Network Security CA3CO16

Unit-1 Computer Security

Concept of Security:
The basic tenets of information security are confidentiality, integrity and availability. Every
element of the information security program must be designed to implement one or more of
these principles. Together they are called the CIA Triad.
1. Confidentiality
Confidentiality measures are designed to prevent unauthorized disclosure of information. The
purpose of the confidentiality principle is to keep personal information private and to ensure
that it is visible and accessible only to those individuals who own it or need it to perform their
organizational functions.
2. Integrity
Consistency includes protection against unauthorized changes (additions, deletions, alterations,
etc.) to data. The principle of integrity ensures that data is accurate and reliable and is not
modified incorrectly, whether accidentally or maliciously.
3. Availability
Availability is the protection of a system’s ability to make software systems and data fully
available when a user needs it (or at a specified time). The purpose of availability is to make
the technology infrastructure, the applications and the data available when they are needed for
an organizational process or for an organization’s customers. There are few parameters for the
data to be considered available, i.e., response time, resourcefulness, height of security.

What is a Cyber Attack?

A cyber-attack refers to an action designed to target a computer or any element of a
computerized information system to change, destroy, or steal data, as well as exploit or harm a
network. Cyber-attacks have been on the rise, in sync with the digitization of business that has
become more and more popular in recent years.
Most Common Types of Cybersecurity Attacks
1. DoS and DDoS Attacks
A denial-of-service (DoS) attack is designed to overwhelm the resources of a system to the
point where it is unable to reply to legitimate service requests. A distributed denial-of-service
(DDoS) attack is similar in that it also seeks to drain the resources of a system. A DDoS attack
is initiated by a vast array of malware-infected host machines controlled by the attacker. These
are referred to as “denial of service” attacks because the victim site is unable to provide service
to those who want to access it.
With a DoS attack, the target site gets flooded with illegitimate requests. Because the site has
to respond to each request, its resources get consumed by all the responses. This makes it
impossible for the site to serve users as it normally does and often results in a complete
shutdown of the site.
DoS and DDoS attacks are different from other types of cyber-attacks that enable the hacker to
either obtain access to a system or increase the access they currently have. With these types of
attacks, the attacker directly benefits from their efforts. With DoS and DDoS network attacks,
on the other hand, the objective is simply to interrupt the effectiveness of the target's service.
If the attacker is hired by a business competitor, they may benefit financially from their efforts.
A DoS attack can also be used to create vulnerability for another type of attack. With a
successful DoS or DDoS attack, the system often has to come offline, which can leave it
vulnerable to other types of attacks. One common way to prevent DoS attacks is to use a
firewall that detects whether requests sent to your site are legitimate. Imposter requests can
then be discarded, allowing normal traffic to flow without interruption. An example of a major
internet attack of this kind occurred in February 2020 to Amazon Web Services (AWS).
2. MITM Attacks
Man-in-the-middle (MITM) types of cyber-attacks refer to breaches in cybersecurity that make
it possible for an attacker to eavesdrop on the data sent back and forth between two people,
networks, or computers. It is called a “man in the middle” attack because the attacker positions
themselves in the “middle” or between the two parties trying to communicate. In effect, the
attacker is spying on the interaction between the two parties.
In a MITM attack, the two parties involved feel like they are communicating as they normally
do. What they do not know is that the person actually sending the message illicitly modifies or
accesses the message before it reaches its destination. Some ways to protect yourself and your
organization from MITM attacks is by using strong encryption on access points or to use a
virtual private network (VPN).

