Name : Melesse Bisema Dessie

ID: MTR/226/12
Submitted to: Prof. Babu
 1. A. What is endpoint security? Explain different characteristics of endpoint security
solutions.
B. Elaborate different endpoint security risk scenarios.

A. Endpoint security refers to Endpoint security protects desktops,laptops, servers, and fixed-
function devices from malicious internal and external threats.

Endpoint security defends what is now thought of as an enterprise‘s perimeter – the devices that
are the gateways into the network – from known as well as unknown threats. These threats,
which include malware and non-malware attacks, attempt to steal data, destroy infrastructures, or
cause financial damage.

Endpoint security combines various attack prevention, detection, and response technologies with
intelligent services to form an advanced platform that effectively helps enterprises:

Endpoint security software protects these points of entry from risky activity and/or malicious
attack. When companies can ensure endpoint compliance with data security standards, they can
maintain greater control over the growing number and type of access points to the network.

B. Elaborate
Different endpoint security risk scenarios

Endpoint-delivered threats usually enter an Organization through:

 User-infected device introduced into the corporate network which then delivers malware
that can spread laterally an infected portable device.
 users who are tricked into downloading and installing malicious software by claims that
they are antivirus , disk cleanup or other utility software Endpoint security threats happen
when attackers can use strategies such as leaving an infected USB drive around the
organization‘s parking lot in anticipation that an employee will pick it up and plug it into
a network connected system.

However, pulling off such an attack is expensive and much more risky for the attackers,
especially if they are remote and need a trained human asset in-country to assist with the attack.

2. What is a malware? Describe various types of malwares and malware features.

Malware is the collective name for a number of malicious software variants, including
viruses, ransom ware and spyware. Shorthand for malicious software, malware typically consists
of code developed by cyber attackers, designed to cause extensive damage to data and systems or
to gain unauthorized access to a network. Malware is typically delivered in the form of a link or
file over email and requires the user to click on the link or open the file to execute the malware.

Types of Malware:

Virus

Possibly the most common type of malware, viruses attach their malicious code to clean code
and wait for an unsuspecting user or an automated process to execute them. Like a biological
virus, they can spread quickly and widely, causing damage to the core functionality of systems,
corrupting files and locking users out of their computers. They are usually contained within an
executable file.
Trojanse

Just like Greek soldiers hid in a giant horse to deliver their attack, this type of malware hides
within or disguises itself as legitimate software. Acting discretely, it will breach security by
creating backdoors that give other malware variants easy access.

Worms

Worms get their name from the way they infect systems. Starting from one infected machine,
they weave their way through the network, connecting to consecutive machines in order to
continue the spread of infection. This type of malware can infect entire networks of devices very
quickly.

Ransom ware

Also known as scare ware, ransom ware comes with a heavy price. Able to lockdown networks
and lock out users until a ransom is paid, ransom ware has targeted some of the biggest
organizations in the world today — with expensive results.
Spyware

Spyware, as its name suggests, is designed to spy on what a user is doing. Hiding in the
background on a computer, this type of malware will collect information without the user
knowing, such as credit card details, passwords and other sensitive information.

3. A. What is an unauthorized browsing?

B. Explain features of endpoint monitoring and management solutions.

A. What is an unauthorized browsing?

B. Explain features of endpoint monitoring and management solutions.

Thus, endpoint monitoring allows your security team to monitor, collect, and analyze your
endpoint behaviors. It establishes baselines behaviors to evaluate whether it ever acts abnormally
and can alert your security team promptly to investigate.

4. A. Write a short note on levels of endpoint security maturity models (SAM).

B. What is Authentication? Explain it with a suitable example.

C. What do you mean by Authorization? Explain it with a suitable example.

A. Write a short note on levels of endpoint security maturity models (SAM).

Every endpoint connecting to your IT environment serves as a gateway, both for your
legitimate users and threat actors.
Usually, enterprises recognize this, at least subconsciously. However, they tend to neglect to
take next philosophical step from this epiphany; namely, every enterprise endpoint requires
the same level of protection.
Of course, this means mandating every endpoint connecting to your network maintains a
consistent level of endpoint security. Often maintaining that consistency proves easier said
than done.
For example, say you have a strong bring-your-own-device (BYOD) culture. Your IT
security team must require each user to register their devices and install your endpoint
security before granting access. With the proliferation of mobile devices, you should make
this policy a priority.

Initial Maturity Level

Organizations at the initial level lack formal security policies, functioning security
governance or score very low in multiple security domains. Their average score comes out
between 1.0 and 2.0. Although most organizations score above the Initial level, we still find
some there – including large companies, government agencies, or universities.

In today‘s cyber security climate, scoring at the Initial level is unacceptable for any
organization that owns and manages IT assets, and owes any duties to shareholders,
investors, regulators or taxpayers.

