Cyber Security Vulnerabilities-

What is Vulnerability in Cyber Security?

A vulnerability in cyber security refers to any weakness
in an information system, system processes, or internal
controls of an organization. These vulnerabilities are
targets for lurking cybercrimes and open to exploitation
through the points of vulnerability.

The hackers are able to gain illegal access to the systems

and data and cause severe damage. Therefore,
cybersecurity vulnerabilities are extremely important to
monitor for the overall security posture as gaps in a
network can result in a full-scale breach of systems in an
organization.
How is vulnerability different from a cyber security
threat and risk?
Vulnerabilities are not introduced to a system; rather they
are there from the beginning. There are not many cases
involving cybercrime activities that lead to
vulnerabilities. They are typically a result of operating
system flaws or network misconfigurations.

Cyber security threats, on the other hand, are

introduced to a system like a virus download or a social
engineering attack.
Cyber security risks are generally classified as
vulnerabilities, which can lead to confusion as they are
not one and the same. Risks are actually the probability
and impact of a vulnerability being exploited.

If these two factors are low, then the risk is low. It is

directly proportional, in which case, the inverse is also
true; high probability and impact of vulnerabilities lead to
high risks.
Types of Vulnerabilities-
System Misconfigurations
Network assets that have disparate security controls or
vulnerable settings can result in system
misconfigurations.

Cybercriminals commonly probe networks for system

misconfigurations and gaps that look exploitable. Due to
the rapid digital transformation, network
misconfigurations are on the rise.
Out-of-date or Unpatched Software
Similar to system misconfigurations, hackers tend to
probe networks for Unpatched systems that are easy
targets. These Unpatched vulnerabilities can be exploited
by attackers to steal sensitive information.

To minimize these kinds of risks, it is essential to

establish a patch management schedule so that all the
latest system patches are implemented as soon as they are
released.
Missing or Weak Authorization Credentials
A common tactic that attackers use is to gain access to
systems and networks through brute force like guessing
employee credentials.

That is why it is crucial that employees be educated on

the best practices of cybersecurity so that their login
credentials are not easily exploited.
Malicious Insider Threats
Whether it’s with malicious intent or unintentionally,
employees with access to critical systems sometimes end
up sharing information that helps cyber criminals breach
the network.

Insider threats can be really difficult to trace as all actions

will appear legitimate.
Missing or Poor Data Encryption
It’s easier for attackers to intercept communication
between systems and breach a network if it has poor or
missing encryption. When there is poor or unencrypted
information, cyber adversaries can extract critical
information and inject false information onto a server.

This can seriously undermine an organization’s efforts

toward cyber security compliance and lead to fines from
regulatory bodies.
Vulnerabilities in software-
Software vulnerabilities are weaknesses or flaws present
in your code. Software vulnerabilities must be identified
and prevented.
OR

A security flaw, glitch, or weakness found in software

code that could be exploited by an attacker.
Top 10 Most Common Software Vulnerabilities-
Broken Access Control
User restrictions must be properly enforced. If they are
broken, it can create a software vulnerability.
Untrustworthy agents can exploit that vulnerability.

Cryptographic Failures
Sensitive data — such as addresses, passwords, and
account numbers — must be properly protected. If it
isn't, untrustworthy agents take advantage of the
vulnerabilities to gain access.
Injection
Injection flaws occur when untrusted data is sent as part
of a command or query. The attack can then trick the
targeted system into executing unintended commands. An
attack can also provide untrustworthy agents access to
protected data.

Insecure Design
Insecure design refers to risks related to design flaws,
which often includes the lack of at least one of the
following:
Example - Threat modeling, Secure design patterns,
Secure design principles, Reference architecture
Security Misconfiguration
•Security misconfigurations are often the result of:
•Insecure default configurations.
•Incomplete or impromptu configurations.
•Open Cloud storage.
•Misconfigured HTTP headers.
•Wordy error messages that contain sensitive information.
Vulnerable and Outdated Components
Components are made up of libraries, frameworks, and
other software modules. Often, the components run on
the same privileges as your application.

If a component is vulnerable, it can be exploited by an

untrustworthy agent. This causes serious data loss or
server takeover.
 Identification and Authentication Failures
Authentication and session management application
functions need to be implemented correctly. If they aren't,
it creates a software vulnerability that can be exploited by
untrustworthy agents to gain access to personal
information.

