lOMoARcPSD|10351700

IAS1 Module 1 - Information assurance and security 1

Public Administration (Northern Negros State College of Science and Technology)

Studocu is not sponsored or endorsed by any college or university

Downloaded by EY JEY (roxxxvencer@gmail.com)
 lOMoARcPSD|10351700

COLLEGE OF INFORMATION &

COMMUNICATIONS
TECHNOLOGY & ENGINEERING
COURSE MODULE IN

ITP108 – INFORMATION
ASSURANCE AND
SECURITY 1
COURSE FACILITATORS: ROSE ANN C. BALLADARES, MIT
MARK B. PASICARAN, MIT

FB/MESSENGER: Rose Ann C. Balladares

Mark B. Pasicaran

Email roseballadares1019@gmail.com
mark.bac@nonescost.edu.ph

Phone No: 09489905845

MODULE
Downloaded by EY JEY (roxxxvencer@gmail.com)
 lOMoARcPSD|10351700

VISION

Northern Negros State College of Science and technology envisions a skillful and productive

manpower, qualified and competent professionals endowed with leadership qualities, commitment to public

service, a common shared values, and capacities to integrate and use new knowledge and skills in various

vocations and professions to meet the challenges of the new millennium.

MISSION

To train and develop semi-skilled manpower, middle level professionals and competent and qualified

leaders in the various professions responsive to the needs and requirements of the service areas providing

appropriate and relevant curricular programs and offerings, research projects and entrepreneurial activities,

extension services and develop progressive leadership to effect socio-economic change and thereby improve

the quality of life.

INSTITUTIONAL OUTCOMES

1. Demonstrate logical thinking, critical judgment and independent decision-making on any

confronting situations
2. Demonstrate necessary knowledge, skills and desirable attitudes expected of one9s educational
level and field of discipline
3. Exhibit necessary knowledge, skills and desirable attitudes in research
4. Exhibit proactive and collaborative attributes in diverse fields
5. Manifest abilities and willingness to work well with others either in the practice of one9s profession
or community involvement without compromising legal and ethical responsibilities and
accountabilities.

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

PROGRAM LEARNING OUTCOMES (CMO #25 s.2015)

Graduates of a BSIT program are teachers who have the ability to:

1. articulate and discuss the latest developments in the specific field of practice;
2. effectively communicate orally and in writing using both English and Filipino;
3. work effectively and independently in multi-disciplinary and multi-cultural teams;
4. act in recognition of professional, social, and ethical responsibility;
5. preserve and promote <Filipino historical and cultural heritage=;
6. apply knowledge of computing, science, and mathematics appropriate to the discipline;
7. understand best practices and standards and their applications;
8. analyze complex problems, and identify and define the computing requirements appropriate to its
solution;
9. identify and analyze user needs and take them into account in the selection, creation, evaluation
and administration of computer-based systems;
10. design, implement, and evaluate computer-based systems, processes, components, or programs
to meet desired needs and requirements under various constraints;
11. integrate IT-based solutions into the user environment effectively;
12. apply knowledge through the use of current techniques, skills, tools and practices necessary for
the IT profession;
13. function effectively as a member or leader of a development team recognizing the different roles
within a team to accomplish a common goal;
14. assist in the creation of an elective IT project plan;
15. communicate effectively with the computing community and with society at large about complex
computing activities through logical writing, presentations, and clear instructions;
16. analyze the local and global impact of computing information technology on individuals,
organizations, and society;
17. understand professional, ethical, legal, security and social issues and responsibilities in the
utilization of information technology; and
18. recognize the need for and engage in planning self-learning and improving performance as a
foundation for continuing professional development.

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

Warm greetings!

Welcome to the second semester of School Year 2020-2021! Welcome to the College of Information and
Communications Technology and Engineering and welcome to NONESCOST!

Despite of all the happenings around us, there is still so much to be thankful for and one of these is the
opportunity to continue learning.

You are right now browsing your course module in PT101. As you read on, you will have an overview of the
course, the content, requirements and other related information regarding the course.

INTRODUCTION- Overview of the lesson

LEARNING OUTCOMES- Lesson objectives for you to ponder on

MOTIVATION- Fuels you to go on

PRESENTATION- A smooth transition to the lesson

TEACHING POINTS- Collection of ideas that you must discover

LEARNING ACTIVITIES – To measure your learnings in the lesson where you wandered

ASSESSMENT – To test your understanding in the lesson you discovered

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

Please read your modules and learn the concepts by heart. It would help you prepare to be effective and
efficient professional in your respective fields. You can explore more of the concepts by reading the
references and the supplementary readings.

I encourage you to get in touch with me in case you may encounter problems while studying your modules.
Keep a constant and open communication. Use your real names in your FB accounts or messenger so I can
recognize you based on the list of officially enrolled students in the course. I would be very glad to assist you
in your journey. Furthermore, I would also suggest that you build a workgroup among your classmates.
Participate actively in our discussion board or online discussion if possible and submit your
outputs/requirements on time. You may submit them online through email and messenger. You can also
submit hard copies. Place them in short size bond paper inside a short plastic envelop with your names and
submit them in designated pick up areas.

I hope that you will find this course interesting and fun. I hope to know more of your experiences, insights,
challenges and difficulties in learning as we go along this course. I am very positive that we will successfully
meet the objectives of the course.

May you continue to find inspiration to become a great professional. Keep safe and God bless!