Developing Maturity Level

The typical organization at the Developing stage has a functioning security program, some
security processes and infrastructure elements operating effectively, and multiple security
initiatives under development. But they tend to be weak in basic domains such as network
zoning / perimeters (where most organizations still have a relatively ―flat‖ or even chaotic
network(s) of IT assets) and score relatively low on overall identity and access management
(IAM). It‘s also unusual to find good levels of accountability and automation in security
processes or technology, or to find advanced vulnerability management, data loss prevention
(DLP) or security information and event management (SIEM) technologies operating at the
Developing stage.

Organizations at the Defined stage have established a comprehensive set of organization-

wide security processes, policies and documented technical controls. However, they typically
remain over-reliant on individual efforts. Processes such as change management, audit and
supply chain security still need to improve. More work is also needed on increasing role-
appropriate security knowledge and awareness as well as advancing security monitoring,
analytics, and privileged access management control sophistication.
On the Security Roadmap for organizations at the Defined level, we emphasize audit, change
management, advanced security monitoring and metrics to enhance verification and
accountability as well as protection. With basic process and technology infrastructure in
place risk management, vulnerability management, SIEM, PAM, and other programs can go
into high gear.

We also encourage organizations to focus even more on metrics; early key performance
indicator (KPI) and key risk indicator (KRI) measures introduced during the Initial or
Developing stages should now be reviewed, improved, and expanded. Not only do better
metrics improve accountability (from the risk and finance perspective) they help answer a
critical question:

Managed Maturity Level

Every organization loves to claim its security program is ―well-managed‖ and as they
progress into the managed maturity level, they can say that with assurance. At level 4,
organizations have defined and built a comprehensive set of people, process and technology
controls. However, they remain reliant on manual processes and face challenges sustaining
the security program in the face of continuous change to threat, regulatory, technology and
business landscapes.

Optimized Maturity Level

At the optimized maturity level, organizational security programs (almost) have it all. They
have raised the bar on organization-wide security process and technology infrastructure to a
pretty high level, including accountability, metrics, and automation. But let‘s clarify, not all
organizations at this level are so intent on continuous improvement that they‘ll keep throwing
increased funding and resources at security for security‘s sake.

Moreover, organizations that get to the optimized level face challenges staying. Sustaining
many if not most optimized security programs without unusually high levels of investment
requires continuous risk, business, technology, and financial analysis in the face of change.
 B. What is Authentication? Explain it with a suitable example.

Authentication is the process of recognizing a user‘s identity. It is the mechanism of

associating an incoming request with a set of identifying credentials. The credentials
provided are compared to those on a file in a database of the authorized user‘s information on
a local operating system or within an authentication server.

In computing, authentication is the process of verifying the identity of a person or device. A

common Example is entering a username and password when you log in to a website.
Entering the correct login information lets the website know 1) who you are and 2) that it is
actually you accessing the website. While a username/password combination is a common
way to authenticate your identity, many other types of authentication exist. For example, you
might use a four or six-digit pass code to unlock your phone. A single password may be
required to logon to your laptop or work computer. Every time you check or send email,
the mail server verifies your identity by matching your email address with the correct
password. This information is often saved by your web browser or email program so you do
not have to enter it each time.

C. What do you mean by Authorization? Explain it with a suitable example.

Authorization is the process to determine whether the authenticated user has access to the
particular resources. It verifies your rights to grant you access to resources such as
information, databases, files, etc. Authorization usually comes after authentication which
confirms your privileges to perform. In simple terms, it‘s like giving someone official
permission to do something or anything.

Authentication

Authentication is about validating your credentials like User Name/User ID and password to
verify your identity. The system determines whether you are what you say you are using your
credentials. In public and private networks, the system authenticates the user identity via login
passwords. Authentication is usually done by a username and password, and sometimes in
conjunction with factors of authentication, which refers to the various ways to be authenticated.
Authentication factors determine the various elements the system use to verify one‘s identity
prior to granting him access to anything from accessing a file to requesting a bank transaction. A
user‘s identity can be determined by what he knows, what he has, or what he is. When it comes
to security, at least two or all the three authentication factors must be verified in order to grant
someone access to the system.

Based on the security level, authentication factor can vary from one of the following:

 Single-Factor Authentication – It‘s the simplest authentication method which

commonly relies on a simple password to grant user access to a particular system such as
a website or a network. The person can request access to the system using only one of the
credentials to verify his identity. The most common example of a single-factor
authentication would be login credentials which only require a password against a
username.
 Two-Factor Authentication – As the name suggests, it‘s a two-step verification process
which not only requires a username and password, but also something only the user
knows, to ensure an additional level of security, such as an ATM pin, which only the user
knows. Using a username and password along with an additional piece of confidential
information makes it virtually impossible for fraudsters to steal valuable data.
 Multi-Factor Authentication – It‘s the most advanced method of authentication which
uses two or more levels of security from independent categories of authentication to grant
user access to the system. All the factors should be independent of each other to eliminate
any vulnerability in the system. Financial organizations, banks, and law enforcement
agencies use multiple-factor authentication to safeguard their data and applications from
potential threats.