Software and Data Integrity Failures

Software and data integrity failures refer to assumptions
made about software updates, critical data, and CI/CD
pipelines without verifying integrity. In addition,
deserialization flaws often result in remote code
execution.
Security Logging and Monitoring Failures
Insufficient logging and monitoring processes are
dangerous. This leaves your data vulnerable to tampering,
extraction, or even destruction.

Server-Side Request Forgery

Server-side request forgery refers to data that shows a
relatively low incidence rate with above average testing
coverage, and an above-average rating for Exploit and
Impact potential.
System Administration-
Some Network Security Vulnerabilities in System
Administration-
Access control list or ACLs are a set of if-then rules set
on a router to allow or deny a specific group of IP to send
or receive traffic from your network into another
network.
•ACLs on the border router-
The ACLs you place in your router, especially in the
border router, should not allow inadequate access to your
other devices connected to your router. A few
misconfigured router ACLs can potentially allow
information leakage through ICMP, IP, NetBIOS, and
lead to unauthorized access
Types Of Network Security Vulnerabilities-
Remote Access Point
You may have to set remote access point to facilitate
remote users to login to your network. But remember that
unsecured and unmonitored remote access points are one
of the easiest ways to get access to your network.

Information leakage
The operating system and application versions, users,
groups, shares, DNS information, via zone transfers, and
running services like SNMP finger, SMTP, telnet,
NetBIOS etc. can provide the attackers valuable
information
Running services
Every server runs applications that depend on specific
server. If a host runs unnecessary services such as RPC,
FTP, DNS, SMTP, you can simply stop or delete them.
Run only the services that you need to run your
applications.

Weak passwords
Make sure nobody using weak, reused and easily guessed
passwords. Enforce a password complexity policy in your
server.
Default users
You may have to install test servers for development
purposes. Make sure all the test users’ accounts do not
have excessive administrative privileges. Also make sure
there are no default users in your routers, firewalls,
servers and other networking devices.

Misconfigured servers
Make sure you do not have single misconfigured Internet
servers, especially CGI and ASP scripts on web servers,
web folders with global-writable permission. A single
misconfigured server can make your entire network
vulnerable to attack and other sorts of vulnerabilities.
Misconfigured network device
The internal networks may have misconfigured firewall
and router. A misconfigured ACL is enough to allow
outsiders to your internal systems directly.

Software update
Application software that is unpatched, outdate,
vulnerable, or left in default configurations, especially
web servers can make your network vulnerable.
File shares and access control
You may file sever shared with everyone in the network.
Make sure that shared directories are restricted to the
internal users only. Do you need to allow the remote
users to access your shared folder?

Domain trust
Excessive trust relationships between originations can
provide attackers with unauthorized access to sensitive
systems.

Unauthenticated services
Your system may have unauthenticated services/software
that captures remote keystrokes.
Inadequate logging detection
If you have not detection capability to monitor how is
logging your network and host machine, you have no
way to know when your server/devices is compromised.

Lack of documentation and guidelines

If you do not have well-accepted and well-promulgated
security policies, procedures, standards, and guidelines in
your organization, your IT staffs’ usage of IT equipment
can make your organization vulnerable to attack or
compromised.
Complex Network Architectures-
Regardless of the industry, vertical, or market segment
they compete in, your customers’ network architectures
are becoming more distributed and complex.

These distributed networks give your customers more

options for how they interact with their users, run their
businesses, as well as enhance their capabilities to store
and analyze data at faster speeds.
However, these changes can also open up gaps in
security. Security teams must now monitor and manage
events across their broad and often unconnected
ecosystems in order to detect threats in a timely manner,
as well as to ensure that insufficient protection in one
area of the network does not result in a broader
compromise.

Specifically, monitoring security across branches,

campuses, the data center, and the cloud has become a
key challenge for network security teams.
There are three core security challenges presented by
complex networks-
Need for Manpower
Today’s complex network infrastructures require more
time and manpower than ever to manage and ensure
security.
New endpoints, applications, and multi-cloud
environments mean that security teams have to monitor
each solution separately to ensure they have consistent
visibility into data use and movement across the network,
as well as to detect and prevent any security incidents
Disparate Solutions
Your customers know security is necessary. Therefore, as
they add network capabilities they are also often adding
the specific security features needed to protect those
individual areas.

