basic to advance network security concepts

1. CAP-790
Unit - V

2. WHAT IS DATABASE SECURITY
 Database security refers to the range of tools,
controls, and measures designed to establish and
preserve database confidentiality, integrity, and
availability.
 Database security is a complex and challenging
endeavor that involves all aspects of information
security technologies and practices. It’s also
naturally at odds with database usability.
 The more accessible and usable the database, the
more vulnerable it is to security threats; the
more invulnerable the database is to threats, the
more difficult it is to access and use.

3. DATABASE SECURITY MUST
ADDRESS AND PROTECT THE
FOLLOWING:
 The data in the database
 The database management system (DBMS)
 Any associated applications
 The physical database server and/or the virtual
database server and the underlying hardware
 The computing and/or network infrastructure
used to access the database

4. WHY IS IT IMPORTANT
 By definition, a data breach is a failure to
maintain the confidentiality of data in a
database. How much harm a data breach inflicts
on your enterprise depends on a number of
consequences or factors:

5. CONTINUE..
 Compromised intellectual property: Your
intellectual property—trade secrets, inventions,
proprietary practices—may be critical to your
ability to maintain a competitive advantage in
your market. If that intellectual property is stolen
or exposed, your competitive advantage may be
difficult or impossible to maintain or recover.
 Damage to brand reputation: Customers or
partners may be unwilling to buy your products
or services (or do business with your company) if
they don’t feel they can trust you to protect your
data or theirs.

6. CONTINUE..
 Business continuity (or lack thereof): Some
business cannot continue to operate until a
breach is resolved.
 Fines or penalties for non-compliance: The
financial impact for failing to comply with global
regulations such as the Sarbannes-Oxley Act
(SAO) or Payment Card Industry Data Security
Standard (PCI DSS), industry-specific data
privacy regulations such as HIPAA, or regional
data privacy regulations, such as Europe’s
General Data Protection Regulation (GDPR) can
be devastating, with fines in the worst cases
exceeding several million dollars per violation.

7. CONTINUE..
 Costs of repairing breaches and notifying
customers: In addition to the cost of
communicating a breach to customer, a breached
organization must pay for forensic and
investigative activities, crisis management,
triage, repair of the affected systems, and more.

8. COMMON THREATS AND
CHALLENGES
 Many software misconfigurations,
vulnerabilities, or patterns of carelessness or
misuse can result in breaches.
 The following are among the most common types
or causes of database security attacks and their
causes.

9. 1. INSIDER THREATS
 An insider threat is a security threat from any
one of three sources with privileged access to the
database:
 A malicious insider who intends to do harm
 A negligent insider who makes errors that make the
database vulnerable to attack
 An infiltrator—an outsider who somehow obtains
credentials via a scheme such as phishing or by
gaining access to the credential database itself
 Insider threats are among the most common
causes of database security breaches and are
often the result of allowing too many employees
to hold privileged user access credentials.

10. 2. HUMAN ERROR
 Accidents, weak passwords, password sharing,
and other unwise or uninformed user behaviors
continue to be the cause of nearly half (49%) of
all reported data breaches.

11. 3. EXPLOITATION OF DATABASE
SOFTWARE VULNERABILITIES
 Hackers make their living by finding and
targeting vulnerabilities in all kinds of software,
including database management software.
 All major commercial database software vendors
and open source database management platforms
issue regular security patches to address these
vulnerabilities, but failure to apply these patches
in a timely fashion can increase your exposure.

12. 4. SQL/NOSQL INJECTION ATTACKS
 A database-specific threat, these involve the
insertion of arbitrary SQL or non-SQL attack
strings into database queries served by web
applications or HTTP headers. Organizations
that don’t follow secure web application coding
practices and perform regular vulnerability
testing are open to these attacks.

13. 5. BUFFER OVERFLOW
EXPLOITATIONS
 Buffer overflow occurs when a process attempts
to write more data to a fixed-length block of
memory than it is allowed to hold. Attackers may
use the excess data, stored in adjacent memory
addresses, as a foundation from which to launch
attacks.

14. 6. DENIAL OF SERVICE (DOS/DDOS)
ATTACKS
 In a denial of service (DoS) attack, the attacker
deluges the target server—in this case the
database server—with so many requests that the
server can no longer fulfill legitimate requests
from actual users, and, in many cases, the server
becomes unstable or crashes.
 In a distributed denial of service attack (DDoS),
the deluge comes from multiple servers, making
it more difficult to stop the attack.

