CYBER SECURITY

ASSIGNMENT AND IMPORTANT QUESTIONS

UNIT-2(1st portion) , 3, 4

1. What is Electronic Payment System?

2. An e-payment system is a way of making transactions or paying for goods and
services through an electronic medium, without the use of checks or cash. It’s also
called an electronic payment system or online payment system.
One of the most popular payment forms online are credit and debit cards. Besides them,
there are also alternative payment methods, such as bank transfers, electronic wallets,
smart cards or bitcoin wallet (bitcoin is the most popular cryptocurrency).
E-payment methods could be classified into two areas, credit payment systems and cash
payment systems.

3. What are the backup security measures? Discuss its type.

4. Data security refers to the protection of data from unauthorized access, use, change,
disclosure and destruction and includes network security, physical security, and
filesecurity. Storage & Backup. Data storage refers to holding your data files in a secure
location that you can readily and easily access.

1. Full Backups
A full backup stores a copy of all files and typically occurs automatically according to a pre-set schedule.
Files are usually compressed to save space, however, even when compressed full backups may
consume a lot of storage. Additionally, full backups cause heavy access to the backup disk, which
shorten disk life and consume network bandwidth.

The advantage of full backups is the ease of restoration. Restoring a file requires only the file name,
location, and date from which to restore the data. Restoration is relatively straightforward as long as the
backup files from that date or time are available.

Although full backups are certainly comprehensive, they may be more robust than many businesses
require. It is important to consider that only a small percentage of files change from one backup to
another. Consequently, performing full backups will yield multiple identical copies of files and consume
valuable storage space on the backup medium.
2. Incremental Backups
Incremental backups save space by backing up only the files that have been created or changed since
the last backup. The advantage of incremental backups is that the volume of data backed up at each
iteration is much smaller, which in turn saves space on the backup medium and uses less network
bandwidth.

However, incremental backups increase computing overhead, because each source file must be
compared with the last full backup as well as the incremental iterations to determine whether data is new
or changed. Additionally, it is more complex to locate a specific file to restore as it may require searching
several iterations. To completely restore all files requires merging all iterations while taking care to keep
only the most recent version of each file.

Many enterprise backup strategies include a combination of full backups and incremental backups. For
example, running a full backup once per week—on weekends when network and computing resource
demands are lower—and scheduling incremental backups on weekdays. Backing up files with this
combination enables a restoration that does not require looking through or merging more than a week’s
worth of iterations.

Some strategies limit the impact on disk backup storage by copying older full backups from disk to tapes,
which are then stored off-site. Although this approach is more secure than storing both the file system
and backup media at the same location, the manual work to change tapes, label them and transport them
is time-consuming. Additionally, it creates a difference between the finished backups that are stored off-
site and the current state of the live file system. In the event of a disaster, any data changes that occurred
since copying the last full backup to tape may be lost.

3. Differential Backups
Differential backups are similar to incremental backups, except that each backup operation stores the
new and updated files since the last full backup. For example, if a full backup was performed on Sunday
and a file changed on Monday, that file will be part of every differential backup until the next full backup is
run.

Using differential backups simplifies recovery because only the last full backup and the last differential
backup is needed to create a complete restoration. As with incremental backups, differential backups
need to compare current and already-backed-up files to identify any changes. However, differential
backups require more space and network bandwidth compared with incremental backups.

4. Virtual Full Backups

Virtual full backups use a database to track and manage backed-up data, which helps avoid some of the
pitfalls of other backup methods. A full copy, or replica, is taken only once and does not need to be taken
again as long as the storage medium—typically a network-attached storage location—remains
unchanged. The virtual full backup periodically synchronizes backup data to the database.
Virtual full backups are generally performed automatically by backup software. The user experience
appears the same as that of a full backup. Restoring one file or an entire disk is a matter of choosing a
preferred recovery point and the file or files to recover.

5.

6. What is the need of Physical Security?

7. Physical security describes security measures that are designed to deny
unauthorized access to facilities, equipment and resources and to protect personnel and
property from damage or harm (such as espionage, theft, or terrorist attacks)

8. What is the need of Firewall? Explain different types of firewall security Architecture.

A firewall is a piece of software or hardware that filters all network traffic between
yourcomputer, home network, or company network and the Internet. It is our position that
everyone who uses the Internet needs some kind of firewall protection.

One of the major challenges that companies face when trying to secure their sensitive
data is finding the right tools for the job. Even for a common tool such as a firewall, many
businesses might not have a clear idea of how to find the right firewall (or firewalls) for
their needs, how to configure those firewalls, or why such firewalls might be necessary.

The first step in finding the right firewalls to protect your company’s data is to know
what kind of firewalls there are. Right now, there are five different types of firewall
architectures, broadly speaking:

 Packet-filtering firewalls
 Stateful inspection firewalls
 Circuit-level gateways
 Application-level gateways (a.k.a. proxy firewalls)
 Next-gen firewalls

How do these firewalls work? And, which ones are the best for your business’
cybersecurity needs?