However, adding multiple, disparate, and often isolated

solutions to the network actually increases complexity,
which in turns decreases security efficacy.
Cyberattacks-
Cybercriminals are becoming more advanced by using
sophisticated tools such as Autosploit that
leverage automation and AI to make their attacks more
effective.

These attacks also increasingly targeting attack new

vectors, such as IoT devices and cloud environments,
which are part of complex networks where new
vulnerabilities exist and the greater number of entryways
and access points are more difficult to secure.
Open Access to Organisational data-
In today’s computerized world, new risks emerge every
hour of every day. Connecting to the Internet opens up
the possibility of a hacker targeting your organization.

Cybercrime is becoming big business and cyber risk a

focus of organizations and governments globally.
A ‘Cyber Security Breaches Survey 2018’ revealed that
over four in ten (43%) businesses and two in ten (19%)
charities in the UK suffered a cyberattack.

The survey found that 38% of small businesses had spent

nothing at all to protect themselves from cybersecurity
threats. A separate survey also found that a third of UK
small businesses are risking their online safety by
operating at or below the “security poverty line”.
3 ways to mitigate your data risks
First, don’t move your data around. If you're creating
copies of your data and shipping it all over the place,
you’re creating risk.

Secondly, you need to ensure that the only people who

have access to your data are those that can and should
have access to it.
Thirdly, have a consistent definition-From a governance
perspective, it’s also important to have consistent
business logic for your data. You don’t want to have five
different definitions of what a customer, product or
revenue is.

Everyone in your organization should have the same

conversation about data. To do this you need to ensure
that the rules and business logic that is being created
around your data is consistent and applied equally to
every piece of analysis.
What Is Authentication ?
“Authentication” refers to the process of proving an
identity to an application or system. That is, the task of
demonstrating that you are who you claim to be.

In software systems, this usually means providing a

password for a corresponding user or account identifier.
Weak Authentication-
Weak Authentication describes any scenario in which the
strength of the authentication mechanism is relatively
weak compared to the value of the assets being protected.
It also describes scenarios in which the authentication
mechanism is vulnerable.

Clearly the authentication strength of a system should

correlate to the value of the assets it is protecting.

Two-Factor and Multi-Factor Authentication solutions

are appropriate for systems that deal with highly valued
assets
difference between authentication and authorization?
Authentication is the process of verifying that a user
really is who they claim to be, whereas authorization
involves verifying whether a user is allowed to do
something.
In the context of a website or web application,
authentication determines whether someone attempting to
access the site with the username Carlos123 really is the
same person who created the account.
Once Carlos123 is authenticated, his permissions
determine whether or not he is authorized,
for example, to access personal information about other
users or perform actions such as deleting another user's
account.
Unprotected Broadband communications-
An unsecure wireless connection is one you can access
without a password. Public networks offered in places
like cafes are often open. Although these provide free
wireless Internet access, using public Internet comes with
dangers.

When you connect to a public network, remember that

several other users are also connected at the same time.
So, if a hacker is able to access the public Wi-Fi router,
there is a risk that he may be able to steal your personal
and confidential information.
Risk of Eavesdropping
An eavesdropping attack occurs when a hacker
intercepts, deletes, or modifies data that is transmitted
between two devices. Eavesdropping, also known as
sniffing or snooping, relies on unsecured network
communications to access data in transit between devices.

There is a risk of eavesdropping by hackers when you

use public networks. They may use “man in the middle”
style to gain access to your personal data.

The hacker may be able to eavesdrop on your information

as it passes from your phone or computer to any website
you may use.
Here are some other risks of using unprotected public
networks:
•As these networks do not require any authentication, the
hackers receive unfettered access to unprotected gadgets
within the same network.

•The hackers may position between you and the hotspot,

which leaves you vulnerable to attacks.

•If a hacker gets access to your personal information, he

may misuse the same at any point in time.
•Unsecured Wi-Fi networks are also used by cyber
criminals to distribute infected software like viruses and
malware.

