PAAVAI ENGINEERING COLLEGE

ACADEMIC YEAR – 2024-2025

DEPARTMENT OF CYBER SECURITY

COURSE NAME: DATABASE SECURITY
COURSE CODE: CY20505
YEAR/SEM: III YEAR – V SEMESTER

UNIT 1 - NOTES

UNIT I SECURITY ARCHITECTURE & OPERATING

SYSTEM SECURITY FUNDAMENTAL'S INTRODUCTION

Security Architecture - Introduction, Information Systems, Information Security

Architecture; Database Security- Asset Types and value, Security Methods; Operating
System Security Fundamentals - Security Environment, Components, Authentication
Methods, Vulnerabilities, E-mail Security.
SECURITY ARCHITECTURE: INTRODUCTION
Security is avoiding unauthorized access (with limited time duration, not always).
There is no 100% security in all kind of software and hardware .
Security violations and attacks are increased globally at an average rate of 20%.
Statistics shows that virus alerts, email spamming, identity theft, data theft,and types of security breaches
on the rise.
Database Security is the degree to which all the data is fully protected from tampering or unauthorized
acts.
The great challenge is to develop a new database security policy to secure data and prevent integrity data
violations.
Most of the DBMS did not have a security mechanism for authentication and encryption until recently.
INFORMATION SYSTEM
In today’s global market,corporate companies all over the world to gain a portion of market share.
Wise decisions are not made without accurate and timely information.
At the same time integrity of information is more important.
The integrity of the information depends on the integrity of its data source and there liable processing of
the data.
Data is processed and transformed by a collection of components working together to produce and
generate accurate information.These components are known as INFORMATION SYSTEM.
Information can be a back bone of the day-to-day operations of a company well as the beacon of long-
term strategies and vision.
Information systems are categorized based on usage. They are as follows:
1. Transaction Processing System(TPS)
2. Decision Support System (DSS)
3. Expert System (ES)
The following figure shows the typical use of system applications at various management levels
CHARACTERISTICS OF INFORMATION SYSTEM CATEGORIES:

Category Characteristics Typical ApplicationSystem

TransactionProcessing System (TPS) Also Known as ONLINE TRANSACTION Order tracking
PROCESSING (OLTP)
Customer service
Used for operational tasks
Provides solutions for structured Payroll
problems
Includes business transactions
Accounting
Logical Components of TPS applications (
Derived from business procedures , Student Registration
business rules and policies)
Sales

Decision Support Deals with nano-structured problems and Risk Management

System (DSS) provide recommendations or answer to solve Fraud Detection
these problems Sales forecasting
Is capable of “What-if?” analysis Case resolution
Contains collection of business models Is
used for tactical management tasks

Expert System Captures reasoning of human experts Virtual University Simulation

(ES)
Executive Expert Systems(EESs) are a type Financial Enterprise
of expert system used by top level
management for strategic management Statistical Trading
goals
Loan Expert
A branch of Artificial Intelligence within
The field of computer science studies Market Analysis
 Software consists of : Knowledge Base
Inference Engine Rules

People Consists of : Domain Experts

Knowledge Engineers Power Users

Components of Information System:

Regardless of the type of information system and purpose, an information system consists of the
following components:
Data – The information stored in the Database for future references or processing

Procedures – Manual , Guidelines, Business rules and Policies

Hardware – Computer System, Fax, Scanner, Printer, Disk

Software – DBMS, OS, Programming Languages, Other

Utilities or Tools Network – Communication Infrastructure

People – DBA, System Admin, Programmers, Users, Business Analyst, System Analyst

Information System Components

DATABASE MANAGEMENT SYSTEM:

Database:
 A collection of meaningful Interrelated Information System
 It is both Physical and Logical
 Representing the logical information in a physical device
 Mainly used for storing and retrieving the data for processing
 Using CLIENT / SERVER Architecture
 Request and Reply protocols are used to communicate client and server

DBMS:
Set of programs to access the database for data manipulation or processing
DBMS contains information about a particular enterprise
DBMS provides an environment that is both convenient and efficient to use

Purpose of DBMS:
1. Data redundancy and inconsistency
2. Difficulty in accessing data
3. Data isolation – multiple files and format
4. Integrity problems
5. Atomicity of updates
6. Concurrent access by multiple users
7. Security problems

DBMS Architecture:
INFORMATION SECURITY ARCHITECTURE:

