Col (Dr) Inderjeet Singh

Chief Cyber Officer

Network Security
• Network is a collection of computers and devices.
• Allow user to share data , information with other user.
• example of a network is the Internet, which connects millions of
people all over the world.
• Network may be linked through cables, telephone lines.
common types of networks i: Local Area Network (LAN) (home,
school, laboratory, or office)
• Wide Area Network (WAN)
What Is Network Security?

The term 'network security' is an all-encompassing, umbrella

concept that describes different types of software and
hardware solutions. It also refers to the processes or security
rules and configurations relating to network use, secure
network access, and overall threat protection within company
networks.

Network security protects networking infrastructure from data theft, unauthorized access, and manipulation.
It also includes network segmentation for security, which involves dividing your network into regions by using
firewalls as borders
Types Of Network Security

Physical Security:
• Protects the physical components of the network, such as routers, switches,
and servers, from damage or theft

Technical Security:
• Protects the network from unauthorized access and data breaches.
• Includes firewalls, intrusion detection and prevention systems, and encryption.

Organizational Security:
• Covers the policies and procedures to protect the network.
• Includes user access control, data classification, and incident response plans.
Now that we understand network security let us explore how it works.
A combination of:
• Exploiting zero-day vulnerabilities
«Gray»
• Social engineering and data obtained Unknown/new/evasive
from insiders
v
• APT & ransomware attacks
Targeted
• Supply-chain attacks ?
v Attacks

• Brand reputational risks

?

?
? ?
v

?
v «Good» Trusted
«Bad» &
Known malware v legitimate
v

Endpoints
Mail
Web
Network
External Attacks
• Malware. This threat represents installing malicious software to exploit and disrupt
systems without users’ knowledge.
• Ransomware. This attack encrypts sensitive data belonging to an individual or an
organization. Ransomware makes data unreadable until the ransom is paid.
• Phishing. This threat works by tricking individuals into sharing sensitive information such
as passwords or payment details via deceptive emails or websites.
• Man-in-the-middle (MitM) attacks. Man-in-the-Middle attacks intercept online
communication between individuals to steal or alter confidential data.
• Distributed denial of service (DDoS) attacks. DDoS attacks use compromised devices to
flood systems with traffic and exhaust their bandwidth and other resources.
External Attacks
• SQL injections. These attacks exploit databases to steal, alter, or delete the
information in them.
• Zero-day exploits. These exploits are instant attacks on detected hardware or
software vulnerabilities before the vendor gets the chance to remediate them.
• Credential stuffing. Credential stuffing is abusing previously leaked credentials on
multiple platforms expecting that individuals use the same ones on each site.
• Social engineering. Social engineering exploits human psychology to get them to share
confidential information or perform damaging activities to their organization and data.
• Drive-by downloads. Drive-by downloads are performed by downloading damaging
software to the users’ devices without their knowledge to perform attacks.
Employee theft:

• Insider threats. Insider threats are made by internal members of organizations who
abuse their access to sensitive information for malicious agendas.
• Privilege abuse: abuse it to satisfy their requirements or to destroy the organization
reputation.
• Equipment failure: in which any equipment can’t complete its intended task or
reason. It can also mean that the hardware has stopped working.
• Network Access Control (NAC). NAC is the process of leveraging security protocols
to maximize control over who or what can access a proprietary network.
• Service must be accessible to users.
• Prevent un-authorized access to resources.
• Firewalls. Protecting an organization’s internal from external attacks.
• Intrusion Detection. No longer would we need to protect our files and system. We
could just identify when someone was doing something wrong and stop them.
• Encryption. the process of converting information or data into a code, especially to
prevent unauthorized access.
• Virtual Private Network. Provide access control and data encryption between two
different computer on network.
• Identify Management. It is a term , related to how humans are identified and
authorized across computer network.
• Anti-Viruses Software.
• Necessary part of good security program.
• Anti viruses only protect organization from malicious programs.
Next-generation firewall (NGFW)
• For many organizations, the first line of network protection is a next-generation
firewall (NGFW).
• Like a traditional firewall, a NGFW inspects all incoming and outgoing network
traffic and creates a barrier between internal and external networks based on
trust principals, rules and other administrative settings.
• NGFW also includes additional features like application awareness and control,
intrusion prevention and threat intelligence services
Next-generation antivirus (NGAV)
• NGAV is a network security tool that uses a combination of artificial intelligence,
behavioral detection, machine learning algorithms and exploit mitigation, so known
and unknown threats can be anticipated and immediately prevented.
• NGAV is cloud-based, which allows it to be deployed quickly and efficiently, reducing
the burden of installing and maintaining software, managing infrastructure and
updating signature databases for the IT or information security team.

