UNIT 2 CYBER SECURITY

What is application security?

Application security describes security measures at the application level that aim to prevent
data or code within the app from being stolen or hijacked. It encompasses the security
considerations that happen during application development and design, but it also involves
systems and approaches to protect apps after they get deployed.

Application security may include hardware, software, and procedures that identify or minimize
security vulnerabilities. A router that prevents anyone from viewing a computer’s IP address
from the Internet is a form of hardware application security. But security measures at the
application level are also typically built into the software, such as an application firewall that
strictly defines what activities are allowed and prohibited. Procedures can entail things like an
application security routine that includes protocols such as regular testing.

Application security definition

Application security is the process of developing, adding, and testing security features within
applications to prevent security vulnerabilities against threats such as unauthorized access and
modification.
Why application security is important

Application security is important because today’s applications are often available over various
networks and connected to the cloud, increasing vulnerabilities to security threats and breaches.
There is increasing pressure and incentive to not only ensure security at the network level but
also within applications themselves. One reason for this is because hackers are going after apps
with their attacks more today than in the past. Application security testing can reveal weaknesses
at the application level, helping to prevent these attacks.
Database Security
Security of databases refers to the array of controls, tools, and procedures designed to ensure and
safeguard confidentiality, integrity, and accessibility. This tutorial will concentrate on
confidentiality because it's a component that is most at risk in data security breaches.

Security for databases must cover and safeguard the following aspects:

o The database containing data.

o Database management systems (DBMS)
o Any applications that are associated with it.
o Physical database servers or the database server virtual, and the hardware that runs it.
o The infrastructure for computing or network that is used to connect to the database.
Security of databases is a complicated and challenging task that requires all aspects of security
practices and technologies. This is inherently at odds with the accessibility of databases. The
more usable and accessible the database is, the more susceptible we are to threats from security.
The more vulnerable it is to attacks and threats, the more difficult it is to access and utilize.

Why Database Security is Important?

Accordingto the definition, a data breach refers to a breach of data integrity in databases. The
amount of damage an incident like a data breach can cause our business is contingent on various
consequences or elements.

o Intellectual property that is compromised: Our intellectual property--trade secrets,

inventions, or proprietary methods -- could be vital for our ability to maintain an
advantage in our industry. If our intellectual property has been stolen or disclosed and our
competitive advantage is lost, it could be difficult to keep or recover.
o The damage to our brand's reputation: Customers or partners may not want to
purchase goods or services from us (or deal with our business) If they do not feel they
can trust our company to protect their data or their own.
o The concept of business continuity (or lack of it): Some businesses cannot continue to
function until a breach has been resolved.
o Penalties or fines to be paid for not complying: The cost of not complying with
international regulations like the Sarbanes-Oxley Act (SAO) or Payment Card Industry
Data Security Standard (PCI DSS) specific to industry regulations on data privacy, like
HIPAA or regional privacy laws like the European Union's General Data Protection
Regulation (GDPR) could be a major problem with fines in worst cases in excess of
many million dollars for each violation.
o Costs for repairing breaches and notifying consumers about them: Alongside
notifying customers of a breach, the company that has been breached is required to cover
the investigation and forensic services such as crisis management, triage repairs to the
affected systems, and much more.

Common Threats and Challenges

Numerous software configurations that are not correct, weaknesses, or patterns of carelessness or
abuse can lead to a breach of security. Here are some of the most prevalent kinds of reasons for
security attacks and the reasons.

Insider Dangers

An insider threat can be an attack on security from any three sources having an access privilege
to the database.

o A malicious insider who wants to cause harm

 o An insider who is negligent and makes mistakes that expose the database to attack.
vulnerable to attacks
o An infiltrator is an outsider who acquires credentials by using a method like phishing or
accessing the database of credential information in the database itself.

Insider dangers are among the most frequent sources of security breaches to databases. They
often occur as a consequence of the inability of employees to have access to privileged user
credentials.

Human Error

The unintentional mistakes, weak passwords or sharing passwords, and other negligent or
uninformed behaviours of users remain the root causes of almost half (49 percent) of all data
security breaches.