•Intruders may not damage the public network but may

use it for illegal purposes that may have severe
repercussions.
Poor Cyber Security Awareness-
Cybersecurity awareness involves being mindful of
cybersecurity in day-to-day situations. Being aware of
the dangers of browsing the web, checking email and
interacting online are all components of cybersecurity
awareness.
The top 12 cyber security awareness training topics:

Phishing Attacks-
Phishing remains one of the most effective avenues of
attack for cyber criminals. Having doubled in 2020,
phishing attacks steadily increased throughout 2021,
with remote work making it harder for businesses to
ensure their users aren't falling victim.
Removable Media-
Another security awareness topic that is used daily by
companies is removable media. Removable media is the
portable storage medium that allows users to copy data to
the device and then remove it from the device to another
and vice versa.
Few common examples of removable media you and
your employees might use in the workplace are:
•USB sticks
•SD cards
•CDs
•Smartphones
Passwords and Authentication-
A very simple but often overlooked element that can help
your company's security is password security. Often
commonly used passwords will be guessed by malicious
actors in the hope of gaining access to your accounts.

Using simple passwords, or having recognisable

password patterns for employees can make it simple for
cyber-criminals to access a large range of accounts. Once
this information is stolen it can be made public or sold
for profit on the deep web.
Physical Security-
If you're one of those people who leave their passwords
on sticky notes on their desk, you may want to throw
them away. Though many attacks are likely to happen
through digital mediums, keeping sensitive physical
documents secured is vital to the integrity of your
company's security system.
Mobile Device Security-
The changing landscape of IT technologies has improved
the ability for flexible working environments, and along
with it more sophisticated security attacks.

With many people now having the option to work on the

go using mobile devices, this increased connectivity has
come with the risk of security breaches
Working Remotely-
In 2021, the obvious need for remote working, combined
with the increasing uptake, led to many companies taking
drastic steps towards full time working from home
policies. Remote working can be positive for companies
and empowering for employees promoting increased
productivity and greater work-life balance.

This trend does however pose an increased threat to

security breaches when not safely educated on the risks
of remote working.
Public Wi-Fi
Some employees who need to work remotely, travelling
on trains and working on the move may need extra
training in understanding how to safely use public Wi-Fi
services.

Fake public Wi-Fi networks, often posing in coffee shops

as free Wi-Fi, can leave end-users vulnerable to entering
information into non-secure public servers.
Cloud Security-
Cloud computing has revolutionised businesses, the way
data is stored and accessed. These digital applications are
transforming businesses, however, with large amounts of
private data being stored remotely comes the risk of
large-scale hacks.

Many big companies are working on data protection, but

by choosing the right cloud service provider cloud
storage can be a much safer and cost-effective way of
storing your company's data.
Social Media Use-
We all share large parts of our lives on social media: from
holidays to events and work. But over sharing can lead to
sensitive information being available, making it easy for
a malicious actor to pose as a trusted source

Educating employees on protecting the privacy settings

of their social media accounts, and preventing the spread
of public information of your company will reduce the
risk
Internet and Email Use-
Some employees may have already been exposed to data
breaches, by using simple or repeat emails for multiple
accounts. One study found that 59% of end-users use the
same password for every account.

This means that if one account is compromised, a hacker

can use this password on work and social media accounts
to gain access to all of the user's information on these
accounts.
Cyber Security Safeguards- Access control
Access control is a security technique that regulates who
or what can view or use resources in a computing
environment. It is a fundamental concept in security
that minimizes risk to the business or organization.

There are two types of access control: physical and

logical.
Physical access control limits access to campuses,
buildings, rooms and physical IT assets. Logical access
control limits connections to computer networks, system
files and data.
Types of access control
The main models of access control are the following:
Mandatory access control (MAC). This is a security
model in which access rights are regulated by a central
authority based on multiple levels of security. Often used
in government and military environments, classifications
are assigned to system resources and the operating
system (OS) or security kernel. It grants or denies access
to those resource objects based on the
information security clearance of the user or device.
For example, Security Enhanced Linux is an
implementation of MAC on the Linux OS.
Discretionary access control (DAC). This is an access
control method in which owners or administrators of the
protected system, data or resource set the policies
defining who or what is authorized to access the resource.

