Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Module 6.pdf

Sitamarhi Institute of Technology
Sitamarhi Institute of Technology

The document discusses several topics related to cyber security including biometrics, mobile device hardening, web application security, identity management for web services, authorization patterns, security considerations, and challenges. Specifically, it provides best practices for securing evolving technologies, mobile devices, web servers, web services, implementing identity management, common authorization patterns, important security considerations, and challenges related to implementing security.

Engineering
1 of 10
Download to read offline
Cyber Security [105713] – Notes Module 6 Security in Evolving Technology: Biometrics, Mobile Computing and Hardening on android and ios, IOT Security, Web server configuration and Security. Introduction, Basic security for HTTP Applications and Services, Basic Security for Web Services like SOAP, REST etc., Identity Management and Web Services, Authorization Patterns, Security Considerations, Challenges. Open Source/ Free/ Trial Tools: adb for android, xcode for ios, Implementation of REST/ SOAP web services and Security implementations. Security in Evolving Technology Security is a critical concern in all areas of technology, and this is particularly true in rapidly evolving fields. As new technologies are developed and implemented, there are always new security risks and vulnerabilities that must be addressed. Here are some key considerations for security in evolving technology: Stay up-to-date: It's crucial to stay informed about the latest security threats and trends in your industry. This includes reading industry publications, attending conferences, and networking with other professionals. This will help you stay on top of emerging security risks and technologies. Adopta proactiveapproach:Ratherthanwaiting forsecurity breaches tooccur,adopt a proactive approach by implementing regular security audits and assessments. This will help you identify potential vulnerabilities and implement the necessary security measures to prevent attacks. Choose the right technology: When selecting new technology, be sure to carefully consider its security implications. Choose technologies that have a strong track record of security, or work with vendors who can provide robust security features and support. Train your employees: Employees can be the weakest link in any security program. Make sure that all employees are trained on best practices for security, including password hygiene, phishing scams, and other security risks. Implement robust security protocols: Finally, be sure to implement robust security protocols across all systems and applications. This may include multi-factor authentication, encryption, access controls, and monitoring and logging of all system activity. Biometrics- This can include fingerprints, facial recognition, iris scans, voice recognition, and more. Biometric authentication is becoming increasingly popular in many areas, including mobile devices,banking and finance, and government identification. One of the key advantages of biometric authentication is its ability to provide strong, convenient, and secure authentication. Biometric data is unique to each individual and difficult to replicate, making it a powerful tool for authentication purposes. Biometric authentication can also eliminate the need for passwords, which are often the weak link in traditional authentication systems. However, there are also some concerns around the use of biometrics, particularly around privacy
and security. Biometric data can be sensitive, and if it falls into the wrong hands, it can be used for identity theft or other malicious purposes. There is also the risk of false positives and false negatives in biometric authentication systems, which can result in denied access or unauthorized access. To address these concerns, it's important to implement robust security measures around biometricdata.Thismay include encryption,accesscontrols,andmonitoring ofall system activity. It's also important to have clear policies around the use and storage of biometric data, and to obtain consent from individuals before collecting and using their biometric data. Mobile Computing and Hardening on android and ios Mobile computing has become an integral part of our lives, with smartphones and tablets becoming the primary computing devices for many people. However, these devices are also vulnerable to a range of security threats, including malware, phishing attacks, and unauthorized access. To mitigate these risks, it's important to harden mobile devices, particularly on the Android and iOS platforms. Android:  Keep the operating system and all applications up-to-date to ensure the latest security patches are installed.  Install apps only from trusted sources such as Google Play Store.  Use antivirus software to scan for malware and protect against other security threats.  Enable the device encryption feature to protect the device data in case of loss or theft.  Disable developer mode and USB debugging when not in use to prevent unauthorized access. iOS:  Keep the operating system and all applications up-to-date to ensure the latest security patches are installed.  Use strong passwords, Face ID, or Touch ID for device authentication.  Use two-factor authentication for Apple ID and other important accounts.  Enable the device encryption feature to protect the device data in case of loss or theft. Limit app permissions and avoid jailbreaking the device, as these canincrease security risks. IOT Security- The Internet of Things (IoT) the network of devices that are connected to the internet and can communicate with each other. This includes devices such as smart home appliances, medical