Here are a few brief explainers:

Packet-Filtering Firewalls

As the most “basic” and oldest type of firewall architecture, packet-filtering firewalls
basically create a checkpoint at a traffic router or switch. The firewall performs a simple
check of the data packets coming through the router—inspecting information such as the
destination and origination IP address, packet type, port number, and other surface-level
information without opening up the packet to inspect its contents.

If the information packet doesn’t pass the inspection, it is dropped.

The good thing about these firewalls is that they aren’t very resource-intensive. This
means they don’t have a huge impact on system performance and are relatively simple.
However, they’re also relatively easy to bypass compared to firewalls with more robust
inspection capabilities.

Circuit-Level Gateways

As another simplistic firewall type that is meant to quickly and easily approve or deny
traffic without consuming significant computing resources, circuit-level gateways work
by verifying the transmission control protocol (TCP) handshake. This TCP handshake
check is designed to make sure that the session the packet is from is legitimate.

While extremely resource-efficient, these firewalls do not check the packet itself. So, if a
packet held malware, but had the right TCP handshake, it would pass right through. This
is why circuit-level gateways are not enough to protect your business by themselves.

Stateful Inspection Firewalls

These firewalls combine both packet inspection technology and TCP handshake
verification to create a level of protection greater than either of the previous two
architectures could provide alone.

However, these firewalls do put more of a strain on computing resources as well. This
may slow down the transfer of legitimate packets compared to the other solutions.

Proxy Firewalls (Application-Level Gateways)

Proxy firewalls operate at the application layer to filter incoming traffic between your
network and the traffic source—hence, the name “application-level gateway.” Rather
than letting traffic connect directly, the proxy firewall first establishes a connection to
the source of the traffic and inspects the incoming data packet.

This check is similar to the stateful inspection firewall in that it looks at both the packet
and at the TCP handshake protocol. However, proxy firewalls may also perform deep-
layer packet inspections, checking the actual contents of the information packet to verify
that it contains no malware.

Once the check is complete, and the packet is approved to connect to the destination,
the proxy sends it off. This creates an extra layer of separation between the “client” (the
system where the packet originated) and the individual devices on your network—
obscuring them to create additional anonymity and protection for your network.

If there’s one drawback to proxy firewalls, it’s that they can create significant slowdown
because of the extra steps in the data packet transferal process.

Next-Generation Firewalls

Many of the most recently-released firewall products are being touted as “next-
generation” architectures. However, there is not as much consensus on what makes a
firewall truly next-gen.

Some common features of next-generation firewall architectures include deep-packet

inspection (checking the actual contents of the data packet), TCP handshake checks, and
surface-level packet inspection. Next-generation firewalls may include other
technologies as well, such as intrusion prevention systems (IPSs) that work to
automatically stop attacks against your network.

The issue is that there is no one definition of a next-generation firewall, so it’s important
to verify what specific capabilities such firewalls have before investing in one.

9. What is Intrusion Detection & Prevention System? Explain its types with the help of diagram.
10. An Intrusion Prevention System (IPS) is a network security/threat preventiontechnology
that examines network traffic flows to detect and prevent vulnerability exploits.
Types of IDS
For the purpose of dealing with IT, there are four main types of IDS:

Network intrusion detection system (NIDS)

It is an independent platform that identifies intrusions by examining network traffic and monitors multiple
hosts. Network intrusion detection systems gain access to network traffic by connecting to a network hub,
a network switch configured for port mirroring, or a network tap. In a NIDS, sensors are placed at choke
points in the network to monitor, often in the demilitarized zone (DMZ) or at network borders. Sensors
capture all network traffic and analyze the content of individual packets for malicious traffic. An example
of a NIDS is Snort.
Host-based intrusion detection system (HIDS)
It consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-
system modifications (binaries, password files, capability databases, Access control lists, etc.) and other
host activities and state. In a HIDS, sensors usually consist of a software agent. Some application-based
IDS are also part of this category. An example of a HIDS is OSSEC.
Intrusion detection systems can also be system-specific using custom tools and honeypots. In the case of
physical building security, IDS is defined as an alarm system designed to detect unauthorized entry.
Perimeter Intrusion Detection System (PIDS)
Detects and pinpoints the location of intrusion attempts on perimeter fences of critical infrastructures.
Using either electronics or more advanced fiber optic cable technology fitted to the perimeter fence, the
PIDS detects disturbances on the fence, and if an intrusion is detected and deemed by the system as an
intrusion attempt, an alarm is triggered.
VM based Intrusion Detection System (VMIDS)
It detects intrusions using virtual machine monitoring. By using this, we can deploy the Intrusion Detection
System with Virtual Machine Monitoring. It is the most recent type and it’s still under development.
There’s no need for a separate intrusion detection system since by using this, we can monitor the overall
activities.

11.

12. Why Publishing & Notification of Policies are required?

13. Explain Application Security with an example.

Definition - What does Application Security mean?

Application security is the general practice of adding features or functionality to software to prevent a
range of different threats. These include denial of service attacks and other cyberattacks, and data
breaches or data theft situations.