3. Phishing Attacks
A phishing attack occurs when a malicious actor sends emails that seem to be coming from
trusted, legitimate sources in an attempt to grab sensitive information from the target. Phishing
attacks combine social engineering and technology and are so-called because the attacker is, in
effect, “fishing” for access to a forbidden area by using the “bait” of a seemingly trustworthy
sender.
To execute the attack, the bad actor may send a link that brings you to a website that then fools
you into downloading malware such as viruses, or giving the attacker your private information.
In many cases, the target may not realize they have been compromised, which allows the
attacker to go after others in the same organization without anyone suspecting malicious
activity.
You can prevent phishing attacks from achieving their objectives by thinking carefully about
the kinds of emails you open and the links you click on. Pay close attention to email headers,
and do not click on anything that looks suspicious. Check the parameters for “Reply-to” and
“Return-path.” They need to connect to the same domain presented in the email.
4. Whale-phishing Attacks
A whale-phishing attack is so-named because it goes after the “big fish” or whales of an
organization, which typically include those in the C-suite or others in charge of the
organization. These individuals are likely to possess information that can be valuable to
attackers, such as proprietary information about the business or its operations.
If a targeted “whale” downloads ransomware, they are more likely to pay the ransom to prevent
news of the successful attack from getting out and damaging their reputation or that of the
organization. Whale-phishing attacks can be prevented by taking the same kinds of precautions
to avoid phishing attacks, such as carefully examining emails and the attachments and links
that come with them, keeping an eye out for suspicious destinations or parameters.
5. Spear-phishing Attacks
Spear phishing refers to a specific type of targeted phishing attack. The attacker takes the time
to research their intended targets and then write messages the target is likely to find personally
relevant. These types of attacks are aptly called “spear” phishing because of the way the
attacker hones in on one specific target. The message will seem legitimate, which is why it can
be difficult to spot a spear-phishing attack.
Often, a spear-phishing attack uses email spoofing, where the information inside the “From”
portion of the email is faked, making it look like the email is coming from a different sender.
This can be someone the target trusts, like an individual within their social network, a close
friend, or a business partner. Attackers may also use website cloning to make the
communication seem legitimate. With website cloning, the attacker copies a legitimate website
to lull the victim into a sense of comfort. The target, thinking the website is real, then feels
comfortable entering their private information.
Similar to regular phishing attacks, spear-phishing-attacks can be prevented by carefully
checking the details in all fields of an email and making sure users do not click on any link
whose destination cannot be verified as legitimate.
6. Ransomware
With Ransomware, the victim’s system is held hostage until they agree to pay a ransom to the
attacker. After the payment has been sent, the attacker then provides instructions regarding how
the target can regain control of their computer. The name "ransomware” is appropriate because
the malware demands a ransom from the victim.
In a ransomware attack, the target downloads ransomware, either from a website or from within
an email attachment. The malware is written to exploit vulnerabilities that have not been
addressed by either the system’s manufacturer or the IT team. The ransomware then encrypts
the target's workstation. At times, ransomware can be used to attack multiple parties by denying
access to either several computers or a central server essential to business operations.
Affecting multiple computers is often accomplished by not initiating systems captivation until
days or even weeks after the malware's initial penetration. The malware can send AUTORUN
files that go from one system to another via the internal network or Universal Serial Bus (USB)
drives that connect to multiple computers. Then, when the attacker initiates the encryption, it
works on all the infected systems simultaneously.
In some cases, ransomware authors design the code to evade traditional antivirus software. It
is therefore important for users to remain vigilant regarding which sites they visit and which
links they click. You can also prevent many ransomware attacks by using a next-generation
firewall (NGFW) that can perform deep data packet inspections using artificial intelligence
(AI) that looks for the characteristics of ransomware.
7. Password Attack
Passwords are the access verification tool of choice for most people, so figuring out a target’s
password is an attractive proposition for a hacker. This can be done using a few different
methods. Often, people keep copies of their passwords on pieces of paper or sticky notes around
or on their desks. An attacker can either find the password themselves or pay someone on the
inside to get it for them.
An attacker may also try to intercept network transmissions to grab passwords not encrypted
by the network. They can also use social engineering, which convinces the target to input their
password to solve a seemingly “important” problem. In other cases, the attacker can simply
guess the user’s password, particularly if they use a default password or one that is easy to
remember such as “1234567.”
Attackers also often use brute-force methods to guess passwords. A brute-force password hack
uses basic information about the individual or their job title to try to guess their password. For
example, their name, birthdate, anniversary, or other personal but easy-to-discover details can
be used in different combinations to decipher their password. Information that users put on
social media can also be leveraged in a brute-force password hack. What the individual does
for fun, specific hobbies, names of pets, or names of children are sometimes used to form
passwords, making them relatively easy to guess for brute-force attackers.
A hacker can also use a dictionary attack to ascertain a user’s password. A dictionary attack is
a technique that uses common words and phrases, such as those listed in a dictionary, to try and
guess the target's password.
One effective method of preventing brute-force and dictionary password attacks is to set up a
lock-out policy. This locks out access to devices, websites, or applications automatically after
a certain number of failed attempts. With a lock-out policy, the attacker only has a few tries
before they get banned from access. If you have a lockout policy in place already and discover
that your account has been locked out because of too many login attempts, it is wise to change
your password.
If an attacker systematically uses a brute-force or dictionary attack to guess your password,
they may take note of the passwords that did not work. For example, if your password is your
last name followed by your year of birth and the hacker tries putting your birth year before
your last name on the final attempt, they may get it right on the next try.
8. SQL Injection Attack
Structured Query Language (SQL) injection is a common method of taking advantage of
websites that depend on databases to serve their users. Clients are computers that get