15. THESE THREATS ARE EXACERBATED BY
THE FOLLOWING:
 Growing data volumes: Data capture, storage, and
processing continues to grow exponentially across nearly all
organizations. Any data security tools or practices need to be
highly scalable to meet near and distant future needs.
 Infrastructure sprawl: Network environments are becoming
increasingly complex, particularly as businesses move
workloads to multicloud or hybrid cloud architectures, making
the choice, deployment, and management of security solutions
ever more challenging.
 Increasingly stringent regulatory requirements: The
worldwide regulatory compliance landscape continues to grow
in complexity, making adhering to all mandates more difficult.
 Cybersecurity skills shortage: Experts predict there may
be as many as 8 million unfilled cybersecurity positions by
2022.

16. BEST PRACTICES
 Because databases are nearly always network-
accessible, any security threat to any component
within or portion of the network infrastructure is
also a threat to the database, and any attack
impacting a user’s device or workstation can
threaten the database. Thus, database security
must extend far beyond the confines of the
database alone.
 When evaluating database security in your
environment to decide on your team’s top
priorities, consider each of the following areas:

17. CONTINUE..
 Physical security: Whether your database
server is on-premise or in a cloud data center, it
must be located within a secure, climate-
controlled environment. (If your database server
is in a cloud data center, your cloud provider will
take care of this for you.)
 Auditing: Record all logins to the database
server and operating system, and log all
operations performed on sensitive data as well.
Database security standard audits should be
performed regularly.

18. CONTINUE..
 Encryption: ALL data—including data in the
database, and credential data—should be
protected with best-in-class encryption while at
rest and in transit. All encryption keys should be
handled in accordance with best-practice
guidelines.
 Database software security: Always use the
latest version of your database management
software, and apply all patches as soon as they
are issued.

19. CONTINUE..
 End user account/device security: Always be
aware of who is accessing the database and when
and how the data is being used. Data monitoring
solutions can alert you if data activities are unusual
or appear risky. All user devices connecting to the
network housing the database should be physically
secure (in the hands of the right user only) and
subject to security controls at all times.
 Application/web server security: Any
application or web server that interacts with the
database can be a channel for attack and should be
subject to ongoing security testing and best practice
management.

20. CONTINUE..
 Backup security: All backups, copies, or images
of the database must be subject to the same (or
equally stringent) security controls as the
database itself.
 Administrative and network access
controls: The practical minimum number of
users should have access to the database, and
their permissions should be restricted to the
minimum levels necessary for them to do their
jobs. Likewise, network access should be limited
to the minimum level of permissions necessary.

21. CONTROLS AND POLICIES
 In addition to implementing layered security
controls across your entire network environment,
database security requires you to establish the
correct controls and policies for access to the
database itself. These include:
 Administrative controls to govern installation, change,
and configuration management for the database.
 Preventative controls to govern access, encryption,
tokenization, and masking.
 Detective controls to monitor database activity
monitoring and data loss prevention tools. These
solutions make it possible to identify and alert on
anomalous or suspicious activities.

22. DATA PROTECTION TOOLS AND
PLATFORMS
 Today, a wide array of vendors offer data
protection tools and platforms. A full-scale
solution should include all of the following
capabilities:
 Discovery: Look for a tool that can scan for and
classify vulnerabilities across all your databases
—whether they’re hosted in the cloud or on-
premise—and offer recommendations for
remediating any vulnerabilities identified.
Discovery capabilities are often required to
conform to regulatory compliance mandates.

23. CONTINUE..
 Data activity monitoring: The solution should be
able to monitor and audit all data activities across all
databases, regardless of whether your deployment is
on-premise, in the cloud, or in a container.
 It should alert you to suspicious activities in real-time
so that you can respond to threats more quickly.
You’ll also want a solution that can enforce rules,
policies, and separation of duties and that offers
visibility into the status of your data through a
comprehensive and unified user interface.
 Make sure that any solution you choose can generate
the reports you’ll need to meet compliance
requirements.

24. CONTINUE..
 Encryption and tokenization capabilities: In
case of a breach, encryption offers a final line of
defense against compromise.
 Any tool you choose should include flexible
encryption capabilities that can safeguard data
in on-premise, cloud, hybrid, or multicloud
environments.
 Look for a tool with file, volume, and application
encryption capabilities that conform to your
industry’s compliance requirements, which may
demand tokenization (data masking) or advanced
security key management capabilities.

