"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
CyberSecurity Assignment.pptx
1. [ A Deemed to be University ]
Name :- Vinay Pratap
Roll :- MCA / 40015 / 21
Sem :- 3rd
Sub :- Cyber Security
Presented To :-
Dr. Amrita Priyam Ma’am.
3. UNAUTHORIZED ACCESS BY OUTSIDER
A person gains logical or physical access without permission
to a network, system, application, data, or other resource.
4. PREVENT UNAUTHORIZED ACCESS
Strong Password Policy
Two Factor Authentication (2FA) and Multifactor Authentication
Physical Security Practices
Monitoring User Activity
Endpoint Security
5. 1. STRONG PASSWORD POLICY
Enforce best practices for user passwords—force users to
select long passwords including letters, numbers and special
characters, and change passwords frequently. Educate users
to avoid using terms that can be guessed in a brute force
attack, inform them about routine password updating, and to
tell them to avoid sharing passwords across systems.
6. 2. TWO FACTOR AUTHENTICATION (2FA) AND
MULTIFACTOR AUTHENTICATION
Credentials based on user names, passwords, answers to security questions,
etc. Are known more generally as knowledge-based security factors.
Knowledge-based factors are an important authentication method, but they
are inherently weak and easy to compromise.
One of the best ways to prevent unauthorized access in your organization is to
supplement knowledge-based factors with additional authentication methods:
Possession factors — authentication via objects possessed by the user. For
example, a mobile phone, a security token or a physical card.
Inherence factors — authentication via something the user is or has. This
includes biometric authentication using fingerprints, iris scans or voice
recognition.
7. 3. PHYSICAL SECURITY PRACTICES
As important as cybersecurity is, don’t neglect physical
security. Train users to always lock devices when walking
away from their desks, and to avoid writing down passwords
or leaving sensitive documents in the open. Have a clear
policy about locking office doors and ensure only authorized
parties can enter sensitive areas of your physical facility.
8. 4. MONITORING USER ACTIVITY
It is crucial to monitor what is happening with user accounts, to detect anomalous
activity such as multiple login attempts, login at unusual hours, or login by users to
systems or data they don’t usually access. There are several strategies for monitoring
users and accounts:
Log analysis — security analysts can gain visibility into logs of sensitive enterprise
systems and uncover suspicious activity
Rule-based alerts — security tools can alert security staff to suspicious activity patterns,
such as multiple login attempts or incorrect login to sensitive systems
Behavioural analytics — user and event behavioural analytics (UEBA) monitors users
and systems, establishes a baseline of normal activity, and detects any behavior that
represents an anomaly and may be malicious.
9. 5. ENDPOINT SECURITY
Historically, most security breaches were a result of penetrating the network perimeter.
Today, many attacks circumvent network defences by directly targeting endpoints, such as
employee workstations, servers, cloud instances. Installing antivirus on every endpoint is
the most basic security measure.
Beyond antivirus, many organizations are deploying comprehensive endpoint protection
measures that include:
Next-generation antivirus (NGAV) – able to detect malware and other threats even if they
don’t match known patterns or signatures.
Endpoint detection and response (EDR) – provides visibility and defensive measures on the
endpoint itself, when attacks occur on endpoint devices.
10. ANTI – MALWARE SOFTWARE
Anti-malware resources are comprehensive solutions that maintain computer
security and protect sensitive data that is transmitted by a network or stored on
local devices. Anti-malware tools often include multiple components, including
anti-spyware and phishing tools, as well as antivirus solutions for prominent
viruses, which are isolated and identified by security resources.
Anti-malware tools may employ scanning, strategies, freeware or licensed tools to
detect rootkits, worms, trojans and other types of potentially damaging software.
Each type of malware resource carries its own interface and system requirements,
which impact user solutions for a given device or system.
11. USES OF ANTIMALWARE
The value of antimalware applications is recognized beyond simply scanning files for viruses. Antimalware can
help prevent malware attacks by scanning all incoming data to prevent malware from being installed and
infecting a computer. Antimalware programs can also detect advanced forms of malware and offer protection
against ransomware attacks.
Antimalware programs can help in the following ways:
Prevent users of from visiting websites known for containing malware;
Prevent malware from spreading to other computers in a computer system;
Provide insight into the number of infections and the time required for their removal; and
Provide insight into how the malware compromised the device or network.
12. NETWORK TRAFFICANALYSIS
Network traffic analysis (NTA) is a method of monitoring network availability and activity
to identify anomalies, including security and operational issues. Common use cases for
NTA include:
Collecting a real-time and historical record of what’s happening on your network
Detecting malware such as ransomware activity
Detecting the use of vulnerable protocols and ciphers
Troubleshooting a slow network
Improving internal visibility and eliminating blind spots.
13. THE KEY BENEFITS OF NETWORK TRAFFIC ANALYSIS
Improved visibility into devices connecting to your network (e.G. Iot devices, healthcare
visitors)
Meet compliance requirements
Troubleshoot operational and security issues
Respond to investigations faster with rich detail and additional network context.
14. THE IMPORTANCE OF NETWORK TRAFFIC ANALYSIS
The rise of ransomware as a common attack type in recent years makes network traffic monitoring
even more critical. A network monitoring solution should be able to detect activity indicative of
ransomware attacks via insecure protocols.
Remote desktop protocol (rdp) is another commonly targeted application. Monitoring traffic inside your
firewalls allows you to validate rules, gain valuable insight, and can also be used as a source of
network traffic-based alerts.
Telnet is an unencrypted protocol, session traffic will reveal command line interface (cli) command
sequences appropriate for the make and model of the device. CLI strings may reveal login procedures,
presentation of user credentials, commands to display boot or running configuration, copying files,
and more.