Techopedia explains Application Security

Different types of application security such as firewalls, antivirus programs, encryption programs and
other devices can help to ensure that unauthorized access is prevented. Companies also can
identify sensitive data assets and protect them through specific application security processes tied to
these data sets.

Application security is one of several levels of security that companies use to protect systems.
Others include operating system security, network security and end-point or mobile security.

All of these types of security are aimed at protecting clients and users of software from of hacking
and malicious intent. In addition, application security is critical for mobile app stores, where hackers
try to attach various kinds of malware to less vetted mobile apps.

14.
 15. What is the need to review the policy? Explain Policy Review Process with the help of a
diagram.
16. The purpose of a comprehensive review is to take an in depth look at existing administrative policies to: 1)
determine if a policy is still needed or if it should be combined with another administrative policy; 2) determine
whether the purpose and goal of the policy is still being met; 3) determine if changes are required to improve the
effectiveness or clarity of the policy and procedures; and 4) to ensure that appropriate education, monitoring and
ongoing review of the policy is occurring.
17.

18. What is Cloud Computing? Explain considerations related to Cloud Security.

Cloud computing is a type of computing that relies on shared computing resources rather than having local servers or

personal devices to handle applications.

In its most simple description, cloud computing is taking services ("cloud services") and moving them outside an

organization's firewall. Applications, storage and other services are accessed via the Web. The services are delivered and

used over the Internet and are paid for by the cloud customer on an as-needed or pay-per-use business model.
19.

20. Why we need Cryptography in Security? Explain Digital Signature algorithm with the help of
a neat diagram.
Cryptography is a method of storing and transmitting data in a particular form so that only
those for whom it is intended can read and process it. Cryptography is closely related to the
disciplines of cryptology and cryptanalysis.
A digital signature is a mathematical technique used to validate the authenticity and
integrity of a message, software or digital document. The digital equivalent of a
handwritten signature or stamped seal, a digital signature offers far more inherent
security, and it is intended to solve the problem of tampering and impersonation in
digital communications.

Digital signatures can provide the added assurances of evidence of origin, identity and
status of an electronic document, transaction or message and can acknowledge informed
consent by the signer.

In many countries, including the United States, digital signatures are considered legally
binding in the same way as traditional document signatures. The United States
Government Publishing Office publishes electronic versions of the budget, public and
private laws, and congressional bills with digital signatures.
21. What do you understand by Information Security Governance & Risk Management? Explain.
22. Information Security Governance and Risk Management involves the identification of an
organization's information assets and the development, documentation, and implementation
of policies, standards, procedures and guidelines that ensure confidentiality, integrity, and
availability.

23. What do you mean by Virtual Private Networks? Discuss authentication mechanism
used in VPN.
A virtual private network (VPN) is a technology that creates a safe and encrypted
connection over a less secure network, such as the internet. VPN technology was developed
as a way to allow remote users and branch offices to securely access corporate applications
and other resources.

24. Write a short note on CCTV and its applications

25. Closed-circuit television (CCTV), also known as video surveillance, is the use of video
cameras ... Though almost all video cameras fit this definition, the term is most often
applied to those used for ....The studies included in the review found that CCTV reduced
crime by 24-28% in public streets and urban subway stations..

 Industrial Processes: In several industries, CCTV supervision is required to monitor

the stages involved in various processes. Sometimes the law orders compulsory
CCTV monitoring in these industries. Special CCTV cameras, which measure the
temperature of the processes, are used for such purposes.

 Reining In Crime: CCTV is a very efficient tool to rein in crime because the
recorded footage is substantial evidence against the criminal. A recent survey reports
51% depreciation in crime in parking lots and a 23% decrease in crime on roads
where CCTV Video Surveillance was used.

 Traffic Monitoring: Many cities monitor daily traffic through CCTV surveillance. This
enables the authority to keep a check on traffic jams, accidents, etc.

 In Retail Industry: Retail industry has many advantages of CCTV surveillance.

CCTV in retail facilitates monitoring financial transactions, products on display, any
incident of theft and many more such things that require to be maintained record of.

26.
 27. What is Electronic cash? How does cash based transaction system differ from credit
card based transactions?
Electronic cash was until 2007 the debit card system of the German Banking Industry
Committee, the association which represents the top German financial interest groups.
Usually paired with a Transaction account or Current Account, cards with an Electronic
Cash logo were only handed out by proper credit institutions.

28. Explain Private Key cryptosystem and Public key cryptosystems.

One should know the difference between Symmetric and Asymmetric encryption,i.e
Symmetric encryption uses the same key for enciphering and deciphering the message to be
transmitted .

Asymmetric encryption has 2 pairs of keys,Each pair is interrelated mathematically(usually

very large prime numbers) which is the fundamentals of encryption and decryption.

one pair = Private key + public key

In this system, each user has an encryption key that is publicly known and a private key that
is known only to that user

MESSAGE FROM B TO A

A has its public key Kp and private key Kt,A will share his public key(Kp) to B .

B will use Kp of A to encrypt the message from B and send it across the channel

29.