25. CONTINUE..
 Data security optimization and risk
analysis: A tool that can generate contextual
insights by combining data security information
with advanced analytics will enable you to
accomplish optimization, risk analysis, and
reporting with ease.
 Choose a solution that can retain and synthesize
large quantities of historical and recent data
about the status and security of your databases,
and look for one that offers data exploration,
auditing, and reporting capabilities through a
comprehensive but user-friendly self-service
dashboard.

26. SQL – CONSTRAINTS
 Constraints are the rules enforced on the data
columns of a table. These are used to limit the type
of data that can go into a table. This ensures the
accuracy and reliability of the data in the database.
 Constraints could be either on a column level or a
table level. The column level constraints are
applied only to one column, whereas the table level
constraints are applied to the whole table.
 Following are some of the most commonly used
constraints available in SQL. These constraints
have already been discussed in SQL - RDBMS
Concepts chapter, but it’s worth to revise them at
this point.

27. CONTINUE..
 NOT NULL Constraint − Ensures that a column cannot
have NULL value.
 DEFAULT Constraint − Provides a default value for a
column when none is specified.
 UNIQUE Constraint − Ensures that all values in a
column are different.
 PRIMARY Key − Uniquely identifies each row/record in a
database table.
 FOREIGN Key − Uniquely identifies a row/record in any
of the given database table.
 CHECK Constraint − The CHECK constraint ensures
that all the values in a column satisfies certain conditions.
 INDEX − Used to create and retrieve data from the
database very quickly.

28. DROPPING CONSTRAINTS
 Any constraint that you have defined can be dropped using the
ALTER TABLE command with the DROP CONSTRAINT
option.
 For example, to drop the primary key constraint in the
EMPLOYEES table, you can use the following command.
 ALTER TABLE EMPLOYEES DROP CONSTRAINT
EMPLOYEES_PK;
 Some implementations may provide shortcuts for dropping
certain constraints. For example, to drop the primary key
constraint for a table in Oracle, you can use the following
command.
 ALTER TABLE EMPLOYEES DROP PRIMARY KEY;
 Some implementations allow you to disable constraints.
Instead of permanently dropping a constraint from the
database, you may want to temporarily disable the constraint
and then enable it later.

29. INTEGRITY CONSTRAINTS
 Integrity constraints are used to ensure accuracy
and consistency of the data in a relational
database. Data integrity is handled in a
relational database through the concept of
referential integrity.
 There are many types of integrity constraints
that play a role in Referential Integrity (RI).
These constraints include Primary Key, Foreign
Key, Unique Constraints and other constraints
which are mentioned above.

30. CONTINUE..

31. 1. DOMAIN CONSTRAINTS
 Domain constraints can be defined as the
definition of a valid set of values for an attribute.
 The data type of domain includes string,
character, integer, time, date, currency, etc. The
value of the attribute must be available in the
corresponding domain.

32. EXAMPLE

33. 2. ENTITY INTEGRITY CONSTRAINTS
 The entity integrity constraint states that
primary key value can't be null.
 This is because the primary key value is used to
identify individual rows in relation and if the
primary key has a null value, then we can't
identify those rows.
 A table can contain a null value other than the
primary key field.

34. EXAMPLE

35. 3. REFERENTIAL INTEGRITY
CONSTRAINTS
 A referential integrity constraint is specified
between two tables.
 In the Referential integrity constraints, if a
foreign key in Table 1 refers to the Primary Key
of Table 2, then every value of the Foreign Key in
Table 1 must be null or be available in Table 2.

36. EXAMPLE

37. 4. KEY CONSTRAINTS
 Keys are the entity set that is used to identify an
entity within its entity set uniquely.
 An entity set can have multiple keys, but out of
which one key will be the primary key. A primary
key can contain a unique and null value in the
relational table.

38. EXAMPLE

39. INTRODUCTION TO INTERNET
SECURITY PROTOCOLS
 In today’s computer network world, internet
security has achieved great importance. Since
internet technology is vast and encompasses
many years, there are various aspects associated
with internet security.
 Various security mechanisms exist for specialized
internet services like email, electronic commerce,
and payment, wireless internet, etc.
 To provide the security to this internet various
protocols have been used like SSL (Secure Socket
Layer), TLS ( Transport Layer Security), etc.

40. 1. SSL PROTOCOL
 SSL Protocol stands for Secure Socket Layer
protocol, which is an internet security protocol
used for exchanging the information between a
web browser and a web server in a secure
manner.
 It provides two basic security services like
authentication and confidentiality. SSL protocol
has become the world’s most popular web
security mechanism, all major web browsers
support SSL.
 Secure socket layer protocol is considered as an
additional layer in TCP/IP protocol suite.