Database Software Vulnerabilities can be Exploited

Hackers earn their money by identifying and exploiting vulnerabilities in software such as
databases management software. The major database software companies and open-source
databases management platforms release regular security patches to fix these weaknesses.
However, failing to implement the patches on time could increase the risk of being hacked.

SQL/NoSQL Injection Attacks

A specific threat to databases is the infusing of untrue SQL as well as other non-SQL string
attacks in queries for databases delivered by web-based apps and HTTP headers. Companies that
do not follow the safe coding practices for web applications and conduct regular vulnerability
tests are susceptible to attacks using these.

Buffer Overflow is a way to Exploit Buffers

Buffer overflow happens when a program seeks to copy more data into the memory block with a
certain length than it can accommodate. The attackers may make use of the extra data, which is
stored in adjacent memory addresses, to establish a basis for they can begin attacks.

DDoS (DoS/DDoS) Attacks

In a denial-of-service (DoS) attack in which the attacker overwhelms the targeted server -- in this
case, the database server with such a large volume of requests that the server is unable to meet no
longer legitimate requests made by actual users. In most cases, the server is unstable or even fails
to function.

Malware
Malware is software designed to exploit vulnerabilities or cause harm to databases. Malware can
be accessed via any device that connects to the databases network.

Attacks on Backups

Companies that do not protect backup data using the same rigorous controls employed to protect
databases themselves are at risk of cyberattacks on backups.

The following factors amplify the threats:

o Data volumes are growing: Data capture, storage, and processing continue to increase
exponentially in almost all organizations. Any tools or methods must be highly flexible to
meet current as well as far-off needs.
o The infrastructure is sprawling: Network environments are becoming more
complicated, especially as companies shift their workloads into multiple clouds and
hybrid cloud architectures and make the selection of deployment, management, and
administration of security solutions more difficult.
o More stringent requirements for regulatory compliance: The worldwide regulatory
compliance landscape continues to increase by complexity. This makes the compliance of
every mandate more challenging.

Best use of Database Security

As databases are almost always accessible via the network, any security risk to any component or part
of the infrastructure can threaten the database. Likewise, any security attack that impacts a device or
workstation could endanger the database. Therefore, security for databases must go beyond the limits
of the database.

In evaluating the security of databases in our workplace to determine our organization's top priorities,
look at each of these areas.

o Security for physical security: If the database servers are on-premises or the cloud data
centre, they should be placed in a secure, controlled climate. (If our server for database is
located in a cloud-based data centre, the cloud provider will handle the security on our behalf.)
o Access to the network and administrative restrictions: The practical minimum number
of users granted access to the database and their access rights should be restricted to the
minimum level required to fulfil their tasks. Additionally, access to the network is limited to the
minimum permissions needed.
o End security of the user account or device: Be aware of who has access to the database
and when and how data is used. Monitoring tools for data can notify you of data-related
activities that are uncommon or seem to be dangerous. Any device that connects to the
network hosting the database must be physically secured (in the sole control of the
appropriate person) and be subject to security checks throughout the day.
o Security: ALL data--including data stored in databases, as well as credential information
should be secured using the highest-quality encryption when in storage and while in transport.
All encryption keys must be used in accordance with the best practices guidelines.
 o Security of databases using software: Always use the most current version of our software
to manage databases and apply any patches immediately after they're released.
o Security for web server applications and websites: Any application or web server that
connects to the database could be a target and should be subjected to periodic security testing
and best practices management.
o Security of backups: All backups, images, or copies of the database should have the
identical (or equally rigorous) security procedures as the database itself.
o Auditing: Audits of security standards for databases should be conducted every few months.
Record all the logins on the server as well as the operating system. Also, record any operations
that are made on sensitive data, too.

