examine the application data like application gateway. Hence, sometime it is called as ‘Pipe Proxy’.
 The packet filtering firewalls operate based on rules involving TCP/UDP/IP headers only. They do not attempt to establish correlation checks among different sessions.  Intrusion Detection/Prevention System (IDS/IPS) carry out Deep Packet Inspection (DPI) by looking at the packet contents. For example, checking character strings in packet against database of known virus, attack strings.  Application gateways do look at the packet contents but only for specific applications. They do not look for suspicious data in the packet. IDS/IPS looks for suspicious data contained in packets and tries to examine correlation among multiple packets to identify any attacks such as port scanning, network mapping, and denial of service and so on.
Types of IDS There are two basic types of IDS.  Signature-based IDS: It needs a database of known attacks with their signatures. Signature is defined by types and order of packets characterizing a particular attack.  Limitation of this type of IDS is that only known attacks can be detected. This IDS can also throw up a false alarm. False alarm can occur when a normal packet stream matches the signature of an attack. Well-known public open-source IDS example is “Snort” IDS.  Anomaly-based IDS: This type of IDS creates a traffic pattern of normal network operation. During IDS mode, it looks at traffic patterns that are statistically unusual. For example, ICMP unusual load, exponential growth in port scans, etc. Detection of any unusual traffic pattern generates the alarm. The major challenge faced in this type of IDS deployment is the difficulty in distinguishing between normal traffic and unusual traffic.
 IDS and IPS are similar in detection of anomalies in the network. IDS is a ‘visibility’ tool whereas IPS is considered as a ‘control’ tool.  Intrusion Detection Systems sit off to the side of the network, monitoring traffic at many different points, and provide visibility into the security state of the network. In case of reporting of anomaly by IDS, the corrective actions are initiated by the network administrator or other device on the network.  Intrusion Prevention System are like firewall and they sit in-line between two networks and control the traffic going through them. It enforces a specified policy on detection of anomaly in the network traffic. Generally, it drops all packets and blocks the entire network traffic on noticing an anomaly till such time an anomaly is addressed by the administrator.
Phishing prevention measures should be complemented with detection methods. The key strategies include  Monitor domain name registrations.  Watermark the original web pages to identify usage in phishing sites.  Monitor web server logs for suspicious referral entries and excessive traffic from one source IP.  Track double-bounce mails.  Setup forum for users to report phishing.
Detecting registered fake domain names  The attacker needs to setup a look-alike site. First a domain name is registered. Many times attackers register a domain which sounds similar to the original. If they are targeting www.abcbank.com attackers might register www.abc-bank-1.com. In a recent phishing attack Halifax bank was targeted using a domain called www.halifaax.com. Notice the extra "a". If we are diligent enough to track registrations of new DNS domains, we have a chance of getting to know about these "similar" registrations and can initiate action before the domain name can be used for a phishing attack.  This method of detection is not fool-proof because of different reasons. First - Even though it is easy to track new registrations of GLTD-generic top-level-domain like .com and .net, it is not true for CCTLD -country specific top-level-domains like .cn(China) or .kr(Korea) where many phishing sites are registered. Second - attackers may choose not to register a domain name and operate the website using just IP address.
Detecting look alike webpages  When a phishing webpage is being created, some attackers might not want to write their own HTML page -they might just Copy-Paste the content of the original website and make their own page. If we insert something like obfuscated javascript in the original website [which alerts us when run under any URL other than the authentic] we can get alerted against these attacks. There are many methods for watermarking your original website to track a phisher. For more on this read the "6 steps to beat phishing".  Many times attackers design the phishing webpage such that the images are picked up from the original site rather than keeping a repository of images in their fake website. When the user loads the phishing webpage, the browser goes and picks the images from original website. The referrer URL as seens by the original website will be the URL of the fake website [www.abc- bank-1.com].  On the original website if we are analyzing the web server logs and looking for suspicious referrers we will be able to detect an phishing attack in progress.
Detecting emails sent to users  Once the phishing site is ready, attackers sends emails to hundreds of users, who are the potential victims. As expected, many of these emails would bounce as the TO: address is incorrect. To increase credibility of the mail attackers would keep the From: address of the mail as something like admin@abcbank.com. This userid will be non-existent on the abcbank.com email server. Otherwise the mails which bounce will get into the mailbox of a user, if the admin@abcbank.com is a valid email id. If this is a valid email address, attackers would keep the from address as something like admin1@abcbank.com.  The mails with wrong To: addresses are all returned to the abcbank.com SMTP server. The SMTP server looks at the From: address admin1@abcbank.com and finds it is non-existent. From: address and To: address are both wrong. This is called a double-bounce mail.  This method of detection is not foolproof as attackers could use a domain name other than the original like admin1@abc-bank-1.com. The bounced mail will never reach the SMTP server of the original abcbank.com and no analysis and alerting is possible.  Finally, users who receive the phishing mail can alert the organization about it. It is important for the organization to implement forums for easy reporting. It could be setting up a common mailbox like phish@abcbank.com or a toll-free-number or educating the user helpdesk about this attack. These forums should be actively published to the users via different channels. An alert user who reports early could save many others.
Detecting Man in the Middle Attacks  Another method quite popular today is real time man-in-the-middle phishing attacks. As was recently demonstrated in the attacks on Citibusiness, phishers collect user-id passwords [short-lived one time passwords] and use them in real time against the original websites. If the attacker is trying passwords of multiple victims, you will see hundreds of connections from the attacker's PC. If we are analyzing the webserver logs and checking for large number of connections from one IP it could be the attacker doing man-in-the-middle.  This method of detection is not fool-proof as attackers might use the phished informations from multiple computers rather than from a single one.
Secured Login The first and foremost security step should be the use of an HTTPS site rather than an HTTP one. Whenever you login from an HTTP page, there is no guarantee that your login credentials are sent in an encrypted format onto the main page. Further, two-way authentication or certificate-based login is a must for significant logins. This is a combination of a traditional username and password along with a code sent to you on your phone.
Two-Factor Authentication (2FA) One time Password: One Time PasswordOne time passwords (OTPs) are an authentication method commonly used as part of two-factor identification (2FA) and multi-factor authentication (MFA) that can help balance these needs. OTPs are unique passwords that are only valid for a single login session for a defined period of time. Because OTPs aren’t reusable, they overcome many of the shortcomings of traditional (static) passwords by not being vulnerable to replay attacks. How OTP Soft Tokens Work  Soft tokens are software programs, typically downloadable mobile authenticator applications, such as RapidIdentity Mobile or Google Authenticator, that effectively turn a user’s device into an OTP generator.  The setup process entails the server generating a secret key. The user enters the secret key into the authenticator application. The user can then generate an OTP to verify the setup process worked with the server.  Each time the authenticator app is opened, a random number is generated for use at a fixed interval. After a specified period of time has elapsed (normally 30 seconds), a new number is presented.
 When it is time for a user to authenticate, the user simply enters the current value generated by the mobile authenticator app, along with their username and optionally, a password, PIN, TouchID, or FaceID to log in, effectively adding another layer of security.  Behind the scenes, the server that is authenticating the user runs the algorithm used to generate the OTP. The clocks of the user's device and the server are roughly synchronized, so the numbers entered should match. Once the user’s credentials are validated, the user is permitted to access the service, website, or application.
 When it is time for a user to authenticate, the user simply enters the current value generated by the mobile authenticator app, along with their username and optionally, a password, PIN, TouchID, or FaceID to log in, effectively adding another layer of security.  Behind the scenes, the server that is authenticating the user runs the algorithm used to generate the OTP. The clocks of the user's device and the server are roughly synchronized, so the numbers entered should match. Once the user’s credentials are validated, the user is permitted to access the service, website, or application.
Benefits  Ease of Use: As most users already have smartphones and are comfortable with mobile technologies, it is easy for them to learn to use soft OTPs and incorporate them into their daily routines. Users tend to keep their smartphones close at hand, making the mobile authenticator application readily accessible.  Works Offline: Because the soft OTPs are generated by a clock-based algorithm that is synchronized across the IT infrastructure, a cell phone signal is not required to authenticate using this method. This comes in handy for situations where a wireless signal isn’t available, such as on flights when airplane mode is used.  Not Vulnerable to Replay Attacks: In addition to offering an extra layer of security, OTPs also mitigate the risk of replay attacks—a shortcoming of traditional passwords. Replay attacks use valid username and password data captured in transmission to fool a system into granting access, effectively replaying the request. Because OTPs are not reusable, even if a would-be intruder were to record an OTP, it would no longer be valid if the intruder tried to use the OTP to log into a service.
