Académique Documents
Professionnel Documents
Culture Documents
Confidential
Introduction:
In March 2015, it became publicly known that Hillary Clinton, during her
tenure as United States Secretary of State, had exclusively used her family's
private email server for official communications, rather than official State
Department email accounts maintained on federal servers. Those official
communications included thousands of emails that would later be marked
classified by the State Department retroactively.(source Wikipedia)
This act of Ms Clinton created a major controversy in US and the matter was investigated by
FBI. The FBI in its 83 page report stated that Ms Clinton has been extremely careless in
handling its mail data, though no charges were filed.
While the above episode involves usage of personal mail server which was
physically located within the boundaries of her official residence, in contrast
majority of the government officials in India use the gmail/yahoo/Hotmail
accounts for which no one has clue where the data is stored and who else is
eyeing at that data.
The objective of this paper is not to profess the idea of using official mail
server of the government provided by NIC but is to bring out the callous
attitude that we have towards Information Security as a whole.
DoS attacks are among the most common threats to Internet operations.
These attacks saturate network bandwidth to make the network unavailable to
its intended users. They involve blasting a site with enough traffic to flood the
connections between the Internet and the business. Often multiple nodes are
used to send traffic to a site in a distributed denial of service (DDoS). DDoS
Antariksha Technologies
Confidential
attacks reduce the amount of traffic that any one attacking system needs to
send while increasing the impact on the target.
A mind-boggling array of DoS and DDoS attacks occur at the network layer.
These can be grouped into two broad categories: simple flooding and
amplification attacks. Several tools are available that automate the process of
creating both types of attacks, allowing people with no technical background
to quickly and easily threaten their choice of website.
Attacks at the Application Layer
The network layer is no longer the only target of DoS attacks. Increasingly
popular application layer attacks look like legitimate requests yet cause denial
of service by exhausting the capabilities of the web application servers. These
attacks may cause the server to use significant computing resources for each
request, perform sub-optimally, or return different results for each request to
avoid caching on the server.
Antariksha Technologies
Confidential
DNS Attacks
DNS is a weak link in web security. In addition to DDoS and amplification attacks,
DNS is subject to threats that include registrar hijacking and redirection/cache
poisoning.
Registrar Hijacking(Phishing or Spear Phishing)
The domain name registrar manages the reservation of Internet domain
names. Registrar hijacking attacks use social engineering against the
registrars customer support staff. If an attacker can use a phishing attack to
compromise an organizations account with their registrar, it gains control over
the domain name and can point it to servers of their choice, including name
servers, web servers, email servers and so on. The domain could even be
transferred to a new owner.
Redirection/Cache Poisoning
A Multi-Layered
APPLICATIONS
Approach
to
SECURING
WEB
Antariksha Technologies
Confidential
Antariksha Technologies
Confidential
Lets take a look at the components that make up this next gen-data security
framework. Security governance, the operations centre, and architecture
envelope all the security layers of the Open System Interconnection (OSI)
model. They provide security assurance for the next-generation Datacentre by
ensuring the confidentiality and availability of organization, employee, and
customer information.
Security
governance
improving
compliance
and
mitigating
risksCompliance and security standards are one of the top priorities, and at
the same time, the hardest to implement and maintain with respect to
Datacentre operations. Neglecting security governance could expose the
organization to operational, financial, and reputational risks. Security
governance ensures that the information security approach supports business
objectives and risk management, while adhering to applicable compliance
standards. Effective security governance needs to be real-time and part of the
overall corporate governance model.
Sponsorship from management is also important, since it facilitates role
assignment, division of responsibilities,and the allocation of ownership. Senior
management from the IT function must be included as part of the
organizational sub-structure to oversee the security mandate.
Security operations centre leveraging the right expertise and tools
Many organizations today lack a security operations centre due to limited
access to skilled IT security staff and tools. In addition, several diverse
security technologies exist, and as a result, a significant amount of time is
spent on operational tasks such as patch management and firewall rule
changes.