Many of these systems enable administrators to limit the

propagation of access rights. A common criticism of
DAC systems is a lack of centralized control.
Role-based access control (RBAC). This is a widely
used access control mechanism that restricts access to
computer resources based on individuals or groups with
defined business functions -- e.g., executive level,
engineer level 1, etc. -- rather than the identities of
individual users.

The role-based security model relies on a complex

structure of role assignments, role authorizations and role
permissions developed using role engineering to regulate
employee access to systems. RBAC systems can be used
to enforce MAC and DAC frameworks.
Rule-based access control. This is a security model in
which the system administrator defines the rules that
govern access to resource objects. Often, these rules are
based on conditions, such as time of day or location. It is
not uncommon to use some form of both rule-based
access control and RBAC to enforce access policies and
procedures.

Attribute-based access control (ABAC). This is a

methodology that manages access rights by evaluating a
set of rules, policies and relationships using the attributes
of users, systems and environmental conditions.
Audit-
A cyber security audit is a systematic and independent
examination of an organization’s cyber security. An audit
ensures that the proper security controls, policies, and
procedures are in place and working effectively.

Organizations that perform cybersecurity audits can then

take “a proactive approach when designing cybersecurity
policies, resulting in more dynamic threat management,”
Cybersecurity audits are performed by third-party
vendors to eliminate any conflicts of interest, according
to Security Scorecard. However, “they can also be
administered by an in-house team as long as they act
independently of their parent organization.”

The cybersecurity audit universe “includes all control

sets, management practices, and governance, risk and
compliance (GRC) provisions in force at the enterprise
level.

In some cases, the extended audit universe may include

third parties bound by a contract containing audit rights,”
A cyber security audit focuses on cyber security
standards, guidelines, and policies. Furthermore, it
focuses on ensuring that all security controls are
optimized, and all compliance requirements are met,
Specifically, an audit evaluates:

•Operational Security (a review of policies, procedures,

and security controls)

•Data Security (a review of encryption use, network

access control, data security during transmission and
storage
•System Security (a review of patching processes,
hardening processes, role-based access, management of
privileged accounts, etc.)

•Network Security (a review of network and security

controls, anti-virus configurations, SOC, security
monitoring capabilities)

•Physical Security (a review of role-based access

controls, disk encryption, multifactor authentication,
biometric
Authentication-
Authentication is the process of verifying the identity of
user or information. User authentication is the process of
verifying the identity of user when that user logs into a
computer system.

There are different types of authentication systems which

are: –
Single-Factor authentication: – This was the first
method of security that was developed. Now if the
username or password is wrong, then the user will not be
allowed to log in or access the system.
Two-factor Authentication: – In this authentication
system, the user has to give a username, password, and
other information.

There are various types of authentication systems that are

used by the user for securing the system. Some of them
are: – wireless tokens, virtual tokens. otp and more.
Multi-Factor authentication system: – In this type of
authentication, more than one factor of authentication is
needed. This gives better security to the user.

Any type of key logger or phishing attack will not be

possible in a Multi-Factor Authentication system. This
assures the user, that the information will not get stolen
from them.
Biometric authentication-
Biometric authentication refers to the security procedure
that involves the use of unique biological characteristics
of individuals such as retinas, irises, voices, facial
characteristics, and fingerprints in order to verify people
are who they claim to be.

This process is used to control access to physical and

digital resources, such as buildings, rooms, and
different devices.
The word biometric is a combination of two words: bio
(human) and metric (measurement).

In simpler words, biometrics are any metrics related to

human features which make an individual different
from other individuals.
Deception-
Deception technology is a cybersecurity defence practice
that aims to deceive attackers by distributing a collection
of traps and decoys across a system's infrastructure to
imitate genuine assets.

If an intruder triggers a decoy, then the server will log

and monitor the attack vectors utilized throughout the
duration of the engagement.
Deception-
Deception technology is a simple but effective approach
to building security defences that detect threats early with
low false positives and minimal performance impact on
the network.