Drawbacks  Requires a Mobile Device: Soft OTPs require users to complete the login process on their mobile phones. Some users may not want to take this step on their personal phones, and it may not even be an option for users who don't have smartphones. Additionally, mobile phones have to be charged frequently, and if the battery dies, the user can’t authenticate via this method.  Devices Can Be Lost or Stolen: A soft OTP cannot be used to authenticate if the mobile device itself is lost or stolen. However, in the event this does happen, it’s just a matter of re-provisioning the mobile authenticator app on the user’s new smartphone, unlike with hard tokens, where a new token would have to be purchased and shipped to the user.  Security Vulnerabilities: Soft OTPs are installed on mobile devices, leaving them vulnerable to attacks on the phone’s operating system or other applications. Soft OTPs also utilize a shared secret between the app and the system’s server, each of which can be hacked to access the password.
 Secure Sockets Layer (SSL) is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet. After being formally introduced in 1995, SSL made it possible for a web server to securely enable online transactions between consumers and businesses. Due to numerous protocol and implementation flaws and vulnerabilities, SSL was deprecated for use on the internet by the Internet Engineering Task Force (IETF) in 2015 and has been replaced by the Transport Layer Security (TLS) protocol.  While TLS and SSL are not interoperable, versions of TLS through 1.2 were backward-compatible with SSL 3.0. However, backward compatibility with SSL was removed from TLS 1.3, the current version of TLS that was published in 2018.
 A website that implements SSL/TLS has "HTTPS" in its URL instead of "HTTP."
Secure Socket Layer Protocols:  SSL record protocol  Handshake protocol  Change-cipher spec protocol  Alert protocol
SSL Record provide two services to SSL connection.  Confidentiality  Message Integrity  In SSL Record Protocol application data is divided into fragments. The fragment is compressed and then encrypted MAC (Message Authentication Code) generated by algorithms like SHA (Secure Hash Protocol) and MD5 (Message Digest) is appended. After that encryption of the data is done and in last SSL header is appended to the data.
Handshake Protocol is used to establish sessions. This protocol allow client and server to authenticate each other by sending a series of messages to each other. Handshake protocol uses four phases to complete its cycle.  Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In this IP session, cipher suite and protocol version are exchanged for security purpose.  Phase-2: Server send his certificate and Server-key-exchange. Server end the phase-2 by sending Server-hello-end packet.  Phase-3: In this phase Client reply to the server by sending his certificate and Client-exchange-key.  Phase-4: In Phase-4 Change-cipher suite occurred and after this Handshake Protocol ends.
 This protocol uses SSL record protocol. Unless Handshake Protocol is completed, the SSL record Output will be in pending state. After handshake protocol the Pending state is converted into Current state.  Change-cipher protocol consists of single message which is 1 byte in length and can have only one value. This protocol purpose is to cause the pending state to be copied into current state.
This protocol is used to convey SSL-related alerts to the peer entity. Each message in this protocol contain 2 bytes. Level is further classified into two parts:  Warning: This Alert have no impact on the connection between sender and receiver.  Fatal Error: This Alert breaks the connection between sender and receiver.
 Advantage of this approach is that the service can be tailored to the specific needs of the given application.  Secure Socket Layer was originated by Netscape.  SSL is designed to make use of TCP to provide reliable end-to-end secure service.  This is two-layered protocol.
 Secure Electronic Transaction or SET is a system which ensures security and integrity of electronic transactions done using credit cards in a scenario. SET is not some system that enables payment but it is a security protocol applied on those payments. It uses different encryption and hashing techniques to secure payments over internet done through credit cards. SET protocol was supported in development by major organizations like Visa, Mastercard, Microsoft which provided its Secure Transaction Technology (STT) and NetScape which provided technology of Secure Socket Layer (SSL).  SET protocol restricts revealing of credit card details to merchants thus keeping hackers and thieves at bay. SET protocol includes Certification Authorities for making use of standard Digital Certificates like X.509 Certificate.
 Let’s see a general scenario of electronic transaction, which includes client, payment gateway, client financial institution, merchant and merchant financial institution.
Requirements in SET : SET protocol has some requirements to meet, some of the important requirements are :  It has to provide mutual authentication i.e., customer (or cardholder) authentication by confirming if the customer is intended user or not and merchant authentication.  It has to keep the PI (Payment Information) and OI (Order Information) confidential by appropriate encryptions.  It has to be resistive against message modifications i.e., no changes should be allowed in the content being transmitted.  SET also needs to provide interoperability and make use of best security mechanisms.
Participants in SET : In the general scenario of online transaction, SET includes similar participants:  Cardholder – customer  Issuer – customer financial institution  Merchant  Acquirer – Merchant financial  Certificate authority – Authority which follows certain standards and issues certificates(like X.509V3) to all other participants.
SET functionalities :  Provide Authentication Merchant Authentication – To prevent theft, SET allows customers to check previous relationships between merchant and financial institution. Standard X.509V3 certificates are used for this verification.  Customer / Cardholder Authentication – SET checks if use of credit card is done by an authorized user or not using X.509V3 certificates.  Provide Message Confidentiality : Confidentiality refers to preventing unintended people from reading the message being transferred. SET implements confidentiality by using encryption techniques. Traditionally DES is used for encryption purpose.  Provide Message Integrity : SET doesn’t allow message modification with the help of signatures. Messages are protected against unauthorized modification using RSA digital signatures with SHA-1 and some using HMAC with SHA-1.
 Cryptography is the study and practice of techniques for secure communication in the presence of third parties called adversaries. It deals with developing and analyzing protocols which prevents malicious third parties from retrieving information being shared between two entities thereby following the various aspects of information security.  Secure Communication refers to the scenario where the message or data shared between two parties can’t be accessed by an adversary. In Cryptography, an Adversary is a malicious entity, which aims to retrieve precious information or data thereby undermining the principles of information security.
 Confidentiality refers to certain rules and guidelines usually executed under confidentiality agreements which ensure that the information is restricted to certain people or places.  Data integrity refers to maintaining and making sure that the data stays accurate and consistent over its entire life cycle.  Authentication is the process of making sure that the piece of data being claimed by the user belongs to it.  Non-repudiation refers to ability to make sure that a person or a party associated with a contract or a communication cannot deny the authenticity of their signature over their document or the sending of a message.
Consider two parties Alice and Bob. Now, Alice wants to send a message m to Bob over a secure channel. So, what happens is as follows.  The sender’s message or sometimes called the Plaintext, is converted into an unreadable form using a Key k. The resultant text obtained is called the Ciphertext. This process is known as Encryption. At the time of receival, the Ciphertext is converted back into the plaintext using the same Key k, so that it can be read by the receiver. This process is known as Decryption.  Alice (Sender) Bob (Receiver)  C = E (m, k) ----> m = D (C, k)  Here, C refers to the Ciphertext while E and D are the Encryption and Decryption algorithms respectively.
Let’s consider the case of Caesar Cipher or Shift Cipher as an example. As the name suggests, in Caesar Cipher each character in a word is replaced by another character under some defined rules. Thus, if A is replaced by D, B by E and so on. Then, each character in the word would be shifted by a position of 3. For example: Plaintext : prestige Ciphertext : suhvwljh Note that even if the adversary knows that the cipher is based on Caesar Cipher, it cannot predict the plaintext as it doesn’t have the key in this case which is to shift the characters back by three places.
In general there are three types Of cryptography:  Symmetric Key Cryptography: It is an encryption system where the sender and receiver of message use a single common key to encrypt and decrypt messages. Symmetric Key Systems are faster and simpler but the problem is that sender and receiver have to somehow exchange key in a secure manner. The most popular symmetric key cryptography system is Data Encryption System(DES).  Hash Functions: There is no usage of any key in this algorithm. A hash value with fixed length is calculated as per the plain text which makes it impossible for contents of plain text to be recovered. Many operating systems use hash functions to encrypt passwords.  Asymmetric Key Cryptography: Under this system a pair of keys is used to encrypt and decrypt information. A public key is used for encryption and a private key is used for decryption. Public key and Private Key are different. Even if the public key is known by everyone the intended receiver can only decode it because he alone knows the private key.

