Cyber Security Tutorial

Cybersecurity is the protection of Internet-connected systems, including hardware, software, and

data from cyber attackers. It is primarily about people, processes, and technologies working together
to encompass the full range of threat reduction, vulnerability reduction, deterrence, international
engagement, and recovery policies and activities, including computer network operations,
information assurance, law enforcement, etc.

It is the body of technologies, processes, and practices designed to protect networks, devices,
programs, and data from attack, theft, damage, modification, or unauthorized access. Therefore, it
may also be referred to as information technology security.

Cyber-attack is now an international concern. It has given many concerns that could endanger the
global economy. As the volume of cyber-attacks grows, companies and organizations, especially
those that deal with information related to national security, health, or financial records, need to
take steps to protect their sensitive business and personal information.

This Cyber Security tutorial provides basic and advanced concepts of Cyber Security technology. It
will cover the most popular concept of Cyber Security, such as what is Cyber Security, Cyber Security
goals, types of cyber-attacks, types of cyber attackers, policies, digital signature, Cyber Security tools,
security risk analysis, challenges, etc.

What is Cyber Security?

The technique of protecting internet-connected systems such as computers, servers, mobile devices,
electronic systems, networks, and data from malicious attacks is known as cybersecurity. We can
divide cybersecurity into two parts one is cyber, and the other is security. Cyber refers to the
technology that includes systems, networks, programs, and data. And security is concerned with the
protection of systems, networks, applications, and information. In some cases, it is also
called electronic information security or information technology security.
Some other definitions of cybersecurity are:

"Cyber Security is the body of technologies, processes, and practices designed to protect networks,
devices, programs, and data from attack, theft, damage, modification or unauthorized access."

"Cyber Security is the set of principles and practices designed to protect our computing resources and
online information against threats."

Types of Cyber Security

Every organization's assets are the combinations of a variety of different systems. These systems
have a strong cybersecurity posture that requires coordinated efforts across all of its systems.
Therefore, we can categorize cybersecurity in the following sub-domains:

o Network Security: It involves implementing the hardware and software to secure a computer network
from unauthorized access, intruders, attacks, disruption, and misuse. This security helps an
organization to protect its assets against external and internal threats.
o Application Security: It involves protecting the software and devices from unwanted threats. This
protection can be done by constantly updating the apps to ensure they are secure from attacks.
Successful security begins in the design stage, writing source code, validation, threat modeling, etc.,
before a program or device is deployed.
o Information or Data Security: It involves implementing a strong data storage mechanism to
maintain the integrity and privacy of data, both in storage and in transit.
o Identity management: It deals with the procedure for determining the level of access that each
individual has within an organization.
o Operational Security: It involves processing and making decisions on handling and securing data
assets.
o Mobile Security: It involves securing the organizational and personal data stored on mobile devices
such as cell phones, computers, tablets, and other similar devices against various malicious threats.
These threats are unauthorized access, device loss or theft, malware, etc.
o Cloud Security: It involves in protecting the information stored in the digital environment or cloud
architectures for the organization. It uses various cloud service providers such as AWS, Azure, Google,
etc., to ensure security against multiple threats.
o Disaster Recovery and Business Continuity Planning: It deals with the processes, monitoring, alerts,
and plans to how an organization responds when any malicious activity is causing the loss of
operations or data. Its policies dictate resuming the lost operations after any disaster happens to the
same operating capacity as before the event.
o User Education: It deals with the processes, monitoring, alerts, and plans to how an organization
responds when any malicious activity is causing the loss of operations or data. Its policies dictate
resuming the lost operations after any disaster happens to the same operating capacity as before the
event.

Why is Cyber Security important?

Today we live in a digital era where all aspects of our lives depend on the network, computer and
other electronic devices, and software applications. All critical infrastructure such as the banking
system, healthcare, financial institutions, governments, and manufacturing industries use devices
connected to the Internet as a core part of their operations. Some of their information, such as
intellectual property, financial data, and personal data, can be sensitive for unauthorized access or
exposure that could have negative consequences. This information gives intruders and threat
actors to infiltrate them for financial gain, extortion, political or social motives, or just vandalism.

Cyber-attack is now an international concern that hacks the system, and other security attacks could
endanger the global economy. Therefore, it is essential to have an excellent cybersecurity strategy
to protect sensitive information from high-profile security breaches. Furthermore, as the volume of
cyber-attacks grows, companies and organizations, especially those that deal with information
related to national security, health, or financial records, need to use strong cybersecurity measures
and processes to protect their sensitive business and personal information.

Cyber Security Goals

Cyber Security's main objective is to ensure data protection. The security community provides a
triangle of three related principles to protect the data from cyber-attacks. This principle is called
the CIA triad. The CIA model is designed to guide policies for an organization's information security
infrastructure. When any security breaches are found, one or more of these principles has been
violated.
We can break the CIA model into three parts: Confidentiality, Integrity, and Availability. It is actually
a security model that helps people to think about various parts of IT security. Let us discuss each
part in detail.

Confidentiality

Confidentiality is equivalent to privacy that avoids unauthorized access of information. It involves

ensuring the data is accessible by those who are allowed to use it and blocking access to others. It
prevents essential information from reaching the wrong people. Data encryption is an excellent
example of ensuring confidentiality.

Integrity

This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized
modification by threat actors or accidental user modification. If any modifications occur, certain
measures should be taken to protect the sensitive data from corruption or loss and speedily recover
from such an event. In addition, it indicates to make the source of information genuine.

Availability

This principle makes the information to be available and useful for its authorized people always. It
ensures that these accesses are not hindered by system malfunction or cyber-attacks.

Types of Cyber Security Threats

A threat in cybersecurity is a malicious activity by an individual or organization to corrupt or steal
data, gain access to a network, or disrupts digital life in general. The cyber community defines the
following threats available today:
Malware
Malware means malicious software, which is the most common cyber attacking tool. It is used by
the cybercriminal or hacker to disrupt or damage a legitimate user's system. The following are the
important types of malware created by the hacker:

o Virus: It is a malicious piece of code that spreads from one device to another. It can clean files and
spreads throughout a computer system, infecting files, stoles information, or damage device.
o Spyware: It is a software that secretly records information about user activities on their system. For
example, spyware could capture credit card details that can be used by the cybercriminals for
unauthorized shopping, money withdrawing, etc.
o Trojans: It is a type of malware or code that appears as legitimate software or file to fool us into
downloading and running. Its primary purpose is to corrupt or steal data from our device or do other
harmful activities on our network.
o Ransomware: It's a piece of software that encrypts a user's files and data on a device, rendering them
unusable or erasing. Then, a monetary ransom is demanded by malicious actors for decryption.
o Worms: It is a piece of software that spreads copies of itself from device to device without human
interaction. It does not require them to attach themselves to any program to steal or damage the
data.
o Adware: It is an advertising software used to spread malware and displays advertisements on our
device. It is an unwanted program that is installed without the user's permission. The main objective
of this program is to generate revenue for its developer by showing the ads on their browser.
o Botnets: It is a collection of internet-connected malware-infected devices that allow cybercriminals to
control them. It enables cybercriminals to get credentials leaks, unauthorized access, and data theft
without the user's permission.
Phishing
Phishing is a type of cybercrime in which a sender seems to come from a genuine
organization like PayPal, eBay, financial institutions, or friends and co-workers. They contact a target
or targets via email, phone, or text message with a link to persuade them to click on that links. This
link will redirect them to fraudulent websites to provide sensitive data such as personal information,
banking and credit card information, social security numbers, usernames, and passwords. Clicking
on the link will also install malware on the target devices that allow hackers to control devices
remotely.

Man-in-the-middle (MITM) attack

A man-in-the-middle attack is a type of cyber threat (a form of eavesdropping attack) in which a
cybercriminal intercepts a conversation or data transfer between two individuals. Once the
cybercriminal places themselves in the middle of a two-party communication, they seem like genuine
participants and can get sensitive information and return different responses. The main objective of
this type of attack is to gain access to our business or customer data. For example, a cybercriminal
could intercept data passing between the target device and the network on an unprotected Wi-Fi
network.

Distributed denial of service (DDoS)

It is a type of cyber threat or malicious attempt where cybercriminals disrupt targeted servers,
services, or network's regular traffic by fulfilling legitimate requests to the target or its surrounding
infrastructure with Internet traffic. Here the requests come from several IP addresses that can make
the system unusable, overload their servers, slowing down significantly or temporarily taking them
offline, or preventing an organization from carrying out its vital functions.

Brute Force
A brute force attack is a cryptographic hack that uses a trial-and-error method to guess all
possible combinations until the correct information is discovered. Cybercriminals usually use this
attack to obtain personal information about targeted passwords, login info, encryption keys, and
Personal Identification Numbers (PINS).

SQL Injection (SQLI)

SQL injection is a common attack that occurs when cybercriminals use malicious SQL scripts for
backend database manipulation to access sensitive information. Once the attack is successful, the
malicious actor can view, change, or delete sensitive company data, user lists, or private customer
details stored in the SQL database.

Domain Name System (DNS) attack

A DNS attack is a type of cyberattack in which cyber criminals take advantage of flaws in the Domain
Name System to redirect site users to malicious websites (DNS hijacking) and steal data from
affected computers. It is a severe cybersecurity risk because the DNS system is an essential element
of the internet infrastructure.

Latest cyber threats

The following are the latest cyber threats reported by the U.K., U.S., and Australian governments:

Romance Scams
The U.S. government found this cyber threat in February 2020. Cybercriminals used this threat
through dating sites, chat rooms, and apps. They attack people who are seeking a new partner and
duping them into giving away personal data.

Dridex Malware
It is a type of financial Trojan malware identifies by the U.S. in December 2019 that affects the public,
government, infrastructure, and business worldwide. It infects computers through phishing emails
or existing malware to steal sensitive information such as passwords, banking details, and personal
data for fraudulent transactions. The National Cyber Security Centre of the United Kingdom
encourages people to make sure their devices are patched, anti-virus is turned on and up to date,
and files are backed up to protect sensitive data against this attack.

Emotet Malware
Emotet is a type of cyber-attack that steals sensitive data and also installs other malware on our
device. The Australian Cyber Security Centre warned national organizations about this global cyber
threat in 2019.

The following are the system that can be affected by security breaches and attacks:

o Communication: Cyber attackers can use phone calls, emails, text messages, and messaging apps for
cyberattacks.
o Finance: This system deals with the risk of financial information like bank and credit card detail. This
information is naturally a primary target for cyber attackers.
o Governments: The cybercriminal generally targets the government institutions to get confidential
public data or private citizen information.
o Transportation: In this system, cybercriminals generally target connected cars, traffic control systems,
and smart road infrastructure.
o Healthcare: A cybercriminal targets the healthcare system to get the information stored at a local
clinic to critical care systems at a national hospital.
o Education: A cybercriminals target educational institutions to get their confidential research data and
information of students and employees.
Benefits of cybersecurity
The following are the benefits of implementing and maintaining cybersecurity:

o Cyberattacks and data breach protection for businesses.

o Data and network security are both protected.
o Unauthorized user access is avoided.
o After a breach, there is a faster recovery time.
o End-user and endpoint device protection.
o Regulatory adherence.
o Continuity of operations.
o Developers, partners, consumers, stakeholders, and workers have more faith in the company's
reputation and trust.

Cyber Safety Tips

Let us see how to protect ourselves when any cyberattacks happen. The following are the popular
cyber safety tips:

Conduct cybersecurity training and awareness: Every organization must train their staffs on
cybersecurity, company policies, and incident reporting for a strong cybersecurity policy to be
successful. If the staff does unintentional or intentional malicious activities, it may fail the best
technical safeguards that result in an expensive security breach. Therefore, it is useful to conduct
security training and awareness for staff through seminars, classes, and online courses that reduce
security violations.

Update software and operating system: The most popular safety measure is to update the
software and O.S. to get the benefit of the latest security patches.

Use anti-virus software: It is also useful to use the anti-virus software that will detect and removes
unwanted threats from your device. This software is always updated to get the best level of
protection.

Perform periodic security reviews: Every organization ensures periodic security inspections of all
software and networks to identify security risks early in a secure environment. Some popular
examples of security reviews are application and network penetration testing, source code reviews,
architecture design reviews, and red team assessments. In addition, organizations should prioritize
and mitigate security vulnerabilities as quickly as possible after they are discovered.

Use strong passwords: It is recommended to always use long and various combinations of
characters and symbols in the password. It makes the passwords are not easily guessable.

Do not open email attachments from unknown senders: The cyber expert always advises not to
open or click the email attachment getting from unverified senders or unfamiliar websites because
it could be infected with malware.
Avoid using unsecured Wi-Fi networks in public places: It should also be advised not to use
insecure networks because they can leave you vulnerable to man-in-the-middle attacks.

Backup data: Every organization must periodically take backup of their data to ensure all sensitive
data is not lost or recovered after a security breach. In addition, backups can help maintain data
integrity in cyber-attack such as SQL injections, phishing, and ransomware.

History of Cyber Security

The origin of cybersecurity began with a research project. It only came into existence because of the
development of viruses.

How did we get here?

In 1969, Leonard Kleinrock, professor of UCLA and student, Charley Kline, sent the first electronic
message from the UCLA SDS Sigma 7 Host computer to Bill Duvall, a programmer, at the Stanford
Research Institute. This is a well-known story and a moment in the history of a digital world. The
sent message from the UCLA was the word "login." The system crashed after they typed the first two
letters "lo." Since then, this story has been a belief that the programmers typed the beginning
message "lo and behold." While factually believed that "login" was the intended message. Those
two letters of messages were changed the way we communicate with one another.

In 1970's, Robert (Bob) Thomas who was a researcher for BBN Technologies in Cambridge,
Massachusetts created the first computer worm (virus). He realized that it was possible for a
computer program to move across a network, leaving a small trail (series of signs) wherever it went.
He named the program Creeper, and designed it to travel between Tenex terminals on the early
ARPANET, printing the message "I'M THE CREEPER: CATCH ME IF YOU CAN."