The technology works by creating decoys – realistic-but-

fake assets (domains, databases, servers, applications,
files, credentials, cookies, sessions, and more) that are
deployed in your network alongside legitimate assets.
A Denial-of-Service (DoS) attack is an attack meant to
shut down a machine or network, making it inaccessible
to its intended users. DoS attacks accomplish this by
flooding the target with traffic, or sending it information
that triggers a crash.

In both instances, the DoS attack deprives legitimate

users (i.e. employees, members, or account holders) of
the service or resource they expected.
3 common types of DDoS attacks:

Volumetric-
The most common type of DDoS attack, volumetric
attacks flood a machine’s or a network’s bandwidth with
false data requests on every available port. This
overwhelms the network, leaving it unable to accept its
regular traffic.
Protocol-
Protocol attacks target the protocols used in transferring
data to crash a system. One of the most common is an
SYN flood, which attacks the process of making a
TCP/IP connection by sending a flood of SYN packets
asking the victim to synchronize instead of
acknowledging a connection, tying up the system while it
waits for a connection that never happens.
Application
Similar to protocol attacks, application attacks target
weaknesses in an application.

These attacks focus primarily on direct web traffic and

can be hard to catch, because a machine may think it’s
dealing with nothing more than a particularly high level
of Internet traffic.
10 ways to prevent a DDoS attack
Know your network’s traffic
Every organization’s infrastructure has typical Internet
traffic patterns — know yours. When you understand
your organization’s normal traffic pattern, you’ll have a
baseline. That way, when unusual activity occurs, you
can identify the symptoms of a DDoS attack.

Create a Denial of Service Response Plan

Do you know what will happen when and if a DDoS
attack happens? How will your organization respond? By
defining a plan in advance, you’ll be able to respond
quickly and efficiently when your network is targeted.
Make your network resilient
Your infrastructure should be as resilient as possible
against DDoS attacks. That means more than firewalls
because some DDoS attacks target firewalls.

Instead consider making sure you’re not keeping all your

eggs in the same basket — put data centers on different
networks, make sure that not all your data centers are in
the same physical location, put servers in different data
centers, and be sure that there aren’t places where traffic
bottlenecks in your network.
Practice good cyber hygiene
It goes without saying that your users should be engaging
in best security practices, including changing passwords,
secure authentication practices, knowing to
avoid phishing attacks, and so on.

The less user error your organization demonstrates, the

safer you’ll be, even if there’s an attack.
Scale up your bandwidth
If DDoS is creating a traffic jam in your network, one
way to make that traffic jam less severe is to widen the
highway. By adding more bandwidth, your organization
will be able to absorb more to absorb a larger volume of
traffic.

Take advantage of anti-DDoS hardware and software

DDoS attacks have been around for a while and some
kinds of attacks are very common. There are plenty of
products that are prepared to repel or mitigate certain
protocol and application attacks, for example. Take
advantage of those tools.
Move to the cloud
While this won’t eliminate DDoS attacks, moving to
the cloud can mitigate attacks. The cloud has more
bandwidth than on-premise resources.
For example, and the nature of the cloud means many
servers are not located in the same place.

Know the symptoms of an attack

Your network slows down inexplicably. The website
shuts down. All of a sudden, you’re getting a lot of spam.
These can all be signs of a DDoS attack. If so, the
organization should investigate.
Outsource your DDoS protection
Some companies offer DDoS-as-a-Service. Some of these
companies specialize in scaling resources to respond to
an attack, others bolster defenses, and still, others
mitigate the damage of an ongoing attack.

Monitor for unusual activity

Once you know your typical activity and the signs of an
attack, monitor your network for odd traffic.
Ethical hacking-
Ethical hacking is to scan vulnerabilities and to find
potential threats on a computer or networks.

An ethical hacker finds the weak points or loopholes in a

computer, web applications or network and reports them
to the organization.

Ethical Hacking is part of Cyber Security, which mainly

deals with finding vulnerabilities in a system and
solving them before any malicious or black-hat hacker
exploits them.
Benefits of Ethical Hacking-
•Weak points of a system can be easily found and
resolved by performing penetration testing.
•You can implement solutions for vulnerabilities to
prevent security breaches.
•Ethical Hacking protects data from being stolen by
‘black-hat hackers.’
•It helps protect networks with continuous assessments.
•Customers and investors will trust your company if the
security of the data and the system is well maintained.
These are various types of hackers:
• White Hat Hackers (Cyber-Security Hacker)
• Black Hat Hackers (Cracker)
• Gray Hat Hackers (Both)
White Hat Hackers-
Here, we look for bugs and ethically report it to the
organization. We are authorized as a user to test for bugs
in a website or network and report it to them.
White hat hackers generally get all the needed
information about the application or network to test for,
from the organization itself.