ITP108 – INFORMATION ASSURANCE AND SECURITY 1

Course ITP108
Number
Course Title INFORMATION ASSURANCE AND SECURITY 1
Course This course examines fundamentals of network security involved in creating and managing
Description secure computer network environments. Both hardware and software topics are
considered, including authentication methods, remote access, network security
architectures and devices, cryptography, forensics and disaster recovery plans.
No. of Units 3 units
Pre-requisites Systems Integration and Architecture 1
Course CILO 1. Determine the factors involved in a computer and network security strategy;
Intended CILO 2. Identify the different types of technology used to secure a network connected
Learning through a router;
Outcomes CILO 3. Familiarize the protocols related to web security and how to implement security
on a web server;
CILO 4. Investigate some of the major characteristics of intrusion detection and intrusion
prevention products;
CILO 5. Create a detailed disaster security plan.
Content I. Overview of Information Security (Lesson 1)
Coverage a. revisit the history of computer security, and explain how it evolved into
information security;
b. discuss key terms and critical concepts of information security;
c. enumerate the information security roles of professionals within an organization

II. Denial of Service (DOS) Attack (Lesson 2)

a. demonstrate that organizations have a business need for information security;
b. defend why a successful information security program is the responsibility of both
an organization9s general management and IT management;
c. identify the threats posed to information security and the more common attacks
associated with those threats

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

III. Authentication, Firewall, and Filtering Technology (Lesson 3)

a. recognize the important role of access control in computerized information
systems, and discuss widely-used authentication factors;
b. evaluate firewall technology and the various approaches to firewall
implementation;
c. analyze the various approaches to control remote and dial-up access by means of
the authentication and authorization of users;
d. discuss content filtering technology;
e. review the technology that enables the use of virtual private networks

IV. Major protocols used for secure communications (Cryptography) (Lesson 4)

a. annotate the basic principles of cryptography;
b. relate the operating principles of the most popular cryptographic tools;
c. explicate the major protocols used for secure communications;
d. Associate the nature and execution of the dominant methods of attack used
against cryptosystems
e. Differentiate impact of Cyber Incidents on the basis of Gender - In Focus – LGBT
people9s use of the internet

V. Categories and operating models of intrusion detection and prevention systems

(Lesson 5)
a. examine honeypots, honeynets, and padded cell systems;
b. list the major categories of scanning and analysis tools, and describe the specific
tools used within each of these categories;
c. memorize the various methods of access control, including the use of biometric
access mechanisms

VI. Security policy, standards, practices, procedures, and guidelines (Lesson 6)

a. highlight what an information security blueprint is;
b. Discuss how an organization institutionalizes its policies, standards, and practices
using education, training, and awareness programs;
c. express what contingency planning is and how it relates to incident response
planning, disaster recovery planning, and business continuity plans

VII. Risk management, risk identification, and risk control (Lesson 7)

a. investigate how risk is identified and assessed;
b. assess risk based on probability of occurrence and likely impact;
c. explain the fundamental aspects of documenting risk via the process of risk
assessment;
d. categorize the various risk mitigation strategy options;
e. identify the categories that can be used to classify controls

References References:
1. Copy of the Course Syllabus
(R1) Whitman,M.E. and Mattord,H.J.(2018). Principles of Information Security
4th Edition
(R2) Boyle, R.J (2017). Applied Information Security
(R3) Copy of the Course Syllabus

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

On line References:

(OR1) https://www.extnoc.com/blog/the-different-types-of-firewall/
(OR2) https://www.compuquip.com/blog/types-firewall-architectures
(OR3) https://www.barracuda.com/glossary/content-filtering
(OR4) https://www.cisco.com/c/en/us/products/security/vpn-endpoint-security-
clients/what-is-vpn.html#~types-of-vpns
(OR5) https://searchsecurity.techtarget.com/definition/access-control
(OR6) https://www.sumologic.com/glossary/authentication-factor/

Supplementary Reading Materials:

Supplementary Reading Materials:
(SR1) Managing Risk and Information Security Kindle Edition (2016).
(SR2) The ISO/IEC 27002 and ISO/IEC 27799 Information Security Management
Kindle Edition (2016).
(SR3) Information Security Policies, Procedures, and Standards: Guidelines for
Effective Information Kindle Edition (2019).
(SR4) Why Gender Matters in International Cyber Security (2020).

Course 1. Active class participation (online discussion board, FB Closed group account)
Requirements 2. Logbook/ Journal (Reflection, Observation and/or Activities on each Lesson)
3. Classroom Demonstration
4. Research
5. Quizzes
6. Learning Plans with Technology Integration
7. Two (2) Long Examinations
8. Instructional Software / Project-Based Multimedia (Final Examination)

Prepared by: ROSE ANN C. BALLADARES, MIT

Reviewed and Approved by:

Subject Area Coordinator: JEFFRIC S. PISUENA, Ph. D.

Dean, CICTE : ELVIN T. LUCATIN, Ph. D.

GAD Director : MARY ANN T. ARCEŇO, Ph.D.

CIMD, Chairperson : MA. JANET S. GEROSO, Ph.D.

QA Director : DONNA FE V. TOLEDO, Ed. D.

VP- Academic Affairs : SAMSON M. LAUSA, Ph. D

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

MODULE
1
LESSON
INTRODUCTION TO INFORMATION
1 ASSURANCE AND SECURITY 1
3 HOURS

This course examines fundamentals of network security

involved in creating and managing secure computer
network environments. Both hardware and software
topics are considered, including authentication methods, remote access, network security architectures and
devices, cryptography, forensics and disaster recovery plans.

• Comprehend the history of computer security and how it evolved into information security
• Understand the definition, key terms and concepts of information security
• Outline the phases of the security systems development life cycle
• Understand the roles of professionals involved in information security within an organization
.

Why do we need to study the history of information

security first?