An American computer programmer named Ray Tomlinson, the inventor of email, was also working
for BBN Technologies at the time. He saw this idea and liked it. He tinkered (an act of attempting to
repair something) with the program and made it self-replicating "the first computer worm." He
named the program Reaper, the first antivirus software which would found copies of The Creeper
and delete it.

Where are we now?

After Creeper and Reaper, cyber-crimes became more powerful. As computer software and hardware
developed, security breaches also increase. With every new development came an aspect of
vulnerability, or a way for hackers to work around methods of protection. In 1986, the Russians were
the first who implement the cyber power as a weapon. Marcus Hess, a German citizen, hacked into
400 military computers, including processors at the Pentagon. He intended to sell secrets to the KGB,
but an American astronomer, Clifford Stoll, caught him before that could happen.

In 1988, an American computer scientist, Robert Morris, wanted to check the size of the internet.
He wrote a program for testing the size of the internet. This program went through networks,
invaded Unix terminals, and copied itself. The program became the first famous network virus and
named as Moris worm or internet worm. The Morris worm could be infected a computer multiple
times, and each additional process would slow the machine down, eventually to the point of being
damaged. Robert Morris was charged under the Computer Fraud and Abuse Act. The act itself led
to the founding of the Computer Emergency Response Team. This is a non-profit research centre for
issues that could endanger the internet as a whole.

Nowadays, viruses were deadlier, more invasive, and harder to control. We have already experienced
cyber incidents on a massive scale, and 2018 isn't close to over. The above is to name a few, but
these attacks are enough to prove that cybersecurity is a necessity for corporations and small
businesses alike.

Cyber Security Goals

The objective of Cybersecurity is to protect information from being stolen, compromised or attacked.
Cybersecurity can be measured by at least one of three goals-

1. Protect the confidentiality of data.

2. Preserve the integrity of data.
3. Promote the availability of data for authorized users.

These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security
programs. The CIA triad is a security model that is designed to guide policies for information security
within the premises of an organization or company. This model is also referred to as the AIC
(Availability, Integrity, and Confidentiality) triad to avoid the confusion with the Central
Intelligence Agency. The elements of the triad are considered the three most crucial components of
security.

The CIA criteria are one that most of the organizations and companies use when they have installed
a new application, creates a database or when guaranteeing access to some data. For data to be
completely secure, all of these security goals must come into effect. These are security policies that
all work together, and therefore it can be wrong to overlook one policy.
The CIA triad are-

1. Confidentiality
Confidentiality is roughly equivalent to privacy and avoids the unauthorized disclosure of
information. It involves the protection of data, providing access for those who are allowed to see it
while disallowing others from learning anything about its content. It prevents essential information
from reaching the wrong people while making sure that the right people can get it. Data encryption
is a good example to ensure confidentiality.
Tools for Confidentiality

Encryption
Encryption is a method of transforming information to make it unreadable for unauthorized users
by using an algorithm. The transformation of data uses a secret key (an encryption key) so that the
transformed data can only be read by using another secret key (decryption key). It protects sensitive
data such as credit card numbers by encoding and transforming data into unreadable cipher text.
This encrypted data can only be read by decrypting it. Asymmetric-key and symmetric-key are the
two primary types of encryption.

Access control
Access control defines rules and policies for limiting access to a system or to physical or virtual
resources. It is a process by which users are granted access and certain privileges to systems,
resources or information. In access control systems, users need to present credentials before they
can be granted access such as a person's name or a computer's serial number. In physical systems,
these credentials may come in many forms, but credentials that can't be transferred provide the
most security.

Authentication
An authentication is a process that ensures and confirms a user's identity or role that someone has.
It can be done in a number of different ways, but it is usually based on a combination of-

o something the person has (like a smart card or a radio key for storing secret keys),
o something the person knows (like a password),
o something the person is (like a human with a fingerprint).

Authentication is the necessity of every organizations because it enables organizations to keep their
networks secure by permitting only authenticated users to access its protected resources. These
resources may include computer systems, networks, databases, websites and other network-based
applications or services.

Authorization
Authorization is a security mechanism which gives permission to do or have something. It is used to
determine a person or system is allowed access to resources, based on an access control policy,
including computer programs, files, services, data and application features. It is normally preceded
by authentication for user identity verification. System administrators are typically assigned
permission levels covering all system and user resources. During authorization, a system verifies an
authenticated user's access rules and either grants or refuses resource access.

Physical Security
Physical security describes measures designed to deny the unauthorized access of IT assets like
facilities, equipment, personnel, resources and other properties from damage. It protects these
assets from physical threats including theft, vandalism, fire and natural disasters.

2. Integrity
Integrity refers to the methods for ensuring that data is real, accurate and safeguarded from
unauthorized user modification. It is the property that information has not be altered in an
unauthorized way, and that source of the information is genuine.

Tools for Integrity

Backups
Backup is the periodic archiving of data. It is a process of making copies of data or data files to use
in the event when the original data or data files are lost or destroyed. It is also used to make copies
for historical purposes, such as for longitudinal studies, statistics or for historical records or to meet
the requirements of a data retention policy. Many applications especially in a Windows environment,
produce backup files using the .BAK file extension.

Checksums
A checksum is a numerical value used to verify the integrity of a file or a data transfer. In other words,
it is the computation of a function that maps the contents of a file to a numerical value. They are
typically used to compare two sets of data to make sure that they are the same. A checksum function
depends on the entire contents of a file. It is designed in a way that even a small change to the input
file (such as flipping a single bit) likely to results in different output value.

Data Correcting Codes

It is a method for storing data in such a way that small changes can be easily detected and
automatically corrected.

3. Availability
Availability is the property in which information is accessible and modifiable in a timely fashion by
those authorized to do so. It is the guarantee of reliable and constant access to our sensitive data
by authorized people.

Tools for Availability

o Physical Protections
o Computational Redundancies

Physical Protections
Physical safeguard means to keep information available even in the event of physical challenges. It
ensure sensitive information and critical information technology are housed in secure areas.

Computational redundancies
It is applied as fault tolerant against accidental faults. It protects computers and storage devices that
serve as fallbacks in the case of failures.

Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter
computer code, logic or data and lead to cybercrimes, such as information and identity theft.
We are living in a digital era. Now a day, most of the people use computer and internet. Due to the
dependency on digital things, the illegal computer activity is growing and changing like any type of
crime.

Cyber-attacks can be classified into the following categories:

Web-based attacks
These are the attacks which occur on a website or web applications. Some of the important web-
based attacks are as follows-

1. Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS
resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the
attacker?s computer or any other computer. The DNS spoofing attacks can go on for a long period
of time without being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web applications create cookies to
store the state and user sessions. By stealing the cookies, an attacker can have access to all of the
user data.

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login credentials
and credit card number. It occurs when an attacker is masquerading as a trustworthy entity in
electronic communication.
5. Brute force

It is a type of attack which uses a trial and error method. This attack generates a large number of
guesses and validates them to obtain actual data like user password and personal identification
number. This attack may be used by criminals to crack encrypted data, or by security, analysts to test
an organization's network security.

6. Denial of Service

It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a crash.
It uses the single system and single internet connection to attack a server. It can be classified into
the following-

Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is measured
in bit per second.

Protocol attacks- It consumes actual server resources, and is measured in a packet.

Application layer attacks- Its goal is to crash the web server and is measured in request per second.

7. Dictionary attacks

This type of attack stored the list of a commonly used password and validated them to get original
password.

8. URL Interpretation

It is a type of attack where we can change the certain parts of a URL, and one can make a web server
to deliver web pages for which he is not authorized to browse.

9. File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential files which is available
on the web server or to execute malicious files on the web server by making use of the include
functionality.

10. Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection between client and server
and acts as a bridge between them. Due to this, an attacker will be able to read, insert and modify
the data in the intercepted connection.

System-based attacks
These are the attacks which are intended to compromise a computer or a computer network. Some
of the important system-based attacks are as follows-

1. Virus
It is a type of malicious software program that spread throughout the computer files without the
knowledge of a user. It is a self-replicating malicious computer program that replicates by inserting
copies of itself into other computer programs when executed. It can also execute instructions that
cause harm to the system.

2. Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected computers.
It works same as the computer virus. Worms often originate from email attachments that appear to
be from trusted senders.

3. Trojan horse

It is a malicious program that occurs unexpected changes to computer setting and unusual activity,
even when the computer should be idle. It misleads the user of its true intent. It appears to be a
normal application but when opened/executed some malicious code will run in the background.

4. Backdoors

It is a method that bypasses the normal authentication process. A developer may create a backdoor
so that an application or operating system can be accessed for troubleshooting or other purposes.

5. Bots

A bot (short for "robot") is an automated process that interacts with other network services. Some
bots program run automatically, while others only execute commands when they receive specific
input. Common examples of bots program are the crawler, chatroom bots, and malicious bots.

Types of Cyber Attackers

In computer and computer networks, an attacker is the individual or organization who performs the
malicious activities to destroy, expose, alter, disable, steal or gain unauthorized access to or make
unauthorized use of an asset.

As the Internet access becomes more pervasive across the world, and each of us spends more time
on the web, there is also an attacker grows as well. Attackers use every tools and techniques they
would try and attack us to get unauthorized access.

There are four types of attackers which are described below-

Cyber Criminals
Cybercriminals are individual or group of people who use technology to commit cybercrime with
the intention of stealing sensitive company information or personal data and generating profits. In
today's, they are the most prominent and most active type of attacker.

Cybercriminals use computers in three broad ways to do cybercrimes-

o Select computer as their target- In this, they attack other people's computers to do cybercrime, such
as spreading viruses, data theft, identity theft, etc.
o Uses the computer as their weapon- In this, they use the computer to do conventional crime such
as spam, fraud, illegal gambling, etc.
o Uses the computer as their accessory- In this, they use the computer to steal data illegally.

Hacktivists
Hacktivists are individuals or groups of hackers who carry out malicious activity to promote a political
agenda, religious belief, or social ideology. According to Dan Lohrmann, chief security officer for
Security Mentor, a national security training firm that works with states said "Hacktivism is a digital
disobedience. It's hacking for a cause." Hacktivists are not like cybercriminals who hack computer
networks to steal data for the cash. They are individuals or groups of hackers who work together
and see themselves as fighting injustice.

State-sponsored Attacker
State-sponsored attackers have particular objectives aligned with either the political, commercial or
military interests of their country of origin. These type of attackers are not in a hurry. The government
organizations have highly skilled hackers and specialize in detecting vulnerabilities and exploiting
these before the holes are patched. It is very challenging to defeat these attackers due to the vast
resources at their disposal.

Insider Threats
The insider threat is a threat to an organization's security or data that comes from within. These type
of threats are usually occurred from employees or former employees, but may also arise from third
parties, including contractors, temporary workers, employees or customers.

Insider threats can be categorized below-

Malicious-
Malicious threats are attempts by an insider to access and potentially harm an organization's data,
systems or IT infrastructure. These insider threats are often attributed to dissatisfied employees or
ex-employees who believe that the organization was doing something wrong with them in some
way, and they feel justified in seeking revenge.

Insiders may also become threats when they are disguised by malicious outsiders, either through
financial incentives or extortion.

Accidental-
Accidental threats are threats which are accidently done by insider employees. In this type of threats,
an employee might accidentally delete an important file or inadvertently share confidential data with
a business partner going beyond company?s policy or legal requirements.

Negligent-
These are the threats in which employees try to avoid the policies of an organization put in place to
protect endpoints and valuable data. For example, if the organization have strict policies for external
file sharing, employees might try to share work on public cloud applications so that they can work
at home. There is nothing wrong with these acts, but they can open up to dangerous threats
nonetheless.
Cyber Security Principles
The UK internet industry and Government recognized the need to develop a series of Guiding
Principles for improving the online security of the ISPs' customers and limit the rise in cyber-attacks.
Cybersecurity for these purposes encompasses the protection of essential information, processes,
and systems, connected or stored online, with a broad view across the people, technical, and physical
domains.

These Principles recognize that the ISPs (and other service providers), internet users, and UK
Government all have a role in minimizing and mitigating the cyber threats inherent in using the
internet.

These Guiding Principles have been developed to respond to this challenge by providing a consistent
approach to help, inform, educate, and protect ISPs' (Internet Service Provider's) customers from
online crimes. These Guiding Principles are aspirational, developed and delivered as a partnership
between Government and ISPs. They recognize that ISPs have different sets of customers, offer
different levels of support and services to protect those customers from cyber threats.

Some of the essential cybersecurity principles are described below-

10 Sec

HTML Tutorial
1. Economy of mechanism
2. Fail-safe defaults
3. Least Privilege
4. Open Design
5. Complete mediation
6. Separation of Privilege
7. Least Common Mechanism
8. Psychological acceptability
9. Work Factor
10. Compromise Recording

1. Economy of mechanism
This principle states that Security mechanisms should be as simple and small as possible. The
Economy of mechanism principle simplifies the design and implementation of security mechanisms.
If the design and implementation are simple and small, fewer possibilities exist for errors. The
checking and testing process is less complicated so that fewer components need to be tested.

Interfaces between security modules are the suspect area which should be as simple as possible.
Because Interface modules often make implicit assumptions about input or output parameters or
the current system state. If the any of these assumptions are wrong, the module's actions may
produce unexpected results. Simple security framework facilitates its understanding by developers
and users and enables the efficient development and verification of enforcement methods for it.

2. Fail-safe defaults
The Fail-safe defaults principle states that the default configuration of a system should have a
conservative protection scheme. This principle also restricts how privileges are initialized when a
subject or object is created. Whenever access, privileges/rights, or some security-related attribute is
not explicitly granted, it should not be grant access to that object.

Example: If we will add a new user to an operating system, the default group of the user should
have fewer access rights to files and services.

