Page No.

Certificate
Institute Vision,
Mission and
Objectives
(Handwritten)
Page No. 2
Department Vision
and Mission
(Handwritten)
Page No. 3
Table of Content or
Index

Page No. 4
 SAVITRIBAI PHULE PUNE UNIVERSITY

Audit Course 3
2019-2020

Class: T.E Computer Department

Report on
Cyber Security

Name:- _____________________________________
Roll No.:- _____________________________________
Exam Seat No.: _________________________________

AC3 – I: Cyber Security

Course Objectives:

general status of common vulnerabilities, and the likely consequences of security

failures;
d weaknesses of general cyber security
models, including the CIA triad

security system, including hardware, software, policies, and people;

nteract to achieve effective system-wide
security at the enterprise level.
Course Outcomes:

On completion of the course, learner will be able to–

modern
information-driven enterprise—to include interrelationships across security do
mains (IT,
physical, classification, personnel, and so on)

security;
misaligning enterprise strategy, security
policy, and security plans;
Course Contents:

1. Cyber Security Basics: Introduction, Elements of Information security, Security

Policy, Techniques, Operational Model of Network Security, Terminologies in
Network Security
2. Introduction to Cryptography: Introduction, Encryption Methods: Symmetric,
Asymmetric, Public Key and Management, Authentication methods, Digital
Signatures
3. Security requirements: Electronic Mail Security: Pretty Good Privacy, MIME,
S/MIME, And Comparison. WEB Security, Secure Electronic Transaction(SET).
4. Intrusion and Firewall: Introduction to threats, Intrusion detection, IDS: Need,
Methods, Types of IDS, Password Management, Limitations and Challenges,
Firewall Introduction, Characteristics and types, Benefits and limitations. Firewall
architecture, Trusted Systems, Access Control
5. Security perspective of Hacking and its counter majors : Introduction to Hacking,
Counter majors: General Strategies
Introduction:

In general,security is―the quality or state of being secure—to be free from danger.‖11Inother

words, protection against adversaries—from those who would do harm, intentionallyor
otherwise—is the objective. National security, for example, is a multilayered system that
protects the sovereignty of a state, its assets, its resources, and its people. Achieving the appro-
priate level of security for an organization also requires a multifaceted system. A successful
organization should have the following multiple layers of security in place to pro-tect its
operations:●Physical security, to protect physical items, objects, or areas from unauthorized
accessand misuse●Personnel security, to protect the individual or group of individuals who are
autho-rized to access the organization and its operations●Operations security, to protect the
details of a particular operation or series ofactivities●Communications security, to protect
communications media, technology, and content● Network security, to protect networking
components, connections, and contents●Information security, to protect the confidentiality,
integrity and availability of infor-mation assets, whether in storage, processing, or
transmission. It is achieved via theapplication of policy, education, training and awareness,
and technology.The Committee on National Security Systems (CNSS) defines information
security as theprotection of information and its critical elements, including the systems and
hardware that use, store, and transmit that information.12Figure 1-3 shows that information
securityincludes the broad areas of information security management, computer and data
security,and network security. The CNSS model of information security evolved from a
concept devel-oped by the computer security industry called the C.I.A. triangle. TheC.I.A.
trianglehas beenthe industry standard for computer security since the development of the
mainframe. It isbased on the three characteristics of information that give it value to
organizations: confidenti-ality, integrity, and availability. The security of these three
characteristics of information is asimportant today as it has always been, but the C.I.A.
triangle model no longer adequately addresses the constantly changing environment. The
threats to the confidentiality, integrity, and availability of information have evolved into a vast
collection of events, including acciden-tal or intentional damage, destruction, theft, unintended
or unauthorized modification, orother misuse from human or nonhuman threats. This new
environment of many constantlyevolving threats has prompted the development of a more
robust model that addressesthe complexities of the current information security environment.
Cryptography:
Information security has grown to be a colossal factor, especially with modern
communication networks, leaving loopholes that could be leveraged to devastating effects.
This article presents a discussion on two popular encryption schemes that can be used to
tighten communication security in Symmetric and Asymmetric Encryption. In principle,
the best way to commence this discussion is to start from the basics first. Thus, we look at
the definitions of algorithms and key cryptographic concepts and then dive into the core
part of the discussion where we present a comparison of the two techniques.
Algorithms

An algorithm is basically a procedure or a formula for solving a data snooping problem.