information from servers, and an SQL attack uses an SQL query sent from the client to a
database on the server. The command is inserted, or “injected”, into a data plane in place of
something else that normally goes there, such as a password or login. The server that holds the
database then runs the command and the system is penetrated.
If an SQL injection succeeds, several things can happen, including the release of sensitive data
or the modification or deletion of important data. Also, an attacker can execute administrator
operations like a shutdown command, which can interrupt the function of the database.
To shield yourself from an SQL injection attack, take advantage of the least-privileged model.
With least-privileged architecture, only those who absolutely need to access key databases are
allowed in. Even if a user has power or influence within the organization, they may not be
allowed to access specific areas of the network if their job does not depend on it.
For example, the CEO can be kept from accessing areas of the network even if they have the
right to know what is inside. Applying a least-privileged policy can prevent not just bad actors
from accessing sensitive areas but also those who mean well but accidentally leave their login
credentials vulnerable to attackers or leave their workstations running while away from their
computers.
9. URL Interpretation
With URL interpretation, attackers alter and fabricate certain URL addresses and use them to
gain access to the target’s personal and professional data. This kind of attack is also referred to
as URL poisoning. The name “URL interpretation” comes from the fact that the attacker knows
the order in which a web-page’s URL information needs to be entered. The attacker then
“interprets” this syntax, using it to figure out how to get into areas they do not have access to.
To execute a URL interpretation attack, a hacker may guess URLs they can use to gain
administrator privileges to a site or to access the site’s back end to get into a user’s account.
Once they get to the page they want, they can manipulate the site itself or gain access to
sensitive information about the people who use it.
For example, if a hacker attempts to get into the admin section of a site called
GetYourKnowledgeOn.com, they may type in http://getyourknowledgeon.com/admin, and this
will bring them to an admin login page. In some cases, the admin username and password may
be the default "admin" and "admin" or very easy to guess. An attacker may also have already
figured out the admin’s password or narrowed it down to a few possibilities. The attacker then
tries each one, gains access, and can manipulate, steal, or delete data at will.
To prevent URL interpretation attacks from succeeding, use secure authentication methods for
any sensitive areas of your site. This may necessitate multi-factor authentication (MFA) or
secure passwords consisting of seemingly random characters.
10. DNS Spoofing
With Domain Name System (DNS) spoofing, a hacker alters DNS records to send traffic to a
fake or “spoofed” website. Once on the fraudulent site, the victim may enter sensitive
information that can be used or sold by the hacker. The hacker may also construct a poor-quality
site with derogatory or inflammatory content to make a competitor company look bad.
In a DNS spoofing attack, the attacker takes advantage of the fact that the user thinks the site
they are visiting is legitimate. This gives the attacker the ability to commit crimes in the name
of an innocent company, at least from the perspective of the visitor.
To prevent DNS spoofing, make sure your DNS servers are kept up-to-date. Attackers aim to
exploit vulnerabilities in DNS servers, and the most recent software versions often contain fixes
that close known vulnerabilities.
11. Session Hijacking
Session hijacking is one of multiple types of MITM attacks. The attacker takes over a session
between a client and the server. The computer being used in the attack substitutes its Internet
Protocol (IP) address for that of the client computer, and the server continues the session
without suspecting it is communicating with the attacker instead of the client. This kind of
attack is effective because the server uses the client's IP address to verify its identity. If the
attacker's IP address is inserted partway through the session, the server may not suspect a
breach because it is already engaged in a trusted connection.
To prevent session hijacking, use a VPN to access business-critical servers. This way, all
communication is encrypted, and an attacker cannot gain access to the secure tunnel created by
the VPN.
12. Brute force attack
A brute-force attack gets its name from the “brutish” or simple methodology employed by the
attack. The attacker simply tries to guess the login credentials of someone with access to the
target system. Once they get it right, they are in.
While this may sound time-consuming and difficult, attackers often use bots to crack the
credentials. The attacker provides the bot with a list of credentials that they think may give
them access to the secure area. The bot then tries each one while the attacker sits back and
waits. Once the correct credentials have been entered, the criminal gains access.
To prevent brute-force attacks, have lock-out policies in place as part of your authorization
security architecture. After a certain number of attempts, the user attempting to enter the
credentials gets locked out. This typically involves “freezing” the account so even if someone
else tries from a different device with a different IP address, they cannot bypass the lockout.
It is also wise to use random passwords without regular words, dates, or sequences of numbers
in them. This is effective because, for example, even if an attacker uses software to try to guess
a 10-digit password, it will take many years of non-stop attempts to get it right.
13. Web Attacks
Web attacks refer to threats that target vulnerabilities in web-based applications. Every time
you enter information into a web application, you are initiating a command that generates a
response. For example, if you are sending money to someone using an online banking
application, the data you enter instructs the application to go into your account, take money
out, and send it to someone else’s account. Attackers work within the frameworks of these
kinds of requests and use them to their advantage.
Some common web attacks include SQL injection and cross-site scripting (XSS), which will
be discussed later in this article. Hackers also use cross-site request forgery (CSRF) attacks and
parameter tampering. In a CSRF attack, the victim is fooled into performing an action that
benefits the attacker. For example, they may click on something that launches a script designed
to change the login credentials to access a web application. The hacker, armed with the new
login credentials, can then log in as if they are the legitimate user.
Parameter tampering involves adjusting the parameters that programmers implement as
security measures designed to protect specific operations. The operation’s execution depends
on what is entered in the parameter. The attacker simply changes the parameters, and this allows
them to bypass the security measures that depended on those parameters.
To avoid web attacks, inspect your web applications to check for—and fix—vulnerabilities.
One way to patch up vulnerabilities without impacting the performance of the web application
is to use anti-CSRF tokens. A token is exchanged between the user’s browser and the web