3. Least Privilege
This principle states that a user should only have those privileges that need to complete his task. Its
primary function is to control the assignment of rights granted to the user, not the identity of the
user. This means that if the boss demands root access to a UNIX system that you administer, he/she
should not be given that right unless he/she has a task that requires such level of access. If possible,
the elevated rights of a user identity should be removed as soon as those rights are no longer
needed.
4. Open Design
This principle states that the security of a mechanism should not depend on the secrecy of its design
or implementation. It suggests that complexity does not add security. This principle is the opposite
of the approach known as "security through obscurity." This principle not only applies to information
such as passwords or cryptographic systems but also to other computer security related operations.

Example: DVD player & Content Scrambling System (CSS) protection. The CSS is a cryptographic
algorithm that protects the DVD movie disks from unauthorized copying.

5. Complete mediation
The principle of complete mediation restricts the caching of information, which often leads to
simpler implementations of mechanisms. The idea of this principle is that access to every object
must be checked for compliance with a protection scheme to ensure that they are allowed. As a
consequence, there should be wary of performance improvement techniques which save the details
of previous authorization checks, since the permissions can change over time.

Whenever someone tries to access an object, the system should authenticate the access rights
associated with that subject. The subject's access rights are verified once at the initial access, and for
subsequent accesses, the system assumes that the same access rights should be accepted for that
subject and object. The operating system should mediate all and every access to an object.

Example: An online banking website should require users to sign-in again after a certain period like
we can say, twenty minutes has elapsed.

6. Separation of Privilege
This principle states that a system should grant access permission based on more than one condition
being satisfied. This principle may also be restrictive because it limits access to system entities. Thus
before privilege is granted more than two verification should be performed.

Example: To su (change) to root, two conditions must be met-

o The user must know the root password.

o The user must be in the right group (wheel).

7. Least Common Mechanism

This principle states that in systems with multiple users, the mechanisms allowing resources shared
by more than one user should be minimized as much as possible. This principle may also be
restrictive because it limits the sharing of resources.
Example: If there is a need to be accessed a file or application by more than one user, then these
users should use separate channels to access these resources, which helps to prevent from
unforeseen consequences that could cause security problems.

8. Psychological acceptability
This principle states that a security mechanism should not make the resource more complicated to
access if the security mechanisms were not present. The psychological acceptability principle
recognizes the human element in computer security. If security-related software or computer
systems are too complicated to configure, maintain, or operate, the user will not employ the
necessary security mechanisms. For example, if a password is matched during a password change
process, the password changing program should state why it was denied rather than giving a cryptic
error message. At the same time, applications should not impart unnecessary information that may
lead to a compromise in security.

Example: When we enter a wrong password, the system should only tell us that the user id or
password was incorrect. It should not tell us that only the password was wrong as this gives the
attacker information.

9. Work Factor
This principle states that the cost of circumventing a security mechanism should be compared with
the resources of a potential attacker when designing a security scheme. In some cases, the cost of
circumventing ("known as work factor") can be easily calculated. In other words, the work factor is a
common cryptographic measure which is used to determine the strength of a given cipher. It does
not map directly to cybersecurity, but the overall concept does apply.

Example: Suppose the number of experiments needed to try all possible four character passwords
is 244 = 331776. If the potential attacker must try each experimental password at a terminal, one
might consider a four-character password to be satisfactory. On the other hand, if the potential
attacker could use an astronomical computer capable of trying a million passwords per second, a
four-letter password would be a minor barrier for a potential intruder.

10. Compromise Recording

The Compromise Recording principle states that sometimes it is more desirable to record the details
of intrusion that to adopt a more sophisticated measure to prevent it.

Example: The servers in an office network may keep logs for all accesses to files, all emails sent and
received, and all browsing sessions on the web. Another example is that Internet-connected
surveillance cameras are a typical example of a compromise recording system that can be placed to
protect a building.

Data Security Consideration

Data security is the protection of programs and data in computers and communication systems
against unauthorized access, modification, destruction, disclosure or transfer whether accidental or
intentional by building physical arrangements and software checks. It refers to the right of individuals
or organizations to deny or restrict the collection and use of information about unauthorized access.
Data security requires system managers to reduce unauthorized access to the systems by building
physical arrangements and software checks.

Data security uses various methods to make sure that the data is correct, original, kept confidentially
and is safe. It includes-

o Ensuring the integrity of data.

o Ensuring the privacy of the data.
o Prevent the loss or destruction of data.

Data security consideration involves the protection of data against unauthorized access,
modification, destruction, loss, disclosure or transfer whether accidental or intentional. Some of the
important data security consideration are described below:

Backups
Data backup refers to save additional copies of our data in separate physical or cloud locations from
data files in storage. It is essential for us to keep secure, store, and backup our data on a regular
basis. Securing of the data will help us to prevent from-

o Accidental or malicious damage/modification to data.

o Theft of valuable information.
o Breach of confidentiality agreements and privacy laws.
o Premature release of data which can avoid intellectual properties claims.
o Release before data have been checked for authenticity and accuracy.

Keeping reliable and regular backups of our data protects against the risk of damage or loss due to
power failure, hardware failure, software or media faults, viruses or hacking, or even human errors.

To use the Backup 3-2-1 Rule is very popular. This rule includes:
o Three copies of our data
o Two different formats, i.e., hard drive+tape backup or DVD (short term)+flash drive
o One off-site backup, i.e., have two physical backups and one in the cloud

Some important backup options are as follows-

1. Hard drives - personal or work computer

2. Departmental or institution server
3. External hard drives
4. Tape backups
5. Discipline-specific repositories
6. University Archives
7. Cloud storage

Some of the top considerations for implementing secure backup and recovery are-

1. Authentication of the users and backup clients to the backup server.

2. Role-based access control lists for all backup and recovery operations.
3. Data encryption options for both transmission and the storage.
4. Flexibility in choosing encryption and authentication algorithms.
5. Backup of a remote client to the centralized location behind firewalls.
6. Backup and recovery of a client running Security-Enhanced Linux (SELinux).
7. Using best practices to write secure software.

Archival Storage
Data archiving is the process of retaining or keeping of data at a secure place for long-term storage.
The data might be stored in safe locations so that it can be used whenever it is required. The archive
data is still essential to the organization and may be needed for future reference. Also, data archives
are indexed and have search capabilities so that the files and parts of files can be easily located and
retrieved. The Data archival serve as a way of reducing primary storage consumption of data and its
related costs.

Data archival is different from data backup in the sense that data backups created copies of data
and used as a data recovery mechanism to restore data in the event when it is corrupted or
destroyed. On the other hand, data archives protect the older information that is not needed in day
to day operations but may have to be accessed occasionally.

Data archives may have many different forms. It can be stored as Online, offline, or cloud storage-

o Online data storage places archive data onto disk systems where it is readily accessible.
o Offline data storage places archive data onto the tape or other removable media using data archiving
software. Because tape can be removed and consumes less power than disk systems.
o Cloud storage is also another possible archive target. For example, Amazon Glacier is designed for
data archiving. Cloud storage is inexpensive, but its costs can grow over time as more data is added
to the cloud archive.

The following list of considerations will help us to improve the long-term usefulness of our archives:

1. Storage medium
2. Storage device
3. Revisiting old archives
4. Data usability
5. Selective archiving
6. Space considerations
7. Online vs. offline storage

Storage medium

The first thing is to what storage medium we use for archives. The archived data will be stored for
long periods of time, so we must need to choose the type of media that will be lost as long as our
retention policy dictates.

Storage device

This consideration takes into account about the storage device we are using for our archives which
will be accessible in a few years. There is no way to predict which types of storage devices will stand
the best. So, it is essential to try to pick those devices that have the best chance of being supported
over the long term.

Revisiting old archives

Since we know our archive policies and the storage mechanisms we use for archiving data would
change over time. So we have to review our archived data at least once a year to see that if anything
needs to be migrated into a different storage medium.

For example, about ten years ago, we used Zip drives for archival then we had transferred all of my
archives to CD. But in today?s, we store most of our archives on DVD. Since modern DVD drives can
also read CDs, so we haven't needed to move our extremely old archives off CD onto DVD.

Data usability

In this consideration, we have seen one major problem in the real world is archived data which is in
an obsolete format.

For example, a few years ago, document files that had been archived in the early 1990s were created
by an application known as PFS Write. The PFS Write file format was supported in the late 80s and
early 90s, but today, there are not any applications that can read that files. To avoid this situation, it
might be helpful to archive not only the data but also copies the installation media for the
applications that created the data.

Selective archiving

In this consideration, we have to sure about what should be archived. That means we will archive
only a selective part of data because not all data is equally important.

Space considerations

If our archives become huge, we must plan for the long-term retention of all our data. If we are
archiving our data to removable media, capacity planning might be simple which makes sure that
there is a free space in the vault to hold all of those tapes, and it makes sure that there is a room in
our IT budget to continue purchasing tapes.

Online vs. offline storage

In this consideration, we have to decide whether to store our archives online (on a dedicated archive
server) or offline (on removable media). Both methods of archival contain advantages and
disadvantages. Storing of data online keeps the data easily accessible. But keeping data online may
be vulnerable to theft, tampering, corruption, etc. Offline storage enables us to store an unlimited
amount of data, but it is not readily accessible.

Disposal of Data
Data destruction or disposal of data is the method of destroying data which is stored on tapes, hard
disks and other electronic media so that it is completely unreadable, unusable and inaccessible for
unauthorized purposes. It also ensures that the organization retains records of data for as long as
they are needed. When it is no longer required, appropriately destroys them or disposes of that data
in some other way, for example, by transfer to an archives service.

The managed process of data disposal has some essential benefits-

o It avoids the unnecessary storage costs incurred by using office or server space in maintaining
records which is no longer needed by the organization.
o Finding and retrieving information is easier and quicker because there is less to search.

The disposal of data usually takes place as part of the normal records management process. There
are two essential circumstances in which the destruction of data need to be handled as an addition
to this process-

o The quantity of a legacy record requires attention.

o The functions are being transferred to another authority and disposal of data records
becomes part of the change process.

The following list of considerations will help us for the secure disposal of data-
1. Eliminate access
2. Destroy the data
3. Destroy the device
4. Keep the record of which systems have been decommissioned
5. Keep careful records
6. Eliminate potential clues
7. Keep systems secure until disposal

Eliminate access

In this consideration, we have to ensure that eliminating access account does not have any rights to
re access the disposed of data again.

Destroy the Data

In this consideration, there is not necessary to remove data from storage media will be safe. Even
these days reformatting or repartitioning a drive to "erase" the data that it stores is not good enough.
Today's many tools available which can help us to delete files more securely. To encrypt the data on
the drive before performing any deletion can help us to make data more difficult to recover later.

Destroy the device

In the most cases, storage media need to be physically destroyed to ensure that our sensitive data
is not leaked to whoever gets the drives next. In such cases, we should not destroy them itself. To
do this, there should be experts who can make probably a lot better at safely and effectively
rendering any data on our drives unrecoverable. If we can't trust this to an outsider agency that
specializes in the secure destruction of storage devices, we should have a specialized team within
our organization who has the same equipment and skills as outside contractors.

Keep the record of which systems have been decommissioned

In this, we have to make sure that the storage media has been fully decommissioned securely and
they do not consist of something easily misplaced or overlooked. It is best if storage media that have
not been fully decommissioned are kept in a specific location, while decommissioned equipment
placed somewhere else so that it will help us to avoid making mistakes.

Keep careful records

In this consideration, it is necessary to keep the record of whoever is responsible for

decommissioning a storage media. If more than one person is assigned for such responsibility, he
should sign off after the completion of the decommissioning process. So that, if something
happened wrong, we know who to talk to find out what happened and how bad the mistake is.

Eliminate potential clues

In this consideration, we have to clear the configuration settings from networking equipment. We
do this because it can provide crucial clues to a security cracker to break into our network and the
systems that reside on it.

Keep system secure until disposal of data

In this consideration, we should have to make clear guidelines for who should have access to the
equipment in need of secure disposal. It will be better to ensure that nobody should have access
authentication to it before disposal of data won't get his or her hands on it.

Security Technologies
With the rapid growth in the Internet, cybersecurity has become a major concern to organizations
throughout the world. The fact that the information and tools & technologies needed to penetrate
the security of corporate organization networks are widely available has increased that security
concern.

Today, the fundamental problem is that much of the security technology aims to keep the attacker
out, and when that fails, the defences have failed. Every organization who uses internet needed
security technologies to cover the three primary control types - preventive, detective, and corrective
as well as provide auditing and reporting. Most security is based on one of these types of things:
something we have (like a key or an ID card), something we know (like a PIN or a password), or
something we are (like a fingerprint).

Some of the important security technologies used in the cybersecurity are described below-

Firewall
Firewall is a computer network security system designed to prevent unauthorized access to or from
a private network. It can be implemented as hardware, software, or a combination of both. Firewalls
are used to prevent unauthorized Internet users from accessing private networks connected to the
Internet. All messages are entering or leaving the intranet pass through the firewall. The firewall
examines each message and blocks those that do not meet the specified security criteria.
Categories of Firewalls
Firewall can be categorised into the following types-

1. Processing mode:

The five processing modes that firewalls can be categorised are-

Packet filtering

Packet filtering firewalls examine header information of a data packets that come into a network.
This firewall installed on TCP/IP network and determine whether to forward it to the next network
connection or drop a packet based on the rules programmed in the firewall. It scans network data
packets looking for a violation of the rules of the firewalls database. Most firewall often based on a
combination of:

o Internet Protocol (IP) source and destination address.

o Direction (inbound or outbound).
o Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) source and destination port
requests.

Packet filtering firewalls can be categorized into three types-

1. Static filtering: The system administrator set a rule for the firewall. These filtering rules governing
how the firewall decides which packets are allowed and which are denied are developed and
installed.

2. Dynamic filtering: It allows the firewall to set some rules for itself, such as dropping packets from
an address that is sending many bad packets.

3. Stateful inspection: A stateful firewalls keep track of each network connection between internal
and external systems using a state table.