devices, and industrial control systems. While IoT has the potential to bring many benefits, it also presents significant security challenges. Here are some key considerations for IoT security: Device authentication: It's important to ensure that only authorized devices are able to communicate with the network. This can be achieved through device authentication, which verifies the identity of the device before allowing it to connect. Encryption: All communication between devices should be encrypted to prevent unauthorized access to sensitive data. Firmware updates: It's important to keep all IoT devices up-to-date with the latest firmware updates, which often include security patches to address vulnerabilities. Access controls: Access to IoT devices and networks should be restricted to authorized users only. This may include the use of passwords, two-factor authentication, and other access controls. Monitoring: It's important to monitor all IoT devices and networks for signs of unauthorized access or unusual activity. This can be achieved through network monitoring and device logs. Vendor support: When selecting IoT devices, it's important to choose vendors that provide robust security features and support. This may include regular firmware updates, security patches, and technical support. We server configuration and security- Web servers are critical components of web-based applications, and their configuration and security are essential to the performance and security of these applications. Here are some key considerations for web server configuration and security: Secure protocols: Use secure protocols such as HTTPS to encrypt communication between the web server and clients. Access controls: Restrict access to the web server to authorized users only, and use strong authentication mechanisms such as passwords, two-factor authentication, and public key infrastructure (PKI). Firewall: Use a firewall to restrict access to the web server from the internet, and configure it to block traffic from unauthorized sources. Server hardening: Configure the server to only run necessary services and software, and disable unnecessary services and ports to minimize the attack surface. File permissions: Set file permissions to restrict access to files and directories to only authorized users, and configure permissions to limit the actions that can be performed on files. Regular updates: Keep the web server software and operating system up-to-date with the latest security patches and updates to minimize vulnerabilities. Monitoring: Regularly monitor the web server logs and other security-related events to detect and respond to security incidents. Backups:Regularly backup the web server and its data to ensure that it can be restored in case ofa security incident or other disaster. IoT security presents significant challenges, but by following best practices such as device authentication, encryption, firmware updates, access controls, monitoring, and vendor support, organizations can help mitigate these risks and ensure the security of their IoT networks and devices. Introduction, Basic security for HTTP Applications and services- HTTP (Hypertext TransferProtocol) is the protocolusedby webbrowsers and web servers to communicate
and transfer data over the internet. HTTP applications and services, such as web servers and web applications, are critical components of modern internet-based services. However, they are also frequent targets of cyberattacks due to their accessibility and popularity. Basic security measures can help protect these applications and services from attacks. Basic security for HTTP Applications and Services: Use HTTPS: Use HTTPS instead of HTTP to encrypt communication between the web server and clients. HTTPS helps protect against man-in-the-middle attacks and ensures data privacy and integrity. Input validation: Validate all user input to prevent input-based attacks such as SQL injection and cross- site scripting (XSS). Authentication and Authorization: Use strong authentication mechanisms such as passwords, two-factor authentication, and PKI, to verify the identity of users accessing the application or service. Use authorization mechanisms to limit the actions that authorized users can perform. Server hardening: Configure the server to only run necessary services and software, and disable unnecessary services and ports to minimize the attack surface. Regular updates: Keep the application or service software and operating system up-to-date with the latest security patches and updates to minimize vulnerabilities. Error handling: Implement proper error handling to avoid the exposure of sensitive information, such as file paths and database schema, to attackers. Access controls: Restrict access to the application or service to authorized users only, and use access controls to limit the actions that authorized users can perform. Monitoring: Regularly monitor the application or service logs and other security-related events to detect and respond to security incidents. Basic security measures for HTTP applications and services include using HTTPS, input validation, authentication and authorization, server hardening, regular updates, error handling, access controls, and monitoring. By following these practices, organizations can help ensure the security of their HTTP applications and services and protect against cyberattacks. Basic Security for Web Services like SOAP, REST Web services such as SOAP (Simple Object Access Protocol) and REST (Representational State Transfer) are widely used for exchanging data between applications and services. They use the HTTP protocol to transfer data, making them vulnerable to various attacks such as injection attacks, session hijacking, and denial of service (DoS) attacks. Basic security measures can help protect these web services from attacks. Basic Security for SOAP and REST:  Use HTTPS: Use HTTPS instead of HTTP to encrypt communication between the web service and clients. HTTPS helps protect against man-in-the-middle attacks and ensures data privacy and integrity.  Authentication and Authorization: Use strong authentication mechanisms such as passwords, two-factor authentication, and PKI, to verify the identity of users accessing the web service. Use authorization mechanisms to limit the actions that authorized users can perform.  Input validation: Validate all user input to prevent input-based attacks such as SQL injection and cross-site scripting (XSS).  Server hardening: Configure the server to only run necessary services and software, and disable unnecessary services and ports to minimize the attack surface.