Authorization

Authorization, on the other hand, occurs after your identity is successfully authenticated by the
system, which ultimately gives you full permission to access the resources such as information,
files, databases, funds, locations, almost anything. In simple terms, authorization determines
your ability to access the system and up to what extent. Once your identity is verified by the
system after successful authentication, you are then authorized to access the resources of the
system.

5. A. Explain the differences between single factor and multifactor authentication with
suitable examples.

B. Describe the best principles of Authorization and explain it in detail.

A. Explain the differences between single factor and multifactor authentication with
suitable examples

First, we must clarify, that for the purposes of this post, multi-factor authentication means two
entirely different factors (e.g. an ID number/PIN code combination is considered as single factor
authentication). The reason for this is that if one can obtain e.g. a password, then one will most
likely be able to obtain the user ID as well with roughly the same amount of effort - or, as a
better example, one, who can obtain a particular fingerprint from a person will be able to obtain
all the other prints as well with the same method, due to the nature of the factor. Thus, requiring
two fingerprints from the same person does not add to the security level and cannot be counted
as multiple factors. Also, in single factor authentication, the starting point is biometry here,
because neither possession nor knowledge based methods can really compete with it.

Multi-factor authentication?

MFA uses several different factors to verify a person‘s identity and grant access to various
software, systems, and data. Typically, MFA systems use two or more of the following tools to

The advantage of multi-factor authentication is that, in most cases, it‘s very secure. The
combination of a password, physical token and biometric can significantly reduce the risk of data
and software breaches.

However, if MFA has some advantages in securing user logons, it also has the reputation –
sometimes well earned – of being a bit difficult to manage. Users need to be provisioned with the
second factor (the first they memorize). For some end users, even setting up a mobile phone to
receive a one-time password via text message can be an imposition. Still, MFA is safe for most
organizations to lock down their networks and applications against unauthorized access.
The advantages of single sign-on include:

 Users only have to remember one password at all times. Although they may be required
to enter credentials for other systems occasionally, there‘s significantly less effort
needed.
 Extra security, such as biometric authentication, can be added to the initial single sign-on
or accessed via a USB token, soft token or similar encryption device. MFA comes into
play here.
 SSO is quick and convenient for the end user. It saves time by not requiring them to
spend time logging into many different applications.
 Risks for access are reduced in some instances. For example, credentials for third-party
applications could be stored internally rather than on external systems.
 There are fewer calls to the service desk for password resets, reducing IT support
resource needs.

Disadvantages of single sign-on:

If a hacker, malicious actor, or malware gets SSO access, that compromises any systems
used by SSO.
SSO must be deployed with strong encryption and authentication methods to prevent this
from happening.
Loss of availability of SSO systems means a user will not be able to access any other
systems, becoming a single point of failure.

B. Describe the best principles of Authorization and explain it in detail.

Access must be granted based on personnel roles and the security principles of clearance, need to
know, separation of duties, and least privilege.
For personnel without appropriate clearances or background investigations, access is restricted to
temporary information services. Managers must use eAccess to request access authorization for
individuals who do not have the appropriate clearance and are responsible for the access
activities of those individuals.
For sensitive-enhanced, sensitive, and critical information resources access must be limited in a
manner that is sufficient to support approved business functions. Access to sensitive-enhanced
and sensitive Postal Service information resources must be limited to personnel who need to
know the information to perform their duties.

6.A. Write a note on different steps in identity Management and Authenticator

Management.

B. What are different key considerations required for access control schema.

A. Write a note on different steps in identity Management and Authenticator Management.

The identity management is a central part of any IT department. As long as it is working, few
people will take notice of its existence and consequently, it is often not optimized to improve the
quality of the system.

Step 1: Take an Inventory of Your Applications + Remove Shadow IT

When thinking about our IT environments, we often think in physical terms and consider what
servers, switches, and cables we have. Keeping an inventory of those is definitely a necessity and
required by any accounting department. But usually we less think about doing the same for our
software. It is especially true for any ‗shadow IT‘ that might have grown outside the IT
department. Only with a full list of software can you continue making significant improvements
to your IT.

Step 2: Create one leading Service

Between LDAPs, SQL Databases and online services such as login with Google there are
numerous ways to manage your identities within an organization. In most cases, each application
will have the option to maintain its user base and might have the opportunity to control other
software as well.