application. Before a command is executed, the token’s validity is checked. If it checks out, the
command goes through—if not, it is blocked. You can also use SameSite flags, which only
allow requests from the same site to be processed, rendering any site built by the attacker
powerless.
14. Insider Threats
Sometimes, the most dangerous actors come from within an organization. People within a
company’s own doors pose a special danger because they typically have access to a variety of
systems, and in some cases, admin privileges that enable them to make critical changes to the
system or its security policies.
In addition, people within the organization often have an in-depth understanding of its
cybersecurity architecture, as well as how the business reacts to threats. This knowledge can
be used to gain access to restricted areas, make changes to security settings, or deduce the best
possible time to conduct an attack.
One of the best ways to prevent insider threats in organizations is to limit employees' access to
sensitive systems to only those who need them to perform their duties. Also, for the select few
who need access, use MFA, which will require them to use at least one thing they know in
conjunction with a physical item they have to gain access to a sensitive system. For example,
the user may have to enter a password and insert a USB device. In other configurations, an
access number is generated on a handheld device that the user has to log in to. The user can
only access the secure area if both the password and the number are correct.
While MFA may not prevent all attacks on its own, it makes it easier to ascertain who is behind
an attack—or an attempted one—particularly because only relatively few people are granted
access to sensitive areas in the first place. As a result, this limited access strategy can work as
a deterrent. Cybercriminals within your organization will know it is easy to pinpoint who the
perpetrator is because of the relatively small pool of potential suspects.
15. Trojan Horses
A Trojan horse attack uses a malicious program that is hidden inside a seemingly legitimate
one. When the user executes the presumably innocent program, the malware inside the Trojan
can be used to open a backdoor into the system through which hackers can penetrate the
computer or network. This threat gets its name from the story of the Greek soldiers who hid
inside a horse to infiltrate the city of Troy and win the war. Once the “gift” was accepted and
brought within the gates of Troy, the Greek soldiers jumped out and attacked. In a similar way,
an unsuspecting user may welcome an innocent-looking application into their system only to
usher in a hidden threat.
To prevent Trojan attacks, users should be instructed not to download or install anything unless
its source can be verified. Also, NGFWs can be used to examine data packets for potential
threats of Trojans.
16. Drive-by Attacks
In a drive-by attack, a hacker embeds malicious code into an insecure website. When a user
visits the site, the script is automatically executed on their computer, infecting it. The
designation “drive by” comes from the fact that the victim only has to “drive by” the site by
visiting it to get infected. There is no need to click on anything on the site or enter any
information.
To protect against drive-by attacks, users should make sure they are running the most recent
software on all their computers, including applications like Adobe Acrobat and Flash, which
may be used while browsing the internet. Also, you can use web-filtering software, which can
detect if a site is unsafe before a user visits it.
17. XSS Attacks
With XSS, or cross-site scripting, the attacker transmits malicious scripts using clickable
content that gets sent to the target’s browser. When the victim clicks on the content, the script
is executed. Because the user has already logged into a web application’s session, what they
enter is seen as legitimate by the web application. However, the script executed has been altered
by the attacker, resulting in an unintended action being taken by the “user.”
For example, an XSS attack may change the parameters of a transfer request sent through an
online banking application. In the falsified request, the intended recipient of the transferred
money has their name replaced with that of the attacker. The attacker may also change the
amount being transferred, giving themselves even more money than the target initially intended
to send.
One of the most straightforward ways of preventing XSS attacks is to use a whitelist of
allowable entities. This way, anything other than approved entries will not be accepted by the
web application. You can also use a technique called sanitizing, which examines the data being
entered, checking to see if it contains anything that can be harmful.
18. Eavesdropping Attacks
Eavesdropping attacks involve the bad actor intercepting traffic as it is sent through the
network. In this way, an attacker can collect usernames, passwords, and other confidential
information like credit cards. Eavesdropping can be active or passive.
With active eavesdropping, the hacker inserts a piece of software within the network traffic
path to collect information that the hacker analyses for useful data. Passive eavesdropping
attacks are different in that the hacker “listens in,” or eavesdrops, on the transmissions, looking
for useful data they can steal.
Both active and passive eavesdropping are types of MITM attacks. One of the best ways of
preventing them is by encrypting your data, which prevents it from being used by a hacker,
regardless of whether they use active or passive eavesdropping.
19. Birthday Attack
In a birthday attack, an attacker abuses a security feature: hash algorithms, which are used to
verify the authenticity of messages. The hash algorithm is a digital signature, and the receiver
of the message checks it before accepting the message as authentic. If a hacker can create a
hash that is identical to what the sender has appended to their message, the hacker can simply
replace the sender’s message with their own. The receiving device will accept it because it has
the right hash.
The name “birthday attack” refers to the birthday paradox, which is based on the fact that in a
room of 23 people, there is more than a 50% chance that two of them have the same birthday.
Hence, while people think their birthdays, like hashes, are unique, they are not as unique as
many think.
To prevent birthday attacks, use longer hashes for verification. With each extra digit added to
the hash, the odds of creating a matching one decrease significantly.
20. Malware Attack
Malware is a general term for malicious software, hence the “mal” at the start of the word.
Malware infects a computer and changes how it functions, destroys data, or spies on the user
or network traffic as it passes through. Malware can either spread from one device to another
or remain in place, only impacting its host device.
Several of the attack methods described above can involve forms of malware, including MITM
attacks, phishing, ransomware, SQL injection, Trojan horses, drive-by attacks, and XSS
attacks.
In a malware attack, the software has to be installed on the target device. This requires an action
on the part of the user. Therefore, in addition to using firewalls that can detect malware, users
should be educated regarding which types of software to avoid, the kinds of links they should
verify before clicking, and the emails and attachments they should not engage with.