Web application firewall (WAF)

• web application firewall (WAF) is a security device designed to protect organizations at
the application level by filtering, monitoring and analyzing hypertext transfer protocol
(HTTP) and hypertext transfer protocol secure (HTTPS) traffic between the web
application and the internet.
Security Information and Event Management (SIEM)
• SIEM is a type of solution that detects security issues by centralizing, correlating,
and analyzing data across an IT network.
• SIEM solution can help companies meet compliance needs and contain attackers by
combining log management and centralization as well as detection and search
capabilities.

Zero Trust Security Model

• Zero trust security model is a powerful authentication framework that inherently
distrusts every human, endpoint, mobile device, server, network component,
network connection, application workload, and business process.
• Each process or person must be authenticated and authorized continuously as every
action is performed.
How to Identify Network Security Threats?
There are many ways to identify network security threats before they happen. Below
are the most common methods:
• Intrusion detection systems (IDS). These systems monitor network traffic for
suspicious activities and alerts network administrators.
• Firewall logs. Firewalls log details about traffic, including connection attempts or
any anomalies.
• Security information and event management (SIEM) systems. SIEM systems collect
and analyze logs from multiple network devices to detect potential attacks.
• Antivirus and antimalware software. This software scans network devices to detect
malicious behavior.
How to Identify Network Security Threats?

• Traffic analysis. This analysis helps detect unauthorized data flows or

communication with suspicious IP addresses.
• Vulnerability scanning. These scans identify network vulnerabilities to shed light on
potential weak spots.
• Penetration testing. These tests simulate real network attacks to check the system’s
ability to remediate them quickly.
• Behavior analytics. Human behavior is analyzed to determine patterns and
deviations from it that might seem suspicious.
• Confidentiality
• Authentication
• Integrity
• Availability
• Keeping the data secret.
• No third party include.
• Only sender and receiver understand message
contents.
• Example -Military (secret data, top secret data)
the process or action of verifying the identity of
a user..
Integrity ensure that data is protected against any
un-authorized or accidental change.
availability means that when a user needs to get to information,
he or she has ability to do this.
Network security capabilities
• Malware Analysis:
• Malware analysis is process of understanding the behavior and purpose of a suspicious file or URL.
• Output of the analysis aids in the detection and mitigation of the potential threat.
• Behavioral Analytics:
• Behavioral analytics is the process of gathering and analyzing network activity and establishing a
baseline for comparison to help identify anomalous activity and indicators of compromise.
• Most behavioral analytics tools automate network monitoring and alerting, freeing the cybersecurity
team to focus on higher-value activity such as remediation and investigation.
• Vulnerability Management:
• Vulnerability management is the ongoing, regular process of identifying, assessing, reporting,
managing and remediating security vulnerabilities across endpoints, workloads and systems.
• Typically, a security team will leverage a vulnerability management tool to detect vulnerabilities and
prioritize activity, as well patch or remediate them.
Network security policies
• Data Loss Prevention (DLP):
• Data loss prevention (DLP) is part of a company’s overall security strategy that focuses on detecting
and preventing the loss, leakage or misuse of data through breaches, exfiltration transmissions and
unauthorized use.
• Some DLP solutions can also provide alerts, enable encryption and isolate data when a breach or
other security incident is detected.
• Privileged Access Management (PAM):
• Privileged access management (PAM) is the process of defining and controlling privileged users and
administrative accounts
• Minimize identity-based malware attacks and prevent unauthorized access of the network or
associated assets.
• Zero Trust:
• Zero Trust is a security framework that requires all users, whether inside or outside the
organization’s network, to be authenticated, authorized and continuously validated for security
configuration and posture before being granted or keeping access to applications and data.
Ways To Prevent Network Security Threats