1.
2.
3.
4.
5.
6.
7.
8.
9.
10

http://www.bbc.co.uk/history/british/empir
e_seapower/launch_ani_mapmaking.shtml

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

<History Of
Computer
Security and Its
Evolution=
https://blog.avast.com/history-of-cybersecurity-avast

Approaches to Information Security

Implementation: Top-Down Approach

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

"Overview of Information Security “

Information security in today9s enterprise is a <well-informed sense of assurance that the information risks
and controls are in balance.= –Jim Anderson, Inovant (2002)

The History of Information Security

• Began immediately after the first mainframes were developed

• Groups developing code-breaking computations during World War II created the first modern
computers
• Physical controls to limit access to sensitive military locations to authorized personnel
• Rudimentary in defending against physical theft, espionage, and sabotage

The 1960s
• Advanced Research Procurement Agency (ARPA) began to examine feasibility of redundant
networked communications system designed to support the military9s need to exchange
information.
• Larry Roberts developed ARPANET from its inception

The 1970s and 80s

• ARPANET grew in popularity as did its potential for misuse.
• Fundamental problems with ARPANET security were identified
o No safety procedures for dial-up connections to ARPANET
o Non-existent user identification and authorization to system
• Late 1970s: microprocessor expanded computing capabilities and security threats

R-609
• Information security began with Rand Report R-609 (paper that started the study of computer
security)
• Scope of computer security grew from physical security to include:
o Safety of data
o Limiting unauthorized access to data
o Involvement of personnel from multiple levels of an organization

The 1990s
• Networks of computers became more common; so too did the need to interconnect networks
• Internet became first manifestation of a global network of networks
• In early Internet deployments, security was treated as a low priority

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

The Present
• The Internet brings millions of computer networks into communication with each other— many of
them unsecured
• Ability to secure a computer9s data influenced by the security of every computer to which it is
connected

What is Security?
<The quality or state of being secure—to be free from danger=

A successful organization should have multiple layers of security in place:

• Physical security - to protect the physical items, objects, or areas of an organization from
unauthorized access and misuse.
• Personal security – to protect the individual or group of individuals who are authorized to access
the organization and its operations.
• Operations security – to protect the details of a particular operation or series of activities.
• Communications security – to protect an organization9s communications media, technology, and
content.
• Network security – to protect networking components, connections, and contents.

What Is Information Security?

• The protection of information and its critical elements, including systems and hardware that use,
store, and transmit that information
• Necessary tools: policy, awareness, training, education, technology
• C.I.A. triangle was standard based on confidentiality, integrity, and availability
• C.I.A. triangle now expanded into list of critical characteristics of information

Critical Characteristics of Information

The value of information comes from the characteristics it possesses:
• Availability - enables users who need to access information to do so without interference or
obstruction and in the required format. The information is said to be available to an authorized user
when and where needed and in the correct format.
• Accuracy- free from mistake or error and having the value that the end-user expects. If information
contains a value different from the user9s expectations due to the intentional or unintentional
modification of its content, it is no longer accurate.
• Authenticity - the quality or state of being genuine or original, rather than a reproduction or
fabrication. Information is authentic when it is the information that was originally created, placed,
stored, or transferred.
• Confidentiality - the quality or state of preventing disclosure or exposure to unauthorized
individuals or systems.
• Integrity - the quality or state of being whole, complete, and uncorrupted. The integrity of
information is threatened when the information is exposed to corruption, damage, destruction, or
other disruption of its authentic state.
• Utility - the quality or state of having value for some purpose or end. Information has value when it
serves a particular purpose. This means that if information is available, but not in a format
meaningful to the end-user, it is not useful.

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

• Possession - the quality or state of having ownership or control of some object or item. Information
is said to be in possession if one obtains it, independent of format or another characteristic. While a
breach of confidentiality always results in a breach of possession, a breach of possession does not
always result in a breach of confidentiality.

This graphic informs the fundamental approach that can be used to illustrate the intersection of
information states (x-axis), key objectives of C.I.A. (y-axis) and the three primary means to implement
(policy, education and technology).

Components of an Information System

Information System (IS) is entire set of software, hardware, data, people, procedures, and networks
necessary to use information as a resource in the organization.

Approaches to Information Security Implementation: Bottom-Up Approach

• Grassroots effort: systems administrators attempt to improve security of their systems
• Key advantage: technical expertise of individual administrators
• Seldom works, as it lacks a number of critical features:
o Participant support
o Organizational staying power

Approaches to Information Security Implementation: Top-Down Approach

• Initiated by upper management

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

o Issue policy, procedures and processes

o Dictate goals and expected outcomes of project
o Determine accountability for each required action
• The most successful also involve formal development strategy referred to as systems development
life cycle

Information Security: Organization Structure, Roles, and Responsibilities

The following below are example outline of various functional roles and associated responsibilities that
make up and can help a new organization develop a standard information security team structure:

• Executive Management: Assigned overall responsibility for information security and should include
specific organizational roles such as the CISO (Chief Information Security Officer), CTO (Chief
Technology Officer), CRO (Chief Risk Officer), CSO (Chief Security Officer), etc. These executive level
roles generally are responsible for overseeing the enterprise information security strategy that
ensures information assets are protected.
• Information System Security Professionals: Responsible for the design, implementation,
management, and review of the organization9s security policies, standards, baselines, procedures,
and guidelines. Examples of these roles can include but are not limited to the following: IT security
manager, IT Risk management manager, Compliance manager, IT security analyst, etc.
• Data Owners: Owners (data owners, information owner, system owners who have budgetary
authority); responsible for:
o Ensuring that appropriate security—consistent with the organization9s security policy—is
implemented in their information systems
o Determining appropriate sensitivity or classification levels
o Determining access privileges
• Data Custodians: A function that has <custody= of the system/databases, not necessarily belonging
to them, for any period of time. Usually network administration or operations (those who normally
operate the systems for the owners).
• Users: Responsible for using resources and preserving availability, integrity, and confidentiality of
assets; responsible for adhering to security policy.

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

• IS Auditors: Responsible for:

o Providing independent assurance to management on the appropriateness of the security
objectives
o Determining whether the security policy, standards, baselines, procedures, and guidelines
are appropriate and effective to comply with the organization9s security objectives
o Identifying whether the objectives and controls are being achieved

Instruction: Make a research and explain the question below.