Network Security Approaches:

Network security is any activity designed to protect the usability and integrity of your network
and data. It includes both hardware and software technologies. It targets a variety of threats and
stops them from entering or spreading on your network. An effective network security manages
access to the network.
Types of network security
1. Firewalls: Firewalls put up a barrier between your trusted internal network and untrusted
outside networks, such as the Internet. They use a set of defined rules to allow or block traffic.
A firewall can be hardware, software, or both. Cisco offers unified threat management (UTM)
devices and threat-focused next-generation firewalls.
2. Email security: Email gateways are the number one threat vector for a security breach.
Attackers use personal information and social engineering tactics to build sophisticated
phishing campaigns to deceive recipients and send them to sites serving up malware. An email
security application blocks incoming attacks and controls outbound messages to prevent the
loss of sensitive data.
3. Anti-virus and anti-malware software: "Malware," short for "malicious software,"
includes viruses, worms, Trojans, ransomware, and spyware. Sometimes malware will infect a
network but lie dormant for days or even weeks. The best antimalware programs not only scan
for malware upon entry, but also continuously track files afterward to find anomalies, remove
malware, and fix damage.
4. Network segmentation: Software-defined segmentation puts network traffic into different
classifications and makes enforcing security policies easier. Ideally, the classifications are
based on endpoint identity, not mere IP addresses. You can assign access rights based on role,
location, and more so that the right level of access is given to the right people and suspicious
devices are contained and remediated.
5. Access control: Not every user should have access to your network. To keep out potential
attackers, you need to recognize each user and each device. Then you can enforce your security
policies. You can block noncompliant endpoint devices or give them only limited access. This
process is network access control (NAC).
6. Application security: Any software you use to run your business needs to be protected,
whether your IT staff builds it or whether you buy it. Unfortunately, any application may
contain holes, or vulnerabilities, that attackers can use to infiltrate your network. Application
security encompasses the hardware, software, and processes you use to close those holes.
7. Behavioural analytics: To detect abnormal network behaviour, you must know what normal
behaviour looks like. Behavioural analytics tools automatically discern activities that deviate
from the norm. Your security team can then better identify indicators of compromise that pose
a potential problem and quickly remediate threats.
8. Data loss prevention: Organizations must make sure that their staff does not send sensitive
information outside the network. Data loss prevention, or DLP, technologies can stop people
from uploading, forwarding, or even printing critical information in an unsafe manner.
9. Intrusion prevention system: An intrusion prevention system (IPS) scans network traffic
to actively block attacks. Cisco Next-Generation IPS (NGIPS) appliances do this by correlating
huge amounts of global threat intelligence to not only block malicious activity but also track
the progression of suspect files and malware across the network to prevent the spread of
outbreaks and reinfection.
10. Mobile device security: Cybercriminals are increasingly targeting mobile devices and
apps. Within the next 3 years, 90 percent of IT organizations may support corporate
applications on personal mobile devices. Of course, you need to control which devices can
access your network. You will also need to configure their connections to keep network traffic
private.
11. Security information and event management: SIEM products pull together the
information that your security staff needs to identify and respond to threats. These products
come in various forms, including physical and virtual appliances and server software.
12. Virtual private network: A virtual private network (VPN) encrypts the connection from
an endpoint to a network, often over the Internet. Typically, a remote-access VPN uses IPsec
or Secure Sockets Layer to authenticate the communication between device and network.
13. Web security: A web security solution will control your staff’s web use, block web-based
threats, and deny access to malicious websites. It will protect your web gateway on site or in
the cloud. "Web security" also refers to the steps you take to protect your own website.
14. Wireless security: Wireless networks are not as secure as wired ones. Without stringent
security measures, installing a wireless LAN can be like putting Ethernet ports everywhere,
including the parking lot. To prevent an exploit from taking hold, you need products
specifically designed to protect a wireless network.