Empfohlen

The dark web
The dark webThe dark web
The dark webBella M
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptxPradeeshSAI
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Rootkits
RootkitsRootkits
RootkitsTharinduUdaraRanasin
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
Dark Web
Dark WebDark Web
Dark WebKunalDas889957
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeShreyash Patel
 

Empfohlen

The dark web
The dark webThe dark web
The dark webBella M
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptxPradeeshSAI
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Rootkits
RootkitsRootkits
RootkitsTharinduUdaraRanasin
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
Dark Web
Dark WebDark Web
Dark WebKunalDas889957
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeShreyash Patel
 
The Dark Web
The Dark WebThe Dark Web
The Dark WebSuraj Jaundoo
 
cyber crime
cyber crimecyber crime
cyber crimeMosuud jilani lipon
 
Darknet
DarknetDarknet
DarknetBijayKumarSingh11
 
CYBER-CRIME PRESENTATION.ppt
CYBER-CRIME PRESENTATION.pptCYBER-CRIME PRESENTATION.ppt
CYBER-CRIME PRESENTATION.pptPraveen362297
 
PPT dark web
PPT dark webPPT dark web
PPT dark webjitiyaashwin
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeJASJIT SINGH
 
Understanding world wide web and the internet
Understanding world wide web and the internetUnderstanding world wide web and the internet
Understanding world wide web and the internetMangesh Dete
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)JIEMS Akkalkuwa
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark WebMiteshWani
 
Dark wed
Dark wedDark wed
Dark wedAraVind Pillai
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensicSANTANU KUMAR DAS
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.pptChetanmalviya8
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security ritik shukla
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trendsShreedeep Rayamajhi
 
Virtual Private Network VPN
Virtual Private Network VPNVirtual Private Network VPN
Virtual Private Network VPNFarah M. Altufaili
 
Spoofing attack: Learn about Email spoofing, IP address spoofing and many other
Spoofing attack: Learn about Email spoofing, IP address spoofing and many otherSpoofing attack: Learn about Email spoofing, IP address spoofing and many other
Spoofing attack: Learn about Email spoofing, IP address spoofing and many otherPankaj Dubey
 
Email crime ppt
Email crime pptEmail crime ppt
Email crime pptOnkar1431
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
THE CYBER WORLD.pptx
THE CYBER WORLD.pptxTHE CYBER WORLD.pptx
THE CYBER WORLD.pptxKrishnaGupta769783
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar ReportArindam Sarkar
 
Firewall
FirewallFirewall
Firewalltrilokchandra prakash
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 

Weitere ähnliche Inhalte

Was ist angesagt?