1. Create a brief summary about history of computer security and give your personal
insight how it evolves. (25 pts.)

2. Do you think the information security roles of professionals within an organization

play a vital role? (25 pts.)

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

Part 1: Identification
1. It protects the physical items, objects, or areas of an organization from unauthorized access and
misuse.
a) Operations security b) Physical security c) Communications security
2. It protects the individual or group of individuals who are authorized to access the organization and
its operations.
a) Operations security b) Physical security c) Personal security
3. It protects the details of a particular operation or series of activities.
a) Operations security b) Physical security c) Personal security
4. It protects the organization9s communications media, technology, and content.
a) Operations security b) Communications security c) Personal security
5. It protects the networking components, connections, and contents.
a) Operations security b) Physical security c) Network security
6. The quality or state of preventing disclosure or exposure to unauthorized individuals or systems.
a) Confidentiality b) Integrity c) Utility
7. Enables users who need to access information to do so without interference or obstruction and in
the required format. The information is said to be available to an authorized user when and where
needed and in the correct format.
a) Confidentiality b) Integrity c) Availability
8. The quality or state of having value for some purpose or end. Information has value when it serves
a particular purpose. This means that if information is available, but not in a format meaningful to
the end-user, it is not useful.
a) Confidentiality b) Utility c) Availability
9. Responsible for using resources and preserving availability, integrity, and confidentiality of assets;
responsible for adhering to security policy.
a) Users b) Data Owners c) IS Auditors
10. A function that has <custody= of the system/databases, not necessarily belonging to them, for any
period of time. Usually network administration or operations (those who normally operate the
systems for the owners).
a) Data Owners b) Data Owners c) IS Auditors

Part 1I: Enumeration and Explanation

1. What are the Critical Characteristics of Information? (Give atleast 5).
2. In information security what are the multiple layers of security?

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

LESSON

2 DENIAL OF SERVICE (DOS) ATTACK

3 HOURS

This lesson will discuss about the Denial of Service (DOS) Attack and the importance of Information
Security.

• Determine the organizations business need for information security;

• Identify why a successful information security program is the responsibility of both an
organization9s general management and IT management,
• identify the threats posed to information security and the more common attacks associated with
those threats.

Answer here:

1.
What are the
2.
Most Famous 3.
DDoS Attacks? 4.
5.

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

Denial of Service (DOS) Attack

https://techcommunity.microsoft.com/t5/sql-server/understanding-
server-traffic-logs-and-detecting-denial-of/ba-p/385529

What is <DOS
ATTACK= Denial-
Of-Service
Attack?
https://www.slideshare.net/HansaNidushan/basics-of-denial-
of-service-attacks

What is <DOS ATTACK= Denial-Of-Service Attack?

DOS Attack is a malicious attempt by a single person or a group of people to cause the victim, site or node
to deny service to its customers.

• DoS - when a single host attack

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

• DDoS (Distributed Denial of Service) - when multiple hosts attack simultaneously

Idea of <DOS ATTACKS=

• Purpose is to shut down a site, not penetrate it.
• Purpose may be vandalism, extortion or social action (including terrorism) (Sports betting sites
often extorted)
• Modification of internal data, change of programs (Includes defacement of web sites)

Denial of Service Attack Typical Connection

HISTORY Morris Worm (November 2, 1988)
• First DDoS attack to cripple large amounts of network infrastructure
• Self-replicating, self-propagating
• Exploited software commonality (monoculture)
1. Fingerd buffer overflow exploit
2. Sendmail root vulnerability
3. Weak passwords

History Morris Worm effect

• Infected systems became <catatonic=
• Took roughly three days to come under control
• Ultimately infected 10% of Internet computers (6,000) and cost $ million to clean up.
• Morris convicted under computer fraud and abuse act, three-year probation, fine of $10,000

Types of Dos Attacks

• Penetration
• Eavesdropping
• Man-In-The-Middle
• Flooding

Types of Dos Attacks Penetration

• Attacker gets inside your machine
• Can take over machine and do whatever he wants
• Achieves entry via software flaw(s), stolen passwords or insider access

Types of Dos Attacks Eavesdropping

• Attacker gains access to same network
• Listens to traffic going in and out of your machine

Types of Dos Attacks Man-in-the-Middle

• Attacker listens to output and controls output
• Can substitute messages in both directions

Types of Dos Attacks Flooding

• Attacker sends an overwhelming number of messages at your machine; great congestion
• The congestion may occur in the path before your machine

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

• Messages from legitimate users are crowded out

• Usually called a Denial of Service (DoS) attack, because that9s the effect.
• Usually involves a large number of machines, hence Distributed Denial of Service (DDoS) attack

How to defend
• Firewalls - can effectively prevent users from launching simple flooding type attacks from
machines behind the firewall.
• Switches - Some switches provide automatic and/or system- wide rate limiting, traffic shaping,
delayed binding to detect and remediate denial of service attacks
• Routers - If you add rules to take flow statistics out of the router during the DoS attacks, they
further slowdown and complicate the matter

DDS based defense

• Clean pipes
• Nothing can be done to entirely prevent DOS
• Minimize the dangers – Effective and Robust Design – Bandwidth Limitations – Keep Systems
Patched – Run the least number of services – Allow only necessary traffic – Block IP addresses

Conclusion
• Role of international boundaries - consoles located across international borders, law-enforcement
problem
• In the past, as the present, DDoS has been more a nuisance activity conducted by cyber vandals
than an activity with specific socioeconomic aims
• In the future, DDoS may be used as a disruptive force, with broad destabilization as its aim
instead of the targeting of specific targets
• Destabilization has a high (ROI) Return On Investment when compared to targeted attacks

Why is Information Security so Much Important?