Introduction To Classic Security Models

These models are used for maintaining goals of security, i.e. Confidentiality, Integrity, and
Availability. In simple words, it deals with CIA Triad maintenance. There are 3 main types of
Classic Security Models.
❖ Bell-LaPadula
❖ Biba
❖ Clarke Wilson Security Model

1. Bell-LaPadula
This Model was invented by Scientists David Elliot Bell and Leonard .J. LaPadula. Thus this
model is called the Bell-LaPadula Model. This is used to maintain the Confidentiality of
Security. Here, the classification of Subjects(Users) and Objects(Files) are organized in a non-
discretionary fashion, with respect to different layers of secrecy.

It has mainly 3 Rules:

Simple confidentiality rule: Simple Confidentiality Rule states that the Subject can only Read
the files on the Same Layer of Secrecy and the Lower Layer of Secrecy but not the Upper Layer
of Secrecy, due to which we call this rule as NO READ-UP
Star confidentiality rule: Star Confidentiality Rule states that the Subject can only Write the
files on the Same Layer of Secrecy and the Upper Layer of Secrecy but not the Lower Layer
of Secrecy, due to which we call this rule as NO WRITE-DOWN
Strong star confidentiality rule: Strong Star Confidentiality Rule is highly secured and
strongest which states that the Subject can Read and Write the files on the Same Layer of
Secrecy only and not the Upper Layer of Secrecy or the Lower Layer of Secrecy, due to which
we call this rule as NO READ WRITE UP DOWN
2. Biba
This Model was invented by Scientist Kenneth .J. Biba. Thus, this model is called Biba Model.
This is used to maintain the Integrity of Security. Here, the classification of Subjects(Users)
and Objects(Files) are organized in a non-discretionary fashion, with respect to different layers
of secrecy. This works the exact reverse of the Bell-LaPadula Model.

It also has mainly 3 Rules:

Simple integrity rule: Simple Integrity Rule states that the Subject can only Read the files on
the Same Layer of Secrecy and the Upper Layer of Secrecy but not the Lower Layer of Secrecy,
due to which we call this rule as NO READ DOWN
Star integrity rule: Star Integrity Rule states that the Subject can only Write the files on the
Same Layer of Secrecy and the Lower Layer of Secrecy but not the Upper Layer of Secrecy,
due to which we call this rule as NO WRITE-UP
Strong star integrity rule: Strong Star Integrity Rule is highly secured and strongest which
states that the Subject can Read and Write the files on the Same Layer of Secrecy only and not
the Upper Layer of Secrecy or the Lower Layer of Secrecy, due to which we call this rule as
NO READ WRITE UP DOWN.
3. Clarke Wilson Security Model
This Model is a highly secured model. It has the following entities.
SUBJECT: It is any user who is requesting for Data Items.
CONSTRAINED DATA ITEMS: It cannot be accessed directly by the Subject. These need
to be accessed via Clarke Wilson Security Model
UNCONSTRAINED DATA ITEMS: It can be accessed directly by the Subject.

The Components of Clarke Wilson Security Model

TRANSFORMATION PROCESS: Here, the Subject’s request to access the Constrained
Data Items is handled by the Transformation process which then converts it into permissions
and then forwards it to Integration Verification Process
INTEGRATION VERIFICATION PROCESS: The Integration Verification Process will
perform Authentication and Authorization. If that is successful, then the Subject is given access
to Constrained Data Items.

Practices for Network Security Management

In the ever-evolving landscape of cybersecurity, the significance of network security
management can’t be overstated. Since the number of threats keeps increasing and data
breaches become more common every year, you should treat managing network security as
your top priority. In this article, we take a look at 10 network security management best
practices that will fortify your organization’s cybersecurity.
1. Adopt a Formal Information Security Governance Framework
Implementing an information security governance framework plays a crucial role in ensuring
good network security. While having a top-notch cybersecurity tool stack is also a must, this
framework will help your team learn how to identify, investigate, and respond proactively to
attacks.
But what exactly is information security governance?
It refers to how your organization implements and manages a cyber security strategy. It outlines
security procedures, protocols, and policies, and makes sure your organization manages
information in an industry-compliant way.
For example, companies need to create secure, industry-compliant data retention policies and
archive all of their email communications in a format that can’t be modified, but is fully
searchable.
Information security governance regulates all this and helps you stay on top of the latest data
protection and compliance laws.
2. Implement Data Loss Prevention
Trusting your employees is great, but it isn’t a network security best practice nor is it a strategy.
isn’t one of them. The truth is that almost 20% of data breaches involve internal factors,
including employee breaches.
That’s why it’s crucial to implement data loss prevention (DLP) software, whose purpose is to
monitor your network and spot whether an employee violates sensitive data security policies
by transferring it to an unsafe system or creating an unauthorized copy.
This way, you can prevent both accidental and malicious leaks, as the DLP can be used to
control who has access to confidential data and monitor the activity of your employees,
vendors, and contractors.
3. Perform Regular Data Backups
Businesses collect, produce, and store massive amounts of data, and losing any of these could
have a crippling effect. It’s not only about losing crucial data. You can also get hefty fines and
penalties for non-compliance if it turns out during an audit that some data is missing.
Backing up your data regularly is one of the network security best practices as it protects you
from data loss. It allows you to rest easy as you can be assured that you won’t lose all of your
data to accidental deletions, corruption, breaches, or ransomware attacks.
To protect your sensitive company data against any of these incidents, one of the best network
security management practices is to create at least three copies of your files. One copy should
be your working copy that’s currently live, the other should be a local backup, inside your
facility, a copy that can easily be accessed. The third copy should always be off-site on the
cloud or a physical copy that can’t be accessed from your organization.
4. Watch Out for Social Engineering Attacks
Social engineering is an intricate tactic used to obtain passwords and access credentials by
manipulating individuals. They rely on psychological exploits rather than technical
vulnerabilities in your system. It’s so common that 98% of all cyber-attacks rely on social
engineering.
It’s precisely because they don’t exploit technical vulnerabilities that they’re so difficult to
detect and prevent, as most organizations aren’t equipped to minimize human error. Hackers
exploit these small human errors to divulge sensitive information without your employees even
being aware of what’s happening.
While there are no dedicated tools to stop social engineering attacks, there are still steps you
can take to prevent them.
❖ Use email filtering tools
❖ Implement strong password policies
❖ Reassess access credentials regularly
❖ Make multi-factor authentication (MFA) mandatory
❖ Have regular internal security audits.
❖ Monitor network traffic
❖ Protect your organization from compliance fines and penalties.