Information Security:
Information is one of the most valuable asset in an organization. Many companies have
Information Security Department.
Information Security consists of the procedures and measures taken to protect each component of
the information systems involved in protecting information.
This means protecting data, hardware, software, networks, procedures and people. According to the
National Security Telecommunications and Information Systems Security Committee (NSTISSC) , the
concept of CIA Triangle , in which
“C” stands for“Confidentiality”,
“I” stands for“Integrity” and
“A” stands for “Availability”
CIA TRIANGLE:

Confidentiality Integrity
Information is classified Information is accurate
into different levels of and protected from
confidentiality to ensure tampering by
that only authorised unauthorised persons
Information is consistent
and validated

Availability
Information is available all the times only for
authorised and authenticated personsSystem is
protected from being shut down due to external
or internal threats or attacks

ISA
Confidentiality Integrity Availability

 Privacy Laws
 Security Technology
 Threats and Attacks
 Confidential
 Security Models
 System
Classification
 Cryptography
Vulnerabilities
Technology
 Policies and  Authorization
Procedures
 DBMS Technology
methodology
 Access Rights
 Database and Data
 Authentication
Design
 Customer Technology
Concerns
 Application
 Network Interface
Technology

Information Security Architecture

Logical and
Physical Assets
Components of Information Security Architecture:
1. Policies and Procedures - Documented procedures and company policies that elaborate on how
security is to be carried out.
2. Security personnel and Administrators - People who enforce and keep security in order.
3. Detection equipment - Devices that authenticate employees and Detect equipment that is
prohibited by the company.
4. Security Programs - Tools that protect computer systems’ server.
5. Monitoring Equipment - Devices that monitor physical properties, employees and other important
assets.
6. Monitoring Applications - Utilities and applications used to monitor network traffic and Internet
activities.
7. Auditing Procedures and Tools - Checks and Controls put in place to ensure that security measures
are working.
DATABASE SECURITY:

One of the functions of DBMS is to empower DBA to implement and enforce security at all levels of
security.
A security access point is a place where database security must be protected and applied – in other
words implemented, enforced, and audited.
The Security access points illustrated in the below figure

DATABASE SECURITY ACCESS POINTS:

People – Individuals who have been granted privileges and permissions to access networks, workstations,
servers, databases, data files and data

Applications – Application design and implementation, which includes privileges and permissions granted
to people

Network – One of the most sensitive security access points. Protect the network and provide network
access only to applications, operating systems and databases.

Operating Systems – This access point is defined as authentication to the system, the gateway to the

data DBMS – The logical structure of the database, which includes memory, executable and other

binaries

Data files – Another access point that influences database security enforcement is access to data

files where data resides. Data – The data access point deals with data design needed to enforce

data Integrity

DATABASE SECURITY ENFORCEMENT:

Security gaps are points at which security is missing and the systems is vulnerable.
 Vulnerabilities are kinks in the system that must be watched because they can be come threats.

In the world of information security, a threat is defined as a security risk that has high possibility of
becoming a system breach.

DATA INTEGRITY VIOLATION PROCESS:

DATABASE SECURITY LEVELS:

A relational database is a collection of related data files. A data file is a collection
of related tables; a table is a collection of rows and tables.

The structure of the database is organized in levels, and each level can be protected by a
different security mechanism.
MENACES TO DATABASES:
Security Vulnerability:
A weakness in any of the information system components that can be exploited to violate the integrity ,
confidentiality, or accessibility of the system.

Security Threat
A security violation or attack thatcan happen any time becauseofa security vulnerability

Security risk
A known security gap that a company intentionally leaves open

TYPES OF VULNERABILITIES:
 Vulnerability means “ Susceptible to Attacks” ( Source :www.dictionary.com)
 Intruders, Attackers and Assailers exploit vulnerabilities in Database environment to prepare and
start their attacks.
 Hackers usually explore the weak points of a system until they gain entry
 Once the intrusion point is identified , Hackers unleash their array of attacks
 Virus
 Malicious Code
 Worms
 Other Unlawful violations
 To protect the system the administrator should understand the types of vulnerabilities The below

figure shows the types of vulnerabilities

 Categories of database security vulnerabilities

TYPES OF VULNERABILITIES:
Category Description Example
Installation and Configuration Results from default Incorrect application
installation Configuration configuration Failure to
that is known publicly Does change default
not enforce any security passwords Failure to
measures change default
Improper configuration or privileges
Installation may Using default installation which
result in security risks does not
enforce highsecurity measures
User Mistakes Security vulnerabilities are tied to Lack of Auditing controls
humans too Carelessness in Untested recovery plan Lack of
implementing procedures Failure activity monitoring Lack of
to follow through protection against malicious
Accidental errors code
Lack of applying patches as
they are released Bad
authentication or
implementation Social
Engineering