 Regular updates: Keep the web service software and operating system up-to-date with the latest security patches and updates to minimize vulnerabilities.  Error handling: Implement proper error handling to avoid the exposure of sensitive information, such as file paths and database schema, to attackers.  Access controls: Restrict access to the web service to authorized users only, and use access controls to limit the actions that authorized users can perform.  Rate limiting: Implement rate limiting to prevent DoS attacks and limit the amount of traffic that can be sent to the web service.  Monitoring: Regularly monitor the web service logs and other security-related events to detect and respond to security incidents. Basic security measures for web services like SOAP and REST include using HTTPS, authentication and authorization, input validation, server hardening, regular updates, error handling, access controls, rate limiting, and monitoring. By following these practices, organizations can help ensure the security of their web services and protect against cyberattacks. Identity Management and Web services- Identity management is the process of managing user identities and access to resources within an organization. With the increasing use of web services, identity management has become a critical component in ensuring the security of these services. Web services use various protocols such as SOAP and REST to communicate and transfer data between applications and services. Identity management can be used in conjunction with these protocols to ensure secure access to web services. Here are some best practices for identity management in web services: Authentication: Use strong authentication mechanisms to verify the identity of users accessing the web service. This can include passwords, two-factor authentication, and PKI. Authorization: Use authorization mechanisms to limit the actions that authorized users can perform. This can include role-based access control (RBAC) and attribute-based access control (ABAC). Single Sign-On (SSO): Implement SSO to allow users to access multiple web services with a single set of credentials. This can improve user experience and reduce the risk of credential- based attacks. Federated Identity: Implement federated identity to enable users to access web services across different organizations and domains using their own identities. Identity and Access Management (IAM) Solutions: Implement IAM solutions to automate the management of user identities and access to web services. This can include solutions such as identity provisioning, access request and approval workflows, and policy-based access control. Security Standards: Use security standards such as OAuth and OpenID Connect to ensure secure access to web services. Encryption: Use encryption to protect sensitive data transmitted between applications and services, and to prevent unauthorized access to web services. Identity management is crucial for ensuring the security of web services. Best practices for identity management in web services include using strong authentication and authorization mechanisms, implementing SSO and federated identity, using IAM solutions, adhering to security standards, and using encryption.
Authorization Patterns- Authorization patterns are used to implement access control for resources in an application or system. They are used to determine whether a user or entity has the necessary permissions to perform a specific action or access a specific resource. Authorization patterns can be implemented in various ways depending on the application or system requirements. Here are some common authorization patterns: Role-Based Access Control (RBAC): RBAC is a popular authorization pattern that grants permissions based on user roles. Users are assigned to roles, and roles are granted permissions to perform specific actions or access specific resources. This simplifies the management of permissions as roles can be easily added or removed. Attribute-Based Access Control (ABAC): ABAC is an authorization pattern that grants permissions based on attributes associated with the user or entity requesting access. For example, access may be granted based on the user's location, job title, or department. Rule-Based Access Control (RBAC): RBAC is an authorization pattern that grants permissions based on predefined rules. Rules can be defined based on various criteria such as user roles, attributes, and resource types. Discretionary Access Control (DAC): DAC is an authorization pattern that grants permissions to the owner of a resource to decide who can access it. This is commonly used in file systems, where file owners can set permissions for other users or groups to access the file. Mandatory Access Control (MAC): MAC is an authorization pattern that grants permissions based on security labels assigned to resources and users. The security labels define the level of security clearance required to access a resource. Role-Based Access Control with Hierarchies (RBACH): RBACH is an extension of RBAC that includes hierarchies within the roles. This allows for more granular control over permissions and can be useful in organizations with complex structures. Attribute-Based Access Control with Context (ABAC-CTX): ABAC-CTX is an extension of ABAC that includes contextual information such as time of day, location, and device used. This allows for more fine- grained control over permissions and can be useful in applications where access needs to be restricted based on contextual information. Authorization patterns are used to implement access control for resources in an application or system. Common authorization patterns include RBAC, ABAC, RBAC with hierarchies, ABAC with context, DAC, and MAC. The choice of authorization pattern will depend on the application or system requirements and the level of granularity required for access control. Security Considerations- Security considerations are an essentialpart of developing any software or system. They involve identifying potential security threats and vulnerabilities, and implementing measures to mitigate those risks. Here are some important security considerations to keep in mind: Authentication and Authorization: Implement strong authentication and authorization mechanisms to ensure that only authorized users can access the system or data. This may include multi-factor authentication, role-based access control, and encryption of sensitive data. Input Validation: Validate all inputs to the system, including user inputs and data from external sources, to prevent injection attacks such as SQL injection and cross-site scripting (XSS).