Designing and implementing an effective security operations centre requires
the support of certified professionals who are experienced in operating and
managing security tools and technologies on a regular basis. The security
operations centre encompasses incident management and remediation,
Antariksha Technologies
Confidential
Antariksha Technologies
Confidential
Network security
A layered approach for Datacentre security starts with the network. This is
because almost every physical appliance in todays world has an IP address
and is connected to a network. Moreover, most security attacks either start at
the network layer or eventually touch the network layer at some given point
during an attack.
A network identity solution improves security at the network layer and
provides user or role based access and device based profiling. The default
password should be changed for every asset: servers, laptops, network and
security appliances, and so on. Any default user account created during
server initialization or installation must be deleted. Services that are not
required should be disabled, and unused ports should be blocked on every
system and network appliance. Putting servers with sensitive data behind the
Demilitarized Zone (DMZ) further enhancessecurity. These zones are secure
segments of the corporate network for which access can be controlled
through tiered firewalls.
Here are seven other best practices for enhancing the security of network
devices:
Antariksha Technologies
Confidential
Host security
Host level security generally includes malware protection or anti-virus
solutions, host intrusion prevention, device control, and end-point Data Loss
Prevention (DLP). These are application control software for blocking
unauthorized applications and preventing users from making modifications
within the operating system registry.
End-point security
In most organizations, employees often access the internet from outside the
office. Therefore, a host based content filtering solution should be deployed
on every laptop and desktop to minimize the security risk. Updating all endpoint security servers and client applications regularly is also critical. Endpoint control and compliance solutions secure end-point devices to uncover,
analyze, and remediate abnormalities that lead to failed audits and faulty
intelligence on security threats.
File integrity monitoring
This involves validating the integrity of critical files on the operating system,
business applications, and so on.
Virtualization security
With more and more datacentres embracing Virtualisation, this is another
important component that monitors the communication taking place between
all virtual machines hosted over a common bare metal machine. Agent-less
security services increase the performance of end-user machines or servers.
A special team, which could be a part of the security operations centre unit,
should perform malware forensics on all machines affected by an end-point
breach. This helps with root cause analysis and offers a timely remediation
solution.
Application security
Generally, organizations implement a mix of open source, internally
developed, and commercially available applications. Some applications might
not be written to strict secure code guidelines, thereby making them
vulnerable, especially over the internet. As more organizations engage
customers, partners, and regulators over the internet, they are also expected
to protect data by complying with regulations such as PCI or other
compliances enforced by law of land and in case of India, it is IT act 2000 and
amendment .
Antariksha Technologies
Confidential
Features of WAFs
HTTP protocol support
Understands 1.0, 1.1 protocols
Header information
Field content, length, etc
XML/SOAP support
XML parsing & element enforcement
SOAP element support & validation
Xpath & SQL Injection
Anti-evasion
Decoding & path standardization
SSL Decryption / Inspection
Signatures
Network (DNS exploits, Solaris/Linux specific, )
Antariksha Technologies
Confidential
Antariksha Technologies
Confidential
Antariksha Technologies
Confidential
Antariksha Technologies
Confidential
5) Security Analytics:
With rapidly growing cyber threats and adding both complexity and
sophistication, organizations, especially the government organizations
are exposed to an increasing level of risk to damaging attacks , data
breaches, financial losses and cyber terrorism. While most are aware
of the increased exposure to attacks, organizations are consistently
hampered by a lack of will, lack of personnel, limited security expertise,
and lack right set of tools to effectively combat cyber-threats.
Implementing an effective, next-generation security operation requires
a holistic approach to security intelligence to expedite the detection,
prioritization and neutralization of cyber-threats originating from inside
and outside the network. This demands real-time visibility and
understanding of threats targeting the complete attack surface that
includes endpoints, network resources and user accounts. Security
Analytics, helps organizations overcome operational and
technical obstacles by delivering automated, out-of-the-box
capabilities that reduce the time it takes to detect and respond to
a broad range of cyber-threats
Antariksha Technologies
Confidential
Antariksha Technologies
Confidential