Making an explicit decision which system should maintain the identities is an essential step in
designing the system and ensuring that the leading system has all the information to control any
application you can find.
Step 3: Make Your Users more Comfortable

Most users are not particularly concerned about privacy and data protection. While management
is often aware of their importance, users often relegate them to the second place behind their
comfort. Thus when trying to make an impact by implementing a central IdM, the convenience it
can bring to your users is often a critical tool for acceptance and success. Therefore, while ―same
user same password‖ policies might be sufficient to fulfill the requirements of the administrator
or your strategy, only with a single sign-on system will you be able to convince your users that
your services are better than any services they might be using at home.

Step 4: Minimize Your Work

Now, user comfort and app coverage are the essentials for the continued acceptance of your IdM.
However, no management system is complete without a way to manage it. Having templates and
reasonable defaults allows you to minimize the routine tasks of creating users and moving them
to the respective department. If your system enables you to set defaults, great, make use of these.
If not, you might want to look for a new system.

Step 5: Review Your Password Policies

Recommendations and possible requirements for password policies have changed. The National
Institute of Standards and Technology has updated its documentation, and Section 5.1.1 provides
an excellent (and free) starting point to see the up to date ideas on secure passwords. The up-to-
date policies are not only a security consideration, but they also add right back into the user
comfort. If you are still using 6 characters for three months, you might want to consider checking
the new requirements.

Step 6: Two-Factor Authentication

Industry espionage is not something that affects only large companies. Even mid-size and small
firms are hit by it every day. One of the most common ways to get information is cracking
passwords. Now a good password policy as mentioned beforehand can mitigate some of the
issues. Step 7: Use Individual Administrator Accounts
Root and administrator are two very convenient accounts which you can find on your servers and
workstations. They are readily available for your administrators and everyone will remember the
name. Of course, if you forget the password, your colleagues all are happy to share it with you.

Individual accounts mitigate this issue. You have one account per administrator with its
password and username. Naturally, these accounts should be different from the one used to log in
from day to day work.

Step 8: Record Changes and Audit Changes

Separate accounts for administrators also allow you to log changes and monitor who changes
which settings. Monitoring changes are not only significant for accountability but even more
helpful when examining the future of your environments. If you see that one administrator
always applies one parameter to a class of objects, you might want considering making it default.

Step 9: Review Server Settings

Most of us run their servers for a long time. Especially when using virtual machines and in place
software updates, you might still be running software that you initially installed ten years ago.
While this is great regarding efficiency, it also means that many of your settings might be in
longer use longer than some of us have been working on that server.

Step 10: Off-Site Copies

Imagine your server room having an electrical issue and is not operational. Now as all your cloud
services are getting their passwords from the server, your colleagues could not even take their
laptops home as none of your cloud services are available.

B. What are different key considerations required for access control schema.
7. Explain the following access control mechanisms with suitable example

A. Rule based access control

B. Role based access control

C. Mandatory access control

D. Discretionary access control

A. Rule based access control

Whether you authorize users to take on rule-based or role-based access control, RBAC is
incredibly important. Within some organizations - especially those that are on the smaller side -
it might make sense that some users wear many hats and as a result they need access to a variety
of seemingly unrelated information.
Rule-Based Access Control

In this form of RBAC, you‘re focusing on the rules associated with the data‘s access or
restrictions. These rules may be parameters, such as allowing access only from certain IP
addresses, denying access from certain IP addresses, or something more specific. In a more
specific instance, access from a specific IP address may be allowed unless it comes through a
certain port (such as the port used for FTP access). These types of specificities prevent
cybercriminals and other ne‘er-do-wells from accessing your information even if they do find a
way in to your network. Rule-Based Access Control can also be implemented on a file or system
level, restricting data access to business hours only, for instance.

B. Role-Based Access Control

When dealing with role-based access controls, data is protected in exactly the way it sounds like
it is: by user roles. Users are sorted into groups or categories based on their job functions or
departments, and those categories determine the data that they‘re able to access. Human
Resources team members, for example, may be permitted to access employee information while
no other role-based group is permitted to do so.

What's the Difference When It Comes to User Access?

The primary difference when it comes to user access is the way in which access is determined.

Role-based access depends heavily on users being logged into a particular network or
application so that their credentials can be verified.

Rule-based access may be applied to more broad and overreaching scenarios, such as allowing
all traffic from specific IP addresses or during specific hours rather than simply from specific
user groups.

In some situations, it may be necessary to apply both rule-based and role-based access controls
simultaneously. For example, if you had a subset of data that could be accessed by Human
Resources team members, but only if they were logging in through a specific IP address (i.e.
from their office computer, on the office network). This would essentially prevent the data from
being accessed from anywhere other than a specific computer, by a specific person. Are you
ready to take your security to the next level? Download our whitepaper, Security In Layers,
today.

C. Mandatory access control

Mandatory Access Control (MAC) is the strictest of all levels of control. The design of MAC
was defined, and is primarily used by the government.