An encryption algorithm is a set of mathematical procedure for performing encryption on
data. Through the use of such an algorithm, information is made in the cipher text and
requires the use of a key to transforming the data into its original form. This brings us to
the concept of cryptography that has long been used in information security in
communication systems.
Cryptography

Cryptography is a method of using advanced mathematical principles in storing and

transmitting data in a particular form so that only those whom it is intended can read and
process it. Encryption is a key concept in cryptography – It is a process whereby a message
is encoded in a format that cannot be read or understood by an eavesdropper. The
technique is old and was first used by Caesar to encrypt his messages using Caesar cipher.
A plain text from a user can be encrypted to a ciphertext, then send through a
communication channel and no eavesdropper can interfere with the plain text. When it
reaches the receiver end, the ciphertext is decrypted to the original plain text.
Cryptography Terms

Encryption: It is the process of locking up information using cryptography. Information

that has been locked this way is encrypted.
Decryption: The process of unlocking the encrypted information using cryptographic
techniques.
 Key: A secret like a password used to encrypt and decrypt information. There are a few
different types of keys used in cryptography.
Steganography: It is actually the science of hiding information from people who would
snoop on you. The difference between steganography and encryption is that the would-be
snoopers may not be able to tell there’s any hidden information in the first place.

This is the simplest kind of encryption that involves only one secret key to cipher and
decipher information. Symmetrical encryption is an old and best-known technique. It uses
a secret key that can either be a number, a word or a string of random letters. It is a
blended with the plain text of a message to change the content in a particular way. The
sender and the recipient should know the secret key that is used to encrypt and decrypt all
the messages. Blowfish, AES, RC4, DES, RC5, and RC6 are examples of symmetric
encryption. The most widely used symmetric algorithm is AES-128, AES-192, and AES-
256.

The main disadvantage of the symmetric key encryption is that all parties involved have to
exchange the key used to encrypt the data before they can decrypt it.
Asymmetrical encryption is also known as public key cryptography, which is a relatively
new method, compared to symmetric encryption. Asymmetric encryption uses two keys to
encrypt a plain text. Secret keys are exchanged over the Internet or a large network. It
ensures that malicious persons do not misuse the keys. It is important to note that anyone
with a secret key can decrypt the message and this is why asymmetrical encryption uses
two related keys to boosting security. A public key is made freely available to anyone who
might want to send you a message. The second private key is kept a secret so that you can
only know.

A message that is encrypted using a public key can only be decrypted using a private key,
while also, a message encrypted using a private key can be decrypted using a public key.
Security of the public key is not required because it is publicly available and can be passed
over the internet. Asymmetric key has a far better power in ensuring the security of
information transmitted during communication.

Asymmetric encryption is mostly used in day-to-day communication channels, especially

over the Internet. Popular asymmetric key encryption algorithm includes EIGamal, RSA,
DSA, Elliptic curve techniques, PKCS.
Asymmetric Encryption in Digital Certificates

To use asymmetric encryption, there must be a way of discovering public keys. One
typical technique is using digital certificates in a client-server model of communication. A
certificate is a package of information that identifies a user and a server. It contains
information such as an organization’s name, the organization that issued the certificate, the
users’ email address and country, and users public key.

When a server and a client require a secure encrypted communication, they send a query
over the network to the other party, which sends back a copy of the certificate. The other
party’s public key can be extracted from the certificate. A certificate can also be used to
uniquely identify the holder.

SSL/TLS uses both asymmetric and symmetric encryption, quickly look at digitally signed
SSL certificates issued by trusted certificate authorities (CAs).

FIREWALLS:

1. Firewall design principles

Internet connectivity is no longer an option for most organizations. However, while

internet access provides benefits to the organization, it enables the outside world to reach
and interact with local network assets. This creates the threat to the organization. While it
is possible to equip each workstation and server on the premises network with strong
security features, such as intrusion protection, this is not a practical approach. The
alternative, increasingly accepted, is the firewall.