41. CONTINUE..
 It is located between the application layer and the
transport layer. SSL has three sub protocols
namely Handshake Protocol, Record Protocol, and
Alert Protocol.
 OpenSSL is an open source implementation of the
Secure Socket Layer protocol. OpenSSL is subject
to four remotely exploitable buffer overflow.
 Buffer overflow vulnerabilities allow attackers to
execute arbitrary code on the target computer
with a privilege level of OpenSSL process as well
as providing opportunities for launching a denial
of service attack.

42. 2. TLS PROTOCOL
 TLS stands for Transport Layer Security, which
is an internet security protocol.
 TLS is an IETF standardization initiative whose
goal is to come out with an internet standard
version of SSL.
 To standardized SSL, Netscape handed the
protocol to IETF. The idea and implementation
are quite similar.
 Transport layer security protocol uses a pseudo
random function to create a master secret.

43. CONTINUE..
 TLS also has three sub protocols same as SSL
protocol – Handshake Protocol, Record Protocol,
and Alert Protocol.
 In Handshake Protocol some details are changed,
Record Protocol uses HMAC, Alert protocol newly
added features like record overflow, Unknown
CA, Decryption failed, Decode error, Access
denied, Export restrictions, Protocol version,
insufficient security, internal error.
 Transport layer security is defined in RFC 2246.

44. 3. SHTTP
 SHTTP stands for Secure HyperText Transfer
Protocol, is a set of security mechanism defined
for protecting internet traffic.
 It also includes data entry forms and internet
based transaction.
 Services provided by SHTTP are quite similar to
SSL protocol.
 Secure HyperText Transfer Protocol works at the
application layer, and therefore tightly coupled
with HTTP.

45. CONTINUE..
 SHTTP supports both authentication and
encryption of HTTP traffic between the client
and the server.
 Encryption and digital signature format used in
SHTTP have the origins in the PEM (Privacy
Enhanced Mail) protocol.
 SHTTP works at the level of an individual
message. It can encrypt and sign an individual
message.

46. 4. SET PROTOCOL
 SET Protocol stands for Secure Electronic
Transaction protocol is an open encryption and
security mechanism designed for protecting the
eCommerce transaction over the internet.
 SET is not a payment system, it is a security
protocol used over the internet for secure
transaction.

47. SERVICES
 SET provides authentication by using digital
certificates.
 It provides a secure communication channel
among all parties involved in an eCommerce
transaction.
 It ensures confidentiality because the
information is only available for parties involved
in a transaction and that too only when and
where required.

48. PARTICIPANTS
 Cardholder: It is an authorized holder of
payment card such as visa card, Master card.
 Merchant: It is a specific person or organization
who wants to sell goods and services to the
cardholder.
 Issuer: It is a financial institution which provides
payment card to the cardholder.
 Acquirer: It is a financial institution which has a
relationship with merchants for processing
payment card Authorization and payments.

49. CONTINUE..
 Payment Gateway: It acts as an interface
between SET and existing card payment
networks for payment Authorization.
 Certification Authority: It is an authority that is
trusted to provide a public key certificate to
cardholder, merchant, and payment gateways.

50. 5. PEM PROTOCOL
 PEM Protocol stands for privacy enhanced mail,
used for email security over the internet.
 If we adopted by IAB ( Internet Architecture
Board) to provide secure electronic mail
communication over the internet.
 It was initially developed by the IRTF (Internet
Research Task Force) PSRG (Privacy Security
Research Group).

51. CONTINUE..
 Then they handed over the PEM to the IETF
(Internet Engineering Task Force) PEM working
group Privacy Enhanced Mail protocol is
described in four specific documents RFC 1421,
RFC 1422, RFC 1423, and RFC 1424.
 It supports cryptographic functions namely
encryption, nonrepudiation, and message
integrity.

52. 6. PGP PROTOCOL
 PGP Protocol stands for Pretty Good Privacy,
which we developed by Phil Zimmerman.
 PGP protocol is easy to use and free including its
source code documentation.
 It also supports the basic requirements of
cryptography.
 However, for those organizations that require
support, a low-cost commercial version Of PGP
protocol is available from an organization called
viacrypt.

53. CONTINUE..
 PGP protocol becomes extremely popular and
more widely used as compared to PEM protocol.
 PGP protocol support cryptography like
encryption, Non-repudiation, and message
integrity.