While disregarding digital security, the entire company or organization is in serious danger, as its data and
information from customers and business partners. A cyber-attack can
cause serious problems and incalculable damage to a business. Due
to the lack of protection of these systems, many of the
successful attacks were targeted at companies of these sizes.
Losses at large companies due to attacks often have a more
shocking commotion even for the amount of material stolen.
But in smaller companies, this action can mean more than a
few losses: it can declare the end of the business. Having
important information leaked or stolen can lead to financial
problems that lead to bankruptcy.

Threats to Information Security

Information Security threats can be many like Software attacks,
theft of intellectual property, identity theft, theft of equipment or information, sabotage, and
information extortion.

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

Threat -Anything that can take advantage of a vulnerability to breach security and negatively alter, erase,
harm object or objects of interest.

Software attacks - Attack by Viruses, Worms, Trojan Horses etc. Many users believe that malware, virus,
worms, bots are all same things. But they are not same, only similarity is that they all are malicious
software that behave differently.

Malware - Means malicious software that can be an intrusive program code or a anything that is
designed to perform malicious operations on system.

2 categories of Malware:
1. Infection Methods
2. Malware Actions

Infection Methods
Virus
• They have the ability to replicate themselves by hooking them to the program on the host
computer like songs, videos etc and then they travel all over the Internet.
• ARPANET the first Creeper Virus.
Examples include File Virus, Macro Virus, Boot Sector Virus, Stealth Virus etc.

Worms
• Worms are self-replicating in nature but they don9t hook themselves to the program on host
computer.
• The difference between virus and worms is that worms are network aware.
• Can easily travel from one computer to another if network is available and on the target machine,
they will not do much harm, they will for example consume hard disk space thus slowing down
the computer.

Trojan
• Trojan derived from the 8Trojan Horse9 tale in Greek mythology, which explains how the Greeks
were able to enter the fortified city of Troy by hiding their soldiers in a big wooden horse given to
the Trojans as a gift. The Trojans were very fond of horses and trusted the gift blindly. In the
night, the soldiers emerged and attacked the city from the inside.
• Their purpose is to conceal themselves inside the software that seem legitimate and when that
software is executed, they will do their task of either stealing information or any other purpose
for which they are designed.
• They often provide backdoor gateway for malicious programs or malevolent users to enter your
system and steal your valuable data without your knowledge and permission.
Examples include FTP Trojans, Proxy Trojans, Remote Access Trojans etc.

Bots
• Seen as advanced form of worms.
• Automated processes that are designed to interact over the internet without the need of human
interaction.

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

• Can be good or bad.

• Malicious bot can infect one host and after infecting will create connection to the central server
which will provide commands to all infected hosts attached to that network called Botnet.

Malware on the basis of Actions:

Adware
• Not malicious but do breach privacy of the users.
• They display ads on computer9s desktop or inside individual programs.
(They come attached with free to use software, thus main source of revenue for such developers.
They monitor your interests and display relevant ads. An attacker can embed malicious code
inside the software and adware can monitor your system activities and can even compromise
your machine.)

Spyware
• A software that monitors your activities on computer and reveal collected information to
interested party.
• Spyware are generally dropped by Trojans, viruses or worms. Once dropped they installs
themselves and sits silently to avoid detection.
Example of spyware is KEYLOGGER.
• The basic job of keylogger is to record user keystrokes with timestamp. Thus, capturing
interesting information like username, passwords, credit card details etc.

Ransomware
• It is type of malware that will either encrypt your files or will lock your computer making it
inaccessible either partially or wholly. Then a screen will be displayed asking for money i.e.,
ransom in exchange.

Scareware
• It masquerades as a tool to help fix your system but when the software is executed it will infect
your system or completely destroy it. The software will display a message to frighten you and
force to take some action like pay them to fix your system.

Rootkits
• Designed to gain root access or we can say administrative privileges in the user system. Once
gained the root access, the exploiter can do anything from stealing private files to private data.

Zombies
• They work similar to Spyware. Infection mechanism is same but they don9t spy and steal
information rather they wait for the command from hackers.

These are the old generation attacks that continue these days also with advancement every year.

• Theft of intellectual property means violation of intellectual property rights like copyrights,
patents etc.
• Identity theft means to act someone else to obtain person9s personal information or to access
vital information they have like accessing the computer or social media account of a person by
login into the account by using their login credentials.

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

• Theft of equipment and information is increasing these days due to the mobile nature of
devices and increasing information capacity.
• Sabotage means destroying company9s website to cause loss of confidence on part of its
customer.
• Information extortion means theft of company9s property or information to receive payment
in exchange. For example, ransomware may lock victims file making them inaccessible thus
forcing victim to make payment in exchange. Only after payment victim9s files will be
unlocked.

New generation threats;

• Technology with weak security – With the advancement in technology, with every passing
day a new gadget is being released in the market. But very few are fully secured and follows
Information Security principles. Since the market is very competitive Security factor is
compromised to make device more up to date. This leads to theft of data/ information from
the devices
• Social media attacks – In this cyber-criminal identify and infect a cluster of websites that
persons of a particular organisation visit, to steal information.
• Mobile Malware –There is a saying when there is a connectivity to Internet there will be
danger to Security. Same goes to Mobile phones where gaming applications are designed to
lure customer to download the game and unintentionally, they will install malware or virus in
the device.
• Outdated Security Software – With new threats emerging every day, updating in security
software is a pre requisite to have a fully secured environment.
• Corporate data on personal devices – These days every organization follows a rule BYOD.
BYOD means Bring your own device like Laptops, Tablets to the workplace. Clearly BYOD pose
a serious threat to security of data but due to productivity issues organizations are arguing to
adopt this.
• Social Engineering – is the art of manipulating people so that they give up their confidential
information like bank account details, password etc. These criminals can trick you into giving
your private and confidential information or they will gain your trust to get access to your
computer to install a malicious software- that will give them control of your computer.
Example, email or message from your friend, that was probably not sent by your friend.
Criminal can access your friend’s device and then by
accessing the contact list he can send infected email
and message to all contacts. Since the message/
email is from a known person recipient will
definitely check the link or attachment in the
message, thus unintentionally infecting the
computer.