CYBER-CRIME PRESENTATION.ppt
CYBER-CRIME PRESENTATION.pptCYBER-CRIME PRESENTATION.ppt
CYBER-CRIME PRESENTATION.pptPraveen362297
 
Understanding world wide web and the internet
Understanding world wide web and the internetUnderstanding world wide web and the internet
Understanding world wide web and the internetMangesh Dete
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)JIEMS Akkalkuwa
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark WebMiteshWani
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security ritik shukla
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trendsShreedeep Rayamajhi
 
Spoofing attack: Learn about Email spoofing, IP address spoofing and many other
Spoofing attack: Learn about Email spoofing, IP address spoofing and many otherSpoofing attack: Learn about Email spoofing, IP address spoofing and many other
Spoofing attack: Learn about Email spoofing, IP address spoofing and many otherPankaj Dubey
 
Email crime ppt
Email crime pptEmail crime ppt
Email crime pptOnkar1431
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar ReportArindam Sarkar
 

Was ist angesagt? (20)

The Dark Web
The Dark WebThe Dark Web
The Dark Web
 
cyber crime
cyber crimecyber crime
cyber crime
 
Darknet
DarknetDarknet
Darknet
 
CYBER-CRIME PRESENTATION.ppt
CYBER-CRIME PRESENTATION.pptCYBER-CRIME PRESENTATION.ppt
CYBER-CRIME PRESENTATION.ppt
 
PPT dark web
PPT dark webPPT dark web
PPT dark web
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Understanding world wide web and the internet
Understanding world wide web and the internetUnderstanding world wide web and the internet
Understanding world wide web and the internet
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark Web
 
Dark wed
Dark wedDark wed
Dark wed
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensic
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.ppt
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trends
 
Virtual Private Network VPN
Virtual Private Network VPNVirtual Private Network VPN
Virtual Private Network VPN
 
Spoofing attack: Learn about Email spoofing, IP address spoofing and many other
Spoofing attack: Learn about Email spoofing, IP address spoofing and many otherSpoofing attack: Learn about Email spoofing, IP address spoofing and many other
Spoofing attack: Learn about Email spoofing, IP address spoofing and many other
 
Email crime ppt
Email crime pptEmail crime ppt
Email crime ppt
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
 
THE CYBER WORLD.pptx
THE CYBER WORLD.pptxTHE CYBER WORLD.pptx
THE CYBER WORLD.pptx
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar Report
 

Ähnlich wie UNIT IV:Security Measurement Strategies

Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management nullowaspmumbai
 
Intrusion Detection in WLANs
Intrusion Detection in WLANsIntrusion Detection in WLANs
Intrusion Detection in WLANsronrulzzz
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 
L5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptxL5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptxRebeccaMunasheChimhe
 
Intrusion detection system IDS
Intrusion detection system IDSIntrusion detection system IDS
Intrusion detection system IDSMAURICE NTAHOBARI
 
Security measures for networking
Security measures for networkingSecurity measures for networking
Security measures for networkingShyam Kumar Singh
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1whitehat 'People'
 
Allot ServiceProtector - DDos Mitigation
Allot ServiceProtector - DDos MitigationAllot ServiceProtector - DDos Mitigation
Allot ServiceProtector - DDos MitigationAllot Communications
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - IIITAMBEMAHENDRA1
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 

Ähnlich wie UNIT IV:Security Measurement Strategies (20)

Firewall
FirewallFirewall
Firewall
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet Bawa
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management
 
Intrusion Detection in WLANs
Intrusion Detection in WLANsIntrusion Detection in WLANs
Intrusion Detection in WLANs
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptx
 
Describe firewalls
Describe firewallsDescribe firewalls
Describe firewalls
 
L5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptxL5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptx
 
UNIT-4.docx
UNIT-4.docxUNIT-4.docx
UNIT-4.docx
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Intrusion detection system IDS
Intrusion detection system IDSIntrusion detection system IDS
Intrusion detection system IDS
 
Security measures for networking
Security measures for networkingSecurity measures for networking
Security measures for networking
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
 
Advance Technology
Advance TechnologyAdvance Technology
Advance Technology
 
Firewall
FirewallFirewall
Firewall
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1
 
Allot ServiceProtector - DDos Mitigation
Allot ServiceProtector - DDos MitigationAllot ServiceProtector - DDos Mitigation
Allot ServiceProtector - DDos Mitigation
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - III
 
Firewalls-Intro
Firewalls-IntroFirewalls-Intro
Firewalls-Intro
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Idps
IdpsIdps
Idps
 

Mehr von Arnav Chowdhury

Startup Funding and Strategies for Future
Startup Funding and Strategies for FutureStartup Funding and Strategies for Future
Startup Funding and Strategies for FutureArnav Chowdhury
 
Marketing Management Introduction.pptx
Marketing Management Introduction.pptxMarketing Management Introduction.pptx
Marketing Management Introduction.pptxArnav Chowdhury
 
Marketing Management Product.pptx
Marketing Management Product.pptxMarketing Management Product.pptx
Marketing Management Product.pptxArnav Chowdhury
 
Institutional Support to Entrepreneurship
Institutional Support to EntrepreneurshipInstitutional Support to Entrepreneurship
Institutional Support to EntrepreneurshipArnav Chowdhury
 
New Venture Expansion and Exit Strategies
New Venture Expansion and Exit StrategiesNew Venture Expansion and Exit Strategies
New Venture Expansion and Exit StrategiesArnav Chowdhury
 