Application gateways

It is a firewall proxy which frequently installed on a dedicated computer to provides network security.
This proxy firewall acts as an intermediary between the requester and the protected device. This
firewall proxy filters incoming node traffic to certain specifications that mean only transmitted
network application data is filtered. Such network applications include FTP, Telnet, Real Time
Streaming Protocol (RTSP), BitTorrent, etc.

Circuit gateways

A circuit-level gateway is a firewall that operates at the transport layer. It provides UDP and TCP
connection security which means it can reassemble, examine or block all the packets in a TCP or UDP
connection. It works between a transport layer and an application layers such as the session layer.
Unlike application gateways, it monitors TCP data packet handshaking and session fulfilment of
firewall rules and policies. It can also act as a Virtual Private Network (VPN) over the Internet by
doing encryption from firewall to firewall.

MAC layer firewalls

This firewall is designed to operate at the media access control layer of the OSI network model. It is
able to consider a specific host computer's identity in its filtering decisions. MAC addresses of
specific host computers are linked to the access control list (ACL) entries. This entry identifies specific
types of packets that can be sent to each host and all other traffic is blocked. It will also check the
MAC address of a requester to determine whether the device being used are able to make the
connection is authorized to access the data or not.

Hybrid firewalls
It is a type of firewalls which combine features of other four types of firewalls. These are elements of
packet filtering and proxy services, or of packet filtering and circuit gateways.

2. Development Era:

Firewall can be categorised on the basis of the generation type. These are-

o First Generation
o Second Generation
o Third Generation
o Fourth Generation
o Fifth Generation

First Generation:

The first generation firewall comes with static packet filtering firewall. A static packet filter is the
simplest and least expensive forms of firewall protection. In this generation, each packet entering
and leaving the network is checked and will be either passed or rejected depends on the user-
defined rules. We can compare this security with the bouncer of the club who only allows people
over 21 to enter and below 21 will be disallowed.

Second Generation:

Second generation firewall comes with Application level or proxy servers. This generation of firewall
increases the security level between trusted and untrusted networks. An Application level firewall
uses software to intercept connections for each IP and to perform security inspection. It involves
proxy services which act as an interface between the user on the internal trusted network and the
Internet. Each computer communicates with each other by passing network traffic through the proxy
program. This program evaluates data sent from the client and decides which to move on and which
to drop.

Third Generation:

The third generation firewall comes with the stateful inspection firewalls. This generation of the
firewall has evolved to meet the major requirements demanded by corporate networks of increased
security while minimizing the impact on network performance. The needs of the third generation
firewalls will be even more demanding due to the growing support for VPNs, wireless
communication, and enhanced virus protection. The most challenging element of this evolution is
maintaining the firewall's simplicity (and hence its maintainability and security) without
compromising flexibility.

Fourth Generation:

The fourth generation firewall comes with dynamic packet filtering firewall. This firewall monitors
the state of active connections, and on the basis of this information, it determines which network
packets are allowed to pass through the firewall. By recording session information such as IP
addresses and port numbers, a dynamic packet filter can implement a much tighter security posture
than a static packet filter.

Fifth Generation:

The fifth generation firewall comes with kernel proxy firewall. This firewall works under the kernel of
Windows NT Executive. This firewall proxy operates at the application layer. In this, when a packet
arrives, a new virtual stack table is created which contains only the protocol proxies needed to
examine the specific packet. These packets investigated at each layer of the stack, which involves
evaluating the data link header along with the network header, transport header, session layer
information, and application layer data. This firewall works faster than all the application-level
firewalls because all evaluation takes place at the kernel layer and not at the higher layers of the
operating system.

3. Intended deployment structure:

Firewall can also be categorized based on the structure. These are-

Commercial Appliances

It runs on a custom operating system. This firewall system consists of firewall application software
running on a general-purpose computer. It is designed to provide protection for a medium-to-large
business network. Most of the commercial firewalls are quite complex and often require specialized
training and certification to take full advantage of their features.

Small Office Home Office

The SOHO firewall is designed for small office or home office networks who need protection from
Internet security threats. A firewall for a SOHO (Small Office Home Office) is the first line of defence
and plays an essential role in an overall security strategy. SOHO firewall has limited resources so that
the firewall product they implement must be relatively easy to use and maintain, and be cost-
effective. This firewall connects a user's local area network or a specific computer system to the
Internetworking device.

Residential Software
Residential-grade firewall software is installed directly on a user's system. Some of these applications
combine firewall services with other protections such as antivirus or intrusion detection. There are a
limit to the level of configurability and protection that software firewalls can provide.

4. Architectural Implementation

The firewall configuration that works best for a particular organization depends on three factors: the
objectives of the network, the organization's ability to develop and implement the architectures, and
the budget available for the function.

There are four common architectural implementations of firewalls:

Packet-filtering routers

Packet filtering firewall is used to control the network access by monitoring the outgoing and
incoming packets. It allows them to pass or halt based on the source and destination IP addresses,
protocols and ports. During communication, a node transmits a packet; this packet is filtered and
matched with the predefined rules and policies. Once it is matched, a packet is considered secure
and verified and are able to be accepted otherwise blocked them.

Screened host firewalls

This firewall architecture combines the packet-filtering router with a separate and dedicated firewall.
The application gateway needs only one network interface. It is allowing the router to pre-screen
packets to minimize the network traffic and load on the internal proxy. The packet-filtering router
filters dangerous protocols from reaching the application gateway and site systems.

Dual-homed host firewalls

The network architecture for the dual-homed host firewall is simple. Its architecture is built around
the dual-homed host computer, a computer that has at least two NICs. One NIC is to be connected
with the external network, and other is connected to the internal network which provides an
additional layer of protection. With these NICs, all traffic must go through the firewall in order to
move between the internal and external networks.

The Implementation of this architecture often makes use of NAT. NAT is a method of mapping
assigned IP addresses to special ranges of no routable internal IP addresses, thereby creating
another barrier to intrusion from external attackers.

Screened Subnet Firewalls

This architecture adds an extra layer (perimeter network) of security to the screened host architecture
by adding a perimeter network that further isolates the internal network from the Internet. In this
architecture, there are two screening routers and both connected to the perimeter net. One router
sits between the perimeter net and the internal network, and the other router sits between the
perimeter net and the external network. To break into the internal network, an attacker would have
to get past both routers. There is no single vulnerable point that will compromise the internal
network.

VPNs
A VPN stands for virtual private network. It is a technology which creates a safe and an encrypted
connection on the Internet from a device to a network. This type of connection helps to ensure our
sensitive data is transmitted safely. It prevents our connection from eavesdropping on the network
traffic and allows the user to access a private network securely. This technology is widely used in the
corporate environments.

A VPN works same as firewall like firewall protects data local to a device wherever VPNs protects
data online. To ensure safe communication on the internet, data travel through secure tunnels, and
VPNs user used an authentication method to gain access over the VPNs server. VPNs are used by
remote users who need to access corporate resources, consumers who want to download files and
business travellers want to access a site that is geographically restricted.

Intrusion Detection System (IDS)

An IDS is a security system which monitors the computer systems and network traffic. It analyses
that traffic for possible hostile attacks originating from the outsider and also for system misuse or
attacks originating from the insider. A firewall does a job of filtering the incoming traffic from the
internet, the IDS in a similar way compliments the firewall security. Like, the firewall protects an
organization sensitive data from malicious attacks over the Internet, the Intrusion detection system
alerts the system administrator in the case when someone tries to break in the firewall security and
tries to have access on any network in the trusted side.

Intrusion Detection System have different types to detects the suspicious activities-

1. NIDS-

It is a Network Intrusion Detection System which monitors the inbound and outbound traffic to and
from all the devices over the network.
2. HIDS-

It is a Host Intrusion Detection System which runs on all devices in the network with direct access to
both internet and enterprise internal network. It can detect anomalous network packets that
originate from inside the organization or malicious traffic that a NIDS has failed to catch. HIDS may
also identify malicious traffic that arises from the host itself.

3. Signature-based Intrusion Detection System-

It is a detection system which refers to the detection of an attack by looking for the specific patterns,
such as byte sequences in network traffic, or known malicious instruction sequences used by
malware. This IDS originates from anti-virus software which can easily detect known attacks. In this
terminology, it is impossible to detect new attacks, for which no pattern is available.

4. Anomaly-based Intrusion Detection System-

This detection system primarily introduced to detect unknown attacks due to the rapid development
of malware. It alerts administrators against the potentially malicious activity. It monitors the network
traffic and compares it against an established baseline. It determines what is considered to be normal
for the network with concern to bandwidth, protocols, ports and other devices.

Access Control
Access control is a process of selecting restrictive access to a system. It is a concept in security to
minimize the risk of unauthorized access to the business or organization. In this, users are granted
access permission and certain privileges to a system and resources. Here, users must provide the
credential to be granted access to a system. These credentials come in many forms such as password,
keycard, the biometric reading, etc. Access control ensures security technology and access control
policies to protect confidential information like customer data.

The access control can be categories into two types-

o Physical access control

o Logical access control

Physical Access Control- This type of access control limits access to buildings, rooms, campuses,
and physical IT assets.

Logical access control- This type of access control limits connection to computer networks, system
files, and data.

The more secure method for access control involves two - factor authentication. The first factor is
that a user who desires access to a system must show credential and the second factor could be an
access code, password, and a biometric reading.

The access control consists of two main components: authorization and authentication.
Authentication is a process which verifies that someone claims to be granted access whereas an
authorization provides that whether a user should be allowed to gain access to a system or denied
it.

Threat to E-Commerce
E-Commerce refers to the activity of buying and selling things over the internet. Simply, it refers to
the commercial transactions which are conducted online. E-commerce can be drawn on many
technologies such as mobile commerce, Internet marketing, online transaction processing, electronic
funds transfer, supply chain management, electronic data interchange (EDI), inventory management
systems, and automated data collection systems.

E-commerce threat is occurring by using the internet for unfair means with the intention of stealing,
fraud and security breach. There are various types of e-commerce threats. Some are accidental, some
are purposeful, and some of them are due to human error. The most common security threats are
an electronic payments system, e-cash, data misuse, credit/debit card frauds, etc.

Electronic payments system:

With the rapid development of the computer, mobile, and network technology, e-commerce has
become a routine part of human life. In e-commerce, the customer can order products at home and
save time for doing other things. There is no need of visiting a store or a shop. The customer can
select different stores on the Internet in a very short time and compare the products with different
characteristics such as price, colour, and quality.

The electronic payment systems have a very important role in e-commerce. E-commerce
organizations use electronic payment systems that refer to paperless monetary transactions. It
revolutionized the business processing by reducing paperwork, transaction costs, and labour cost.
E-commerce processing is user-friendly and less time consuming than manual processing. Electronic
commerce helps a business organization expand its market reach expansion. There is a certain risk
with the electronic payments system.

Some of them are:

The Risk of Fraud

An electronic payment system has a huge risk of fraud. The computing devices use an identity of the
person for authorizing a payment such as passwords and security questions. These authentications
are not full proof in determining the identity of a person. If the password and the answers to the
security questions are matched, the system doesn't care who is on the other side. If someone has
access to our password or the answers to our security question, he will gain access to our money
and can steal it from us.

The Risk of Tax Evasion

The Internal Revenue Service law requires that every business declare their financial transactions and
provide paper records so that tax compliance can be verified. The problem with electronic systems
is that they don't provide cleanly into this paradigm. It makes the process of tax collection very
frustrating for the Internal Revenue Service. It is at the business's choice to disclose payments
received or made via electronic payment systems. The IRS has no way to know that it is telling the
truth or not that makes it easy to evade taxation.

The Risk of Payment Conflicts

In electronic payment systems, the payments are handled by an automated electronic system, not
by humans. The system is prone to errors when it handles large amounts of payments on a frequent
basis with more than one recipients involved. It is essential to continually check our pay slip after
every pay period ends in order to ensure everything makes sense. If it is a failure to do this, may
result in conflicts of payment caused by technical glitches and anomalies.

E-cash
E-cash is a paperless cash system which facilitates the transfer of funds anonymously. E-cash is free
to the user while the sellers have paid a fee for this. The e-cash fund can be either stored on a card
itself or in an account which is associated with the card. The most common examples of e-cash
system are transit card, PayPal, GooglePay, Paytm, etc.

E-cash has four major components-

1. Issuers - They can be banks or a non-bank institution.

2. Customers - They are the users who spend the e-cash.
3. Merchants or Traders - They are the vendors who receive e-cash.
4. Regulators - They are related to authorities or state tax agencies.

In e-cash, we stored financial information on the computer, electronic device or on the internet
which is vulnerable to the hackers. Some of the major threats related to e-cash system are-
Backdoors Attacks
It is a type of attacks which gives an attacker to unauthorized access to a system by bypasses the
normal authentication mechanisms. It works in the background and hides itself from the user that
makes it difficult to detect and remove.

Denial of service attacks

A denial-of-service attack (DoS attack) is a security attack in which the attacker takes action that
prevents the legitimate (correct) users from accessing the electronic devices. It makes a network
resource unavailable to its intended users by temporarily disrupting services of a host connected to
the Internet.

Direct Access Attacks

Direct access attack is an attack in which an intruder gains physical access to the computer to
perform an unauthorized activity and installing various types of software to compromise security.
These types of software loaded with worms and download a huge amount of sensitive data from the
target victims.

Eavesdropping
This is an unauthorized way of listening to private communication over the network. It does not
interfere with the normal operations of the targeting system so that the sender and the recipient of
the messages are not aware that their conversation is tracking.

Credit/Debit card fraud

A credit card allows us to borrow money from a recipient bank to make purchases. The issuer of the
credit card has the condition that the cardholder will pay back the borrowed money with an
additional agreed-upon charge.

A debit card is of a plastic card which issued by the financial organization to account holder who has
a savings deposit account that can be used instead of cash to make purchases. The debit card can
be used only when the fund is available in the account.