54. IT SECURITY STANDARDS
 IT security standards or cyber security standards
are techniques generally set forth in published
materials that attempt to protect the cyber
environment of a user or organization.
 This environment includes users themselves,
networks, devices, all software, processes,
information in storage or transit, applications,
services, and systems that can be connected
directly or indirectly to networks.
 The principal objective is to reduce the risks,
including prevention or mitigation of cyber-
attacks.

55. INTERNATIONAL STANDARDS
 ISO/IEC 27001 formally specifies a management system that is
intended to bring information security under explicit
management control.
 ISO/IEC 27002 incorporates mainly part 1 of the BS 7799 good
security management practice standard. The latest versions of BS
7799 is BS 7799-3. ISO/IEC 27002 is a high level guide to
cybersecurity. It is most beneficial as explanatory guidance for
the management of an organisation to obtain certification to the
ISO/IEC 27001 standard.
or
• ISO/IEC 27001 sets the rules for a security
management system.
• ISO/IEC 27002 provides practical advice on how
to follow those rules.

56. CONTINUE..
 ISO/IEC 27001 (ISMS) replaces BS 7799 part 2, but
since it is backward compatible any organization
working toward BS 7799 part 2 can easily transition to
the ISO/IEC 27001 certification process.
 ISO/IEC 27002 provides best practice
recommendations on information security management
for use by those responsible for initiating,
implementing or maintaining information security
management systems (ISMS).
 ISO/IEC 21827 (SSE-CMM – ISO/IEC 21827) is an
International Standard based on the Systems Security
Engineering Capability Maturity Model (SSE-CMM)
that can measure the maturity of ISO controls
objectives.

57. CONTINUE..
 ISO 15408: This standard develops what is
called the “Common Criteria”. It allows many
different software and hardware products to be
integrated and tested in a secure way.
 IEC 62443: The IEC 62443 cybersecurity
standard defines processes, techniques and
requirements for Industrial Automation and
Control Systems (IACS). Its documents are the
result of the IEC standards creation process
where all national committees involved agree
upon a common standard.

58. CONTINUE..
 ISO/SAE 21434: ISO/SAE 21434 "Road vehicles -
Cybersecurity engineering" is a new cybersecurity
standard jointly developed by ISO and SAE
working groups. It proposes cybersecurity
measures for the development lifecycle of road
vehicles.
 ETSI EN 303 645: The ETSI EN 303 645
standard provides a set of baseline requirements
for security in consumer Internet of things (IoT)
devices. It contains technical controls and
organizational policies for developers and
manufacturers of Internet-connected consumer
devices.

59. NATIONAL STANDARDS
 NERC: An initial attempt to create information
security standards for the electrical power industry
was created by NERC in 2003 and was known as
NERC CSS. Subsequent to the CSS guidelines,
NERC evolved and enhanced those requirements.
 NIST: The NIST Cybersecurity Framework (NIST
CSF) "provides a high level taxonomy of
cybersecurity outcomes and a methodology to
assess and manage those outcomes." It is intended
to help private sector organizations that provide
critical infrastructure with guidance on how to
protect it, along with relevant protections for
privacy and civil liberties.

60. CONTINUE..
 FIPS 140: The 140 series of Federal Information
Processing Standards (FIPS) are U.S. government
computer security standards that specify
requirements for cryptography modules. Both FIPS
140-2 and FIPS 140-3 are accepted as current and
active.
 Cyber Essentials: is a United Kingdom government
information assurance scheme that is operated by the
National Cyber Security Centre (NCSC). It
encourages organizations to adopt good practice in
information security. Cyber Essentials also includes
an assurance framework and a simple set of security
controls to protect information from threats coming
from the internet.

61. CONTINUE..
 BSI IT-Grundschutz: The Federal Office for
Information Security standards are an
elementary component of the IT baseline
protection methodology.
 They contain recommendations on methods,
processes and procedures as well as approaches
and measures for various aspects of information
security.
 Users from public authorities and companies as
well as manufacturers or service providers can
use the BSI standards to make their business
processes and data more secure.

62. INDUSTRY-SPECIFIC STANDARDS
 PCI DSS: The Payment Card Industry Data
Security Standard (PCI DSS) is an information
security standard for organizations that handle
branded credit cards from the major card schemes.
The PCI Standard is mandated by the card brands
but administered by the Payment Card Industry
Security Standards Council.
 UL 2900: UL 2900 is a series of standards published
by UL. The standards include general cybersecurity
requirements (UL 2900-1) as well as specific
requirements for medical products (UL 2900-2-1),
industrial systems (UL 2900-2-2), and security and
life safety signalling systems (UL 2900-2-3).