Secure Communication: Use secure communication protocols such as HTTPS, SSL/TLS, and SSH to protect data transmitted over networks and prevent eavesdropping, tampering, and other attacks. Data Protection: Implement appropriate data protection mechanisms such as encryption, hashing, and obfuscation to protect sensitive data at rest and in transit. Security Testing: Conduct regular security testing, including penetration testing and vulnerability scanning, to identify and address potential security issues. Updates and Patches: Keep the software and system up-to-date with the latest security patches and updates to address known vulnerabilities and bugs. Access Control: Implement strong access controls to restrict access to sensitive resources and data to authorized personnel only. Logging and Monitoring: Implement logging and monitoring mechanisms to track user activities and detect potential security incidents. Disaster Recovery and Business Continuity: Implement disaster recovery and business continuity plans to ensure that the system can recover from security incidents and maintain operations in the event of a disaster. Security considerations are crucial in developing and maintaining secure software and systems. Best practices include implementing strong authentication and authorization, input validation, secure communication, data protection, security testing, updates and patches, access control, logging and monitoring, and disaster recovery and business continuity plans. Challenges- There are several challenges associated with implementing and maintaining security in software and systems. Here are some of the most common challenges: Complexity:As systems become more complex, it becomes more difficult to identify and mitigatepotential security risks. Complex systems may have multiple layers of hardware and software, and interactions between these layers can create vulnerabilities that are difficult to detect and address. Rapid Development: The pressure to develop software quickly can lead to security being overlooked or deprioritized. Developers may not have the time or resources to thoroughly test forsecurity issues, leaving the system vulnerable to attacks. Lack of Awareness: Many developers and users may not be fully aware of the security risks associated with their software or systems. This can lead to poor security practices and increased vulnerability to attacks. Constantly Evolving Threats: Security threats are constantly evolving, and attackers are constantly developing new techniques to exploit vulnerabilities. This means that software and systems must be constantly updated and maintained to keep up with the latest threats. User Behavior: User behavior can also create security challenges, as users may inadvertently introduce vulnerabilities through their actions. For example, users may click on phishing links, use weak passwords, or share sensitive information via insecure channels. Legacy Systems: Legacy systems can also present security challenges, as they may be built on outdated technology and lack the latest security features. Upgrading or replacing these systems can be difficult and costly, but leaving them in place can create security risks. Compliance: Many industries and regulatory bodies have strict security compliance requirements that
must be met. Ensuring compliance can be challenging, as it may require significant resources and may be subject to changing regulations. In implementing and maintaining security in software and systems can be challenging due to the complexity of systems, the pressure to develop software quickly, a lack of awareness of security risks, evolving threats, user behavior, legacy systems, and compliance requirements. It is important to address these challenges proactively and implement best practices for security to mitigate potential risks. Open Source/Free/Trial Tools: Adb for android- ADB (Android Debug Bridge) is a command-line tool that is part of the Android SDK (Software Development Kit). ADB allows developers to interact with an Android device over a USB connection, enabling them to install, debug, and test applications directly on the device. Here are some common uses of ADB for Android: Installing Applications: Developers can use ADB to install applications on an Android device directly from their computer. Debugging Applications: Developers can use ADB to debug applications running on an Android device, allowing them to identify and fix bugs. Accessing theAndroidShell: ADB provides access tothe Androidshell,which allows developers to execute commands on the device. Copying Files: ADB can be used to copy files between a computer and an Android device, making it easy to transfer data between the two. Taking Screenshots: ADB can be used to take screenshots of an Android device, which can be helpful for debugging and testing. It's important to note that ADB can also be a security risk if not used properly. By default, ADB is enabled on Android devices, which means that anyone with physical access to the device can use ADB to access its data and control its functions. Therefore, it's important to disable ADB when not in use and only enable it for authorized users. Additionally, it's important to only use ADB commands from trusted sources to avoid installing malware or other malicious software on the device. xcode for ios- Xcode is an integrated development environment (IDE) for iOS and macOS app development. It is developed by Apple and includes a suite of tools for building, testing, and deploying iOS apps. Here are some key features of Xcode for iOS: Interface Builder: Xcode includes a graphical interface builder that allows developers to visually design user interfaces for their iOS apps. Code Editor: Xcode's code editor includes features such as syntax highlighting, code completion, and code folding to help developers write code more efficiently. Simulator: Xcode includes a simulator that allows developers to test their iOS apps on a virtual device without needing an actual iPhone or iPad. Debugger: Xcode includes a powerful debugger that allows developers to identify and fix bugs in their