Some of the important threats associated with the debit/credit card are-

ATM (Automated Teller Machine)-

It is the favourite place of the fraudster from there they can steal our card details. Some of the
important techniques which the criminals opt for getting hold of our card information is:

Skimming-
It is the process of attaching a data-skimming device in the card reader of the ATM. When the
customer swipes their card in the ATM card reader, the information is copied from the magnetic
strip to the device. By doing this, the criminals get to know the details of the Card number, name,
CVV number, expiry date of the card and other details.

Unwanted Presence-

It is a rule that not more than one user should use the ATM at a time. If we find more than one
people lurking around together, the intention behind this is to overlook our card details while we
were making our transaction.

Vishing/Phishing

Phishing is an activity in which an intruder obtained the sensitive information of a user such as
password, usernames, and credit card details, often for malicious reasons, etc.

Vishing is an activity in which an intruder obtained the sensitive information of a user via sending
SMS on mobiles. These SMS and Call appears to be from a reliable source, but in real they are fake.
The main objective of vishing and phishing is to get the customer's PIN, account details, and
passwords.

Online Transaction

Online transaction can be made by the customer to do shopping and pay their bills over the internet.
It is as easy as for the customer, also easy for the customer to hack into our system and steal our
sensitive information. Some important ways to steal our confidential information during an online
transaction are-

o By downloading software which scans our keystroke and steals our password and card details.
o By redirecting a customer to a fake website which looks like original and steals our sensitive
information.
o By using public Wi-Fi

POS Theft

It is commonly done at merchant stores at the time of POS transaction. In this, the salesperson takes the
customer card for processing payment and illegally copies the card details for later use.

Security Policies
Security policies are a formal set of rules which is issued by an organization to ensure that the user
who are authorized to access company technology and information assets comply with rules and
guidelines related to the security of information. It is a written document in the organization which
is responsible for how to protect the organizations from threats and how to handles them when they
will occur. A security policy also considered to be a "living document" which means that the
document is never finished, but it is continuously updated as requirements of the technology and
employee changes.
Need of Security policies-
1) It increases efficiency.
The best thing about having a policy is being able to increase the level of consistency which saves
time, money and resources. The policy should inform the employees about their individual duties,
and telling them what they can do and what they cannot do with the organization sensitive
information.

2) It upholds discipline and accountability

When any human mistake will occur, and system security is compromised, then the security policy
of the organization will back up any disciplinary action and also supporting a case in a court of law.
The organization policies act as a contract which proves that an organization has taken steps to
protect its intellectual property, as well as its customers and clients.

3) It can make or break a business deal

It is not necessary for companies to provide a copy of their information security policy to other
vendors during a business deal that involves the transference of their sensitive information. It is true
in a case of bigger businesses which ensures their own security interests are protected when dealing
with smaller businesses which have less high-end security systems in place.

4) It helps to educate employees on security literacy

A well-written security policy can also be seen as an educational document which informs the readers
about their importance of responsibility in protecting the organization sensitive data. It involves on
choosing the right passwords, to providing guidelines for file transfers and data storage which
increases employee's overall awareness of security and how it can be strengthened.

We use security policies to manage our network security. Most types of security policies are
automatically created during the installation. We can also customize policies to suit our specific
environment. There are some important cybersecurity policies recommendations describe below-

1. Virus and Spyware Protection policy

This policy provides the following protection:

o It helps to detect, removes, and repairs the side effects of viruses and security risks by using signatures.
o It helps to detect the threats in the files which the users try to download by using reputation data
from Download Insight.
o It helps to detect the applications that exhibit suspicious behaviour by using SONAR heuristics and
reputation data.

2. Firewall Policy

This policy provides the following protection:

o It blocks the unauthorized users from accessing the systems and networks that connect to the Internet.
o It detects the attacks by cybercriminals.
o It removes the unwanted sources of network traffic.

3. Intrusion Prevention policy

This policy automatically detects and blocks the network attacks and browser attacks. It also protects
applications from vulnerabilities. It checks the contents of one or more data packages and detects
malware which is coming through legal ways.

4. LiveUpdate policy

This policy can be categorized into two types one is LiveUpdate Content policy, and another is
LiveUpdate Setting Policy. The LiveUpdate policy contains the setting which determines when and
how client computers download the content updates from LiveUpdate. We can define the computer
that clients contact to check for updates and schedule when and how often clients computer check
for updates.

5. Application and Device Control

This policy protects a system's resources from applications and manages the peripheral devices that
can attach to a system. The device control policy applies to both Windows and Mac computers
whereas application control policy can be applied only to Windows clients.

6. Exceptions policy

This policy provides the ability to exclude applications and processes from detection by the virus
and spyware scans.

7. Host Integrity policy

This policy provides the ability to define, enforce, and restore the security of client computers to
keep enterprise networks and data secure. We use this policy to ensure that the client's computers
who access our network are protected and compliant with companies? securities policies. This policy
requires that the client system must have installed antivirus.

Security Standards
To make cybersecurity measures explicit, the written norms are required. These norms are known as
cybersecurity standards: the generic sets of prescriptions for an ideal execution of certain measures.
The standards may involve methods, guidelines, reference frameworks, etc. It ensures efficiency of
security, facilitates integration and interoperability, enables meaningful comparison of measures,
reduces complexity, and provide the structure for new developments.

A security standard is "a published specification that establishes a common language, and contains
a technical specification or other precise criteria and is designed to be used consistently, as a rule, a
guideline, or a definition." The goal of security standards is to improve the security of information
technology (IT) systems, networks, and critical infrastructures. The Well-Written cybersecurity
standards enable consistency among product developers and serve as a reliable standard for
purchasing security products.

Security standards are generally provided for all organizations regardless of their size or the industry
and sector in which they operate. This section includes information about each standard that is
usually recognized as an essential component of any cybersecurity strategy.

1. ISO
ISO stands for International Organization for Standardization. International Standards make things
to work. These standards provide a world-class specification for products, services and computers,
to ensure quality, safety and efficiency. They are instrumental in facilitating international trade.

ISO standard is officially established On 23 February 1947. It is an independent, non-governmental

international organization. Today, it has a membership of 162 national standards bodies and 784
technical committees and subcommittees to take care of standards development. ISO has published
over 22336 International Standards and its related documents which covers almost every industry,
from information technology, to food safety, to agriculture and healthcare.

ISO 27000 Series

It is the family of information security standards which is developed by the International
Organization for Standardization and the International Electrotechnical Commission to provide a
globally recognized framework for best information security management. It helps the organization
to keep their information assets secure such as employee details, financial information, and
intellectual property.

The need of ISO 27000 series arises because of the risk of cyber-attacks which the organization face.
The cyber-attacks are growing day by day making hackers a constant threat to any industry that
uses technology.

The ISO 27000 series can be categorized into many types. They are-

ISO 27001- This standard allows us to prove the clients and stakeholders of any organization to
managing the best security of their confidential data and information. This standard involves a
process-based approach for establishing, implementing, operating, monitoring, maintaining, and
improving our ISMS.

ISO 27000- This standard provides an explanation of terminologies used in ISO 27001.

ISO 27002- This standard provides guidelines for organizational information security standards and
information security management practices. It includes the selection, implementation, operating and
management of controls taking into consideration the organization's information security risk
environment(s).

ISO 27005- This standard supports the general concepts specified in 27001. It is designed to provide
the guidelines for implementation of information security based on a risk management approach.
To completely understand the ISO/IEC 27005, the knowledge of the concepts, models, processes,
and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is required. This standard is
capable for all kind of organizations such as non-government organization, government agencies,
and commercial enterprises.

ISO 27032- It is the international Standard which focuses explicitly on cybersecurity. This Standard includes
guidelines for protecting the information beyond the borders of an organization such as in collaborations,
partnerships or other information sharing arrangements with clients and suppliers.

2. IT Act
The Information Technology Act also known as ITA-2000, or the IT Act main aims is to provide the
legal infrastructure in India which deal with cybercrime and e-commerce. The IT Act is based on the
United Nations Model Law on E-Commerce 1996 recommended by the General Assembly of United
Nations. This act is also used to check misuse of cyber network and computer in India. It was officially
passed in 2000 and amended in 2008. It has been designed to give the boost to Electronic
commerce, e-transactions and related activities associated with commerce and trade. It also facilitate
electronic governance by means of reliable electronic records.

IT Act 2000 has 13 chapters, 94 sections and 4 schedules. The first 14 sections concerning digital
signatures and other sections deal with the certifying authorities who are licenced to issue digital
signature certificates, sections 43 to 47 provides penalties and compensation, section 48 to 64 deal
with appeal to high court, sections 65 to 79 deal with offences, and the remaining section 80 to 94
deal with miscellaneous of the act.

3. Copyright Act
The Copyright Act 1957 amended by the Copyright Amendment Act 2012 governs the subject of
copyright law in India. This Act is applicable from 21 January 1958. Copyright is a legal term which
describes the ownership of control of the rights to the authors of "original works of authorship" that
are fixed in a tangible form of expression. An original work of authorship is a distribution of certain
works of creative expression including books, video, movies, music, and computer programs. The
copyright law has been enacted to balance the use and reuse of creative works against the desire of
the creators of art, literature, music and monetize their work by controlling who can make and sell
copies of the work.

The copyright act covers the following-

o Rights of copyright owners

o Works eligible for protection
o Duration of copyright
o Who can claim copyright

The copyright act does not covers the following-

o Ideas, procedures, methods, processes, concepts, systems, principles, or discoveries

o Works that are not fixed in a tangible form (such as a choreographic work that has not been
notated or recorded or an improvisational speech that has not been written down)
o Familiar symbols or designs
o Titles, names, short phrases, and slogans
o Mere variations of typographic ornamentation, lettering, or coloring

4. Patent Law
Patent law is a law that deals with new inventions. Traditional patent law protect tangible scientific
inventions, such as circuit boards, heating coils, car engines, or zippers. As time increases patent law
have been used to protect a broader variety of inventions such as business practices, coding
algorithms, or genetically modified organisms. It is the right to exclude others from making, using,
selling, importing, inducing others to infringe, and offering a product specially adapted for practice
of the patent.

In general, a patent is a right that can be granted if an invention is:

o Not a natural object or process

o New
o Useful
o Not obvious.

5. IPR
Intellectual property rights is a right that allow creators, or owners of patents, trademarks or
copyrighted works to benefit from their own plans, ideas, or other intangible assets or investment
in a creation. These IPR rights are outlined in the Article 27 of the Universal Declaration of Human
Rights. It provides for the right to benefit from the protection of moral and material interests
resulting from authorship of scientific, literary or artistic productions. These property rights allow the
holder to exercise a monopoly on the use of the item for a specified period.

Digital Signature
A digital signature is a mathematical technique which validates the authenticity and integrity of a
message, software or digital documents. It allows us to verify the author name, date and time of
signatures, and authenticate the message contents. The digital signature offers far more inherent
security and intended to solve the problem of tampering and impersonation (Intentionally copy
another person's characteristics) in digital communications.

The computer-based business information authentication interrelates both technology and the law.
It also calls for cooperation between the people of different professional backgrounds and areas of
expertise. The digital signatures are different from other electronic signatures not only in terms of
process and result, but also it makes digital signatures more serviceable for legal purposes. Some
electronic signatures that legally recognizable as signatures may not be secure as digital signatures
and may lead to uncertainty and disputes.

Application of Digital Signature

The important reason to implement digital signature to communication is:

o Authentication
o Non-repudiation
o Integrity

Authentication
Authentication is a process which verifies the identity of a user who wants to access the system. In
the digital signature, authentication helps to authenticate the sources of messages.

Non-repudiation
Non-repudiation means assurance of something that cannot be denied. It ensures that someone to
a contract or communication cannot later deny the authenticity of their signature on a document or
in a file or the sending of a message that they originated.

Integrity
Integrity ensures that the message is real, accurate and safeguards from unauthorized user
modification during the transmission.

Algorithms in Digital Signature

A digital signature consists of three algorithms:

1. Key generation algorithm

The key generation algorithm selects private key randomly from a set of possible private keys. This
algorithm provides the private key and its corresponding public key.

2. Signing algorithm

A signing algorithm produces a signature for the document.

3. Signature verifying algorithm

A signature verifying algorithm either accepts or rejects the document's authenticity.

How digital signatures work
Digital signatures are created and verified by using public key cryptography, also known as
asymmetric cryptography. By the use of a public key algorithm, such as RSA, one can generate two
keys that are mathematically linked- one is a private key, and another is a public key.

The user who is creating the digital signature uses their own private key to encrypt the signature-
related document. There is only one way to decrypt that document is with the use of signer's public
key.

This technology requires all the parties to trust that the individual who creates the signature has
been able to keep their private key secret. If someone has access the signer's private key, there is a
possibility that they could create fraudulent signatures in the name of the private key holder.

The steps which are followed in creating a digital signature are:

1. Select a file to be digitally signed.

2. The hash value of the message or file content is calculated. This message or file content is encrypted
by using a private key of a sender to form the digital signature.
3. Now, the original message or file content along with the digital signature is transmitted.
4. The receiver decrypts the digital signature by using a public key of a sender.
5. The receiver now has the message or file content and can compute it.
6. Comparing these computed message or file content with the original computed message. The
comparison needs to be the same for ensuring integrity.

Types of Digital Signature

Different document processing platform supports different types of digital signature. They are
described below:
Certified Signatures
The certified digital signature documents display a unique blue ribbon across the top of the
document. The certified signature contains the name of the document signer and the certificate
issuer which indicate the authorship and authenticity of the document.

Approval Signatures
The approval digital signatures on a document can be used in the organization's business workflow.
They help to optimize the organization's approval procedure. The procedure involves capturing
approvals made by us and other individuals and embedding them within the PDF document. The
approval signatures to include details such as an image of our physical signature, location, date, and
official seal.

Visible Digital Signature

The visible digital signature allows a user to sign a single document digitally. This signature appears
on a document in the same way as signatures are signed on a physical document.