• Regular patching and software updates. System patching and software updates
are crucial for preventing threats that become more sophisticated as time
passes.
• Using firewalls. Firewalls serve as a barrier between trusted and untrusted
networks, which goes a long way in threat prevention.
• Using VPNs. VPNs ensure secure remote access to systems through encryption.
• Implementing multi-factor authentication (MFA). MFA requires several
confirmations of identity during logins to prevent unauthorized access.
• Creating regular backups. Organizations should backup all their data for easy
recovery in case of data losses.
Ways To Prevent Network Security Threats

• Training employees. Employees should take courses and seminars and

engage in simulated attacks to ensure they follow the current security
policies.
• Defining permissions. Organizations must specify who has access to sensitive
information and systems to minimize potential for attacks.
• Using segmented networks. If an attack occurs, network segmenting
prevents it from spreading to the entire system.
Benefits of Network Security
Macro benefits of network security are fairly obvious: Keep attackers out and plug critical vulnerabilities
in a timely manner so they can't be exploited:
• Access control:
• IAM policies enable superior authentication practices so that anyone – or any application/system
– wishing to access an enterprise network must provide extensive information to be admitted.
• Network traffic analysis (NTA) is a technology useful in monitoring network activity for anomalies
and helping to improve internal visibility and eliminate blind spots.
• Compliance:
• In today's strict global regulatory environment, it’s critical to ensure the security of an
organization’s network meets state, federal, or territory-specific compliance requirements. A
network security program can help ensure adherence to specific compliance needs.
• Visibility:
• Maintaining maximum visibility over an enterprise network helps ensure a stronger and more
consistent security posture, which means less surprise vulnerabilities, breaches, attacks, and
malicious data exfiltration – all leading to money saved.
Benefits of Network Security
•Risk mitigation:
• Even if a breach does occur, the right network security solution will be able to help a security organization
minimize the impact of that breach.
• Network detection and response (NDR) capabilities help to cut down on risk by creating baseline network
behavior so that it becomes fairly obvious when anomalous activity occurs.

•Data protection:
• Any enterprise network will likely want to maintain confidentiality of large amounts of non-customer-facing
data.
• A network security program can help protect confidential data by several of the methods listed above.
Keeping the right data behind closed doors also helps organizations adhere to more strict regulations like
the General Data Protection Regulation (GDPR).
EndPoint Security
• Endpoint security is a cybersecurity strategy focused on protecting
endpoints or entry points of end-user devices like desktops,
laptops, smartphones, and other devices from exploitation by
malicious actors.

• involves deploying security measures such as software and

policies to defend these devices against cyber threats, including
malware, ransomware, and phishing attacks.

• Endpoint security aims to ensure that all devices connected to a

network are secure, thereby protecting the network and its data
from unauthorized access or breaches.
√ Why Endpoint Security?

Infrastructure
Security

Network
Endpoint Data
Security Security Security
√ Security Architecture. Infrastructure Security

Can be:
• Laptops
• Tablets
• Mobile devices
• Internet of things (IoT)
devices
• Point-of-sale (POS)
systems
• Switches
• Digital printers
• Other devices that
communicate with the
central network
√ Security Architecture. Infrastructure Security

Can be:
Workstation
Notebook
Thin Client

Terminal Server (RDS)

Virtual Machine (VDI)
Zero client

Pad / Smartphone
Home PC
Unknown PC
Why is Endpoint Security Important?
• As number of devices grows, so does attack surface for cybercriminals to exploit.

• Endpoints often hold critical data and directly access the corporate network, making
them attractive targets for attackers.