The firewall is inserted between the premise network and internet to establish a controlled
link and to erect an outer security wall or perimeter. The aim of this perimeter is to protect
the premises network from internet based attacks and to provide a single choke point
where security and audit can be imposed. The firewall can be a single computer system or
a set of two or more systems that cooperate to perform the firewall function.
2. Firewall characteristics:

All traffic from inside to outside, and vice versa, must pass through the firewall. This
is achieved by physically blocking all access to the local network except via the firewall.

Various configurations are possible.

Only authorized traffic, as defined by the local security policy, will be allowed to pass.

Various types of firewalls are used, which implement various types of security policies.

The firewall itself is immune to penetration. This implies that use of a trusted system with
a secure operating system. This implies that use of a trusted system with a secure operating
system.

Four techniques that firewall use to control access and enforce the site‟s security policy is
as follows:

1. Service control – determines the type of internet services that can be accessed,
inbound or outbound. The firewall may filter traffic on this basis of IP address and TCP
port number; may provide proxy software that receives and interprets each service request
before passing it on; or may host the server software itself, such as web or mail service.

2. Direction control – determines the direction in which particular service request may
be initiated and allowed to flow through the firewall.

3. User control – controls access to a service according to which user is attempting to

access it.

4. Behavior control – controls how particular services are used.

Capabilities of firewall:

A firewall defines a single choke point that keeps unauthorized users out of the protected
network, prohibits potentially vulnerable services from entering or leaving the network,
and provides protection from various kinds of IP spoofing and routing attacks.
A firewall provides a location for monitoring security related events. Audits and alarms
can be implemented on the firewall system.

A firewall is a convenient platform for several internet functions that are not security
related.

A firewall can serve as the platform for IPsec.

3. Limitations of firewall

· The firewall cannot protect against attacks that bypass the firewall. Internal systems
may have dial-out capability to connect to an ISP. An internal LAN may support a modem
pool that provides dial-in capability for traveling employees and telecommuters.

· The firewall does not protect against internal threats. The firewall does not protect
against internal threats, such as a disgruntled employee or an employee who unwittingly
cooperates with an external attacker.

· The firewall cannot protect against the transfer of virus-infected programs or files.
Because of the variety of operating systems and applications supported inside the
perimeter, it would be impractical and perhaps impossible for the firewall to scan all
incoming files, e-mail, and messages for viruses.

4 Types of firewalls

There are 3 common types of firewalls.

· Packet filters

Application-level gateways

· Circuit-level gateways

Packet filtering router

A packet filtering router applies a set of rules to each incoming IP packet and then
forwards or discards the packet. The router is typically configured to filter packets going in
both directions. Filtering rules are based on the information contained in a network packet:

· Source IP address – IP address of the system that originated the IP packet.

Destination IP address – IP address of the system, the IP is trying to reach. Source and
destination transport level address – transport level port number. IP protocol field –
defines the transport protocol.

· Interface – for a router with three or more ports, which interface of the router the
packet come from or which interface of the router the packet is destined for.

The packet filter is typically set up as a list of rules based on matches to fields in the
IP or TCP header. If there is a match to one of the rules, that rule is invoked to
determine whether to forward or discard the packet. If there is no match to any rule,
then a default action is taken.

6. Application level gateway

An Application level gateway, also called a proxy server, acts as a relay of

application level traffic. The user contacts the gateway using a TCP/IP
application, such as Telnet or FTP, and the gateway asks the user for the name
of the remote host to be accessed. When the user responds and provides a
 valid user ID and authentication information, the gateway contacts the
application on the remote host and relays TCP segments containing the
application data between the two endpoints.

Application level gateways tend to be more secure than packet filters. It is easy to
log and audit all incoming traffic at the application level. A prime disadvantage is
the additional processing overhead on each connection.

Circuit level gateway

Circuit level gateway can be a stand-alone system or it can be a specified

function performed by an application level gateway for certain applications. A
Circuit level gateway does not permit an end-to-end TCP connection; rather,
the gateway sets up two TCP connections, one between itself and a TCP user
on an inner host and one between itself and a TCP user on an outer host. Once
the two connections are established, the gateway typically relays TCP
segments from one connection to the other without examining the contents.
The security function consists of determining which connections will be
allowed.
A typical use of Circuit level gateways is a situation in which the system
administrator trusts the internal users. The gateway can be configured to support
application level or proxy service on inbound connections and circuit level functions
for outbound connections.