Invisible Digital Signature

The invisible digital signatures carry a visual indication of a blue ribbon within a document in the
taskbar. We can use invisible digital signatures when we do not have or do not want to display our
signature but need to provide the authenticity of the document, its integrity, and its origin.

Cyber Security Tools

Protecting our IT environment is very critical. Every organization needs to take cybersecurity very
seriously. There are numbers of hacking attacks which affecting businesses of all sizes. Hackers,
malware, viruses are some of the real security threats in the virtual world. It is essential that every
company is aware of the dangerous security attacks and it is necessary to keep themselves secure.
There are many different aspects of the cyber defence may need to be considered. Here are six
essential tools and services that every organization needs to consider to ensure their cybersecurity
is as strong as possible. They are described below:

1. Firewalls
As we know, the firewall is the core of security tools, and it becomes one of the most important
security tools. Its job is to prevent unauthorized access to or from a private network. It can be
implemented as hardware, software, or a combination of both. The firewalls are used to prevent
unauthorized internet users from accessing private networks connected to the Internet. All messages
are entering or leaving the intranet pass through the firewall. The firewall examines each message
and blocks those messages that do not meet the specified security criteria.

The Firewall is very useful, but it has limitations also. A skilled hacker knew how to create data and
programs that are believing like trusted firewalls. It means that we can pass the program through
the firewall without any problems. Despite these limitations, firewalls are still very useful in the
protection of less sophisticated malicious attacks on our system.

2. Antivirus Software
Antivirus software is a program which is designed to prevent, detect, and remove viruses and other
malware attacks on the individual computer, networks, and IT systems. It also protects our computers
and networks from the variety of threats and viruses such as Trojan horses, worms, keyloggers,
browser hijackers, rootkits, spyware, botnets, adware, and ransomware. Most antivirus program
comes with an auto-update feature and enabling the system to check for new viruses and threats
regularly. It provides some additional services such as scanning emails to ensure that they are free
from malicious attachments and web links.

3. PKI Services
PKI stands for Public Key Infrastructure. This tool supports the distribution and identification of
public encryption keys. It enables users and computer systems to securely exchange data over the
internet and verify the identity of the other party. We can also exchange sensitive information
without PKI, but in that case, there would be no assurance of the authentication of the other party.

People associate PKI with SSL or TLS. It is the technology which encrypts the server communication
and is responsible for HTTPS and padlock that we can see in our browser address bar. PKI solve
many numbers of cybersecurity problems and deserves a place in the organization security suite.

PKI can also be used to:

o Enable Multi-Factor Authentication and access control

o Create compliant, Trusted Digital Signatures.
o Encrypt email communications and authenticate the sender's identity.
o Digitally sign and protect the code.
o Build identity and trust into IoT ecosystems.

4. Managed Detection and Response Service (MDR)

Today's cybercriminals and hackers used more advanced techniques and software to breach
organization security So, there is a necessity for every businesses to be used more powerful forms
of defences of cybersecurity. MDR is an advanced security service that provides threat hunting, threat
intelligence, security monitoring, incident analysis, and incident response. It is a service that arises
from the need for organizations (who has a lack of resources) to be more aware of risks and improve
their ability to detect and respond to threats. MDR also uses Artificial Intelligence and machine
learning to investigate, auto detect threats, and orchestrate response for faster result.

The managed detection and response has the following characteristics:

o Managed detection and response is focused on threat detection, rather than compliance.
o MDR relies heavily on security event management and advanced analytics.
o While some automation is used, MDR also involves humans to monitor our network.
o MDR service providers also perform incident validation and remote response.
5. Penetration Testing
Penetration testing, or pen-test, is an important way to evaluate our business's security systems and
security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities exist in
operating systems, services and application, improper configurations or risky end-user behavior. In
Penetration testing, cybersecurity professionals will use the same techniques and processes utilized
by criminal hackers to check for potential threats and areas of weakness.

A pen test attempts the kind of attack a business might face from criminal hackers such as password
cracking, code injection, and phishing. It involves a simulated real-world attack on a network or
application. This tests can be performed by using manual or automated technologies to
systematically evaluate servers, web applications, network devices, endpoints, wireless networks,
mobile devices and other potential points of vulnerabilities. Once the pen test has successfully taken
place, the testers will present us with their findings threats and can help by recommending potential
changes to our system.

6. Staff Training
Staff training is not a 'cybersecurity tool' but ultimately, having knowledgeable employees who
understand the cybersecurity which is one of the strongest forms of defence against cyber-attacks.
Today's many training tools available that can educate company's staff about the best cybersecurity
practices. Every business can organize these training tools to educate their employee who can
understand their role in cybersecurity.

We know that cyber-criminals continue to expand their techniques and level of sophistication to breach
businesses security, it has made it essential for organizations to invest in these training tools and services.
Failing to do this, they can leave the organization in a position where hackers would be easily targeted their
security system. So, the expense of the investment on these training tools might put a reward for the business
organization with long-term security and protection.

Cyber Security Challenges

Today cybersecurity is the main component of the country's overall national security and economic
security strategies. In India, there are so many challenges related to cybersecurity. With the increase
of the cyber-attacks, every organization needs a security analyst who makes sure that their system
is secured. These security analysts face many challenges related to cybersecurity such as securing
confidential data of government organizations, securing the private organization servers, etc.

The recent important cybersecurity challenges are described below:

1. Ransomware Evolution
Ransomware is a type of malware in which the data on a victim's computer is locked, and payment
is demanded before the ransomed data is unlocked. After successful payment, access rights returned
to the victim. Ransomware is the bane of cybersecurity, data professionals, IT, and executives.

Ransomware attacks are growing day by day in the areas of cybercrime. IT professionals and business
leaders need to have a powerful recovery strategy against the malware attacks to protect their
organization. It involves proper planning to recover corporate and customers' data and application
as well as reporting any breaches against the Notifiable Data Breaches scheme. Today's DRaaS
solutions are the best defence against the ransomware attacks. With DRaaS solutions method, we
can automatically back up our files, easily identify which backup is clean, and launch a fail-over with
the press of a button when malicious attacks corrupt our data.

2. Blockchain Revolution
Blockchain technology is the most important invention in computing era. It is the first time in human
history that we have a genuinely native digital medium for peer-to-peer value exchange. The
blockchain is a technology that enables cryptocurrencies like Bitcoin. The blockchain is a vast global
platform that allows two or more parties to do a transaction or do business without needing a third
party for establishing trust.

It is difficult to predict what blockchain systems will offer in regards to cybersecurity. The
professionals in cybersecurity can make some educated guesses regarding blockchain. As the
application and utility of blockchain in a cybersecurity context emerges, there will be a healthy
tension but also complementary integrations with traditional, proven, cybersecurity approaches.
3. IoT Threats
IoT stands for Internet of Things. It is a system of interrelated physical devices which can be
accessible through the internet. The connected physical devices have a unique identifier (UID) and
have the ability to transfer data over a network without any requirements of the human-to-human
or human-to-computer interaction. The firmware and software which is running on IoT devices make
consumer and businesses highly susceptible to cyber-attacks.

When IoT things were designed, it is not considered in mind about the used in cybersecurity and for
commercial purposes. So every organization needs to work with cybersecurity professionals to
ensure the security of their password policies, session handling, user verification, multifactor
authentication, and security protocols to help in managing the risk.

4. AI Expansion
AI short form is Artificial intelligence. According to John McCarthy, father of Artificial Intelligence
defined AI: "The science and engineering of making intelligent machines, especially intelligent
computer programs."

It is an area of computer science which is the creation of intelligent machines that do work and react
like humans. Some of the activities related to artificial intelligence include speech recognition,
Learning, Planning, Problem-solving, etc. The key benefits with AI into our cybersecurity strategy has
the ability to protect and defend an environment when the malicious attack begins, thus mitigating
the impact. AI take immediate action against the malicious attacks at a moment when a threats
impact a business. IT business leaders and cybersecurity strategy teams consider AI as a future
protective control that will allow our business to stay ahead of the cybersecurity technology curve.

5. Serverless Apps Vulnerability

Serverless architecture and apps is an application which depends on third-party cloud infrastructure
or on a back-end service such as google cloud function, Amazon web services (AWS) lambda, etc.
The serverless apps invite the cyber attackers to spread threats on their system easily because the
users access the application locally or off-server on their device. Therefore it is the user responsibility
for the security precautions while using serverless application.

The serverless apps do nothing to keep the attackers away from our data. The serverless application
doesn't help if an attacker gains access to our data through a vulnerability such as leaked credentials,
a compromised insider or by any other means then serverless.

We can run software with the application which provides best chance to defeat the cybercriminals. The
serverless applications are typically small in size. It helps developers to launch their applications quickly and
easily. They don't need to worry about the underlying infrastructure. The web-services and data processing
tools are examples of the most common serverless apps.

Cyber Security Risk Analysis

Risk analysis refers to the review of risks associated with the particular action or event. The risk
analysis is applied to information technology, projects, security issues and any other event where
risks may be analysed based on a quantitative and qualitative basis. Risks are part of every IT project
and business organizations. The analysis of risk should be occurred on a regular basis and be
updated to identify new potential threats. The strategic risk analysis helps to minimize the future risk
probability and damage.

Enterprise and organization used risk analysis:

o To anticipates and reduce the effect of harmful results occurred from adverse events.
o To plan for technology or equipment failure or loss from adverse events, both natural and human-
caused.
o To evaluate whether the potential risks of a project are balanced in the decision process when
evaluating to move forward with the project.
o To identify the impact of and prepare for changes in the enterprise environment.

Benefits of risk analysis

Every organization needs to understand about the risks associated with their information systems to
effectively and efficiently protect their IT assets. Risk analysis can help an organization to improve
their security in many ways. These are:

o Concerning financial and organizational impacts, it identifies, rate and compares the overall impact of
risks related to the organization.
o It helps to identify gaps in information security and determine the next steps to eliminate the risks of
security.
o It can also enhance the communication and decision-making processes related to information
security.
o It improves security policies and procedures as well as develop cost-effective methods for
implementing information security policies and procedures.
o It increases employee awareness about risks and security measures during the risk analysis process
and understands the financial impacts of potential security risks.

Steps in the risk analysis process

The basic steps followed by a risk analysis process are:

Conduct a risk assessment survey:

Getting the input from management and department heads is critical to the risk assessment process.
The risk assessment survey refers to begin documenting the specific risks or threats within each
department.

Identify the risks:

This step is used to evaluate an IT system or other aspects of an organization to identify the risk
related to software, hardware, data, and IT employees. It identifies the possible adverse events that
could occur in an organization such as human error, flooding, fire, or earthquakes.

Analyse the risks:

Once the risks are evaluated and identified, the risk analysis process should analyse each risk that
will occur, as well as determine the consequences linked with each risk. It also determines how they
might affect the objectives of an IT project.

Develop a risk management plan:

After analysis of the Risk that provides an idea about which assets are valuable and which threats
will probably affect the IT assets negatively, we would develop a plan for risk management to
produce control recommendations that can be used to mitigate, transfer, accept or avoid the risk.

Implement the risk management plan:

The primary goal of this step is to implement the measures to remove or reduce the analyses risks.
We can remove or reduce the risk from starting with the highest priority and resolve or at least
mitigate each risk so that it is no longer a threat.

Monitor the risks:

This step is responsible for monitoring the security risk on a regular basis for identifying, treating
and managing risks that should be an essential part of any risk analysis process.

Types of Risk Analysis

The essential number of distinct approaches related to risk analysis are:

Qualitative Risk Analysis

o The qualitative risk analysis process is a project management technique that prioritizes risk on the
project by assigning the probability and impact number. Probability is something a risk event will
occur whereas impact is the significance of the consequences of a risk event.
o The objective of qualitative risk analysis is to assess and evaluate the characteristics of individually
identified risk and then prioritize them based on the agreed-upon characteristics.
o The assessing individual risk evaluates the probability that each risk will occur and effect on the project
objectives. The categorizing risks will help in filtering them out.
o Qualitative analysis is used to determine the risk exposure of the project by multiplying the probability
and impact.

Quantitative Risk Analysis

o The objectives of performing quantitative risk analysis process provide a numerical estimate of the
overall effect of risk on the project objectives.
o It is used to evaluate the likelihood of success in achieving the project objectives and to estimate
contingency reserve, usually applicable for time and cost.
o Quantitative analysis is not mandatory, especially for smaller projects. Quantitative risk analysis helps
in calculating estimates of overall project risk which is the main focus.

Cyber Security Certification

A certification degree will lead us to our dream job. At some point in our professional life, and IT
security certification from a renowned third-party organization may be necessary.

Cyber Security Certifications are available in different shapes and subjects such as forensic to
intrusion to ethical hacking. They are typically administrated by independent accredited
organizations such as CompTIA, EC Council, GIAC, ISACA, and (ISC) 2.

The certification program is divided into three categories in these accredited organization:

o The basic entry-level certification is meant to educate you in- foundation principles, best practices,
important tools, latest technologies, etc.
o The intermediate and expert-level certifications presume that we have extensive job experience and a
detailed grasp of the subject matter.

According to the topic or level:

o The employees of the organizations mostly acquire IT security certifications.

o The training and the final exam have consisted of the credential process.
o It must be renewed periodically, such as for every 3-4 years.
o To be reaccredited, we'll need continuing education credits and the ability to pass the current exam.

Costs for Cyber Security Certification

When we want to get the cybersecurity certification, nothing can stop us from getting our dream
job if we have the skills.

We cannot here lie about the expense of the certification. The cybersecurity certification can be
expensive and time-consuming.
Any entry-level certification takes three-nine months to complete and costs us back $300-$600 for
the examination. This certification leads to promotion, better job prospects and raise. It will help you
to get a hike in your salary.

Which Certification to Choose

When you want to enroll in entry-level training, you may start by considering the given certification:

1. CompTIA Security+
2. GSEC: GIAC Security Essential Certification
3. SSCP: System Security Certified Practitioner

Spend a little time to study detail about all the above certification categories and compare the
CompTIA Security+, and GSEC has a solid reputation within the industry. It is approved for DoD 8570
Baseline Information Assurance.