Lack of technical
information Susceptibility to
scam
Software Vulnerabilities found in Software patches that are not
commercial software for all types applied Software contains
of programs ( Applications, OS, bugs
DBMS, etc.,
System Administrators do not
keep track of
patches
Design and Implementation Related to improper software System design errors Exceptions
analysis and design as well as and errors are not handled in
coding problems and development
deficiencies Input data is not validated
TYPES OF THREATS:
Threat is defined as “ An indication of impending danger or harm” Vulnerabilities can escalate into
threats.
DBA , IS Administrator should be aware of vulnerabilities and threats.

Four types of threats contribute to security risks as shown in below figure

Threat type Definition Examples

People People intentionally or Employees
unintentionally inflict damage, Govt. Authorities or Person who
violation or destruction to all or are in charge Contractors
any of the database components Consultants Visitors Hackers
(People, Applications, Networks, Organized Criminals Spies
Terrorists Social Engineers
OS, DBMS, Data files or data)
MaliciousCode Software Code that in most cases Viruses
is intentionally written to damage Boot Sector Viruses Worms
or violate one or more database Trojon Horses Spoofing Code
environment components Denial-of-service flood
(People, Applications, Networks, Rookits
OS, DBMS, Data files or data) Bots Bugs
E-Mail Spamming
Back Door
Natural Disasters Calamities caused by Nature, Hurricanes Tornados
which can destroy any or all of Earthquakes Lightning Flood
the Database Components Fire
(People, Applications, Networks,
OS, DBMS, Data files or data)
Technological Disasters Often caused by some sort of Power failure
malfunction in equipment or Media failure
hardware. Hardware
Technological disasters can inflict failure
damage to Networks, OS, DBMS, Network failure
Datafilesordata

Examples of Malicious Code:

1. Virus – Code that compromises the integrity and state of the system
2. Boot Sector Virus – Code that compromises the segment in the hard disk that contains the program
used to start the computer
3. Worm – Code that disrupts the operation of the system
 4. Trojan Horses – Malicious code that penetrates a computer system or network by pretending to be
legitimate coded
5. Spoofing Code – Malicious code that looks like a legitimate code
6. Denial-of-service-flood – The act of flooding a website or network system with many requests
with the intent of overloading the system and forcing it to deny service legitimate requests
7. Rootkits and Bots – Malicious or Legitimate code that performs such functions as
automatically retrieving and collecting information from computer system
8. Bugs - Code that is faulty due to bad design, logic or both
9. E-Mail Spamming – E-Mail that is sent to may recipients without their permission
10. Backdoor– An intentional design element of software that allows developers of the system to
gain access to the application for maintenance or technical problems

Types of Risks:

Risks are simply the a part of doing business

 Managers at all the levels are constantly working to assess and mitigate risks to ensure the
continuity of the department operations.
 Administrators should understand the weakness and threats related to the system

Categories of database security risks are shown in the below figure:

Categories of database security risks

DEFINITIONS AND EXAMPLES OF RISK TYPES
Risk Type Definition Examples
People The loss of people who are vital Loss of key persons(
components of the database Registration, Migration,
environments and know critical Health problems)
information can create risks Keypersondowntimedue to
sicknesspersonal or family
problems, or burnout
Hardware A risk that mainly results in Down time due to hardware
hardware unavailability or failure, malfunctions, or
interoperability inflicted damages
Failure due to
unreliableorpoorquality
equipment
Data Data loss or data integrity is a Data loss
major concern of the database Data corruption Data Privacy
administration and management loss
Confidence The loss of public confidence in Loss of procedural and policy
the data produced by the documentation DB performance
company causes a loss of public degradation
confidence in the company itself Fraud
Confusion and uncertainty
about database information

Integration of security vulnerabilities, threats and risks in a database:

ASSET TYPES ANDTHEIR VALUES:

People always tend to protect assets regardless of what they are, Corporations treat their assets in the
same way.
Assets are the infrastructure of the company operation.