• Compromised endpoints can lead to data breaches, financial losses, and

reputational damage without adequate protection.

• it’s essential for:

• Protecting sensitive data from unauthorized access and theft
• Maintaining the integrity and availability of services and systems
• Complying with regulatory requirements and industry standards
• Ensuring business continuity and minimizing downtime due to security incidents
Endpoint Security Components

Effective endpoint security solutions have multiple components, each

addressing specific aspects of endpoint protection:
• Antivirus and Anti-malware Software: Protects against known and emerging
malware, including viruses, worms, trojans, and ransomware.
• Firewalls: Controls incoming and outgoing network traffic based on
predetermined security rules to prevent unauthorized access.
• Intrusion Detection and Prevention Systems (IDPS): Monitors network and
system activities for malicious actions and policy violations, blocking
detected threats.
Endpoint Security Components

• Encryption: Secures data stored on endpoints and in transit, ensuring that

sensitive information remains confidential.
• Patch and Configuration Management: This process keeps software and
systems up to date with the latest security patches and configurations to
mitigate vulnerabilities.
• Data Loss Prevention (DLP): Monitors and controls data transfer to prevent
sensitive data from leaving the organization unauthorizedly.
The combination of
• Multi- Factor Authentication (MFA),
• Single Sign-On (SSO),
• Mobile Device Management (MDM),
Encryption Management and
• Endpoint Protection (EPP)
serves multiple purposes by providing
access control, authentication and device
compliance.
SSO simplifies users’ lives by allowing them to log in just
once to access all of their cloud-based work applications.
Without SSO, accessing these applications can become a
time-consuming process with employees having to log into
each application separately to do their job.

This will lead to an increase in employee frustrations and a

decrease in productivity. The use of one password across
all of your applications alleviates manual-logins and
forgotten passwords. In addition, our team of security
specialists will have an overview of who accessed certain
applications and when that access occurred.
MFA provides an extra Security team effectively
layer of protection by Comprehensive implements and manages
requiring two methods security solution MFA in many areas
to verify your identity. confirms the identity including SSL VPN logins,
These factors include of users before Citrix, Office 365, Web-
Based Applications, and
something that you accessing the
Windows desktops. In
know (username and network, monitors the addition, we manage and
password) plus health of devices, and develop granular policies
something you have isolates devices with that are tailored
(smartphone to risky applications or specifically to your
approve authentication outdated firmware. business and security
requests). needs.
• MDM provides secure remote access to corporate applications and data
from mobile workspaces, including mobile devices, laptops and PCs.

• With an MDM solution in place, collaboratively you can manage secure

policies such as encryption, passcodes, data loss prevention, application
access, remote lock and wipe and patch management to keep data
protected across all devices.
Encryption Management provides data protection
through file and folder encryption as well as hardware. It
locks down your hard drive making the data accessible
only to you and those you authorize.

Policy-driven removable media encryption protects USB

flash drives and other removable storage against any
potential threats. This solution not only safeguards
sensitive data but ensures that you achieve and maintain
compliance.

provides email encryption to reduce data loss prevention

by focusing on your greatest risk for loss – email.
Benefits of Endpoint Security

Implementing adequate security at the endpoint offers numerous benefits, including:

• Enhanced Data Protection: Protects sensitive information from unauthorized access,
theft, and loss.
• Improved Compliance: Helps organizations meet regulatory requirements and
industry data security and privacy standards.
• Reduced Risk of Cyber Attacks: Minimizes the likelihood and impact of security
breaches, malware infections, and other cyber threats.
• Increased Productivity: Ensures the availability and integrity of systems and data,
reducing downtime and allowing employees to work efficiently.
• Greater Visibility and Control: This feature provides comprehensive insights into
endpoint activities, enabling better management and response to security incidents.
Identity and Access
Management
• Access is the gateway to the critical assets of an organization.

• Access controls form an important security perimeter to protect these

assets against unauthorized access.

• Essential to provide near-ubiquitous access to the assets your users

need to help grow the business while protecting sensitive data from
unauthorized access.