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

Instruction: Make a research and explain the question below.

1. Technology evolve and become more advance. What do you think is the biggest
threats right now? (20pts.)

2. What are the advantages of cyber security that can be implemented in an

organization? (20pts.)

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

Part I: Enumeration
1. – 4. What are the types of DOS attacks?
5. – 9. What are the old generation attacks?
10. – 15. What are the new generation threats?

Part II: Identification

1. This is a type of attack designed through electronic fraud.

a) Malware b) Attack on c) Phishing
Vulnerabilities
2. agents that attack software or part of the software with malicious code for the purpose of causing
damage data or devices within an organization.
a) Malware b) Attack on Vulnerabilities c) Phishing
3. The hackers and criminals looking for vulnerabilities within companies that can facilitate their attacks.
a) Malware b) Attack on Vulnerabilities c) Phishing

4. It can effectively prevent users from launching simple flooding type attacks from machines behind the
firewall.
a) Firewalls b) Switches c) Routers
5. Provide automatic and/or system- wide rate limiting, traffic shaping, delayed binding to detect and
remediate denial of service attacks
a) Routers b) Switches c) Firewall

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

LESSON

3
3 HOURS
AUTHENTICATION, FIREWALL, AND
FILTERING TECHNOLOGY

This lesson will identify Authentication, Firewall, and Filtering Technology.

• Recognize the important role of access control in computerized information systems, and discuss
widely-used authentication factors;
• Learn and Evaluate firewall technology and the various approaches to firewall implementation;
• Analyze the various approaches to control remote and dial-up access by means of the
authentication and authorization of users;
• Identify content filtering technology;
• Determine the technology that enables the use of virtual private networks

List the Authentication Factor

and How They Work?

1.
2.
3.
4.
https://www.sdmmag.com/articles/95852-
5.
what-do-you-know-about-cloud-based-access-
control

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

Authentication, Firewall, and

Filtering Technology

https://securityintelligence.com/why-you-need-advanced-authentication-to-
protect-identities-without-compromising-user-experience/

What is a Firewall?
• Sometimes called a network firewall.
• Is a cybersecurity tool that is used to filter traffic on a network.
• Can be used to separate network nodes from external traffic sources,
internal traffic sources, or even specific applications.
• Firewalls can be software, hardware, or cloud-based, with each type of
firewall having its own unique pros and cons.
• The primary goal of a firewall is to block malicious traffic requests and
data packets while allowing legitimate traffic through. https://computer.howstuf
fworks.com/firewall.htm

Access Control
• Security technique that regulates who or what can view or use resources in a computing
environment.
• A fundamental concept in security that minimizes risk to the business or organization.
• Perform identification authentication and authorization of users and entities by evaluating required
login credentials that can include passwords, personal identification numbers
(PINs), biometric scans, security tokens or other authentication factors.
o Multifactor authentication (MFA), which requires two or more authentication factors, is
often an important part of a layered defense to protect access control systems.

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

Two types of access control:

1. Physical access - Physical access control limits access to campuses, buildings, rooms and physical IT
assets.
2. Logical access - control limits connections to computer networks, system files and data.

Why is access control important?

• Minimize the security risk of unauthorized access to physical and logical systems.
• Access control is a fundamental component of security compliance programs that ensures security
technology and access control policies are in place to protect confidential information, such as
customer data.
• Access control systems are complex and can be challenging to manage in dynamic IT environments
that involve on-premises systems and cloud services.
• After some high-profile breaches, technology vendors have shifted away from single sign-on (SSO)
systems to unified access management, which offers access controls for on-premises and cloud
environments.

The main models of access control are the following:

• Mandatory access control (MAC). This is a security model in which access rights are regulated by a
central authority based on multiple levels of security. Often used in government and military
environments, classifications are assigned to system resources and the operating system (OS) or
security kernel. For example, Security Enhanced Linux (SELinux) is an implementation of MAC on
the Linux OS.
• Discretionary access control (DAC). This is an access control method in which owners or
administrators of the protected system, data or resource set the policies defining who or what is
authorized to access the resource. Many of these systems enable administrators to limit the
propagation of access rights.
• Role-based access control (RBAC). This is a widely used access control mechanism that restricts
access to computer resources based on individuals or groups with defined business functions -- e.g.,
executive level, engineer level 1, etc. -- rather than the identities of individual users.
o Rule-based access control. This is a security model in which the system administrator
defines the rules that govern access to resource objects. Often, these rules are based on
conditions, such as time of day or location.
o Attribute-based access control (ABAC). This is a methodology that manages access rights by
evaluating a set of rules, policies and relationships using the attributes of users, systems and
environmental conditions.

Implementing access control

Access control is a process that is integrated into an organization's IT environment. It can involve identity
management and access management systems. When a user is added to an access management system,
system administrators use an automated provisioning system to set up permissions based on access
control frameworks, job responsibilities and workflows.

Challenges of access control

• dynamically managing distributed IT environments;

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

• password fatigue;
• compliance visibility through consistent reporting;
• centralizing user directories and avoiding application-specific silos; and
• data governance and visibility through consistent reporting.

Note: To ensure data security, organizations must verify individuals' identities because the assets they use
are more transient and distributed. The asset itself says less about the individual user than it used to.

What is an Authentication Factor?

An authentication factor is a special category of security credential that is used to verify the identity and
authorization of a user attempting to gain access, send communications, or request data from a secured
network, system or application.

Five Authentication Factor Categories and How They Work

Knowledge Factors
• Require the user to provide some data or information before they can access a secured system. a
password or personal identification number (PIN) is the most common type of knowledge-based
authentication factor used to restrict access to a system.
• Username or e-mail address on its own is not considered an authentication factor - this is how the
user claims their identity to the system.
• A password or PIN number is used to authenticate that the username or e-mail address is being
provided by the correct person.