Depending on the type of asset and how much the company values it, the company builds security policies
and procedures and execute actions to protect these assets.
There are four main types of assets

1. Physical assets – Also known as tangible assets, these include buildings, cars,hardware and so on
2. Logical assets – Logical aspects of an information system such as business applications, in-
house programs, purchased software, OS, DBs, Data
3. Intangible assets – Business reputation, quality, and public confidence
4. Human assets – Human skills, knowledge and expertise
 Security measures are implemented based on the value of each asset.
For instance, if a company employs a scientist working on an important invention, the
company may take extra measures to avoid losing the intellectual asset she represents.
Similarly, every component in the database environment is protected according to its value.

DATABASE SECURITY METHODS:

Security methods used to protect database environment components.

Database Security Methods

ComponentProtected
People Physical limits on access to hardware and documents
Through the process of identification and authentication make certain that
the individual is who is claim to be through the use of devices, such as ID
cards, eye scans, and passwords
Training courses on the importance of security
and how to guard assets
Establishmentof security policiesand procedures
Applications Authentication of users who access applications
Business rules
Singlesign-on ( A method forsigning ononce
fordifferent applicationsandwebsites)
Network Firewalls to block network
intruders Virtual Private
Network(VPN)
Authentication
OS Authentication Intrusion Detection Password Policies User accounts
DBMS Authentication Audit Mechanism
Database resourcelimits
Password policy
Data files File permission
AccessMonitoring
Data Data Validation
Data Constraints
Data Encryption
Data Access
A business rule is the implementation of a business procedure or policy through code written
in an application.

DATABASE SECURITY METHODOLOGY:

31
 The below diagram presents database security methodology side by side with the
software development life cycle (SDLC) methodology:

Database Security Methodology

The following list presents the definition of each phase of the database security methodology:
Identification – Entails the identification and investigation of resources required and
policies to be adopted.

Assessment – This phase includes analysis of vulnerabilities, threats and risks for both
aspects of DB security.
Physical – Data files.
Logical – Memory and Code.
Design – This phase results in a blueprint of the adopted security model that is
used to enforce the security. Implementation – Code is developed or tools are
purchased to implement the blue print outlined in the previous phase.
Evaluation – Evaluate the security implementation by testing the system against attacks,
hardware failure, natural disasters and human errors.
Auditing – After the system goes into production, security audits should be performed
periodically to ensure the security state of the system.

OPERATING SYSTEM SECURITY FUNDAMENTALS:

An Operating System (OS) is a collection of programs that allows the users to operate
the computer hardware.

OS is also known as “RESOURCE MANAGER” .

32
 OS is one of the main access point in DBMS.

A computer system has three layers

1. The inner layer represents the hardware
2. The middle layer is OS
3. The outer layer is all different software

An OS is having number of key functions and capabilities as outlined in the following list
 Multitasking
 Multi sharing
 Managing computer resources
 Controls the flow of activities
 Provides a user interface to operate the computer
 Administers user actions and accounts
 Runs software utilities and programs
 Provides functionalities to enforce the security measures
 Schedules the jobs and tasks to be run
 Provides tools to configure the OS and hardware

There are different vendors of OS

 Windows by Microsoft
 UNIX by companies such as Sun Micro systems, HP and IBM
 LINUX “flavours” from various vendors such as Red Hat
 Macintosh by Apple

THE OS SECURITY ENVIRONMENT:

A compromised OS can compromise a Database Environment.
Physically protect the computer running the OS (Padlocks, Chain locks, Guards, Cameras)

Model :
 Bank Building – OS
 Safe – DB
 Money - Data

33
The Components of an OS Security Environment:
The three components (layers) of the OS are represented in the figure.
1. Memory component is the hardware memory available on the system.
2. Files component consists of files stored on the disk.
3. Service component compromise such OS features and functions as N/W services,
File Management and Web services.