Data protection tools and platforms

Today, a variety of companies provide data protection platforms and tools. A comprehensive solution
should have all of the following features:

o Discovery: The ability to discover is often needed to meet regulatory compliance

requirements. Look for a tool that can detect and categorize weaknesses across our
databases, whether they're hosted in the cloud or on-premises. It will also provide
recommendations to address any vulnerabilities that are discovered.
o Monitoring of Data Activity: The solution should be capable of monitoring and analysing the
entire data activity in all databases, whether our application is on-premises, in the cloud, or
inside a container. It will alert us to suspicious activity in real-time to allow us to respond more
quickly to threats. It also provides visibility into the state of our information through an
integrated and comprehensive user interface. It is also important to choose a system that
enforces rules that govern policies, procedures, and the separation of duties. Be sure that the
solution we select is able to generate the reports we need to comply with the regulations.
o The ability to Tokenize and Encrypt Data: In case of an incident, encryption is an
additional line of protection against any compromise. Any software we choose to use must
have the flexibility to protect data cloud, on-premises hybrid, or multi-cloud environments.
Find a tool with volume, file, and application encryption features that meet our company's
regulations for compliance. This could require tokenization (data concealing) or advanced key
management of security keys.
o Optimization of Data Security and Risk Analysis: An application that will provide
contextual insights through the combination of security data with advanced analytics will allow
users to perform optimizing, risk assessment, and reporting in a breeze. Select a tool that is
able to keep and combine large amounts of recent and historical data about the security and
state of your databases. Also, choose a solution that provides data exploration, auditing, and
reporting capabilities via an extensive but user-friendly self-service dashboard.

E-mail Security
E-mail Hacking
Email hacking can be done in any of the following ways:
  Spam
 Virus
 Phishing
Spam
E-mail spamming is an act of sending Unsolicited Bulk E-mails (UBI) which one has not asked for. Email spams are
the junk mails sent by commercial companies as an advertisement of their products and services.

Virus
Some emails may incorporate with files containing malicious script which when run on your computer may lead to
destroy your important data.

Phishing
Email phishing is an activity of sending emails to a user claiming to be a legitimate enterprise. Its main purpose is to
steal sensitive information such as usernames, passwords, and credit card details.
Such emails contains link to websites that are infected with malware and direct the user to enter details at a fake
website whose look and feels are same to legitimate one.

E-mail Spamming and Junk Mails

Email spamming is an act of sending Unsolicited Bulk E-mails (UBI) which one has not asked for. Email spams are
the junk mails sent by commercial companies as an advertisement of their products and services.
Spams may cause the following problems:
 It floods your e-mail account with unwanted e-mails, which may result in loss of important e-mails if inbox is
full.
 Time and energy is wasted in reviewing and deleting junk emails or spams.
 It consumes the bandwidth that slows the speed with which mails are delivered.
 Some unsolicited email may contain virus that can cause harm to your computer.
Blocking Spams
Following ways will help you to reduce spams:
 While posting letters to newsgroups or mailing list, use a separate e-mail address than the one you used for
your personal e-mails.
 Don’t give your email address on the websites as it can easily be spammed.
 Avoid replying to emails which you have received from unknown persons.
 Never buy anything in response to a spam that advertises a product.
E-mail Cleanup and Archiving
In order to have light weighted Inbox, it’s good to archive your inbox from time to time. Here I will discuss the steps to
clean up and archive your Outlook inbox.
 Select File tab on the mail pane.
 Select Cleanup Tools button on account information screen.
 Select Archive from cleanup tools drop down menu.
 Select Archive this folder and all subfolders option and then click on the folder that you want to archive.
Select the date from the Archive items older than: list. Click Browse to create new .pst file name and
location. Click OK.

Data Security Consideration

Data security is the protection of programs and data in computers and communication systems against
unauthorized access, modification, destruction, disclosure or transfer whether accidental or intentional
by building physical arrangements and software checks. It refers to the right of individuals or
organizations to deny or restrict the collection and use of information about unauthorized access. Data
security requires system managers to reduce unauthorized access to the systems by building physical
arrangements and software checks.
Data security uses various methods to make sure that the data is correct, original, kept confidentially
and is safe. It includes-

o Ensuring the integrity of data.

o Ensuring the privacy of the data.
o Prevent the loss or destruction of data.

