2

KCA-A01
Cyber Security

Harshita Sharma Ms. Bala Shivangi

2212000140045
B1
Q1. Suggest the practices to be performed to safeguard backups.

a ) Include backup in your security strategy :

Ensure your security policies include backup-related systems within their scope.
Practically every type of security policy -- from access control to physical security to
system monitoring and, especially, malware protection -- applies directly to data
backups.

b ) Include backup systems in your DR strategy :

Include your data backup systems in your disaster recovery and incident response
plans. Data backups can be breached, compromised or destroyed in situations such as
a ransom ware outbreak, employee break-in or something environmental including a
flood or hurricane. Otherwise, good backups can be adversely affected and you must
have a plan outlining what you're going to do if and when that time comes.

c ) Limit access rights to data backups :

Assign backup access rights only to those who have a business need to be involved in
the backup process. This goes for backup software as well as the actual backup files.
Don't overlook systems that are both on the local network and in the cloud that
provide backup access.

d ) Consider different backup locations

Store your backups off site or at least in another building. A natural disaster, a fire or
other rare, yet impactful, incident could be all that's needed to take out your data
center and your backups in one fell swoop.

e ) Limit physical access to data backups

However you choose to store your backups -- on backup servers, NAS, or even
external drives or tapes-- be sure that access is adequately controlled in those facilities.
Handle your backup files as you would any other critical hardware. You might be able
to validate this via SOC audit reports, independent security assessment reports or your
own audits.

f ) Ensure backup media devices are protected

Although the common practice today is to store backups on hard disk or solid-state
drives, some backups are still stored on portable drives, tapes and related media.
When this is the case, use a fireproof and media-rated safe. Many people store their
backups in a "fireproof" safe, but often one that's only rated for paper storage. Backup
media such as tapes, optical disks and magnetic drives have a lower burning/melting
point than paper and a standard fireproof safe only serves to provide a false sense of
security.

f ) Evaluate your vendors' security measures

Find out the security measures that your data center, cloud and courier service
providers are taking to ensure that backups remain safe in their hands. Although
lawyers like good contracts, they're not enough. Contracts do offer fallback measures,
but they won't keep sensitive data from being exposed in the first place, so make sure
reasonable and consistent security measures are in place and fall under the umbrella
of the business vendor management initiatives.

g ) Ensure your network is secure

Store backups on a separate file system or cloud storage service that's located on a
physically or logically separated network. Unique login credentials outside of the
enterprise directory service are ideal to help minimize ransom ware-related risks.
Multifactor authentication can add an additional layer of security in your backup
environment.

h ) Prioritize backup encryption

Encrypt your backups wherever possible. As with laptop computers and other mobile
devices, backup files and media must be encrypted with strong paraphrase or other
centrally managed encryption technology, especially if they're ever removed from the
premises. Encryption implemented and managed in the right way serves as an
excellent last layer of defense. It also helps provide peace of mind, knowing that the
worst outcome is that your backup files have been lost or otherwise tainted but not
accessed. This can be particularly beneficial when it comes to compliance and data
breach notification requirements.

i) Make comprehensive backups and test regularly

You've heard it a thousand times, but it deserves repeating: Your backups are only as
good as what's on the backup media. There are two sides to this coin. First, make sure
you're backing up everything that's important. Many backups are server- or
application-centric, but what about all that unstructured data scattered about your
network and in the cloud that isn't getting backed up? Second, test your backups
occasionally, especially if you're not getting any errors on your backups. There's
nothing worse than attempting to recover from a loss, only to find out your backups
are not legitimate or that you've backed up the wrong data or no data at all.

Q2. Intrusion Detection is the backbone of Information System (IS). Justify this
statement.