Possession Factors
Possession factors require the user to possess a specific piece of information or device before they can be
granted access to the system. Possession factors are typically controlled through a device that is known to
belong to the correct user. Here's how a typical process flow works for a possession-based authentication
factor:
• The user registers an account with a password and their phone number recorded at the time of
registration.
• The user logs in to their account with the username and password.
• When the user requests to access the system, a one-time password is generated and sent to the
user's mobile phone number.
• The user enters the newly generated one-time password and gains access to the system.

Inherence Factors
Inherence factors authenticate access credentials based on factors that are unique to the user. These
include fingerprints, thumbprints, and palm or handprints. Voice and facial recognition and retina or iris
scans are also types of inherent authentication factors.

Location Factors
Network administrators can implement services that use geolocation security checks to verify the location
of a user before granting access to an application, network or system.

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

Behavior Factors
A behavior-based authentication factor is based on actions undertaken by the user to gain access to the
system. Systems that support behavior-based authentication factors may allow users to pre-configure a
password by performing behaviors within a defined interface and repeating them later as a method of
identity verification.

Question: Why Use More Than One Authentication Factor?

Individual authentication factors on their own may present security vulnerabilities, sometimes due to user
behavior patterns and habits and other times because of the limitations of technology.

A knowledge-based authentication factor requires users to memorize passwords and pin numbers. This
can lead to users who use overly simplistic passwords and change them too infrequently, making them
easy to guess or hack.

A location-based authentication factor can be foiled by technologies that make it difficult to accurately
authenticate the origin of network traffic.

A behavior-based authentication factor could be observed and replicated by a malicious actor.

Biometric and possession-based authentication factors may be the strongest means of securing a network
or application against unauthorized access. Combining these methods into a multi-factor authentication
process decreases the likelihood that a hacker could gain unauthorized access to the secured network.

What is a Firewall?
• Sometimes called a network firewall.
• Is a cybersecurity tool that is used to filter traffic on a network.
• Can be used to separate network nodes from external traffic sources, internal traffic sources, or
even specific applications.
• Firewalls can be software, hardware, or cloud-based, with each type of firewall having its own
unique pros and cons.
• The primary goal of a firewall is to block malicious traffic requests and data packets while allowing
legitimate traffic through.

8 Types of Firewalls based on their general structure and

method of operation.
• Packet-filtering firewalls
• Circuit-level gateways
• Stateful inspection firewalls
• Application-level gateways (a.k.a. proxy firewalls)
• Next-gen firewalls
• Software firewalls
• Hardware firewalls
• Cloud firewalls

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

Note: The last three bullets list methods of delivering firewall functionality, rather than being types of
firewall architectures in and of themselves.

Packet-Filtering Firewalls - This is the oldest firewall type out there. They are designed to create
checkpoints at individual routers or switches. The packet-filtering firewalls will check the data packets that
try to come through, without inspecting the contents. If the information trying to come through looks
suspicious, it cannot get through the network. This is a simple
firewall that does not impact network performance too much.

Circuit-Level Gateways - Circuit-level gateways are much like

packet-filtering firewalls in that they quickly and easily check
and approve or deny traffic. They do it without being heavy on
resources, too. Circuit-level gateways work by verifying the
transmission control protocol handshake. It doesn9t check the
packet directly, so there is a risk of malware getting through.
These are not the best ones to protect your business.

Stateful Inspection Firewalls - A combination of the two firewalls above, the stateful inspection firewalls
offer a higher level of protection for your business. The problem with these is that they take up more
resources, which can slow down the legitimate packet transfer.

Proxy Firewalls (Application-Level Gateways/Cloud Firewalls) - If you want firewalls that operate at the
application layer to filter traffic, proxy firewalls do the job. These are cloud-based most of the time, and
they establish traffic connections and examine data packets coming through. The difference between these
and the stateful inspection firewalls is that the proxy firewalls can also do a more in-depth inspection to
check the packet contents. The drawback to these is that they can create a network slowdown because of
all the extra steps – but it9s all in the name of the security for your business.

Next-Generation Firewalls - There9s no real insight into what makes a firewall today <next-generation=
besides the time it was created. There are commonalities between these firewalls and the originals, and
those include TCP handshakes and packet inspections. Next-generation firewalls also use IPS – intrusion
prevention systems – to stop network attacks.

Software Firewalls - These are any firewalls installed on local devices. The biggest draw for these in that
they can create a useful, in-depth defense path. Maintaining these on more than one device is not easy,
though, so you may need more than one for each asset.

Hardware Firewalls - Hardware firewalls use physical appliances, and they act like a traffic router. The
intercept data packets before they are connected to a network server. The weakness here is that they can
be easily bypassed, which goes against your need for a firewall.

Cloud Firewalls - Cloud solutions are also called FaaS – firewalls as a service. They often go hand in hand
with proxy firewalls, and the most significant benefit to these is that they grow with your business. They
work to filter large amounts of traffic away from your company, where it9s malicious.

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

Which Firewall Is Best for Your Business Needs?

Reading all of the different types of firewalls can be

confusing – especially as you have to choose which
to use for your business. The real question you
must ask yourself, though, is why you would only
select one type of firewall. There is no such thing as
a protected business with only one level of
defense. You need to have more than one of these
types of you want your business to remain intact.
Cloud and hardware, individual software firewalls –
it all works to cover your network. Once you
identify your business needs, you can decide which
firewalls will be best.

Why Does Every Business Need a Firewall?

Many small businesses think that they won9t need firewalls – after all, they9re only tiny outfits. The thing is,
firewalls are not just created for larger companies. Every single business needs to protect itself from
outside attacks. 60% of smaller businesses do not survive a cyberattack – which is why you need one.

Why Secure Firewalls Are Vital for All Businesses?

Without a firewall, you put your business at risk of being hacked and having data stolen. If you do not want
to take that risk, you need to do your research on the best firewalls for your business.