Data security consideration involves the protection of data against unauthorized access, modification,
destruction, loss, disclosure or transfer whether accidental or intentional. Some of the important data
security consideration are described below:

Backups
Data backup refers to save additional copies of our data in separate physical or cloud locations from
data files in storage. It is essential for us to keep secure, store, and backup our data on a regular basis.
Securing of the data will help us to prevent from-

o Accidental or malicious damage/modification to data.

o Theft of valuable information.
o Breach of confidentiality agreements and privacy laws.
o Premature release of data which can avoid intellectual properties claims.
o Release before data have been checked for authenticity and accuracy.

Keeping reliable and regular backups of our data protects against the risk of damage or loss due to
power failure, hardware failure, software or media faults, viruses or hacking, or even human errors.

To use the Backup 3-2-1 Rule is very popular. This rule includes:

o Three copies of our data

o Two different formats, i.e., hard drive+tape backup or DVD (short term)+flash drive
o One off-site backup, i.e., have two physical backups and one in the cloud
Some important backup options are as follows-

1. Hard drives - personal or work computer

2. Departmental or institution server
3. External hard drives
4. Tape backups
5. Discipline-specific repositories
6. University Archives
7. Cloud storage

Some of the top considerations for implementing secure backup and recovery are-

1. Authentication of the users and backup clients to the backup server.

2. Role-based access control lists for all backup and recovery operations.
3. Data encryption options for both transmission and the storage.
4. Flexibility in choosing encryption and authentication algorithms.
5. Backup of a remote client to the centralized location behind firewalls.
6. Backup and recovery of a client running Security-Enhanced Linux (SELinux).
7. Using best practices to write secure software.

Archival Storage
Data archiving is the process of retaining or keeping of data at a secure place for long-term storage.
The data might be stored in safe locations so that it can be used whenever it is required. The archive
data is still essential to the organization and may be needed for future reference. Also, data archives
are indexed and have search capabilities so that the files and parts of files can be easily located and
retrieved. The Data archival serve as a way of reducing primary storage consumption of data and its
related costs.

Data archival is different from data backup in the sense that data backups created copies of data and
used as a data recovery mechanism to restore data in the event when it is corrupted or destroyed. On
the other hand, data archives protect the older information that is not needed in day to day operations
but may have to be accessed occasionally.

Data archives may have many different forms. It can be stored as Online, offline, or cloud storage-

o Online data storage places archive data onto disk systems where it is readily accessible.
o Offline data storage places archive data onto the tape or other removable media using data
archiving software. Because tape can be removed and consumes less power than disk
systems.
o Cloud storage is also another possible archive target. For example, Amazon Glacier is designed
for data archiving. Cloud storage is inexpensive, but its costs can grow over time as more data
is added to the cloud archive.
The following list of considerations will help us to improve the long-term usefulness of our archives:

1. Storage medium
2. Storage device
3. Revisiting old archives
4. Data usability
5. Selective archiving
6. Space considerations
7. Online vs. offline storage

Storage medium

The first thing is to what storage medium we use for archives. The archived data will be stored for long
periods of time, so we must need to choose the type of media that will be lost as long as our retention
policy dictates.

Storage device

This consideration takes into account about the storage device we are using for our archives which will
be accessible in a few years. There is no way to predict which types of storage devices will stand the
best. So, it is essential to try to pick those devices that have the best chance of being supported over
the long term.

Revisiting old archives

Since we know our archive policies and the storage mechanisms we use for archiving data would
change over time. So we have to review our archived data at least once a year to see that if anything
needs to be migrated into a different storage medium.

For example, about ten years ago, we used Zip drives for archival then we had transferred all of my
archives to CD. But in today?s, we store most of our archives on DVD. Since modern DVD drives can
also read CDs, so we haven't needed to move our extremely old archives off CD onto DVD.

Data usability

In this consideration, we have seen one major problem in the real world is archived data which is in an
obsolete format.

