Ans: - Application security is the use of software, hardware, and procedural methods to protect applications from external threats. It has become necessary to secure the applications devolved or used by the organization. Attackers in the last decades, not only targeted the servers and operation systems but also attacked the client applications Security professionals are aware that applications, especially client side, third party applications must be secured. Organizations and individuals use various types of client side applications that include web browsers, multimedia programs and document reader. These applications are used for web interaction, gaming, social networking and number of purposes. These application have their own vulnerabilities that need to be removed in order to make them secure.
Q2 what are the consideration for data security in regards with data backup ,archival and disposal? Ans: - Security of data means maintaining its confidentiality - Integrity- Availability (CIA) properties, which requires certain points to be considered • These data security considerations are related to – Data backup, – Data archival, and – Data disposal Data backup security To manage data properly, we must consider data backup, which is the primarily used for the purpose of data security against any kind of accident and loss of data due to some malicious activities. Backup of data is nothing ,but storage of snapshot of data at certain points, and in case of data is loss due to some reason ,you could restore the most recent form of data. Data backup security considerations • Should you consider backing your entire system or only a specific set of files • Does the organization you are working for has some backup policy • How frequently should your data be backed up • Which storage media should you use for data backup • In which format should you store your files • Should you back up your files incrementally or differentially • How should you validate your backup copies. Data archival The process separating older(or currently inactive)data from currently active ,new, and fresh data is known as archival of data. The separated old data is moved to a different storage device so that data can be retained for a long time and reference whenever required. The process of data archival requires moving selected part of data to different location to reduce cost, save storage space in online system, reduce access complexity and improve system performance. Archived data is stored according to the object context and indexed so that finding them become easy whenever required in future Data Archival Security Considerations • Longevity of storage solution – long term objective be kept in mind. Changes should be incorporated easily • Manageability of storage solution • Amount of focus on intelligence of content – importance to certain data is a critical matter. • Optimization of total cost of ownership – should provide technical and administrative functionalities that help in reducing cost • Type of available solution – should be able to accommodate scaling needs and support third party product integration Data Disposal Destruction of data means to completely wipe out the data from the storage media. This process of wiping out the data completely is called data disposal.Data disposal is an act of permanently deleting or destroying the data stored in media. Sometimes require destroying the data permanently for some security or compliance reasons.Whenever legacy or obsolete system and device are replaced ,removal of data stored in those system and device at present is must. Data Disposal Security Considerations • Data stored in legacy and obsolete systems must be removed carefully. • Data disposal methods are as follows:- – Overwriting hard drives- device could be reused. – Degaussing hard drives and backup tapes – Destroying storage media-should be done with the help of scrappers only. All devices should be converted into metal scrap. • Formatting is not a good option since the data may be recovered with the help of certain tools. Q3:- Discuss the various types of firewall. How can we use firewall to secure our network applications? Ans: - In computing, a firewall is software or hardware-based network security system that controls the incoming and outgoing network traffic based on applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is not assumed to be secure and trusted. Types of firewall • Packet filter • Application level gateway(or proxy) • Circuit level gateway Packet-Filtering Router A packet-filtering router applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet. The router is typically configured to filter packets going in both directions (from and to the internal network). Filtering rules are based on information contained in a network packet: • Source IP address: The IP address of the system that originated the IP packet (e.g., 192.178.1.1) • Destination IP address: The IP address of the system the IP packet is trying to reach (e.g., 192.168.1.2) • Source and destination transport-level address: The transport level (e.g., TCP or UDP) port number, which defines applications such as SNMP or TELNET Application-Level Gateway An application-level gateway, also called a proxy server, acts as a relay of application-level traffic. The user contacts the gateway using a TCP/IP application, such as Telnet or FTP, and the gateway asks the user for the name of the remote host to be accessed. When the user responds and provides a valid user ID and authentication information, the gateway contacts the application on the remote host and relays TCP segments containing the application data between the two endpoints.
Circuit-Level Gateway A third type of firewall is the circuit-level gateway . This can be a stand-alone system or it can be a specialized function performed by an application-level gateway for certain applications. A circuit-level gateway does not permit an end-to-end TCP connection; rather, the gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host. Once the two connections are established, the gateway typically relays TCP segments from one connection to the other without examining the contents. The security function consists of determining which connections will be allowed.
We use hardware and softawre firewall to secure our network applications
• Hardware firewall is physical piece of equipment that is kept between the internet and your LAN network. Example:-router • Software firewall is a software program that is installed on your computer. it also works in the same way as the hardware firewall by monitoring and blocking information that comes to your computer through internet. Example-Noratn 360,Noratan internet security, ESET smart security, Kaspersky internet security. Q4. Discuss the various factors that may be considered in firewall design? Ans:-The firewall design policy is specific to the firewall. It defines the rules used to implement the service access policy. One cannot design this policy in a vacuum isolated from understanding issues such as firewall capabilities and limitations, and threats and vulnerabilities associated with TCP/IP. Firewalls generally implement one of two basic design policies:
1. permit any service unless it is expressly denied, and
2. deny any service unless it is expressly permitted.