What is Content Filtering?

• Is the use of a program to screen and/or exclude access to web pages or email deemed
objectionable. It sed by corporations as part of their firewalls, and also by home computer owners.
Content filtering works by specifying content patterns such as text strings or objects within images
that, if matched, indicate undesirable content that is to be screened out. A content filter will then
block access to this content.
• Content filters are often part of Internet firewalls, but can be implemented as either hardware or
software
• Content filtering is serving a security purpose but content filtering is also used to implement
company policies related to information system usage.
For example, it's common to filter social-networking sites unrelated to work.

Why is Content Filtering Important?

Objectionable, inappropriate, or illegal content creates risk for organizations.

For example:
• Allowing pornographic content into the workplace can put a company at risk for sexual harassment
claims, or otherwise create a hostile or demeaning work environment.
• Spam sites can lead to malware or other malicious software being installed onto work computers.

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

• Hate sites or sites with violent content can compromise employee safety and also reflect poorly on
the company as a whole.
• Social networking sites can reduce productivity and distract employees from routine tasks.

Content filtering helps to mitigate these risks by making such content difficult to access in the workplace,
and by demonstrating the company9s intolerance for inappropriate, illegal, or objectionable content in
general.

To be effective, content filtering has to be deployed across all content channels. The most common
channels include:
• Web: The screening of Web sites or pages, as well bookmarks and other web traffic.
• Email: Screening of email for a variety of spam, malware and other undesired or malicious content.
This is usually done by scanning the subject line of the emails forwarded through the filtering
system. When a message is received that fills the relevant criteria, the message will be placed in the
recipient9s junk folder. In some cases, it will even be sent back to the sender as undeliverable.
• Executables: The screening of executable files that may install malicious software without warning.

What Is a VPN?

Virtual Private Network - Is an encrypted connection over

the Internet from a device to a network. The encrypted
connection helps ensure that sensitive data is safely
transmitted. It prevents unauthorized people from
eavesdropping on the traffic and allows the user to conduct
work remotely. VPN technology is widely used in corporate
environments.

How does a virtual private network (VPN) work?

A VPN extends a corporate network through encrypted connections made over the Internet. Because the
traffic is encrypted between the device and the network, traffic remains private as it travels. An employee
can work outside the office and still securely connect to the corporate network. Even smartphones and
tablets can connect through a VPN.

Secure remote access - provides a safe, secure way to connect users and devices remotely to a corporate
network. It includes VPN technology that uses strong ways to authenticate the user or device. VPN
technology is available to check whether a device meets certain requirements, also called a device9s
posture, before it is allowed to connect remotely.

Is VPN traffic encrypted?

Yes, traffic on the virtual network is sent securely by establishing an encrypted connection across the
Internet known as a tunnel. VPN traffic from a device such as a computer, tablet, or smartphone is
encrypted as it travels through this tunnel. Offsite employees can then use the virtual network to access
the corporate network.

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

Types of VPNs
Remote access - A remote access VPN securely connects a device outside the corporate office. These
devices are known as endpoints and may be laptops, tablets, or smartphones. Advances in VPN technology
have allowed security checks to be conducted on endpoints to make sure they meet a certain posture
before connecting. Think of remote access as computer to network.

Site-to-site - A site-to-site VPN connects the corporate office to branch offices over the Internet. Site-to-
site VPNs are used when distance makes it impractical to have direct network connections between these
offices. Dedicated equipment is used to establish and maintain a connection. Think of site-to-site access as
network to network.

Instruction: Make a research and explain the question below.

1. Which Firewall Is Best for Your Business Needs and why Business Need a Firewall?
(20 pts.)

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

2. How do these firewalls work? And, which ones are the best for your business’
cybersecurity needs?? (20 pts.)

Part I:
1. What are the two types of access control?
2. What are the 8 types of firewalls based on their general structure and method of operation?

Part 11:
1. This is a security model in which access rights are regulated by a central authority based on multiple
levels of security.
a) Mandatory access control (MAC)
b) Discretionary access control (DAC)
c) Role-based access control (RBAC)

2. An encrypted connection over the Internet from a device to a network.

a) Virtual Private Network
b) Remote access
c) Content Filtering

3. This is an access control method in which owners or administrators of the protected system, data or
resource set the policies defining who or what is authorized to access the resource.
a) Mandatory access control (MAC)
b) Discretionary access control (DAC)
c) Role-based access control (RBAC)

4. It is much like packet-filtering firewalls in that they quickly and easily check and approve or deny traffic.
a) Circuit-Level Gateways
b) Remote access
c) Content Filtering

Downloaded by EY JEY (roxxxvencer@gmail.com)

 lOMoARcPSD|10351700

5. This is a widely used access control mechanism that restricts access to computer resources based on
individuals or groups with defined business functions
a) Mandatory access control (MAC)
b) Discretionary access control (DAC)
c) Role-based access control (RBAC)

6. This is a methodology that manages access rights by evaluating a set of rules, policies and relationships
using the attributes of users, systems and environmental conditions.
a) Mandatory access control (MAC)
b) Attribute-based access control (ABAC)
c) Role-based access control (RBAC)

7. A special category of security credential that is used to verify the identity and authorization of a user
attempting to gain access, send communications, or request data from a secured network, system or
application.
a) Mandatory access control (MAC)
b) Attribute-based access control (ABAC).
c) Authentication Factor

8. Based on actions undertaken by the user to gain access to the system.

a) Behavior Factors b) Location Factors c) Inherence Factors

9. Network administrators can implement services that use geolocation security checks to verify the
location of a user before granting access to an application, network or system.
a) Behavior Factors b) Location Factors c) Inherence Factors

10. These are any firewalls installed on local devices.

a) Software Firewalls b) Hardware Firewalls c) Cloud Firewalls

Downloaded by EY JEY (roxxxvencer@gmail.com)