iOS apps. Instruments: Xcode includes a suite of performance analysis tools called Instruments that help developers identify performance issues in their iOS apps. Source Control: Xcode includes built-in support for source control, making it easy for developers to manage versions of their code and collaborate with others. App Distribution: Xcode includes tools for deploying iOS apps to the App Store or to devices for testing and development purposes. Overall, Xcode is a powerful tool for iOS app development that includes a wide range of features to help developers build, test, and deploy high-quality iOS apps. Implementation of REST/ SOAP web services and Security Implementation. To implement RESTful web services, developers typically follow a set of best practices that include the following steps: Define resources: Identify the resources that the API will expose, such as users, products, or orders. Define HTTP methods: For each resource, define the HTTP methods that will be used to perform operations on the resource, such as GET, POST, PUT, and DELETE. Define resource URIs: Define the URI for each resource, which is the URL that clients will use to access the resource. The URI should follow a consistent and meaningful structure. Implement endpoints: Implement the endpoints for each resource and HTTP method. These endpoints should perform the appropriate actions on the resource and return the appropriate response codes and content. Use HTTP status codes: Use HTTP status codes to indicate the outcome of each API request. This includes 200 OK for successful requests, 400 Bad Request for malformed requests, and 404 Not Found for requests for nonexistent resources. Use standard response formats: Use standard response formats, such as JSON or XML, to make the API consistent and easy to use. Document the API: Document the API to make it easy for developers to use and understand. This documentation should include information on how to use the API, the available resources and methods, and any authentication or security requirements. In addition to these steps, developers should also consider security measures such as authentication and encryption to protect the API and its users. Overall, by following these best practices, developers can create RESTful web services that are scalable, reliable, and easy to use. SOAP web services SOAP (Simple Object Access Protocol) web services are a type of web service that uses the SOAP protocol to exchange structured data between applications over the internet. SOAP is an XML-based protocol that uses HTTP or other transport protocols to transmit messages between applications. SOAP web services have the following characteristics: Standardized protocol: SOAP is a standardized protocol, which means that it can be used by any application that supports it.
Supports different data formats: SOAP supports different data formats, including XML, JSON, and binary data. Language- and platform-independent: SOAP is language- and platform-independent, which means that applications written in different languages and running on different platforms can communicate with each other using SOAP. Supports message-level security: SOAP supports message-level security mechanisms such as XML Encryption and XML Signature to ensure the integrity and confidentiality of messages. Supports RPC-style and document-style messages: SOAP supports two message styles: RPC (Remote Procedure Call) and document-style messages. Requires a WSDL file: SOAP web services require a WSDL (Web Services Description Language) file that describes the interface of the web service. Can be used with other web service standards: SOAP can be used with other web service standards such as WS-Addressing and WS-Security. SOAP web services are widely used in enterprise environments because of their standardized protocol and support for message-level security mechanisms. However, they can be more complex to implement and use than other types of web services such as RESTful web services. Security Implementation- To implement security for SOAP web services, developers can follow these best practices: Use secure transport: SOAP messages should be transmitted over a secure transport layer such as SSL/TLS to prevent eavesdropping and tampering. Use message-level security: Developers should use message-level security mechanisms such as XML Encryption and XML Signature to ensure the integrity and confidentiality of SOAP messages. Implement authentication: Developers should implement authentication mechanisms to ensure that only authorized users can access the web service. This can be done using basic authentication, token- based authentication, or SAML (Security Assertion Markup Language). Implement authorization: Developers should implement authorization mechanisms to ensure that users can only access the resources they are authorized to access. This can be done using role-based access control or attribute-based access control. Validate input: Developers should validate all input parameters to prevent attacks such as SQL injection or cross-site scripting (XSS). Implement auditing and logging: Developers should implement auditing and logging mechanisms to track web service usage and identify any suspicious activity. Use a WSDL-first approach: Developers should use a WSDL-first approach when implementing SOAP web services. This involves designing the WSDL file before writing any code, which can help ensure that the web service is properly secured and that the interface is well-defined. These best practices, developers can ensure that their SOAP web services are secure, reliable, and can be used to build robust and scalable applications.