A firewall that implements the first policy allows all services to pass into the site by default, with the exception of those services that the service access policy has identified as disallowed. A firewall that implements the second policy denies all services by default, but then passes those services that have been identified as allowed. This second policy follows the classic access model used in all areas of information security.
The first policy is less desirable, since it offers more avenues for getting around the firewall, e.g., users could access new services currently not denied by the policy (or even addressed by the policy) or run denied services at non-standard TCP/UDP ports that aren't denied by the policy. Certain services such as X Windows, FTP, Archie, and RPC cannot be filtered easily, and are better accommodated by a firewall that implements the first policy. The second policy is stronger and safer, but it is more difficult to implement and may impact users more in that certain services such as those just mentioned may have to be blocked or restricted more heavily.
The relationship between the high level service access policy and its lower level counterpart is reflected in the discussion above. This relationship exists because the implementation of the service access policy is so heavily dependent upon the capabilities and limitations of the firewall system, as well as the inherent security problems associated with the wanted Internet services. For example, wanted services defined in the service access policy may have to be denied if the inherent security problems in these services cannot be effectively controlled by the lower level policy and if the security of the network takes precedence over other factors. On the other hand, an organization that is heavily dependent on these services to meet its mission may have to accept higher risk and allow access to these services. This relationship between the service access policy and its lower level counterpart allows for an iterative process in defining both, thus producing the realistic and sound policy initially described.
The service access policy is the most significant component of the four described here. The other three components are used to implement and enforce the policy. (And as noted above, the service access policy should be a reflection of a strong overall organization security policy.) The effectiveness of the firewall system in protecting the network depends on the type of firewall implementation used, the use of proper firewall procedures, and the service access policy.
Q4. Expalin the working of Virtual private network in detail?
Ans: Virtual Private Network is a type of private network that uses public telecommunication, such as the Internet, instead of leased lines to communicate. A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it is directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryptions. Brief Overview of How it Works • Two connections – one is made to the Internet and the second is made to the VPN. • Datagrams – contains data, destination and source information. • Firewalls – VPNs allow authorized users to pass through the firewalls. • Protocols – protocols create the VPN tunnels. Types of VPN • Remote-Access VPN Remote-access, also called a virtual private dial-up network (VPDN), is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations.A good example of a company that needs a remote- access VPN would be a large firm with hundreds of sales people in the field. Remote- access VPNs permit secure, encrypted connections between a company's private network and remote users through a third-party service provider. • Site-to-Site VPN (Intranet-based) If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect LAN to LAN. • Site to site Extranet-based - When a company has a close relationship with another company (for example, a partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN, and that allows all of the various companies to work in a shared environment.
Q5.List the various types of VPN security?
Ans: - A well-designed VPN uses several methods for keeping your connection and data secure: • Firewalls is used to restrict the number of open ports, what type of packets are passed through and which protocols are allowed through. • Encryption is a process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can • IPSec: a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. • AAA Server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization, and accounting (AAA) services.
Q6. What are the various advantages and disadvantages of VPN?
Ans: - Advantages • Eliminating the need for expensive long-distance leased lines • Reducing the long-distance telephone charges for remote access. • Transferring the support burden to the service providers • Less operational costs Disadvantages • VPNs require an in-depth understanding of public network security issues and proper deployment of precautions • Availability and performance depends on factors largely outside of their control • VPNs need to accommodate protocols other than IP and existing internal network technology Q7 what is Intrusion Monitoring and Detection? Ans: - Network monitoring refers to the process of tracking the activities that are being performed in the network. This task of monitoring the activities of a network can be assigned to a specific computer or a set of computers. The computers that act as a network monitoring system must always be kept on consist of strong power lines and backup generators. The system performing the task of monitoring the network sends a ping command to all computers that are available in the network. • An intrusion detection system always has a sensor as its core element that is used to detect intrusion. • The data received by these sensors is obtained from various sources such as IDS knowledge database and audit trail • IDS work similar to antivirus software. Some IDS detect malicious activities by comparing traffic patterns against a baseline and look for anomalies. Types of Intrusion Detection system • Network based IDS • Host based IDS • Signature based IDS • Statistical anomalies based IDS
Q8. What do you mean by access control?
Ans:- Access control is a mechanism that defines and control access rights for individuals who can use specific resources in the operating system. Security feature through which the system permit or revokes the right to access any data and resources in the system. • Access control systems includes:- – File permission – Program permission – Data rights permission Types of access control sytems • Mandatory access control system • Discretionary access control • Role based access control • Rule based access control