• Identity and Access Management (IAM)

enables more cost-effective and efficient
access management, authentication,
identity management, and governance
across your enterprise.
What is Identity and Access Management?

• Identity and Access Management (IAM) is the process

of streamlining the management of the user’s digital
identity and access in a secure manner.

• It ensures that the Right Entities have the Right Access

to the Right Resources in the Right Context.

• IAM encompasses a host of technologies, including

• Single Sign-On (SSO),
• Privileged Access Management (PAM),
• Multi-Factor Authentication (MFA), and
• password management, that administer and
regulate user access to the enterprise network.
How Access Management works

How access management works in digital world:

• An identity in digital world is identified as a unique user.

• Each identity has an account on a application to which is onboarded.
• Each identity has right to request for access (access request) for application’s
entitlements on which they have account.
• Each identity access request is approved by a approver.
• Certifications or roaster reviews are there to review access.
• Auditing & reports are part of audit log trails and monitoring reports generation.
• Provisioning and de-provisioning is performed as part of grant/revoke access in a
target system through IAM mechanism.
Components of IAM

On a fundamental level, IAM encompasses the following components:

● How individuals are identified in a system (understand the difference

between identity management and authentication);
● How roles are identified in a system and how they are assigned to
individuals;
● Adding, removing and updating individuals and their roles in a system;
● Assigning levels of access to individuals or groups of individuals; and
● Protecting the sensitive data within the system and securing the system
itself.
Any combination of the following 3 2 primary forms of Authorization:
factors will be considered as Strong
Authentication: ● Coarse-Grain
○ High-level and overarching
● What you know entitlements
○ Password ○ Create, Read, Update,
○ Passphrase Modify
● What you are ● Fine-Grain
○ Iris ○ Detailed and explicit
○ Fingerprint entitlements
● What you have ○ Based on factors such as
○ Token time, dept, role and
○ Smartcard location
SOMETHING YOU
SOMETHING YOUKNOW
KNOW SOMETHINGYOU
SOMETHING YOU HAVE
HAVE SOMETHING YOU
SOMETHING YOUARE
ARE
• (e.g. a password) • (e.g. mobile or smart card) • (e.g. a fingerprint or IRIS)
• (e.g. a password)
• Complex is stronger.
•• Eliminates
(e.g. mobile or smart card)
the problem of forgetting.
• (e.g. a fingerprint or IRIS)
• It's much harder to lose a fingerprint than a wallet.
••Unfortunately,
Complexcan is stronger.
become something you just •• Risk
Eliminates the
is: object can problem of
be stolen. •• It's muchbiometric
Unfortunately, hardersensors
to lose a expensive
are fairly
forgot.
• Unfortunately, can become forgetting. fingerprint than a wallet.
something you just forgot. • Risk is: object can be stolen. • Unfortunately, biometric sensors
are fairly expensive

Cryptography, Digital Signature, Public Key Infrastructure

48
Col Inderjeet Singh
Use Cases for Authentication Factors

Password/PIN OTP DSC Biometric

• Less sensitive • Less sensitive • Very sensitive • Online

data access data access data where examinations
• Preliminary • Second factor ownership • Benefit
Access of verification schemes
authentication expected • Sensitive data
• Sensitive data access
access
Vs

Who are you? Are you allowed

to do it?
Role based Access Control

The access is provided based on person’s role.

E.g. Access to HRMS as Employee, Head of the group, Head of the
Organization.
Advantages-
Mapping is done in the system and hence no need for password
change if the role is changed.
Easier to manage compliance
Systematic, repeatable assignments
Extending RBAC through Rules
Accessing time of the day
Location
How IAM Benefits Your Business?
The key business benefits of IAM include:
Improves Reduces
Security Stance IT Operating Costs

Eliminates Improves
Password Issues Business Agility

Enhances
User Experience Boosts Productivity
IAM
Centralizes
Access Control
Benefits Simplifies
Auditing and Reporting