Or you can select security+, which is one of the most well-known beginners' certification. But these
certifications will depend on your level of expertise, and action depends upon your level of expertise
and your field of interest.

Some of the popular certification

CISSP: Certified Information System Security Professional is a high-level certification that is focused
on security policy and management. It is the most frequently acquired certification in the business
by the individuals. It is one of the top-paying IT security certifications.

CISA: Certified Information System Auditor has been designed for the professionals who audit,
control, monitor and assess information technology and business systems.

CISM: Certified Information Security Manager has been geared towards people in managerial
positions such as the CIO of IT security.
GCIH: GIAC Certified Incident Handler is for the incident handlers responsible for detecting,
responding to and resolving computer security incidents.

CEH: Certified Ethical Hacker has been discussed among white hat hackers and penetration testers.

OSCP: Offensive Security Certified Professional has been designed for the penetration testers and
includes a rigorous 24-hour certification exam.
Man-in-the-middle (MITM) Attacks
What is MITM Attack
A MITM attack is a form of cyber-attack where a user is introduced with some kind of meeting
between the two parties by a malicious individual, manipulates both parties and achieves access to
the data that the two people were trying to deliver to each other. A man-in-the-middle attack also
helps a malicious attacker, without any kind of participant recognizing till it's too late, to hack the
transmission of data intended for someone else and not supposed to be sent at all. In certain aspects,
like MITM, MitM, MiM or MIM, MITM attacks can be referred.

If an attacker puts himself between a client and a webpage, a Man-in-the-Middle (MITM) attack
occurs. This form of assault comes in many different ways.

For example, In order to intercept financial login credentials, a fraudulent banking website can be
used. Between the user and the real bank webpage, the fake site lies "in the middle."

How does MITM work

There are several reasons and strategies for hackers to use a MITM attack. Usually, like credit card
numbers or user login details, they try to access anything. They also spy on private meetings, which
may include corporate secrets or other useful information.

The feature that almost every attack has, in general, is that the attacker pretends to be somebody
you trust (or a webpage).
Real life Instances of MITM attack

In the above diagram, you can see that the intruder positioned himself in between the client and
server to intercept the confidential data or manipulate the incorrect information of them.

Another Instance of MITM attack

As shown in the above picture, to obtain access to banking, the attacker is trying to imitate both
sides of the discussion. This instance is accurate for the client and the server discussions and also
person-to-person discussions. Shown in this instance, the attacker retrieves a public key and can
modulate his own passwords to manipulate the audience to accept that they are safely
communicating with each other at either end.
Types of MITM Attack

o Wi-fi Eavesdropping
o DNS Spoofing
o IP Spoofing
o HTTPS Spoofing
o ARP Spoofing
o E-mail Hacking
o Session Hacking
o SSL Stripping
o MITB attack

Here, we have explained the above concepts, one by one in detail.

Wi-fi Eavesdropping
You may have seen a notification that suggests, "This connection is not safe," if you've used a device
in a cafe. Public wi-fi is typically offer "as-is," without any promises of service quality.

The unencrypted wi-fi networks are easy to watch. Although, it's just like having a debate in a public
place-anybody can join in. You can limit your access by setting your computer to "public," which
disables Network Discovery. This avoids other users on the network from exploiting the system.

Some other Wi-Fi snooping attack occurs when an attacker establishes his own "Evil Twin" wi-fi
hotspot. Attacker make the link, through the network Address and passwords, appear identical to
the real ones. Users will link to the "evil twin" unintentionally or automatically, enabling the attacker
to intrude about their actions.

DNS Spoofing
The Site operates with numeric IP addresses like 192.156.65.118 is one of Google's addresses.

For example, a server is used by several sites to interpret the address to a recognizable title:
google.com. A DNS server, or DNS, is the server that transforms 192.156.65.118 to google.com.

A fraudulent Web server can be developed by an attacker. The fraudulent server transports a specific
web address to a unique IP address, which is termed as "spoofing."

IP Spoofing
Many devices connected to the same network contains an IP address, as we all know. Each device is
equipped with its IP address in several enterprise internal web networks. In IP spoofing, the attackers
imitate an approved console's IP address. For a network, it appears just as the system is authorized.

It might be causing a network to be exploited by unauthorized access. They must stay quiet and
track the actions, or a Denial of Service (DoS) attack may also be released. In a Middle-in-the-man
attack, IP spoofing may also be used by placing between two devices.

For Example, Device A and device B assume that they communicate with each other, but both are
intercepted and communicated to the attacker.

Device A= = = = Attacker= = = = Device B

35 percent of the intrusion operations include hackers conducting MITM exploits, as per the IBM X-
Force 's Threat Intelligence 2018 Reports. It is represented in below Pie chart.
HTTPS Spoofing
Duplicating an HTTPS webpage is not currently possible.

A theoretical approach for circumventing HTTPS, however, has been illustrated by cybersecurity
experts. The attacker creates an authoritative address.

It uses letters of international alphabets rather than standard scripts. This acts as phishing emails
with unusual characters that you might have used. Rolex may be written Rólex, for example.

ARP Spoofing
ARP refers to the Protocol on Address Resolution.

An ARP request is sent out by a client, and an attacker produces a fraudulent response. The attacker
is like a computer modem in this situation, which enables the attacker to access the traffic flow.
Usually, this is restricted to local area networks (LAN) that use the ARP protocol.

E-mail Hacking
An attacker exploits the email system of a user in a such a kind of cybersecurity intrusion. The
intruder also watches quietly, collecting data and eavesdropping on the discussion via email. The
Attackers may have a scan pattern that searches for targeted keywords, such as "financial" or "hidden
Democratic policies."
Through Social Engineering, email hacking operates perfectly. To imitate an online friend, the
attackers might use relevant data from some kind of hijacked email address. Spear-phishing can also
be used to trick a user into downloading malicious apps.

Session Hacking
Usually, this form of MITM attack is often used to hack social media platforms. The webpage contains
a "session browser cookie" on the victim's machine for most social media platforms. If the person
steps off, this cookie is disproved. But when the session is running, the cookie offers identity,
exposure, and monitoring data.

A Session Hijack happens when a configuration cookie is stolen by an intruder. Unless the victim's
account is hacked with malware or application attackers, it can arise. It can occur if a user exploits
an XSS cross-scripting intrusion, in which the hacker injects malicious script into a site that is
commonly visited.

SSL Stripping
SSL refers to Secure Socket Layer. SSL is the security standard used if you see https:/ next to a website
address, not http:/. The attacker accesses and routes data packets from a user using SSL Stripping:

User = = = = Encrypted website User = = = = Authenticated website

The user tries to link to a website that is secured. In the account of the client, the attacker encrypts
and links to the secured website. Usually, a fake design is developed by the attacker to present it to
the customer. The victim thinks that they have signed on to the normal website, but actually they
signed in to a hacker's website. The attacker does have the SSL certificate "stripped" from the data
connection of the victim.

MITB attack
This is a form of attack that leverages internet browser security flaws.

The malicious attacks will be trojans, desktop worms, Java vulnerabilities, SQL injection attacks, and
web browsing add-ons. These are commonly used to collect financial information.

Malware steals their passwords as the user signs in to their bank account. In certain instances,
malware scripts may move money and then alter the receipt of the transaction to conceal the
transaction.

Detection of Man-in-the-middle attack

It is harder to identify a MITM attack without taking the appropriate measures. A Man-in-the-middle
assault will theoretically proceed unchecked till it's too late when you do not consciously need to
evaluate if your interactions have been monitored. Usually, the main technique for identifying a
potential-attacks are always searching for adequate page authorization and introducing some kind
of temper authentication; however, these approaches may need further forensic investigation after-
the-fact.
Instead of trying to identify attacks when they are operational, it is necessary to manage
precautionary measures to avoid MITM attacks whenever they occur. To sustain a safe environment,
being mindful of your surfing habits and identifying possibly hazardous environments can be
important.

Preventions of Man-in-the-middle attack

Here, we have discussed some prevention techniques to avoid the interactions being compromised
by MITM attacks.

1. Wireless access point (WAP) Encryption

Creating a strong protection feature on access points eliminates legitimate access just from being
closer from accessing the system. A vulnerable system of protection will enable an intruder to brute-
force his way into the system and start attacking the MITM.

2. Use a VPN

o Use a Virtual Private Network (VPN)

To encrypt your web traffic, an encrypted VPN severely limits a hacker's ability to read or
modify web traffic.
Be prepared to prevent data loss; have a cybersecurity incident response plan.
o Network Security
Secure your network with an intrusion detection system. Network administrators should be
using good network hygiene to mitigate a man-in-the-middle attack.
Analyze traffic patterns to identify unusual behavior.

3. Public Key Pair Authentication

MITM attacks normally include something or another being spoofed. In different layers of the
protocol stack, public key pair authentication such as RSA is used to ensure that the objects you
communicate with that are essentially the objects you want to communicate with.

4. Strong Network User Credentials

Ensuring that the primary email login is modified is extremely important. Not only the login
credentials for Wi-Fi but the password hashes for your router. When a hacker detects the wireless
router login details, they can switch the fraudulent servers to the DNS servers. Or, at worst, hack the
modem with harmful malware.

5. Communication security

Communication security help the users to protect from unauthorized messages and provides secure
data encryption.
Enabling two-factor authentication is the most powerful way to avoid account hacking. It implies
that you'll have to give another protection factor, in contrast with your login credentials. One
instance is the conjunction of a login credential and a text to your device from Gmail.

6. Using proper hygiene for network protection on all platforms, such as smartphone apps.

o Since phishing emails are the most popular attack vector when lookout a spam email. Analyze the
references cautiously before opening.
o Just mount plug-ins for the browser from trusted sources.
o Reduce the chance of exploits to disprove persistent cookies by logging out inactive accounts.
o Avoid what you're doing and execute a security scan if you anticipate a secure link but do not have
one.

7. Avoid using public wi-fi

Configure your phone to require a manual link if you're using public wi-fi.

It can be hard to identify MITM attacks as they are occurring. The easiest way to remain secure is to
regularly incorporate all of the above prevention for security.

Be conscious that such attacks are a part of social engineering. Take a couple of minutes to dig
deeper if anything doesn't seem normal about social media and email.

Secure e-mail service provider

To protect customer accounts and data from attackers, email service providers have email protection
measures in place. These steps involve email servers with robust frameworks for password and
authentication, secure emails (both inbox and in transit); firewalls for web applications; and spam
detection tools.

What is E-mail Security?

As a platform for delivering viruses, spam, and phishing attacks, e-mail is prominent with attackers.
To manipulate users into disclosing personal information, they use misleading texts, culminating in
identity fraud. They tempt users to register files or click URLs on the user's computer that allow
maliciously (like email malware). For threats, anyone wants to penetrate network architecture and
hack sensitive customer information, email is often a key entry point. The characteristics of E-mail
security are often flexible, and according to the user's requirements, some of the common features
are given below-

Features of the e-mail service provider

It's not like, all reliable email services are confidential and protected indeed. Several free alternatives
may do further damage. Therefore, it meets some or most of the following requirements when
looking for the most reliable email provider:
Some of the most common features of e-mail service providers are mentioned-below:

1. End-to-end encryption

No email service can call itself secure without end-to-end encryption. Your message is only encoded
till it hits Gmail or yahoo mail when you're using a standard service. If end-to-end encryption is used,
the text can only be read by the sender and the receiver. The most popular end-to-end encryption
for protected messages is the so-called Pretty Good Protection or PGP in general.

2. Two-factor-authentication (2FA)

It gives you great protection and protects your accounts in case anyone learns your password. You
find it more difficult to hack into your inbox by incorporating anything that you must have, like a
mobile. There are several 2FA options, varying from Google and other SMS to authorization apps.

3. Stripping headers from metadata.

Each message includes the data of data (metadata), like the internet browser, and even the receiver.
For the sake of the sender and recipient confidentiality, protected email providers wipe out the
header's metadata.

4. Position of the server.

Many nations are not private information-friendly. Some even have regulations for data protection
that enable your personal information to be retained for a certain time. Representatives of the Five
Eyes intelligence organization are the USA, United Kingdom, Canada, and Australia. They exchange
intelligence information about indicators and are among the hardest locations for a safe email
provider to enroll.

The Need of secure e-mail service

The benefits of using a protected email service must be evident to you. When you still have some
questions, although, while switching to Gmail, please ensure to take a look at the following
considerations:

1. Protect the emails

After the message hits their servers, Gmail, Hotmail, and other popular services don't encode your
confidential information. This implies that they can translate them and make reading easier for
attackers as well.

2. Metadata header hiding

It doesn't immediately imply covering the headers with metadata if your daily email system
authenticates your mail. It also covers your email account, laptop, browser, and network, as well as
the receiver.

3. Do not be a commodity.

If your email is good and free to use, there may be some possibilities that you are treated as a
commodity. However, very few users realize that Gmail constantly searches the mailbox for words
and utilizes them to display customized advertisements. By using this way, you are helping Google
to earn money from your data with the help of Gmail.

4. In a private information-friendly place, save your emails.

The USA and any cognitive ability-sharing nation with Fourteen Eyes will someday wish to access
your mailbox. If the vendor's database is in one of those nations, it would be much quicker to do
that than to obtain access to any of Switzerland's nuclear bunkers.

Ultimately, please remember that the email system is as protected as the passwords you have
selected. If someone can hack your password in a couple of minutes, all end-to-end authentication
and no-logs regulations go over the roof.

Working of secure email service

End-to-end authentication is the distinguishing characteristic of encrypted messaging. It implies that
there is no option for the mail service or a third party to decode your letter, which can only be
achieved by the receiver. On the counter, your messages can be read by any standard email service
provider such as Google (they are screening emails for words already!) and making them simpler for
attackers to get.