Creating a Business Plan
Creating a Business PlanCreating a Business Plan
Creating a Business PlanArnav Chowdhury
 
Business Research Methodology ( Data Collection)
Business Research Methodology ( Data Collection)Business Research Methodology ( Data Collection)
Business Research Methodology ( Data Collection)Arnav Chowdhury
 
Business Research Methods (Introduction)
Business Research Methods (Introduction)Business Research Methods (Introduction)
Business Research Methods (Introduction)Arnav Chowdhury
 
Planning and organizing Entrepreneurial Venture
Planning and organizing Entrepreneurial VenturePlanning and organizing Entrepreneurial Venture
Planning and organizing Entrepreneurial VentureArnav Chowdhury
 
Fundamentals of Entrepreneurship
Fundamentals of EntrepreneurshipFundamentals of Entrepreneurship
Fundamentals of EntrepreneurshipArnav Chowdhury
 
Unit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismUnit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismArnav Chowdhury
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesArnav Chowdhury
 
Information Technology and Modern Gadgets
Information Technology and Modern GadgetsInformation Technology and Modern Gadgets
Information Technology and Modern GadgetsArnav Chowdhury
 
Unit v: Device Management
Unit v: Device ManagementUnit v: Device Management
Unit v: Device ManagementArnav Chowdhury
 

Mehr von Arnav Chowdhury (20)

Startup Funding and Strategies for Future
Startup Funding and Strategies for FutureStartup Funding and Strategies for Future
Startup Funding and Strategies for Future
 
Marketing Management Introduction.pptx
Marketing Management Introduction.pptxMarketing Management Introduction.pptx
Marketing Management Introduction.pptx
 
Marketing Management Product.pptx
Marketing Management Product.pptxMarketing Management Product.pptx
Marketing Management Product.pptx
 
Institutional Support to Entrepreneurship
Institutional Support to EntrepreneurshipInstitutional Support to Entrepreneurship
Institutional Support to Entrepreneurship
 
New Venture Expansion and Exit Strategies
New Venture Expansion and Exit StrategiesNew Venture Expansion and Exit Strategies
New Venture Expansion and Exit Strategies
 
Creating a Business Plan
Creating a Business PlanCreating a Business Plan
Creating a Business Plan
 
Business Research Methodology ( Data Collection)
Business Research Methodology ( Data Collection)Business Research Methodology ( Data Collection)
Business Research Methodology ( Data Collection)
 
Business Research Methods (Introduction)
Business Research Methods (Introduction)Business Research Methods (Introduction)
Business Research Methods (Introduction)
 
Planning and organizing Entrepreneurial Venture
Planning and organizing Entrepreneurial VenturePlanning and organizing Entrepreneurial Venture
Planning and organizing Entrepreneurial Venture
 
Fundamentals of Entrepreneurship
Fundamentals of EntrepreneurshipFundamentals of Entrepreneurship
Fundamentals of Entrepreneurship
 
ICT tools in Education
ICT tools in EducationICT tools in Education
ICT tools in Education
 
Unit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismUnit v: Cyber Safety Mechanism
Unit v: Cyber Safety Mechanism
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking Techniques
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Information Technology and Modern Gadgets
Information Technology and Modern GadgetsInformation Technology and Modern Gadgets
Information Technology and Modern Gadgets
 
Unit iv FMIS
Unit iv FMISUnit iv FMIS
Unit iv FMIS
 
Unit iii FMIS
Unit iii FMISUnit iii FMIS
Unit iii FMIS
 
Unit ii FMIS
Unit ii FMISUnit ii FMIS
Unit ii FMIS
 
Unit iv graphics
Unit iv graphicsUnit iv graphics
Unit iv graphics
 
Unit v: Device Management
Unit v: Device ManagementUnit v: Device Management
Unit v: Device Management
 

Kürzlich hochgeladen

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Kürzlich hochgeladen (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