Reduces Increases
Helpdesk Workloads End-user Visibility

Establishes Compliance Reduces Risk of

Insider Threats
Identity and Access Management Best Practices
Every business must incorporate the following best practices for an effective IAM
implementation:

Treat Identity as Primary Security Defense Remove Unnecessary Access Credentials

Enable Multi-Factor Authentication Limit Exposure of Privileged Accounts

Enforce a Strong Password Policy Implement Passwordless Login

Implement Zero-Trust Policy Conduct Regular Access Audits

Use Single Sign-On Ensure Compliance

IAM
Best Practices
Data
Classification
Understanding Data Classification
Data classification is the process of
organizing data into categories based on its
level of sensitivity and importance that
make it is easy to retrieve, sort and store for
future use.

Importance of data classification

A well-planned data classification system
makes essential data easy to find and
retrieve. This can be particularly important
for risk management, legal discovery, and
compliance.
Different Levels of Data Classification
• High sensitivity data (Strictly Confidential)
• If compromised or destroyed in an unauthorized transaction, would have a catastrophic
impact on the organization or individuals. For example, Merger and acquisition plans,
Business plans, trade secrets, customer data, information security data, dealer pricing
strategy, strategy documents.
• Medium sensitivity data (Confidential)
• Intended for internal use only, but if compromised or destroyed, would not have a
catastrophic impact on the organization or individuals. For example, Employee performance
evaluations, CTC details, internal audit reports, short-term marketing plans, etc.
• Low sensitivity data (Internal)
• Intended for public use. For example, Telephone directory, training materials, and manuals.
• No sensitive data (Public)

• Intended for public use. For example, Service brochures, advertisements, job opening
announcements, and published press releases.
Need for Data Classification in Organization

When organization deals with multiple types of data. It’s important to classify our data to
protect sensitive information, meet legal and regulatory obligations, and manage data more
effectively.
Benefits of Data Classification:
• Well-Rounded Data Security:
• Data classification helps maintain confidentiality, integrity, and availability of data.
• Allows for tailored data protection and management of sensitive information like
Personally Identifiable Information (PII), or Protected Health Information (PHI) based
on its importance to the business.
• Regulatory Compliance: Helps businesses follow regulatory mandates such as HIPAA and
GDPR / DPDP Act 2023.
Need for Data Classification in Organization

• Cost Reduction: It can help reduce storage costs by applying tiered backup plans per
classification type.
• Improved User Productivity: By eliminating unnecessary data, it can boost productivity.
• Facilitates Decision Making: It helps businesses prioritize data protection efforts,
improving security and regulatory compliance.
Need for Data Classification in Organization

Challenges of using Data Classification:

• Complexity: The process of classifying data can be complex and time-consuming,
especially for large organizations with vast amounts of data.
• Maintaining Accuracy: Ensuring the accuracy of data classification can be challenging,
particularly as data evolves and new data is created.
• User Compliance: Getting users to comply with data classification policies can be
difficult.
• Cost of Implementation: Implementing a data classification system can be costly,
particularly for small and medium-sized businesses. 59

Despite these challenges, the benefits of data classification often outweigh the difficulties,
making it a crucial component of an organization’s data management strategy.
Data Classification Policy
Data Classification Policy provides a framework for classifying data based on
its sensitivity, value, and criticality to the organisation, so sensitive corporate
and data can be secured appropriately.
Key components of the policy:
These principles form the
• Principle 1 - Open by Default backbone of the data
classification policy and
• Principle 2 - Necessity and Proportionality guide how data is handled
within the organization. It’s
• Principle 3 - Timely Classification
important that all employees
• Principle 4 - Highest Level of Protection understand and adhere to
60
these principles to ensure the
• Principle 5 - Segregation of Duties effective management and
protection of the
• Principle 6 - Need to Know organization’s data.
• Principle 7 - Least Privilege
inderbarara @inderbarara inderbarara inderbarara

Contact Me on Social Media:

Facebook: InderBarara
Twitter Handle: @InderBarara
LinkedIn: Inder Barara Mobile: +919818005945
Website: https://www.cybersleuths.io/ Email: [email protected]