For example, a few years ago, document files that had been archived in the early 1990s were
created by an application known as PFS Write. The PFS Write file format was supported in the late 80s
and early 90s, but today, there are not any applications that can read that files. To avoid this situation,
it might be helpful to archive not only the data but also copies the installation media for the
applications that created the data.

Selective archiving

In this consideration, we have to sure about what should be archived. That means we will archive only
a selective part of data because not all data is equally important.

Space considerations
If our archives become huge, we must plan for the long-term retention of all our data. If we are
archiving our data to removable media, capacity planning might be simple which makes sure that
there is a free space in the vault to hold all of those tapes, and it makes sure that there is a room in
our IT budget to continue purchasing tapes.

Online vs. offline storage

In this consideration, we have to decide whether to store our archives online (on a dedicated archive
server) or offline (on removable media). Both methods of archival contain advantages and
disadvantages. Storing of data online keeps the data easily accessible. But keeping data online may be
vulnerable to theft, tampering, corruption, etc. Offline storage enables us to store an unlimited amount
of data, but it is not readily accessible.

Disposal of Data
Data destruction or disposal of data is the method of destroying data which is stored on tapes, hard
disks and other electronic media so that it is completely unreadable, unusable and inaccessible for
unauthorized purposes. It also ensures that the organization retains records of data for as long as they
are needed. When it is no longer required, appropriately destroys them or disposes of that data in
some other way, for example, by transfer to an archives service.

The managed process of data disposal has some essential benefits-

o It avoids the unnecessary storage costs incurred by using office or server space in maintaining
records which is no longer needed by the organization.
o Finding and retrieving information is easier and quicker because there is less to search.

The disposal of data usually takes place as part of the normal records management process. There are
two essential circumstances in which the destruction of data need to be handled as an addition to this
process-

o The quantity of a legacy record requires attention.

o The functions are being transferred to another authority and disposal of data records becomes
part of the change process.

The following list of considerations will help us for the secure disposal of data-

1. Eliminate access
2. Destroy the data
3. Destroy the device
4. Keep the record of which systems have been decommissioned
5. Keep careful records
6. Eliminate potential clues
7. Keep systems secure until disposal

Eliminate access
In this consideration, we have to ensure that eliminating access account does not have any rights to re
access the disposed of data again.

Destroy the Data

In this consideration, there is not necessary to remove data from storage media will be safe. Even
these days reformatting or repartitioning a drive to "erase" the data that it stores is not good enough.
Today's many tools available which can help us to delete files more securely. To encrypt the data on
the drive before performing any deletion can help us to make data more difficult to recover later.

Destroy the device

In the most cases, storage media need to be physically destroyed to ensure that our sensitive data is
not leaked to whoever gets the drives next. In such cases, we should not destroy them itself. To do
this, there should be experts who can make probably a lot better at safely and effectively rendering
any data on our drives unrecoverable. If we can't trust this to an outsider agency that specializes in
the secure destruction of storage devices, we should have a specialized team within our organization
who has the same equipment and skills as outside contractors.

Keep the record of which systems have been decommissioned

In this, we have to make sure that the storage media has been fully decommissioned securely and
they do not consist of something easily misplaced or overlooked. It is best if storage media that have
not been fully decommissioned are kept in a specific location, while decommissioned equipment
placed somewhere else so that it will help us to avoid making mistakes.

Keep careful records

In this consideration, it is necessary to keep the record of whoever is responsible for decommissioning
a storage media. If more than one person is assigned for such responsibility, he should sign off after
the completion of the decommissioning process. So that, if something happened wrong, we know who
to talk to find out what happened and how bad the mistake is.

Eliminate potential clues

In this consideration, we have to clear the configuration settings from networking equipment. We do
this because it can provide crucial clues to a security cracker to break into our network and the
systems that reside on it.

Keep system secure until disposal of data

In this consideration, we should have to make clear guidelines for who should have access to the
equipment in need of secure disposal. It will be better to ensure that nobody should have access
authentication to it before disposal of data won't get his or her hands on it.