SERVICES:

34
 The main component of OS security environment is services.
It consists of functionality that the OS offers as part of its core utilities.
Users employ these utilities to gain access to OS and all the features the users are authorized
to use.
If the services are not secured and configured properly, each service becomes a
vulnerability and access point and can lead to a security threat.
FILES:
Files are another one component of OS. It has more actions
File Permission
File Transfer
File Sharing
File Permission:
Every OS has a method of implementing file permission to grant read, write or

execute privileges to different users. The following figure gives how the file
permissions are assigned to a user in Windows:

In UNIX, file permissions work differently than windows. For each file there are three
permission settings
Each setting consists of rwx ( r – read, w – write and x – execute)
First rwx is Owner of the file
Second rwx is Group to which owner belongs Third rwx is All other users
The below images gives the details of UNIX file permission:

35
File Transfer:
File Transfer – moving the file from one location to another location in a disk/web/cloud
FTP is an Internet service that allows transferring files from one computer to another
FTP clients and servers transmit usernames and passwords in plain text format (Not
Encrypted). This means any hacker can sniff network traffic and be able to get the logon
information easily.
Files also transferred as plain text format
A root account cannot be used to transfer file using FTP
Anonymous FTP is the ability to log on to the FTP server without being authenticated.

This method is usually used to provide access to files in the public domain. Here are some
best practices for transferring files
 Never use the normal FTP Utility. Instead, use the secure FTP utility , if possible.
 Make two FTP directories: one for file uploads with write permission only and
another one file is for file downloads with read permission.
 Use specific accounts for FTP that do not have access to any files or directories
outside the file UPLOAD and DOWNLOAD directories.
 Turn on logging , and scan the FTP logs for unusual activities on a regular basis.
 Allow only authorized operators to have FTP privileges.

File Sharing:
Sharing files naturally leads to security risks and threats
The peer-to-peer technology is on rise( very well developed now) Peer-to-Peer programs
allow users to share the files over internet

36
If you were conduct a survey of users that use Peer-to-Peer programs,majority of the users’
machines are infected with some sort of virus,spyware, or worm.
Most companies prohibit the use of such programs. The main reason for blocking these
programs are:
 Malicious Code
 Adware and spyware
 Privacy and confidentiality
 Pornography
 Copyright issues

Memory:
You may wonder how memory is an access points to security violations
There are many badly written programs and utilities that could change the content of
memory. Although these programs do not perform deliberate destructions acts.
On the other hand, programs that intentionally damage or scan data in memory are the type
that not only can harm the data integrity, but may also exploit data for illegal use.

AUTHENTICATION METHODS:
Authentication is the fundamental service of the OS. It is a process to very the user
identity
Most security administrators implement two types of authentication methods:
1. Physical authentication method allows physical entrance to the company
properties. Most companies use magnetic cards and card readers to control the
entry to a building office, laboratory or data center.
2. The Digital authentication method is a process of verifying the identify of the
user by means of digital mechanism or software

DIGITAL AUTHENTICATION USED BY MANY OS:

Digital Certificate:
Widely used in e-commerce
Is a passport that identifies and verifies the holder of the certificate.

Is an electronic file issued by a trusted party ( Known as certificate authority ) and cannot be
forged or tampered with.

Digital Token (Security Token):

37
Is a small electronic device that users keep with them to be used for authentication to a
computer or network system.
This device displays a unique number to the token holder, which is used as a
PIN( Personal Identification Number) as the password.

Digital Card:
Also known as security card or smart card.
Similar to credit card in dimensions but instead of magnetic strip.
It has an electronic circuit that stores the user identification information.

Kerberos:
Developed by Massachusetts Institute of Technology (MIT) , USA
It is to enable two parties to exchange information over an open network by assigning a
unique key. Called ticket to each user. The ticket is used to encrypt communicated
messages.

Lightweight Directory Access Protocol (LDAP):

Developed by University of Michigan, USA
Uses centralized directory database storing information about people,offices and
machines in a hierarchical manner LDAP directory can be easily distributed to many
network servers.
You can use LADP to store information about Users such as
User name and User id
Passwords
Internal
telephone
directory
Security keys
Also use LADP for these following reasons
LDAP can be used across all platforms ( OS independent )

Easy to maintain
Can be employed for multiple purposes LDAP architecture is Client / Server based

NTLM (Network LAN Manager):

Was developed by Microsoft

38
 Employs challenge / response authentication protocol uses an encryption and decryption
mechanism to send and receive passwords over the network.
This method is no longer used orsupported by newversionsof Windows OS

Public Key Infrastructure(PKI):

Also known as Public Key Encryption
It is a method in which a user keeps a private key and the authentication firm holds a
public key . The private key usually kept as digital certificate on the users system.