They use their skills to test it before the website goes live
or attacked by malicious hackers.
Black Hat Hackers-
Here, the organization doesn’t allow the user to test it.
They unethically enter inside the website and steal data
from the admin panel or manipulate the data.
They only focus on themselves and the advantages they
will get from the personal data for personal financial
gain. They can cause major damage to the company by
altering the functions which lead to the loss of the
company at a much higher extent.

This can even lead you to extreme consequences.

Grey Hat Hackers-
They sometimes access to the data and violates the law.
But never have the same intention as Black hat hackers,
they often operate for the common good.

The main difference is that they exploit vulnerability

publicly whereas white hat hackers do it privately for the
company.
Firewall-
A firewall is a network security device, either hardware
or software-based, which monitors all incoming and
outgoing traffic and based on a defined set of security
rules it accepts, rejects or drops that specific traffic.
Accept : allow the traffic
Reject : block the traffic but reply with an “unreachable
error”
Drop : block the traffic with no reply
Firewall-
Types of Network Firewall -
Packet Filters –
It is a technique used to control network access by
monitoring outgoing and incoming packets and allowing
them to pass or halt based on the source and destination
Internet Protocol (IP) addresses, protocols, and ports.

This firewall is also known as a static firewall.

Stateful Inspection Firewalls –
It is also a type of packet filtering which is used to
control how data packets move through a firewall. It is
also called dynamic packet filtering.

These firewalls can inspect that if the packet belongs to a

particular session or not. It only permits communication
if and only if, the session is perfectly established between
two endpoints else it will block the communication.
Application Layer Firewalls –
These firewalls can examine application layer (of OSI
model) information like an HTTP request. If finds some
suspicious application that can be responsible for
harming our network or that is not safe for our network
then it gets blocked right away.

Circuit-level gateways –
A circuit-level gateway is a firewall that provides User
Datagram Protocol (UDP) and Transmission Control
Protocol (TCP) connection security and works between
an Open Systems Interconnection (OSI) network model’s
transport and application layers such as the session layer.
Software Firewall –
The software firewall is a type of computer software that
runs on our computers. It protects our system from any
external attacks such as unauthorized access, malicious
attacks, etc. by notifying us about the danger that can
occur if we open a particular mail or if we try to open a
website that is not secure.

Cloud Firewall –
These are software-based, cloud-deployed network
devices. This cloud-based firewall protects a private
network from any unwanted access. Unlike traditional
firewalls, a cloud firewall filters data at the cloud level.
Hardware Firewall –
A hardware firewall is a physical appliance that is
deployed to enforce a network boundary.

All network links crossing this boundary pass-through

this firewall, which enables it to perform an inspection of
both inbound and outbound network traffic and enforce
access controls and other security policies.
Intrusion Detection System (IDS)
An Intrusion Detection System (IDS) is a system that
monitors network traffic for suspicious activity and
issues alerts when such activity is discovered. It is a
software application that scans a network or a system for
the harmful activity or policy breaching. Any malicious
venture or violation is normally reported either to an
administrator or collected centrally using a security
information and event management (SIEM) system.

A SIEM system integrates outputs from multiple sources

and uses alarm filtering techniques to differentiate
malicious activity from false alarms.
Classification of Intrusion Detection System:
IDS are classified into 5 types:

Network Intrusion Detection System (NIDS):

Network intrusion detection systems (NIDS) are set up at
a planned point within the network to examine traffic
from all devices on the network. It performs an
observation of passing traffic on the entire subnet and
matches the traffic that is passed on the subnets to the
collection of known attacks.

Once an attack is identified or abnormal behavior is

observed, the alert can be sent to the administrator.
Host Intrusion Detection System (HIDS):
Host intrusion detection systems (HIDS) run on
independent hosts or devices on the network. A HIDS
monitors the incoming and outgoing packets from the
device only and will alert the administrator if suspicious
or malicious activity is detected.
It takes a snapshot of existing system files and compares
it with the previous snapshot.