For protection, Pretty Good Privacy (PGP) and Secure/multipurpose internet mail extension
(S/MIME) are the most prominent options. PGP incorporates symmetrical and asymmetrical
protection, whereas S / MIME provide the certificates that must be approved by the certification
authority at the regional or public level. Utilizing a certificate guarantees that you are the message
provider and that it has not been interfered by others.

Because of the encryption, neither perpetrators nor the government, like email accounts, will peer
into your communication or metadata.

Encryption Levels
Here, we have discussed some different types of encryption levels that are used to secure email
communication.

o Transport-level Encryption

Transport-level authentication guarantees that your email moves securely across the network, as
discussed before. After all, the provider will see the non-encrypted edition once it appears on their
server, it would not be sufficient to allow safe mail transmission. Although the latter is still used,
Transport layer security, is counterpart of Secured socket layer. It is configured for encrypting emails
(IMAP, SMTP) as well as other protocols, like HTTP (Hyper-text transfer protocol) or FTP (File transfer
protocol), on top of TCP (Transmission Control Protocol). It is still not included in all mail systems,
unfortunately. For a frequent user, this may not be obvious since there is no easy ability to determine
when transport-level encryption is in effect while using mail, unlike an internet browser displaying a
green lock or equivalent icon.

o End-to-end Encryption

End-to-end encryption means that your text can be decrypted neither by the email service provider
nor any other third party. Only the sender and the receiver contain the public and private keys that
are required to unlock it.

Working of End-to-end encryption

You encode the text with the public key of your partner. Now, this can only be decoded with the
private key of your partner. Before it hits your partner, your encoded data passes via servers. He or
she utilizes the private key to decode your message in exchange.

o PGP email encryption

There is no need for users to share private keys; PGP email authentication incorporates a hashing
algorithm, symmetric encryption and public-key authentication. Behind this, a safe email system
does it, so you do not have to think about the pros and cons.

How the PGP operates

Just after the session key is created by Pretty Good Privacy protocol, the shared key of the receiver
encodes it. The sender provides this encoded session key and it is decrypted with his or her private
key by the recipient.

Ultimately, the non-encrypted session key is used by the receiver to interpret the email.

Best Secure email service provider

Here, the list involves paid and unpaid safe email providers that can offer independent options for
various platforms (ubuntu will be the focus in this) or simply provide the normal web-based email
services.
1. Tutanota

Tutanota is an email service provider that is secure and suitable for personal and business usage. It
offers 1 Gb of space (rather than 500 MB) for free users, unlike ProtonMail. And, to your account,
you may also attach more space.

To attach a domain name, users need a paid subscription plan. You may also choose for the option
to white-label the system for your company if you like. Several other tools are also offered by
Tutanota to protect your confidential data. Some few instances of the increasing stock include
resources such as free encrypted calendars or end-to-end encryption types.

You can use Tutanota email service provider with the help of following mentioned
link. https://tutanota.com

Key Points

o It is an open-source tool.
o It uses end-to-end encryption approach.
o This tool is accessible with two-factor-authentication.
o Tutanota is available in paid and unpaid versions.
o It supports the custom domain that needs a premium subscription.
o It also supports white label for organizations.
o It supports the free version up to 1 GB.
o The subscription price for this tool is $1.18/ month.
o It can store 1to10 Gb of data.
o Tutanota is located in Germany.

Advantages of Tutanota

o It is less costly.
o This tool doesn't contain the log policies.
o It supports the feature of spam filter.
o Tutanota tool supports more than 20 languages.

Disadvantages of Tutanota

o It doesn't support the Pretty Good Privacy (PGP) and IMAP (Internet message access protocol).
o Tutanota comes under the fourteen Eyes country.
o It has very costly extra memory space.

2. Hush Mail

Several other tools are also offered by Tutanota to protect for individuals concerned with
confidentiality, Hushmail is an authenticated email service provider. It makes possible for you to
utilize a 14-day trial period for private use.

However, for organizations, it classifies them and provides different rates. For instance, if you want
to use your health insurance company's safe email service, it provides you with a Health insurance
portability and accountability (HIPAA) compliant system. Some few instances of the increasing stock
include resources such as free encrypted calendars or end-to-end encryption types.

You can use Hush Mail service provider with the help of below-mentioned
link. https://www.hushmail.com

Key Points

o It supports 2 weeks trial version for private use.

o It provides different plans and costs for business customers.
o It includes open Pretty Good Privacy (PGP) end-to-end encryption.
o It has capacity to create multiple web forms.
o The paid version is available at price of $4.18/month.
o It can store 10 Gb of data.
o Hush Mail is located in Canada.

Advantages of Hushmail

o It is a user-friendly tool.
o This tool supports Touch ID.
o Hushmail facilitates users with spam filter.
o It uses Internet message access protocol (IMAP) and POP3.

Disadvantages of Hushmail

o This tool comes under the five Eyes country.

o It doesn't support the free version.
o You cannot access it with Android app.

3. Proton Mail

To protect your personal information, ProtonMail is a very prominent Swiss-based email system that
implements an ad-free layout. It helps you to set an expiration period for the self-destructing email
itself. It is open - source software in default, in contrast to all of the safety features. So, to be certain,
you should check the open-source authentication repositories or other stuff.

You are required to have a premium account to enable a custom domain. With minimal functionality,
you will use it for unpaid or choose to update it to a paid subscription (for organization).

You can use Proton Mail service provider with the help of below-mentioned
link. https://protonmail.com

Key Points
o It is an open-source mail service provider.
o It provides an end-to-end encryption.
o It is a Swiss-based tool.
o This tool provides both paid and free version.
o It supports self-destruct message functionality.
o It also supports two-factor-authentication.
o The paid version is available at $4/ month.
o It provides 5 to 20 GB memory storage.

Benefits of ProtonMail

o It doesn't have any log policy.

o It provides the message encryption to the users.
o It supports more than 20 languages.

Drawbacks of ProtonMail

o It has the costly visionary plan.

o Sometimes the client is treated as an outdated client.
o It doesn't support POP3.

4. CounterMail

CounterMail is just an option available to be described as a secure email service provider. It allows
you to try the service completely free of charge for 7 days. It allows you to get your own domain
name and build online application in contrast to the authentication, no matter which type of
membership you have.

The more you pay, the more you get a little more memory space. But the characteristics remain the
same, which is a pleasant thing.

You can use Counter Mail service provider with the help of below-mentioned
link. https://countermail.com

Key Points

o It supports Open Pretty Good Privacy (PGP) end-to-end encryption.

o CounterMail supports the custom domain.
o It provides a facility for users to use web forms.
o CounterMail supports Windows, Linux, and Mac Operating system.
o The paid version is available at $3.29/ month.
o It provides 4 GB memory storage.
o It is located in Sweden.

Advantages of CounterMail

o It supports anonymous payment method.

o It also provides the protection from MITM (Man-in-the-middle) attacks.
o CounterMail facilitates you with the safe box storage.
o It uses PGP encryption standard.

Disadvantages of CounterMail

o The counterMail lies under the fourteen eyes country.

o It has limited and costly memory space.
o It doesn't support the POP3.
o There is no unpaid version of CounterMail.

5. Zoho Mail

Among the best protected mail servers, Zoho Mail is not really that always encountered. This
provider is simply focused to business customers, but that has little to do with its efficiency. But as
it can also be used by users, we are including it to our Top 10 secure email service provider.

Zoho provides a range of Information technology solutions, such as a password manager, so when
you combine it with other things, your email functions better. This solution offers a protected
network infrastructure that can be retrieved only with biometric security, putting that aside. Then
there's security from malicious software & spam, and end-to-end encryption (SSL, S/MIME, TLS). For
additional account protection, this protected email support Two - factor authentication (2FA). Users
are able to access the encryption application, one-time password (OTP), QR code, or fingerprint
Reader from Zoho. Through OAuth 2.0.0., you may also access your inbox from certain applications.

Zoho Mail functions with your mobile as an internet browser or an application. You may also use
any other third-party email users to customize it. The interface is eye-pleasing and elegant, which is
essential if you are willing to use your protected email on a continuous basis.
With a 25 MB connection cap, the free plan has a big 5 GB of memory storage. Five members can
access one account; however, you may only use the web application, making it a hassle to search
your mobile email successfully.

Even so, you have the applications or other IMAP/POP users, a 10 times greater connection scale,
and several domains for a dollar per month. Power allows users to transmit 1 GB of files, save 50 GB,
backup addresses, and use white-labeling for $4 / month with Email Premium. There is also a 15-
day trial period.

You can use Zoho Mail service provider with the help of below-mentioned link. https://zohomail.com

Key points

o You can purchase this tool at $1/ month.

o It provides 5 GB memory storage.
o It is located in India.

Advantages of Zoho Mail

o It contains a sleek design.

o It provides an IMAP (Internet message access protocol)/ POP.
o This tool comes with the free version.
o It also facilitates users with malware protection.

Disadvantages of Zoho Mail

o It is mostly focused on business to business client supports.

o Some data centers of Zoho mail are situated in USA and China.

6. Posteo

Posteo.de is a fascinating email service provider that emphasizes on confidentiality and security
while still running on renewable energy.
It is an inexpensive option - for only 1 Euro/month (annually). After all, even though you want to
spend extra, it do not accept attaching a custom domain. Actually, you have aliases for addresses.
The storage capacity can be improved, together with email aliases and calendars.

You can use Posteo email service provider with the help of below-mentioned
link. https://posteo.de/en

Key Points

o It is an open source tool.

o It runs on green energy.
o It is available only for paid users.
o It provides 2 GB storage to save the mails and also upgradeable.
o It offers IMAP/ POP3, and also 50 MB attachments.
o It stores the user's data in encrypted form.
o It also facilitates users with two-factor-authentication (2FA).
o It is located in Germany.
o It provides personal supports without spending any extra charges.

7. StartMail

When one of the best personal email account programs offered, an email service from
Startpage.com (best Google options) is perhaps a worthy option.

It provides a 30-day free trial with restricted functionality. You may want to update if you really like
the service. There is something really significant, in contrast to all the characteristics such as domain
name, customized aliases, and PGP email authentication. StartMail allows you to make use of email
addresses that are reusable. So, you may always use a provisional one because you may not want to
reveal your actual email account.

You can use StartMail email service provider with the help of below-mentioned
link. https://www.startmail.com

Key Points

o This email service provider tool contains disposable email aliases.

o It provides a Pretty Good Privacy (PGP) email encryption.
o This tool comes with custom domain service with upgrade.
o It is compatible with Simple mail transfer protocol (SMTP) and Internet mail access protocol (IMAP).
o It contains the 10 GB of data storage.
o The subscription price of StartMail is $5/month.
o StartMail is Europe based service provider.

8. Private-Mail from TorGuard

PrivateMail is a 100 percent protected encoded email service which is really easy to use. It is available
for both people and enterprises. PrivateMail tends to make your mailbox genuinely private - it
doesn't just incorporate the absurd notion of confidentiality. For all files transferred via the network,
it's configured with MITM security, an email alias function, and Paranoid authentication. With any
web browser, your mailbox can be reached anywhere, without any need of apps.

In a private email service, private-mail hits all the spots you usually look for. You can still get 100 MB
of space with authentication and web-based email access only if you'd like for free.

You may also want to update your membership if you want to use the service on portable platforms
(including your mobile device). There is a web client available for Windows now. It is coming to Linux
soon sufficient, however according to its download link.

You can use Private-email service provider with the help of below-mentioned
link. https://privatemail.com

Key Points

o It supports Open Pretty Good Privacy end-to-end encryption.

o The users can also use the Desktop app but only in Windows.
o It supports paid and unpaid version.
o This tool also provides a custom domain with premium subscription.
o It also provides MITM prevention.
o The users can also access it from anywhere.
o It supports a simple email alias.
o It offers private encrypted cloud storage.
9. Mailbox

Mailbox is an amazing encrypted email system that executes on green power. The information center
of Mailbox is located in Germany that keeps it very private information-friendly.

It will charge you 1 Euro / month, including 100 MB of safe storage in the cloud. The concept of
providing storage space along with your emails is not new, but it is not provided by all privacy-
oriented email providers.

Besides that, to allow you to keep your messages secure, it offers a lot of security features.

You can use Mailbox email service provider with the help of below-mentioned
link. https://mailbox.org/

Key Points

o This tool is mainly focused on privacy.

o It also provides a huge storage capacity on cloud.
o The Mailbox email service provider executes on the green energy.
o It also offers an end-to-end encryption.
o The data centers of Mailbox are situated in Germany.
10. Librem Mail

Librem Mail is a portion of Librem One spectrum of tools provided by Purism. Unlike other secure
mail service providers, it isn't unpaid. To get access to their private messaging service, Librem Mail,
you will need to choose for a paid service to Librem One.

If we consider the Purism's history of preserving the privacy of clients, it sounds like a fantastic end-
to-end secured, ad-free email service. They are also developing a stable mobile called Librem 5,
based on Linux.

You can take a look of Librem Mail service provider with the help of below-mentioned
link. https://librem.one/

Key Points

o It is an end-to-end encrypted email service tool.

o This tool supports a secure VPN tunnel for safe browsing.
o It is convenient, ad-free email service provider.
o Librem mail uses K-9 mail and OpenKeyChain.

11. Mailfence
Mailfence is a reasonable email service platform focused on confidentiality, which imposes end-to-
end authentication for OpenPGP. With the help of restricted disk space (500 MB) and functionality,
you may start using it for free. In any case, to boost the storage capacity, unleash the capacity to use
a domain name, you may also get the opportunity to upgrade the subscription, etc.

The absence of mobile applications is the only drawback that the user faces here. So, in attempt to
use several devices, you are required to initiate a browser and log-in.

You can use the Mailfence service provider with the help of below-mentioned
link. https://mailfence.com/

Key Points

o It uses end-to-end encryption to protect the email privacy.

o This tool provides both paid and unpaid versions to the user.
o It supports the custom domain.
o This tool also provides a two-factor-authentication.
o It is only available on the web browser (No smartphone applications).