UNIT IV:Security Measurement Strategies

  • 1. Antivirus Techniques: Firewalls, Intrusion Detection System (IDS), Intrusion Prevention System (IPS). Brief Introduction about Anti-Phishing Approach (Common Strategies Used For Secured Authentication): Authentication using passwords like One Time Password (OTP) generators, Two Factor Authentications, Secure Socket Layer (SSL), Secure Electronic Transaction (SET), Cryptography.
  • 2.  Firewall is a barrier between Local Area Network (LAN) and the Internet. It allows keeping private resources confidential and minimizes the security risks. It controls network traffic, in both directions.  The following diagram depicts a sample firewall between LAN and the internet. The connection between the two is the point of vulnerability. Both hardware and the software can be used at this point to filter network traffic.
  • 3.
  • 4. Firewall is categorized into three basic types −  Packet filter (Stateless & Stateful)  Application-level gateway  Circuit-level gateway
  • 5. Sateless & Stateful Packet Filtering Firewall In this type of firewall deployment, the internal network is connected to the external network/Internet via a router firewall. The firewall inspects and filters data packet-by-packet. Packet-filtering firewalls allow or block the packets mostly based on criteria such as source and/or destination IP addresses, protocol, source and/or destination port numbers, and various other parameters within the IP header. The decision can be based on factors other than IP header fields such as ICMP message type, TCP SYN and ACK bits, etc. Packet filter rule has two parts −  Selection criteria − It is a used as a condition and pattern matching for decision making.  Action field − This part specifies action to be taken if an IP packet meets the selection criteria. The action could be either block (deny) or permit (allow) the packet across the firewall. Packet filtering is generally accomplished by configuring Access Control Lists (ACL) on routers or switches. ACL is a table of packet filter rules. As traffic enters or exits an interface, firewall applies ACLs from top to bottom to each incoming packet, finds matching criteria and either permits or denies the individual packets.
  • 6.  Stateless firewall is a kind of a rigid tool. It looks at packet and allows it if its meets the criteria even if it is not part of any established ongoing communication.  Hence, such firewalls are replaced by stateful firewalls in modern networks. This type of firewalls offer a more in-depth inspection method over the only ACL based packet inspection methods of stateless firewalls.
  • 7.  An application-level gateway acts as a relay node for the application-level traffic. They intercept incoming and outgoing packets, run proxies that copy and forward information across the gateway, and function as a proxy server, preventing any direct connection between a trusted server or client and an untrusted host.  The proxies are application specific. They can filter packets at the application layer of the OSI model.
  • 8. An application-specific proxy  An application-specific proxy accepts packets generated by only specified application for which they are designed to copy, forward, and filter. For example, only a Telnet proxy can copy, forward, and filter Telnet traffic.  If a network relies only on an application-level gateway, incoming and outgoing packets cannot access services that have no proxies configured. For example, if a gateway runs FTP and Telnet proxies, only packets generated by these services can pass through the firewall. All other services are blocked. Application-level Filtering  An application-level proxy gateway, examines and filters individual packets, rather than simply copying them and blindly forwarding them across the gateway. Application-specific proxies check each packet that passes through the gateway, verifying the contents of the packet up through the application layer. These proxies can filter particular kinds of commands or information in the application protocols.  Application gateways can restrict specific actions from being performed. For example, the gateway could be configured to prevent users from performing the ‘FTP put’ command. This can prevent modification of the information stored on the server by an attacker.
  • 9.  The circuit-level gateway is an intermediate solution between the packet filter and the application gateway. It runs at the transport layer and hence can act as proxy for any application.  Similar to an application gateway, the circuit-level gateway also does not permit an end-to-end TCP connection across the gateway. It sets up two TCP connections and relays the TCP segments from one network to the other. But, it does not examine the application data like application gateway. Hence, sometime it is called as ‘Pipe Proxy’.
  • 10.  The packet filtering firewalls operate based on rules involving TCP/UDP/IP headers only. They do not attempt to establish correlation checks among different sessions.  Intrusion Detection/Prevention System (IDS/IPS) carry out Deep Packet Inspection (DPI) by looking at the packet contents. For example, checking character strings in packet against database of known virus, attack strings.  Application gateways do look at the packet contents but only for specific applications. They do not look for suspicious data in the packet. IDS/IPS looks for suspicious data contained in packets and tries to examine correlation among multiple packets to identify any attacks such as port scanning, network mapping, and denial of service and so on.
  • 11. Types of IDS There are two basic types of IDS.  Signature-based IDS: It needs a database of known attacks with their signatures. Signature is defined by types and order of packets characterizing a particular attack.  Limitation of this type of IDS is that only known attacks can be detected. This IDS can also throw up a false alarm. False alarm can occur when a normal packet stream matches the signature of an attack. Well-known public open-source IDS example is “Snort” IDS.  Anomaly-based IDS: This type of IDS creates a traffic pattern of normal network operation. During IDS mode, it looks at traffic patterns that are statistically unusual. For example, ICMP unusual load, exponential growth in port scans, etc. Detection of any unusual traffic pattern generates the alarm. The major challenge faced in this type of IDS deployment is the difficulty in distinguishing between normal traffic and unusual traffic.
  • 12.  IDS and IPS are similar in detection of anomalies in the network. IDS is a ‘visibility’ tool whereas IPS is considered as a ‘control’ tool.  Intrusion Detection Systems sit off to the side of the network, monitoring traffic at many different points, and provide visibility into the security state of the network. In case of reporting of anomaly by IDS, the corrective actions are initiated by the network administrator or other device on the network.  Intrusion Prevention System are like firewall and they sit in-line between two networks and control the traffic going through them. It enforces a specified policy on detection of anomaly in the network traffic. Generally, it drops all packets and blocks the entire network traffic on noticing an anomaly till such time an anomaly is addressed by the administrator.
  • 13.
  • 14. Phishing prevention measures should be complemented with detection methods. The key strategies include  Monitor domain name registrations.  Watermark the original web pages to identify usage in phishing sites.  Monitor web server logs for suspicious referral entries and excessive traffic from one source IP.  Track double-bounce mails.  Setup forum for users to report phishing.
  • 15. Detecting registered fake domain names  The attacker needs to setup a look-alike site. First a domain name is registered. Many times attackers register a domain which sounds similar to the original. If they are targeting www.abcbank.com attackers might register www.abc-bank-1.com. In a recent phishing attack Halifax bank was targeted using a domain called www.halifaax.com. Notice the extra "a". If we are diligent enough to track registrations of new DNS domains, we have a chance of getting to know about these "similar" registrations and can initiate action before the domain name can be used for a phishing attack.  This method of detection is not fool-proof because of different reasons. First - Even though it is easy to track new registrations of GLTD-generic top-level-domain like .com and .net, it is not true for CCTLD -country specific top-level-domains like .cn(China) or .kr(Korea) where many phishing sites are registered. Second - attackers may choose not to register a domain name and operate the website using just IP address.