If the analytical system files were edited or deleted, an

alert is sent to the administrator to investigate
Protocol-based Intrusion Detection System (PIDS):
Protocol-based intrusion detection system (PIDS)
comprises a system or agent that would consistently
resides at the front end of a server, controlling and
interpreting the protocol between a user/device and the
server.

It is trying to secure the web server by regularly

monitoring the HTTPS protocol stream and accept the
related HTTP protocol.
Application Protocol-based Intrusion Detection
System (APIDS):
Application Protocol-based Intrusion Detection System
(APIDS) is a system or agent that generally resides
within a group of servers.
It identifies the intrusions by monitoring and interpreting
the communication on application-specific protocols.
Hybrid Intrusion Detection System :
Hybrid intrusion detection system is made by the
combination of two or more approaches of the intrusion
detection system. In the hybrid intrusion detection
system, host agent or system data is combined with
network information to develop a complete view of the
network system.

Hybrid intrusion detection system is more effective in

comparison to the other intrusion detection system.
Scanning-
Scanning is another essential step, which is necessary,
and it refers to the package of techniques and procedures
used to identify hosts, ports, and various services within a
network. Network scanning is one of the components of
intelligence gathering and information retrieving
mechanism an attacker used to create an overview
scenario of the target organization.

Scanning is of three types:

•Network Scanning
•Port Scanning
•Vulnerability Scanning
Network scanning-
Network scanning is a procedure for identifying active
devices on a network by employing a feature or features
in the network protocol to signal devices and await a
response.
Objectives of Network Scanning-
•To discover live hosts/computer, IP address, and open
ports of the victim.
•To discover services that are running on a host
computer.
•To discover the Operating System and system
architecture of the target.
•To discover and deal with vulnerabilities in Live hosts.
Port Scanning-
It is a conventional technique used by penetration testers
and hackers to search for open doors from which hackers
can access any organization's system. During this scan,
hackers need to find out those live hosts, firewalls
installed, operating systems used, different devices
attached to the system, and the targeted organization's
topology.
Vulnerability Scanning-
Vulnerability Scanning is the process of searching for
vulnerabilities in a computer system. It is done by a
Vulnerability Scanner. A vulnerability scanner is a
software designed for testing applications or computers
for vulnerabilities.

Vulnerabilities are identified from misconfigurations and

flawed programming within a given network. The
probability of risks in a system is identified by the
vulnerabilities present.
Security Policies-
Security policies are a formal set of rules which is issued
by an organization to ensure that the user who are
authorized to access company technology and
information assets comply with rules and guidelines
related to the security of information.

It is a written document in the organization which is

responsible for how to protect the organizations from
threats and how to handles them when they will occur.
A security policy also considered to be a "living
document" which means that the document is never
finished, but it is continuously updated as requirements
of the technology and employee changes.
Threat management-
Cyber threat management is the process of identifying,
analysing, evaluating and addressing an organisation’s
cyber security requirements.

With more than a 1,000 publicly disclosed security

incidents last year – and countless others that weren’t
reported – cyber security is a growing priority.

It’s only by actively monitoring threats throughout their

lifecycle that organisations can identify the risks that they
face and the steps they should take to mitigate them.
Threat Management service focus includes:
Harness threat intelligence, analyze probabilities of the
incident cause, monitor security 24x7, and hunt for
threats before they can attack.
Provide five core capabilities:
Intelligence: Collect, optimize, and enrich threat intelligence.
Investigation: Understand cyber threats with the business context.
Detection: Proactive detection of active, serious threats targeting
CNA networks.
Automation: Eliminate manual processes and streamline
investigation and response.
Collaboration: Secure threat sharing via trusted circles, ISACs
and ISAOs.
•Build a cost-effective Security Operations Center (SOC)
which is compliant to industry standards and driven by a
skilled team to detect and defend against threat and
intrusions
•Reduce operational complexities and costs, discover
threats early, and improve defence and response
potencies.
•Meet global regulatory compliance standards for internal
audit.
•Predict threats and equip organizations to neutralize
them in advance.