RADIUS (Remote Authentication Dial-In User Services):

It is a method commonly used by a network device to provide centralized authentication
mechanism.
It is Client / Server based, uses a dial-up server, a Virtual Private Network(VPN) , or a
Wireless Access Point communicating to a RADIUS server

SSL (Secure Sockets Layers):

Was developed by Netscape Communications.
To provide secure communication between client and server.
SSL is a method in which authentication information is transmit over the network in
encrypted form. Commonly used by websites to source client communications.

SRP (Secure Remote Password):

Was developed by Stanford University, USA
It is a protocol in which the password is not secure locally in
an encrypted or plain text form. Very easy to install.
Does notrequireclientorserverconfiguration .
This method is invulnerable to brute force or dictionary attacks.

Authorization:
Authentication is the process of providing that users really are who they claim to be.
Authorization is the process that decides whether users are permitted to perform
the functions to they request. Authorization is not performed until the user is
authenticated.
Authorization deals with privileges and rights that have been granted to the user.

39
User Administration:
Authentication and authorization are essential services that every operating system
provides in order to secure access to the computer’s logical and physical resources. Another
related service is user administration.
Administrators use this functionality to create useraccounts, set password policies and
grant privileges to user.
Improper use of this feature can lead to security risks and threats.
The following is a compilation of best practices for user administration, in no specific order:
 Use a consistent naming convention by adopting a combination of first name and
last name for the user account.

 Always provide a password to an account and force the user to change it at the first
login.

 Make sure that all passwords are encrypted in a well-protected file.

 Do not use default password for any account.

 Use different accounts for different applications and users.

 Create a specific file system for users, separate from applications and data.

 Educate users on how to select a password.

 Lock a user account when a user’s employment is terminated/ended.

 Lock accounts that are not used for a specific period of time.

 If possible, grant privileges on a per host basis.

 Perform random auditing procedures on a regular basis.

Password Policies:
A good password policy is the first line of defense against the unwanted accessing of an
operating system.
The following password policies can be employed to devise a policy plan that suits a
company:
 Password Aging
 Password Reuse

 Password History
 Password Encryption
 Password Storage
 Password Complexity
 Logon Retries

40
  Password Protection
 Single Sign-on

VULNERABILITIES OF OS:

The top vulnerabilities to WindowsSystems The top vulnerabilities to UNIX Systems

IIS (Internet Information Server) BIND Domain Name System
MSSQL (Microsoft SQL Server) RPC (Remote Procedure Call)
Windows Authentication Apache Web Server
IE (Internet Explorer) General UNIX authentication accounts with no / weak
passwords
Windows Remote Access Services Clear text services
MDAC (Microsoft Data Access Components) Sendmail
WSH ( windows Scripting Host) SNMP (Simple Network ManagementProtocol)
Microsoft Outlook and Outlook Express Secure Shell
Windows Peer-to-Peer File Sharing (P2P) Misconfiguration of Enterprise Services NIS/ NFS
SNMP (Simple Network Management Protocol) Open SSL ( Secure Socket Layer)

E- MAIL SECURITY:

Introduction to Email Security

Email security refers to the steps where we protect the email messages and the
information that they contain from unauthorized access, and damage. It involves ensuring the
confidentiality, integrity, and availability of email messages, as well as safeguarding against
phishing attacks, spam, viruses, and another form of malware. It can be achieved through a
combination of technical and non-technical measures.
Some standard technical measures include the encryption of email messages to protect
their contents, the use of digital signatures to verify the authenticity of the sender, and email
filtering systems to block unwanted emails and malware, and the non-technical measures
may include training employees on how to recognize and respond to phishing attacks and
other email security threats, establishing policies and procedures for email use and
management, and conducting regular security audits to identify and address vulnerabilities.
Why is email security important?
 Protection Against Cyber attacks: Email is a top goal for cyber criminals. Malware,
phishing attacks, and other threats often arrive via email. In fact, 94% of malware is
delivered through email channels1. By implementing robust email security measures,
organizations can defend against these threats.
 Reducing Risk: Cyber security incidents can have devastating consequences, including
financial losses, operational disruptions, and damage to an organization’s reputation.
Effective email security helps protect your brand, reputation, and bottom line.
 Compliance: Email security ensures compliance with data protection laws like GDPR
and HIPAA. By safeguarding sensitive information, organizations avoid legal fines and
other intangible costs associated with cyber attacks.
 Productivity Enhancement: With email security in place, disruptions caused by
threats like phishing emails are minimized. This allows organizations to focus more on
business growth and less on handling security incidents.