MAC takes a hierarchical approach to controlling access to resources. Under a MAC enforced
environment access to all resource objects (such as data files) is controlled by settings defined by
the system administrator. As such, all access to resource objects is strictly controlled by the
operating system based on system administrator configured settings. It is not possible under
MAC enforcement for users to change the access control of a resource.

D. Discretionary access control

Unlike Mandatory Access Control (MAC) where access to system resources is controlled by the
operating system (under the control of a system administrator), Discretionary Access Control
(DAC) allows each user to control access to their own data. DAC is typically the default access
control mechanism for most desktop operating systems. Instead of a security label in the case of
MAC, each resource objects on a DAC based system has an Access Control List (ACL)
associated with it. An ACL contains a list of users and groups to which the user has permitted
access together with the level of access for each user or group. For example, User A may provide
read-only access on one of her files to User B, read and write access on the same file to User
C and full control to any user belonging to Group 1.

It is important to note that under DAC a user can only set access permissions for resources which
they already own. A hypothetical User A cannot, therefore, change the access control for a file
that is owned by User B. User A can, however, set access permissions on a file that she owns.
Under some operating systems it is also possible for the system or network administrator to
dictate which permissions users are allowed to set in the ACLs of their resources.
8. A. Describe different stages of access administration process and explain each stage focus
in detail.

B. What is the essentiality of Identity and Access Management (IdAM) and explain
different stages of Identity and Access Management (IdAM) life Cycle.

A. Describe different stages of access administration process and explain each stage focus
in detail

Steps to a Solid User Administration Process

Although it may seem like a small detail in the grand scheme of cybersecurity, a good user
administration process plays an important role. This means establishing a thoughtful process for
controlling administrative access to applications and systems.

Many organizations feel that employees obviously need access, and it should just be given to
them. But you should consider necessity in all instances and for all individuals. Taking some
basic steps will help your organization create a solid user administration process and reduce your
organization‘s risk of a breach.

1. Know your applications and risk-rate them.

You need to know which applications your organization uses and what information they store
before you can identify the risks inherent within your organization‘s daily activity.

2. Categorize your applications based on criticality to determine your highest-risk applications.

High-risk applications are those that contain sensitive or potentially sensitive information. This
includes information considered proprietary to your organization or to others. Another factor that
can increase an application‘s risk is whether it can be accessed from the public Internet, as
externally accessible systems and applications increase the risk of unauthorized access if not
properly secured. These applications should have strong user access controls in place.
3. Establish a formal user administration process.

The goal of user administration is to ensure that access remains properly restricted throughout an
employee‘s time at the organization. Consider these three phases of the employee life cycle:

I. Hire – How do we ensure an employee receives only the access they need?
II. Job changes – If an employee‘s job function changes, do we ensure removal of
access that is no longer required
III. Termination or resignation – Do we ensure access rights are canceled in a timely
manner when an employee leaves?

Then for each phase in the employee life cycle, ask:

 How will access be granted?

 Will access rights be based on job position, or on an individual‘s unique role?
 Can we establish a profile that gives a user access to the needed areas only?
 Which individuals or roles require administrative functions? Administrative access
should be granted on a limited basis.

In a centralized environment, application administration is the responsibility of one area or

department, typically the IT department.

In a decentralized environment, responsibility for user access management is delegated to the

departments that use the applications. This does not remove management‘s responsibility to
know which applications are in use and who is using them, and poor management can often
heighten the risk of a breach. However, as long as you formally define the process, a
decentralized environment can achieve the same results for user administration.

4. Audit the process you have in place.

It‘s not enough to establish baselines and policies. Your organization needs to evaluate them
periodically to ensure they are effective, and working and used as intended.
 Implement a regular review of systems. At least annually, review all users on each
application to ensure that they still need access to the application and still require their existing
level of access. You should review high-risk systems more frequently, such as quarterly. The
reviews should be documented and approved, especially if a decentralized system in place.
During this review, verify that terminated employees have been removed, access rights and
administrative functions are still warranted, and service, system level, and vendor accounts are
still required. Some applications allow you to create reports showing the last login date for
accounts. This could help you identify accounts that are no longer required.
B. What is the essentiality of Identity and Access Management (IdAM) and
explain different stages of Identity and Access Management (IdAM) life
Cycle .

Identity Access Management encompasses various technologies from the IT world, such as

single sign-on, profile management, multi-factor authentication, and password

management. Single sign-on is a federated identity service that permits a user to use one set of

login credentials to gain access to multiple systems and applications. This way, users do not need

to provide their credentials multiple times when they switch between systems. Multi-factor

authentication (MFA) leverages the general factors, something you know, something you are,

and something you have, to verify identities. This method of authentication requires users to

verify their identity through more than one set of credentials. For example, an MFA system may

require users to enter a password and one-time pin.

IAM also helps identify and maintain user profiles. You can ensure users are who they say they

are and that they have the appropriate authorization to access the applications and resources they

request. Moreover, profile management allows enterprises to ensure that user data is up-to-date

and accurate. For instance, in a healthcare environment when a healthcare professional needs to

look up patient information, they must first present the appropriate credentials to the system.