63. WHAT IS A NETWORK ATTACK?
 A network attack is an attempt to gain
unauthorized access to an organization’s
network, with the objective of stealing data or
perform other malicious activity. There are two
main types of network attacks:
 Passive: Attackers gain access to a network and
can monitor or steal sensitive information, but
without making any change to the data, leaving
it intact. Activities such as wiretapping and idle
scans that are designed to intercept traffic
travelling through the network.

64. CONTINUE..
 Active: Attackers not only gain unauthorized
access but also modify data, either deleting,
encrypting or otherwise harming it. Activities
such as Denial of Service (DoS) attacks and SQL
injection attacks where the attacker is
attempting to execute commands to disrupt the
network’s normal operation.

65. NETWORK ATTACK
 Endpoint attacks—gaining unauthorized access to user
devices, servers or other endpoints, typically
compromising them by infecting them with malware.
 Malware attacks—infecting IT resources with malware,
allowing attackers to compromise systems, steal data
and do damage. These also include ransomware
attacks.
 Vulnerabilities, exploits and attacks—exploiting
vulnerabilities in software used in the organization, to
gain unauthorized access, compromise or sabotage
systems.
 Advanced persistent threats—these are complex
multilayered threats, which include network attacks
but also other attack types.

66. CONTINUE..
 To execute a successful network attack, attackers
must typically actively hack a company’s
infrastructure to exploit software vulnerabilities
that allow them to remotely execute commands on
internal operating systems.
 DoS attacks and shared network hijacking
(example: when corporate user is on a public WiFi
network) of communications are exceptions.
 Attackers typically gain access to internal
operating systems via email-delivered network
threats which first compromise a set of machines,
then install attacker controlled malware, and so
provide ability for the attacker to move laterally.

67. CONTINUE..
 This increases the likelihood of not being
detected up front while providing an almost
effortless entry point for the attacker.
 According to a recent Microsoft security
intelligence report, more than 45% of malware
requires some form of user interaction,
suggesting that user-targeted email, designed to
trick users, is a primary tactic used by attackers
to establish their access.

68. NETWORK PROTECTION BEST
PRACTICES
 Segregate Your Network: A basic part of avoiding
network security threats is dividing a network
into zones based on security requirements. This
can be done using subnets within the same
network, or by creating Virtual Local Area
Networks (VLANs), each of which behaves like a
complete separate network. Segmentation limits
the potential impact of an attack to one zone, and
requires attackers to take special measures to
penetrate and gain access to other network
zones.

69. CONTINUE..
 Regulate Access to the Internet via Proxy Server:
Do not allow network users to access the Internet
unchecked. Pass all requests through a
transparent proxy, and use it to control and
monitor user behavior. Ensure that outbound
connections are actually performed by a human
and not a bot or other automated mechanism.
Whitelist domains to ensure corporate users can
only access websites you have explicitly
approved.

70. CONTINUE..
 Monitor Network Traffic: Ensure you have
complete visibility of incoming, outgoing and
internal network traffic, with the ability to
automatically detect threats, and understand
their context and impact. Combine data from
different security tools to get a clear picture of
what is happening on the network, recognizing
that many attacks span multiple IT systems,
user accounts and threat vectors.

71. CONTINUE..
 Use Deception Technology: No network
protection measures are 100% successful, and
attackers will eventually succeed in penetrating
your network. Recognize this and place deception
technology in place, which creates decoys across
your network, tempting attackers to “attack”
them, and letting you observe their plans and
techniques. You can use decoys to detect threats
in all stages of the attack lifecycle: data files,
credentials and network connections.

72. DDOS ATTACK
 Some threats are designed to disrupt an
organisation’s operations rather than silently
gather information for financial gain or
espionage. The most popular approach is called a
Denial of Service (DoS) attack.
 These attacks overwhelm network resources such
as web and email gateways, routers, switches,
etc. and prevent user and application access,
ultimately taking a service offline or severely
degrading the quality of a service.

73. CONTINUE..
 These do not necessarily require active hacking,
but instead rely on attackers’ ability to scale traffic
towards an organisation to take advantage of
misconfigured and poorly protected infrastructure.
 This means they often make use of a network of
compromised computer systems that work in
tandem to overwhelm the target.
 In many cases, attackers will launch DoS and
DDoS attacks while attempting active hacking or
sending in malicious email threats to camouflage
their real motives from the information security
teams by creating distractions.