41
Benefits of Email Security
 Shielding Against Phishing and Spoofing Attacks: Email security isn’t just about
tech jargon; it’s like having a digital bodyguard. It helps spot and tackle threats like
phishing or spoofing. These sneaky attacks can lead to serious breaches and even
unleash malware or other nasty viruses.
 Locking Down Data: Think of email encryption as a virtual vault. It keeps sensitive
info—like credit card numbers, bank accounts, and employee details—safe from prying
eyes. No more accidental leaks or costly data breaches!
 Whispers Only: Secure email encryption ensures that only the right people get the
message. It’s like passing a secret note in class—except the teacher won’t intercept it.
Your confidential content stays confidential.
 Spotting the Bad Apples: Email security acts like a spam filter on steroids. It sniffs out
malicious or spammy emails that might sneak past regular defenses. No more falling for
those “You’ve won a million dollars!” scams!
 Top-Secret Protection: Imagine your company’s secrets—intellectual property,
financial records, and classified info—wrapped in a digital force field. Email security
shields them from cyber villains like hackers and cyber criminals.
 Real-Time Guardian: Zero-day exploits? Not on our watch! Email security solutions
provide real-time protection. It’s like having a superhero squad that fights off malware
and spam before they even knock on your inbox.
 Locking Up Identity Theft: Email encryption keeps attackers from swiping your login
credentials or personal data. No more compromised accounts or identity theft
nightmares.
Email Security best practices
 Building a Strong Email Security Foundation: Think of email security like
constructing a sturdy fortress. Start by layering your defenses:
o Effective Email Protection Solutions: These are like the castle walls. Choose
tools that can spot threats and keep your inbox safe.
o Threat Detection and Reporting: Imagine sentries on the lookout, alerting you
to any suspicious activity.
o Regular Updates: Keep your defenses sharp—like sharpening swords—to fend
off the latest cyber threats.
 Guarding Sensitive Data: Picture a vault door. Implement policies to prevent users
from accidentally emailing sensitive info to outsiders. It’s like saying, “No, you can’t
send that secret recipe to the rival chef!”
 Training Your Troops: Educate your team! Teach them to spot phishing and spoofing
emails (those digital shape-shifters), create rock-solid passwords, and avoid clicking on
sketchy links or mysterious attachments.
 Encrypting Messages: Encrypting emails is like sealing them in an enchanted
envelope. Only the intended recipients can unlock the magic inside. No more
eavesdroppers!
 Layered Defenses: Imagine shields, armor, and magical spells all working together.
Authentication, encryption, and isolation form your multi-layered defense. They’ll fend
off elaborate phishing plots, ransomware attacks, and other sneaky threats.
 Stay Updated: Think of it as patching up your castle walls. Regularly update your
email security solutions to stay ahead of the cyber dragon’s fire-breath.
Types of Email threats
 Phishing: Imagine a crafty imposter pretending to be your bank or favorite online store.
They send you an email, asking for your sensitive info—like passwords or credit card
details. Sneaky, right?