Next, the system looks up the information it was provided and ensures the user‘s information is
current. Once the credentials are verified, the requester will be granted access to the file based on

the authorization the user has permitted.

9. A. Explain the concept of Zero Trust and zero trust model.

B. Write a note IdAM implementation challenges.

A. Explain the concept of Zero Trust and zero trust model

Zero Trust is a network security model based on a rigid identity verification process. The system
provides that only authenticated and authorized users and devices can access applications and
data, while protecting applications and users from advanced Internet threats.

This model was first introduced by an analyst at Forrester Research and, although it was not an
entirely new principle, it has become increasingly important for today's digital transformation
and its impact on the security architecture of the company network.

With an ever-increasing number of mobile workers, who access applications from multiple
devices outside the company perimeter, companies have adopted the principle of trust based on
continuous checks, according to which if a user has the correct user credentials, then he can
access any site, app or device he needs. This resulted in an increased risk of exposure, dissolving
the boundaries of what was once the safe area under corporate control and leaving many
organizations vulnerable to data breaches, malware and ransomware attacks. Now you need to
protect yourself wherever applications, data, users and devices are.
B. Write a note IdAM implementation challenges.

10. a. Explain common techniques of Identity theft. b. Write a short note on high-level
cloud security concerns.

A. Explain common techniques of Identity theft.

B. Write a short note on high-level cloud security concerns.

Cloud security the cloud acts as a big black box, nothing inside is visible to the clients. Clients
have no idea or control over what happens inside a cloud Even if the cloud provider is honest, it
can have malicious system admins who cantamper with the VMsviolate confidentiality and
integrity Clouds are still subject to traditional data confidentiality, integrity, availability, and
privacy issues, plus some additional attacks

11. A. Explain different types of cloud security attacks

B. Write a short note on key concerns of Cloud security alliance v.3.0

A. Explain different types of cloud security attacks

B. Write a short note on key concerns of Cloud security alliance v.3.0

Cloud Security Alliance‘s Security Guidance for Critical Areas of Focus in Cloud Computing
seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical,
actionable roadmap to managers wanting to adopt the cloud paradigm safely and securely.
Domains are reviewed to emphasize security, stability, and privacy in a multi-tenant
environment. The CSA‘s Security Guidance for Critical Areas of Focus in Cloud Computing
builds on previous iterations through dedicated research, public participation from CSA
members, working groups, and industry experts. This version incorporates advances in cloud,
security, and supporting technologies, reflects on real-world cloud security practices, integrates
the latest CSA research projects, and offers guidance for related technologies. The goal of the
fourth version of Security Guidance for Critical Areas of Focus in Cloud Computing is to
provide guidance and inspiration to support business goals while managing and mitigating the
risks associated with cloud computing adoption.

12. A. Describe cloud security risk analysis methodology

B. Explain different key threats in cloud environment.

A. Describe cloud security risk analysis methodology

Risk analysis refers to the review of risks associated with the particular action or event. The risk
analysis is applied to information technology, projects, security issues and any other event
where risks may be analyzed based on a quantitative and qualitative basis.
B. Explain different key threats in cloud environment.

13. A. Explain different types of cyber attacks.

B. Explain different stages of information security management cycle.

A. Explain different types of cyber attacks.

DDoS

A Distributed Denial of Service (DDoS) attack is an attempt to flood a website or online service
with traffic in order to overwhelm and render it unavailable. While a hacker doesn‘t really gain
any valuable information from this type of attack, they do find success in causing confusion and
chaos – oftentimes making it a perfect distraction to launch another type of attack. Secure the
perimeter to help prevent DDoS attacks

Spoofing

Spoofing happens when a source hides its true identity, masquerading as someone or something
else. This tactic is often used during a cyberattack to disguise the source of attack traffic. For
example, sending an email with a fabricated ―From:‖ address would qualify as spoofing. Of
course, there are different types of this deception, including: DNS server spoofing, ARP spoofing
and IP address spoofing. Identify fake email addresses and websites
Ransomware

Ransomware is a type of malware that holds your personal files hostage. The hacker demands
payment – usually in an untraceable currency, like Bitcoin – in exchange for restoring access to
your own data. The software spreads from one system to the next and encrypts all hard disk
contents. Ransomware is a (mostly un-reported) crime of extortion, and the more valuable your
data, the more you are at risk. Get your data back

Phishing

Phishing attackers send mass emails to distribute malicious links or attachments that (if opened)
can steal your login credentials and/or your account information. Sometimes, the email even asks
you to reset your password – thus handing over access to your account. This is a fairly easy way
for hackers to gain personal data, as their success ultimately relies on end user awareness and
training. Identify a phishing email

Malware

Malware is an umbrella term that describes many nasty programs, codes and bugs that can
confuse your system(s). The purpose is to attack, destroy or disable networks and devices by
taking over. Usually, malware does not cause permanent damage – but don‘t let that fool you. It
can manipulate your data, alter your system‘s functions and essentially spy on your activity
without your knowledge or authorization. Change passwords frequently

B. Explain different stages of information security management cycle.

Information security is a living, breathing process that‘s ongoing, it‘s a life cycle. Without a life-
cycle approach to information security and its management, organizations typically treat
information security as just another project.