An intrusion detection system (IDS) is software specifically develop to monitor

network traffic and find irregularities. An IDS is designed to detect network traffic
and match traffic designs to known attacks. Through this method, sometimes known
as pattern correlation, an intrusion prevention system can determine if unusual event
is a cyberattack.
Because suspicious or malicious activity is found, an intrusion detection system will
send an alarm to specified technicians or IT administrators. IDS alarms allows us to
rapidly start troubleshooting and identify root sources of problems, or discover and
stop harmful agents in their tracks.
Intrusion Detection System (IDS) technology is an essential element in designing a
secure environment. It is an approach of security management system for computers
and networks. An IDS assemble and analyzes information from multiple areas within
a computer or a network to recognize possible security breaches, which contains both
intrusions and misuse.
It is software and hardware designed to identify unwanted attempts at accessing,
manipulating, and disabling of computer systems, generally through a network,
including the Internet. These attempts can take the form of attacks such as by
crackers, malware and disgruntled employees.
An intrusion detection system is used to identify multiple types of malicious
behaviors that can negotiate the security and trust of a computer system. This
involves network attacks against vulnerable services, data driven attacks on
applications, host based attacks including privilege escalation, unauthorized logins
and access to sensitive information, and malware (viruses, trojan horses and worms).
An IDS can be composed of multiple components such as sensors which make
security events, a Console to monitor events and alerts and control the sensors, and a
central Engine that data events logged by the sensors in a database and need a system
of rules to produce alerts from security events received.
There are various methods to categorize an IDS depends on the type and area of the
sensors and the approaches utilized by the engine to make alerts. While there are
various types of IDSs, the general types of work the same. They analyze network
traffic and log files for specific designs.
The administrator can view if it can checks the access log of the firewall, but that can
be weeks or even months after the attack. This is where an IDS appears into play. The
attempts to move through the firewall are logged, and IDS will evaluate its log. At
some point in the log there will be multiple request-reject entries.
An IDS will flag the events and alert a management. The administrator can see what
is appearing right after or even while the attacks are taking place. This provides an
administrator the benefit of being able to analyze the methods being used, source of
attacks, and approaches used by the hacker.

Q3. What is access control. Describe following security technology:

(a) Firewall
(b) VPNS

Access control is a process of selecting restrictive access to a system. It is a concept in

security to minimize the risk of unauthorized access to the business or organization. In
this, users are granted access permission and certain privileges to a system and
resources. Here, users must provide the credential to be granted access to a system.
These credentials come in many forms such as password, keycard, the biometric
reading, etc. Access control ensures security technology and access control policies to
protect confidential information like customer data.

The access control can be categories into two types-

 Physical access control

 Logical access control
Physical Access Control- This type of access control limits access to buildings,
rooms, campuses, and physical IT assets.

Logical access control- This type of access control limits connection to computer
networks, system files, and data.

The more secure method for access control involves two - factor authentication. The
first factor is that a user who desires access to a system must show credential and the
second factor could be an access code, password, and a biometric reading.

The access control consists of two main components: authorization and

authentication. Authentication is a process which verifies that someone claims to be
granted access whereas an authorization provides that whether a user should be
allowed to gain access to a system or denied it.

(a) Firewall : A firewall is a network security device, either hardware or software-

based, which monitors all incoming and outgoing traffic and based on a defined set
of security rules it accepts, rejects or drops that specific traffic. Accept : allow the
traffic Reject : block the traffic but reply with an “unreachable error” Drop : block
the traffic with no reply A firewall establishes a barrier between secured internal
networks and outside untrusted network, such as the Internet.

Firewall match the network traffic against the rule set defined in its table. Once the
rule is matched, associate action is applied to the network traffic. For example,
Rules are defined as any employee from HR department cannot access the data from
code server and at the same time another rule is defined like system administrator
can access the data from both HR and technical department. Rules can be defined on
the firewall based on the necessity and security policies of the organization. From
the perspective of a server, network traffic can be either outgoing or incoming.
Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing
traffic, originated from the server itself, allowed to pass. Still, setting a rule on
outgoing traffic is always better in order to achieve more security and prevent
unwanted communication. Incoming traffic is treated differently. Most traffic which
reaches on the firewall is one of these three major Transport Layer protocols- TCP,
UDP or ICMP. All these types have a source address and destination address. Also,
TCP and UDP have port numbers. ICMP uses type code instead of port number
which identifies purpose of that packet. Default policy: It is very difficult to
explicitly cover every possible rule on the firewall. For this reason, the firewall must
always have a default policy. Default policy only consists of action (accept, reject or
drop). Suppose no rule is defined about SSH connection to the server on the firewall.
So, it will follow the default policy. If default policy on the firewall is set to accept,
then any computer outside of your office can establish an SSH connection to the
server. Therefore, setting default policy as drop (or reject) is always a good practice.

(b) VPNS : VPN stands for Virtual Private Network. It refers to a safe and encrypted
network that allows you to use network resources in a remote manner. Using VPN,
you can create a safe connection over a less secure network, e.g. internet. It is a
secure network as it is completely isolated from rest of the internet. The government,
businesses, military can use this network to use network resources securely.
VPN is free to use and it uses site-to-site and remote access methods to work. It uses
an arrangement of encryption services to establish a secure connection. It is an ideal
tool for encryption; it provides you strong AES256 encryption with an 8192bit key.

VPN works by creating a secure tunnel using powerful VPN protocols. It hides your
IP address behind its own IP address that encrypts all your communication. Thus,
your communication passes through a secure tunnel that allows you use network
resources freely and secretly.

There are several different VPN protocols that are used to create secure networks.
Some of such protocols are given below;

 IP security (IPsec)
 Point to Point Tunneling Protocol (PPTP)
 Layer 2 Tunneling Protocol (L2TP)
 Secure Sockets Layer (SSL) and Transport Layer Security (TLS)