42
 Social Engineering: Think of it as digital manipulation. The bad guys sweet-talk or
scare people into revealing confidential stuff. It’s like a cyber con artist pulling off a
heist.
 Spear Phishing: This one’s like a sniper attack. Instead of casting a wide net, the
attacker aims at specific individuals or organizations. They craft personalized emails,
luring victims into their trap.
 Ransomware: Picture your files locked up in a digital vault. The villain—malicious
software—holds them hostage until you pay a ransom. It’s like a cyber kidnapper!
 Malware: Sneaky software that infiltrates your computer without asking permission.
It’s like a digital ninja wreaking havoc behind the scenes.
 Spoofing: Imagine someone wearing a disguise at a masquerade ball. Attackers forge
email headers, making messages look legit—even when they’re not. Trust no masked
stranger!
 Man-in-the-Middle Attack: Visualize a sneaky eavesdropper intercepting your
messages. They can read, alter, or inject new content.
 Data Exfiltration: Sophisticated thieves sneak into an organization’s email system.
They swipe sensitive data—like secret recipes from a chef’s kitchen. Recipe theft,
anyone?
 Denial of Service: Attackers flood email servers with a deluge of messages. Servers
buckle under the pressure, like a dam bursting. Chaos ensues!
 Account Takeover: Imagine a cyber burglar breaking into your email house. They use
your account to send spam, phishing emails, or snoop around your secrets.
 Identity Theft: Someone swipes your personal info—name, address, social security
number. They wear your identity like a stolen cloak, committing digital crimes.
Steps should be taken to Secure Email
 Choose a secure password: Password must be at least 12 characters long, and contains
uppercase and lowercase letters, digits, and special characters.
 Two-factor authentication: Activate the two-factor authentication, which adds an
additional layer of security to your email account by requiring a code in addition to your
password.
 Use encryption: It encrypts your email messages so that only the intended receiver can
decipher them. Email encryption can be done by using the programs like PGP or
S/MIME.
 Keep your software up to date. Ensure that the most recent security updates are installed
on your operating system and email client.
 Beware of phishing scams: Hackers try to steal your personal information by
pretending as someone else in phishing scams. Be careful of emails that request private
information or have suspicious links because these are the resources of the phishing
attack.
 Choose a trustworthy email service provider: Search for a service provider that
protects your data using encryption and other security measures.
 Use a VPN: Using a VPN can help protect our email by encrypting our internet
connection and disguising our IP address, making it more difficult for hackers to
intercept our emails.
 Upgrade Your Application Regularly: People now frequently access their email
accounts through apps, although these tools are not perfect and can be taken advantage
of by hackers. A cyber criminal might use a vulnerability, for example, to hack accounts
and steal data or send spam mail. Because of this, it’s important to update your
programs frequently.

43
Email Security Policies
The email policies are a set of regulations and standards for protecting the privacy, accuracy,
and accessibility of email communication within the organization. An email security policy
should include the following essential components:
 Appropriate Use: The policy should outline what comprises acceptable email usage
inside the organization, including who is permitted to use email, how to use it, and for
what purpose email we have to use.
 Password and Authentication: The policy should require strong passwords and two-
factor authentication to ensure that only authorized users can access email accounts.
 Encryption: To avoid unwanted access, the policy should mandate that sensitive
material be encrypted before being sent through email.
 Virus Protection: The policy shall outline the period and timing of email messages and
attachment collection.
 Retention and Detection: The policy should outline how long email messages and their
attachments ought to be kept available, as well as when they should continue to be
removed.
 Training: The policy should demand that all staff members take a course on email best
practices, which includes how to identify phishing scams and other email-based threats.
 Incident Reporting: The policy should outline the reporting and investigation
procedures for occurrences involving email security breaches or other problems.
 Monitoring: The policy should outline the procedures for monitoring email
communications to ensure that it is being followed, including any logging or auditing
that will be carried out.
 Compliance: The policy should ensure compliance with all essential laws and
regulations, including the health
 Insurance rules, including the health portability and accountability act and the General
Data Protection Regulation (GDPR)(HIPPA).
 Enforcement: The policy should specify the consequences for violating the email
security policy, including disciplinary action and legal consequences if necessary.
Hence, organizations may help safeguard sensitive information and lower the risk of data
breaches and other security incidents by creating an email security strategy.
Now, Let’s look at how to enable the confidential mode in our Gmail account. With
Gmail.com, there is a feature called confidential mode that we may use to safeguard our
email. These are the steps to use this feature:
Step 1: On your computer, go to Gmail and click compose as shown in the below screenshot.

44
Step 2: If you have already enabled confidential mode for an email, click Edit in the bottom
right corner of the window to add an expiration date and a passcode. These setting impact
both the message text and any attachments.

If you select “No SMS passcode,” recipients using the Gmail app will be able to open it
directly and those who don’t use Gmail will receive an email with a passcode.
On the other hand, if you select the “SMS passcode” recipients will get a passcode by a text
message for that you have to provide the recipient’s phone number.

Step 3: After providing the phone number click the save button.
Step 4: In the next step write the email and sent it to the recipient.

45
Remove Access before Expiration:
We can prevent the receiver from viewing the email before it does. Prior to the
message’s expiration date or until the sender removes access, the recipient may examine the
message and any attached files. This mode disables attachments and prevents us from
copying, pasting, downloading, printing, or forwarding message text. Even so, while this
mode aids in preventing receivers from unintentionally sharing your email, it does not stop
them from capturing screenshots or images of your messages or attachments.
It does not stop receivers from capturing screenshots or images of your emails or
attachments, though this mode does make it more difficult for them to unintentionally share
your emails with others. The message or attachment can still be downloaded by the recipient
even if they have malicious software installed on their computer.

46