Step one – Plan

Involve senior management as well as stake holders and department managers. Information
security is not just an IT issue, the whole organization needs to be on board in order to have a
strong information security program. Form a committee and establish agreed on direction.
Step two – Do

Assign specific responsibility to individuals, determine timelines and desired results. Develop a
―cookbook‖ that lays out policies, standards, procedures, and guidelines that can be followed to
maintain a strong information security program. Just as parts of ―recipes‖ may change over time,
parts of your information security program may change as well.

Step three – Check

After solutions are implemented, review the audit findings to determine if the desired results are
being achieved.

Step four – Act

These actions should be based on your audit results, with adjustments made as needed. Circle
back to the Planning step and run through the process again until the threat is reduced to an
acceptable level.
14. A. Explain the essentiality of security governance.

B. what is the focus of corporate governance?

C. what is spoofing? Explain different types of spoofing.

A. Explain the essentiality of security governance.

Essentiality of Security governance is the means by which you control and direct your
organization‘s approach to security. When done well, security governance will effectively
coordinate the security activities of your organization. It enables the flow of security information
and decisions around your organization. Security governance is the combined set of tools,
personnel, and processes that provide for formalized risk management. It includes organizational
structure, roles and responsibilities, metrics, processes, and oversight, as it specifically impacts
the security program. While governance is embodied in a set of documents, specifically
standards, guidelines, policies, and procedures, to have an effective security program, the
appropriate resources need to be allocated, as defined within the governance.

Types of spoofing

Email Spoofing

Email spoofing occurs when an attacker uses an email message to trick a recipient into thinking
it came from a known and/or trusted source. These emails may include links to malicious
websites or attachments infected with malware, or they may use social engineering to convince
the recipient to freely disclose sensitive information.

Caller ID Spoofing

With caller ID spoofing, attackers can make it appear as if their phone calls are coming from a
specific number—either one that is known and/or trusted to the recipient, or one that indicates a
specific geographic location. Attackers can then use social engineering—often posing as
someone from a bank or customer support—to convince their targets to, over the phone, provide
sensitive information such as passwords, account information, social security numbers, and
more.

Website Spoofing

Website spoofing refers to when a website is designed to mimic an existing site known and/or
trusted by the user. Attackers use these sites to gain login and other personal information from
users.
IP Spoofing

Attackers may use IP (Internet Protocol) spoofing to disguise a computer IP address, thereby
hiding the identity of the sender or impersonating another computer system. One purpose of IP
address spoofing is to gain access to a network that authenticates users based on IP addresses.

More often, however, attackers will spoof a target‘s IP address in a denial-of-service attack to
overwhelm the victim with traffic. The attacker will send packets to multiple network recipients,
and when packet recipients transmit a response, they will be routed to the target‘s spoofed IP
address.

ARP Spoofing

Address Resolution Protocol (ARP) is a protocol that resolves IP addresses to Media Access
Control (MAC) addresses for transmitting data. ARP spoofing is used to link an attacker‘s MAC
to a legitimate network IP address so the attacker can receive data meant for the owner
associated with that IP address. ARP spoofing is commonly used to steal or modify data but can
also be used in denial-of-service and man-in-the-middle attacks or in session hijacking.

DNS Server Spoofing

DNS (Domain Name System) servers resolve URLs and email addresses to corresponding IP
addresses. DNS spoofing allows attackers to divert traffic to a different IP address, leading
victims to sites that spread malware.

15. Explain prevention techniques of following attacks

A. Phishing B. Password attacks C. Denial of service attacks

D. Man in the middle attacks E. Drive-by downloads F. Malvertsing G. Rogue

software
A. Phishing

Phishing attacks are one of the most common security challenges that both individuals and
companies face in keeping their information secure. Whether it's getting access to passwords,
credit cards, or other sensitive information, hackers are using email, social media, phone calls,
and any form of communication they can to steal valuable data. Businesses, of course, are a
particularly worthwhile target.

B. password attack

How to Prevent Password Attack Methods?