5. Educate Your Employees

Frankly, the most effective network security management practice you can take to prevent
social engineering attacks is to educate your employees. As much as 82% of security breaches
are caused by human error, so educating your employees on network security management
should be your top priority.
Don’t suppose that everyone knows the basics of cyber security. Instead, organize training
sessions where your team will learn more about:
❖ Creating strong passwords
❖ What phishing is and what a phishing email looks like
❖ Potentially dangerous applications and how they work
❖ Data protection policies, procedures, and regulations
Besides the basics, try to go over other important topics like:
 ❖ Incident response plans
❖ Endpoint security practices
❖ Remote access guidelines
❖ Monitoring protocols
❖ Your current vulnerabilities
❖ Past incidents
❖ Employee reporting procedures
Security and threats are ever-evolving and your employees need to be trained and re-trained
regularly to prevent any security breaches.
6. Onboard New Employees and Third-Party Users
To expand on the human side of network security management, you’re probably constantly
having an influx of new people in your organization. Be it new hires, vendors, contractors, or
stakeholders — none of them is aware of how you’re managing network security. This instantly
makes them the biggest risk.
You need to take time to create a security-focused onboarding process and teach the new people
everything they need to know. This way, you won’t have to worry about whether they’re aware
of all the cyber security risks and policies. It’s the best practice for network security to test your
new hires after the onboarding process and keep a closer eye on how they work with technology
in the first few months.
In addition to that, include relevant procedures and policies clearly stating everyone’s
responsibilities in employment contracts. Ensuring you’re all on the same page regarding IT
security practices is essential for keeping your organization safe.
7. Keep Your Software Up to Date
One of the biggest mistakes you can make is not updating your software regularly. Don’t forget
that cybercriminals are always looking to identify system vulnerabilities and inventing new
ways and tools that will allow them to break into companies’ networks.
Software updates are there for a reason. Each new update makes it harder for hackers to get
into your systems. By installing security patches and updating your software regularly, you’ll
keep these threats at bay.
It’s always a good network management practice to keep an eye on all the news about the
software you are using and its community as you might learn about a new vulnerability and
have time to act.
8. Build an Incident Response Plan
Even if you’ve taken all the security measures we’ve discussed so far, you can still suffer a
system breach. To prevent the worst-case scenario, it’s important to have an incident response
plan ready in advance. This will allow you and your employees to act quickly, mitigate the
potential consequences of the breach, and start the recovery procedures right away.
Here’s an example plan:
❖ Verify that the security incident is a data breach.
 ❖ Identify the affected systems and parties.
❖ Isolate affected systems to prevent further issues.
❖ Shut down all the affected systems.
❖ Inform all the stakeholders about the problem.
❖ Working with the legal team to comply with regulations.
❖ Conduct thorough research on what was affected, lost, and how it happened.
❖ Recover the data from a copy server.
❖ Document the breach and upgrade security measures.
This is only one example of an incident response plan and yours could be very different
depending on the data you’re working with.
9. Perform Regular Network Audits
Even with years of network security management implementations, you can never be 100%
sure you’re safe, especially with how data breaches are evolving. Conduct routine security
audits to identify and address vulnerabilities in your systems and processes. These security
checkups can even be performed by an external company that specializes in finding
vulnerabilities in other organizations.
10. Implement PCAP
Packet capture (PCAP) intercepts data packets as they move through your network and
temporarily stores them for analysis. Analysing these packets can help you diagnose network
problems and determine which paths your packets are taking or if they were intercepted by a
third party. Knowing the path, they took can tell you a lot about how well your organization is
taking security measures and who can see your information. This is especially important when
auditing your security or implementing new measures based on your current state.