  • 16. Detecting look alike webpages  When a phishing webpage is being created, some attackers might not want to write their own HTML page -they might just Copy-Paste the content of the original website and make their own page. If we insert something like obfuscated javascript in the original website [which alerts us when run under any URL other than the authentic] we can get alerted against these attacks. There are many methods for watermarking your original website to track a phisher. For more on this read the "6 steps to beat phishing".  Many times attackers design the phishing webpage such that the images are picked up from the original site rather than keeping a repository of images in their fake website. When the user loads the phishing webpage, the browser goes and picks the images from original website. The referrer URL as seens by the original website will be the URL of the fake website [www.abc- bank-1.com].  On the original website if we are analyzing the web server logs and looking for suspicious referrers we will be able to detect an phishing attack in progress.
  • 17. Detecting emails sent to users  Once the phishing site is ready, attackers sends emails to hundreds of users, who are the potential victims. As expected, many of these emails would bounce as the TO: address is incorrect. To increase credibility of the mail attackers would keep the From: address of the mail as something like admin@abcbank.com. This userid will be non-existent on the abcbank.com email server. Otherwise the mails which bounce will get into the mailbox of a user, if the admin@abcbank.com is a valid email id. If this is a valid email address, attackers would keep the from address as something like admin1@abcbank.com.  The mails with wrong To: addresses are all returned to the abcbank.com SMTP server. The SMTP server looks at the From: address admin1@abcbank.com and finds it is non-existent. From: address and To: address are both wrong. This is called a double-bounce mail.  This method of detection is not foolproof as attackers could use a domain name other than the original like admin1@abc-bank-1.com. The bounced mail will never reach the SMTP server of the original abcbank.com and no analysis and alerting is possible.  Finally, users who receive the phishing mail can alert the organization about it. It is important for the organization to implement forums for easy reporting. It could be setting up a common mailbox like phish@abcbank.com or a toll-free-number or educating the user helpdesk about this attack. These forums should be actively published to the users via different channels. An alert user who reports early could save many others.
  • 18. Detecting Man in the Middle Attacks  Another method quite popular today is real time man-in-the-middle phishing attacks. As was recently demonstrated in the attacks on Citibusiness, phishers collect user-id passwords [short-lived one time passwords] and use them in real time against the original websites. If the attacker is trying passwords of multiple victims, you will see hundreds of connections from the attacker's PC. If we are analyzing the webserver logs and checking for large number of connections from one IP it could be the attacker doing man-in-the-middle.  This method of detection is not fool-proof as attackers might use the phished informations from multiple computers rather than from a single one.
  • 19. Secured Login The first and foremost security step should be the use of an HTTPS site rather than an HTTP one. Whenever you login from an HTTP page, there is no guarantee that your login credentials are sent in an encrypted format onto the main page. Further, two-way authentication or certificate-based login is a must for significant logins. This is a combination of a traditional username and password along with a code sent to you on your phone.
  • 20. Two-Factor Authentication (2FA) One time Password: One Time PasswordOne time passwords (OTPs) are an authentication method commonly used as part of two-factor identification (2FA) and multi-factor authentication (MFA) that can help balance these needs. OTPs are unique passwords that are only valid for a single login session for a defined period of time. Because OTPs aren’t reusable, they overcome many of the shortcomings of traditional (static) passwords by not being vulnerable to replay attacks. How OTP Soft Tokens Work  Soft tokens are software programs, typically downloadable mobile authenticator applications, such as RapidIdentity Mobile or Google Authenticator, that effectively turn a user’s device into an OTP generator.  The setup process entails the server generating a secret key. The user enters the secret key into the authenticator application. The user can then generate an OTP to verify the setup process worked with the server.  Each time the authenticator app is opened, a random number is generated for use at a fixed interval. After a specified period of time has elapsed (normally 30 seconds), a new number is presented.
  • 21.  When it is time for a user to authenticate, the user simply enters the current value generated by the mobile authenticator app, along with their username and optionally, a password, PIN, TouchID, or FaceID to log in, effectively adding another layer of security.  Behind the scenes, the server that is authenticating the user runs the algorithm used to generate the OTP. The clocks of the user's device and the server are roughly synchronized, so the numbers entered should match. Once the user’s credentials are validated, the user is permitted to access the service, website, or application.
  • 22.  When it is time for a user to authenticate, the user simply enters the current value generated by the mobile authenticator app, along with their username and optionally, a password, PIN, TouchID, or FaceID to log in, effectively adding another layer of security.  Behind the scenes, the server that is authenticating the user runs the algorithm used to generate the OTP. The clocks of the user's device and the server are roughly synchronized, so the numbers entered should match. Once the user’s credentials are validated, the user is permitted to access the service, website, or application.
  • 23. Benefits  Ease of Use: As most users already have smartphones and are comfortable with mobile technologies, it is easy for them to learn to use soft OTPs and incorporate them into their daily routines. Users tend to keep their smartphones close at hand, making the mobile authenticator application readily accessible.  Works Offline: Because the soft OTPs are generated by a clock-based algorithm that is synchronized across the IT infrastructure, a cell phone signal is not required to authenticate using this method. This comes in handy for situations where a wireless signal isn’t available, such as on flights when airplane mode is used.  Not Vulnerable to Replay Attacks: In addition to offering an extra layer of security, OTPs also mitigate the risk of replay attacks—a shortcoming of traditional passwords. Replay attacks use valid username and password data captured in transmission to fool a system into granting access, effectively replaying the request. Because OTPs are not reusable, even if a would-be intruder were to record an OTP, it would no longer be valid if the intruder tried to use the OTP to log into a service.
  • 24. Drawbacks  Requires a Mobile Device: Soft OTPs require users to complete the login process on their mobile phones. Some users may not want to take this step on their personal phones, and it may not even be an option for users who don't have smartphones. Additionally, mobile phones have to be charged frequently, and if the battery dies, the user can’t authenticate via this method.  Devices Can Be Lost or Stolen: A soft OTP cannot be used to authenticate if the mobile device itself is lost or stolen. However, in the event this does happen, it’s just a matter of re-provisioning the mobile authenticator app on the user’s new smartphone, unlike with hard tokens, where a new token would have to be purchased and shipped to the user.  Security Vulnerabilities: Soft OTPs are installed on mobile devices, leaving them vulnerable to attacks on the phone’s operating system or other applications. Soft OTPs also utilize a shared secret between the app and the system’s server, each of which can be hacked to access the password.
  • 25.  Secure Sockets Layer (SSL) is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet. After being formally introduced in 1995, SSL made it possible for a web server to securely enable online transactions between consumers and businesses. Due to numerous protocol and implementation flaws and vulnerabilities, SSL was deprecated for use on the internet by the Internet Engineering Task Force (IETF) in 2015 and has been replaced by the Transport Layer Security (TLS) protocol.  While TLS and SSL are not interoperable, versions of TLS through 1.2 were backward-compatible with SSL 3.0. However, backward compatibility with SSL was removed from TLS 1.3, the current version of TLS that was published in 2018.