First, your enterprise needs to face facts: passwords remain incredibly vulnerable to password
attack methods. In fact, any form of single-factor authentication leaves your entire IT
environment open to hackers who can easily subvert it.
Instead of relying on passwords, your enterprise should call upon a next-generation privileged
access management solution to deploy multifactor authentication (MFA). Multifactor
authentication puts different layers of identity security on each account. It monitors diverse
factors such as time of access request and geolocation. Also, it can incorporate biometric
authentication and hard tokens.
Here‘s what matters: multifactor authentication mitigates the effectiveness of password attack
methods. It may not completely prevent all hackers, but it deters them in mass droves.
C. Denial of service attacks

We have talked extensively about what DDoS attacks are and exemplified types of DDoS
attacks. Now we are going to take some time to talk about ways to protect your site from ddos
attacks.

Activate a Website Application Firewall Protection from DDoS Attacks

A Website Application Firewall (WAF) keeps the malicious traffic off your website. It is a
layer of protection that sits between your website and the traffic it receives.
Website Application Firewalls are specific application firewalls for websites that go beyond the
metadata of the packets transferred at the network level. They focus on the data in transfer.
Application firewalls were created to understand the type of data allowed for each protocol, like
SMTP and HTTP.

Country blocking

The majority of website attacks come from specific countries such as China, Russia, and Turkey.
Although we have nothing against those countries, the Sucuri Firewall gives you the option of
blocking them from interacting (POST) with your site.

You can easily enable this option in our Firewall dashboard, so that IP addresses from these
countries will still be able to view all content, but they will not be able to register, submit
comments, or attempt to login. It‘s basically a read-only mode.

Monitor Traffic

It is vital to monitor your website traffic to be aware of traffic peaks and DDoS attacks. As we
explained before, DDoS happens when there is a huge amount of traffic to the server. It would be
great if your website got a million new users in one day, but wouldn‘t it be suspicious?

A dramatic increase of egress traffic ratio is a red flag for DDoS attacks. We highly recommend
that you have monitoring tools in place and that you always check your logs.

Block Application Layer DDoS Attacks

DDoS attacks on the application layer are usually made in a cautious and secretive manner,
making them more difficult to be detected. In the beginning, they can be even mistaken by traffic
peaks.

They are the most common attacks nowadays and affect all organizations, no matter the size.
Any website can become victim of these attacks since they are mostly automatized. One of the
features of the Sucuri Firewall is blocking application-layer DDoS attacks.
D. Man in the middle attacks

Man in the Middle Attack Prevention

Use a Virtual Private Network (VPN) to encrypt your web traffic. An encrypted VPN severely
limits a hacker‘s ability to read or modify web traffic.

Secure your network with an intrusion detection system. Network administrators should be
using good network hygiene to mitigate a man-in-the middle attack.

Install active virus and malware protection that includes a scanner that runs on your system at
boot. MITM attacks often rely on malware. Running updated anti-virus software is imperative.

E. Drive-by downloads
 Drive-By downloads is a major concern, but there are several steps end-users can take to protect
themselves from these types of attacks:

Update your software quickly and constantly. When a software maker releases an update,
cybercriminals will rush to reverse engineer it and target Internet users who have not applied the
update. Configure your operating system, browsers, and all applications that offer it, to update
automatically.

Remove unnecessary software and plug-ins. Computers tend to fill up with unnecessary
applications and browser plug-ins that are neither useful nor maintained by the developers. By
removing them you significantly reduce your chances of a data breach.
Stop using a privileged account for day-to-day work. Whenever you browse the Internet using a
privileged account, drive-by (and other malicious software) can install itself without your
explicit permission. Keep two separate accounts on your computer. Use a non-privileged account
for common day-to-day work and all online activities. Use a different, administrator account for
installing software, and only for that purpose. Using the web without administrative rights
greatly reduces both the risk of a successful drive-by download and the potential damage should
one succeed. Prevention mechanisms !!!!
 Use a firewall. Although a firewall won‘t necessarily stop sophisticated malware, a
firewall can be effective in detecting and blocking known threats.
 Disable Java and JavaScript. Where possible, disable Java and JavaScript. Put trusted
sites that require it on a whitelist.
 Use web-filtering software. Turn on security features that monitor the websites you are
connecting to. Configure these security controls to warn you when attempting to access
sites that might contain malicious drive-by download and other attacks.
 Install an ad blocker. Drive-by download attacks frequently use ads as infection vectors.
Installing an ad blocker will help reduce exposure to these types of attack.
 F. Malvertsing

Install anti I virus/anti-malware software – Using advanced anti-virus programs that keep a
watchful eye over your system will protect against common malware and other security risks.
With reputable anti-virus software, you can block and prevent many infiltrations before they
happen

G. Rogue software

Rogue security software is a form of malicious software and Internet fraud that misleads users
into believing there is a virus on their computer and aims to convince them to pay for a fake
malware removal tool that actually installs malware on their computer. It is a form of scareware
that manipulates users through fear, and a form of ransomware. Rogue security software has
been a serious security threat in desktop computing since 2008. Two of theearliest examples to
gain infamy were BraveSentry and SpySheriff