Basic Security Principles

There are four basic security principles: access, authentication, authorization, and accounting.
1. Access
Use physical and software controls to protect your hardware or data from intrusion.
For hardware, access limits usually mean physical access limits.
For software, access limits usually mean both physical and virtual means.
Firmware cannot be changed except through the Oracle update process.
2. Authentication
Authentication provides a means to identify a person or entity. Set up all authentication features
such as a password system in your platform operating systems to verify that users are who they
say they are.
Authentication provides varying degrees of security through measures such as badges and
passwords. For example, ensure that personnel use employee badges properly to enter a
computer room.
 3. Authorization
Authorization defines what an authenticated user or entity can do. Use authorization to ensure
company personnel can only work with hardware and software that they are trained and
qualified to use.
For example, set up a system of read/write/execute permissions to control user access to
commands, disk space, devices, and applications.
4. Accounting
Customer IT personnel can use Oracle software and hardware features to monitor login activity
and maintain hardware inventories.
Use system logs to monitor user logins. In particular, track system administrator and service
accounts through system logs because these accounts can access powerful commands.
Periodically retire or archive log files when they exceed a reasonable size, in accordance with
the customer company policy. Log files can become very large over time, so it is essential to
maintain them.
Use component serial numbers to track system assets for inventory purposes. Oracle part
numbers are electronically recorded on all cards, modules, and motherboards.

What are the ethical and legal issues in information security?

In computer science, ethics are regarded as how professionals make decisions for professional
and social conduct. There are rules and practices that determine what is right or wrong. Ethical
issues occur when a decision or activity creates a dispute with society's moral policies. They
could be generated due to an individual or an entire organization.

Legal factors are the laws that the Government has passed. The Government has issued several
acts/ laws specifically for the computer industry. All professionals in this industry need to obey
these rules. Legal issues occur when a company or an individual violates the laws given by the
Government.

Ethical issues in information security

Ethical issues faced by organizations in information technology are generally concerned with
privacy, property rights, or the effects of an activity on society. Some of the common ethical
issues in the cyber world are as follows:
1. Privacy
Nowadays, computer users can access different information from various servers located all
over the world. Though the users have their private computer, tools, and operating system, their
network is distributed at a large scale when they try to access information. As a result, their
information is likely to be disclosed to various organizations, and their privacy is not
maintained.
Furthermore, hackers often intrude into the computer system of people and access the user's
information without authorization. Some organizations also sell the information and data of
their users. This also raises the question of user information privacy.
That is why companies need to develop ethical policies that can keep the information of their
users safe from hackers.
2. Access right
Lots of industries use computer software and technology to provide services to their customers.
This software should be capable of preventing unauthorized access to the system.
Especially in payment or banking software, the developers need to create software that
guarantees authorized access and stops malware, viruses, or unauthorized access to the system.
3. Prevention of loss
According to this ethical principle, information technology should not be used in a manner that
would cause harm or loss of property, information, ownership, or destruction of the property.
The employees, users, and other public should use all the equipment with care to prevent any
severe loss.
4. Patents
Ethical issues that are regarded to patents are tough to deal with. Patents preserve the unique
and secret part of an idea. To acquire a patent, companies need to provide proper disclosure of
the software. The patent holder also has to reveal the entire program details to a proficient
programmer. If any issues in the patent are found, the company will be answerable to the public
or Government.
5. Copyright
Copyright issues need to be taken extremely seriously by information security professionals.
Copyright laws are created to protect computer software before and after a security breach such
as the mishandling of data, misusing information, documentation, computer programs, or any
other material. Most countries have different laws to handle copyright issues occurring in the
cyber world.
6. Trade secrets
Another common ethical issue in the computer world is trade secrets. Trade secrets keep the
value and importance of the ideas, business, or software secure. According to this ethic, the
confidential data of an organization should not be leaked to outsiders. If this law is broken, it
may cause much harm to the company. Therefore, the company's staff and all individuals need
to obey this law.
7. Piracy
Piracy means the creation and usage of illegal copies of the software. This issue commonly
occurs in today's world. Software owners have the right to choose how to distribute the software
and whether users can create copies of the software. If a developer does not allow duplication
of the software, it is considered piracy whenever the software is duplicated. The individual who
duplicates the software is also held guilty for that.
The software industry is facing a high number of piracy issues nowadays. Courts are also
working to prepare strict laws to prevent piracy.
Legal issues in information security
Similar to ethical issues, information technology organizations are also bound to follow laws
issued by the Government. If a company fails to provide satisfactory service to the client or
cheats the client, the organization is held guilty in court. The most common legal issues that
occur in the information security industry are as mentioned below.
1. Violation of contract
When a client or organization decides to work with each other, the details are finalized by
creating a contract. The contract contains the work duration, the purpose of the work, and other
details related to the project. Before getting the client on board, it is necessary to discuss the
contract and get all the details approved by the client.
Later, if the client or the organization violates the contract, they may face legal issues. Either
party can file an issue in court and get the conflict solved according to the computer acts defined
by the Government.
2. Negligence of contract
If a company fails to fulfil the client's requirements (as mentioned in the contract), it is
considered negligence of the contract. In such cases, the company will also be considered guilty
and will have to prove itself in court.
Information technology needs to ensure they deliver the correct services to the client within the
mentioned time duration to avoid such legal issues.

Types of Attacks
There are two main types of network attacks:
 1. Passive
In passive network attacks, malicious parties gain unauthorized access to networks, monitor,
and steal private data without making any alterations.
2. Active
Active attacks are a type of cybersecurity attack in which an attacker attempts to alter, destroy,
or disrupt the normal operation of a system or network.