  • 26.  A website that implements SSL/TLS has "HTTPS" in its URL instead of "HTTP."
  • 27. Secure Socket Layer Protocols:  SSL record protocol  Handshake protocol  Change-cipher spec protocol  Alert protocol
  • 28. SSL Record provide two services to SSL connection.  Confidentiality  Message Integrity  In SSL Record Protocol application data is divided into fragments. The fragment is compressed and then encrypted MAC (Message Authentication Code) generated by algorithms like SHA (Secure Hash Protocol) and MD5 (Message Digest) is appended. After that encryption of the data is done and in last SSL header is appended to the data.
  • 29. Handshake Protocol is used to establish sessions. This protocol allow client and server to authenticate each other by sending a series of messages to each other. Handshake protocol uses four phases to complete its cycle.  Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In this IP session, cipher suite and protocol version are exchanged for security purpose.  Phase-2: Server send his certificate and Server-key-exchange. Server end the phase-2 by sending Server-hello-end packet.  Phase-3: In this phase Client reply to the server by sending his certificate and Client-exchange-key.  Phase-4: In Phase-4 Change-cipher suite occurred and after this Handshake Protocol ends.
  • 30.  This protocol uses SSL record protocol. Unless Handshake Protocol is completed, the SSL record Output will be in pending state. After handshake protocol the Pending state is converted into Current state.  Change-cipher protocol consists of single message which is 1 byte in length and can have only one value. This protocol purpose is to cause the pending state to be copied into current state.
  • 31. This protocol is used to convey SSL-related alerts to the peer entity. Each message in this protocol contain 2 bytes. Level is further classified into two parts:  Warning: This Alert have no impact on the connection between sender and receiver.  Fatal Error: This Alert breaks the connection between sender and receiver.
  • 32.  Advantage of this approach is that the service can be tailored to the specific needs of the given application.  Secure Socket Layer was originated by Netscape.  SSL is designed to make use of TCP to provide reliable end-to-end secure service.  This is two-layered protocol.
  • 33.  Secure Electronic Transaction or SET is a system which ensures security and integrity of electronic transactions done using credit cards in a scenario. SET is not some system that enables payment but it is a security protocol applied on those payments. It uses different encryption and hashing techniques to secure payments over internet done through credit cards. SET protocol was supported in development by major organizations like Visa, Mastercard, Microsoft which provided its Secure Transaction Technology (STT) and NetScape which provided technology of Secure Socket Layer (SSL).  SET protocol restricts revealing of credit card details to merchants thus keeping hackers and thieves at bay. SET protocol includes Certification Authorities for making use of standard Digital Certificates like X.509 Certificate.
  • 34.  Let’s see a general scenario of electronic transaction, which includes client, payment gateway, client financial institution, merchant and merchant financial institution.
  • 35. Requirements in SET : SET protocol has some requirements to meet, some of the important requirements are :  It has to provide mutual authentication i.e., customer (or cardholder) authentication by confirming if the customer is intended user or not and merchant authentication.  It has to keep the PI (Payment Information) and OI (Order Information) confidential by appropriate encryptions.  It has to be resistive against message modifications i.e., no changes should be allowed in the content being transmitted.  SET also needs to provide interoperability and make use of best security mechanisms.
  • 36. Participants in SET : In the general scenario of online transaction, SET includes similar participants:  Cardholder – customer  Issuer – customer financial institution  Merchant  Acquirer – Merchant financial  Certificate authority – Authority which follows certain standards and issues certificates(like X.509V3) to all other participants.
  • 37. SET functionalities :  Provide Authentication Merchant Authentication – To prevent theft, SET allows customers to check previous relationships between merchant and financial institution. Standard X.509V3 certificates are used for this verification.  Customer / Cardholder Authentication – SET checks if use of credit card is done by an authorized user or not using X.509V3 certificates.  Provide Message Confidentiality : Confidentiality refers to preventing unintended people from reading the message being transferred. SET implements confidentiality by using encryption techniques. Traditionally DES is used for encryption purpose.  Provide Message Integrity : SET doesn’t allow message modification with the help of signatures. Messages are protected against unauthorized modification using RSA digital signatures with SHA-1 and some using HMAC with SHA-1.
  • 38.  Cryptography is the study and practice of techniques for secure communication in the presence of third parties called adversaries. It deals with developing and analyzing protocols which prevents malicious third parties from retrieving information being shared between two entities thereby following the various aspects of information security.  Secure Communication refers to the scenario where the message or data shared between two parties can’t be accessed by an adversary. In Cryptography, an Adversary is a malicious entity, which aims to retrieve precious information or data thereby undermining the principles of information security.
  • 39.  Confidentiality refers to certain rules and guidelines usually executed under confidentiality agreements which ensure that the information is restricted to certain people or places.  Data integrity refers to maintaining and making sure that the data stays accurate and consistent over its entire life cycle.  Authentication is the process of making sure that the piece of data being claimed by the user belongs to it.  Non-repudiation refers to ability to make sure that a person or a party associated with a contract or a communication cannot deny the authenticity of their signature over their document or the sending of a message.
  • 40.
  • 41. Consider two parties Alice and Bob. Now, Alice wants to send a message m to Bob over a secure channel. So, what happens is as follows.  The sender’s message or sometimes called the Plaintext, is converted into an unreadable form using a Key k. The resultant text obtained is called the Ciphertext. This process is known as Encryption. At the time of receival, the Ciphertext is converted back into the plaintext using the same Key k, so that it can be read by the receiver. This process is known as Decryption.  Alice (Sender) Bob (Receiver)  C = E (m, k) ----> m = D (C, k)  Here, C refers to the Ciphertext while E and D are the Encryption and Decryption algorithms respectively.
  • 42. Let’s consider the case of Caesar Cipher or Shift Cipher as an example. As the name suggests, in Caesar Cipher each character in a word is replaced by another character under some defined rules. Thus, if A is replaced by D, B by E and so on. Then, each character in the word would be shifted by a position of 3. For example: Plaintext : prestige Ciphertext : suhvwljh Note that even if the adversary knows that the cipher is based on Caesar Cipher, it cannot predict the plaintext as it doesn’t have the key in this case which is to shift the characters back by three places.
  • 43. In general there are three types Of cryptography:  Symmetric Key Cryptography: It is an encryption system where the sender and receiver of message use a single common key to encrypt and decrypt messages. Symmetric Key Systems are faster and simpler but the problem is that sender and receiver have to somehow exchange key in a secure manner. The most popular symmetric key cryptography system is Data Encryption System(DES).  Hash Functions: There is no usage of any key in this algorithm. A hash value with fixed length is calculated as per the plain text which makes it impossible for contents of plain text to be recovered. Many operating systems use hash functions to encrypt passwords.  Asymmetric Key Cryptography: Under this system a pair of keys is used to encrypt and decrypt information. A public key is used for encryption and a private key is used for decryption. Public key and Private Key are different. Even if the public key is known by everyone the intended receiver can only decode it because he alone knows the private key.