Recommended

Best Security Practices for Web Application Development.pdf
Best Security Practices for Web Application Development.pdfBest Security Practices for Web Application Development.pdf
Best Security Practices for Web Application Development.pdf
Digital Auxilio Technologies
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
Jignesh Solanki
 
Module 4 Cyber Security Vulnerabilities& Safe Guards
Module 4 Cyber Security Vulnerabilities& Safe GuardsModule 4 Cyber Security Vulnerabilities& Safe Guards
Module 4 Cyber Security Vulnerabilities& Safe Guards
Sitamarhi Institute of Technology
 
Module 4.pdf
Module 4.pdfModule 4.pdf
Module 4.pdf
Sitamarhi Institute of Technology
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
Moon Technolabs Pvt. Ltd.
 
Cybersecurity In IoT Challenges And Effective Strategies.pdf
Cybersecurity In IoT Challenges And Effective Strategies.pdfCybersecurity In IoT Challenges And Effective Strategies.pdf
Cybersecurity In IoT Challenges And Effective Strategies.pdf
RahimMakhani2
 
Mobile App Security Protecting Your App from Cyber Threats.edited.docx
Mobile App Security Protecting Your App from Cyber Threats.edited.docxMobile App Security Protecting Your App from Cyber Threats.edited.docx
Mobile App Security Protecting Your App from Cyber Threats.edited.docx
madhuri871014
 
MBM Security Products Matrix
MBM Security Products MatrixMBM Security Products Matrix
MBM Security Products Matrix
MBMeHealthCareSolutions
 

Recommended

Best Security Practices for Web Application Development.pdf
Best Security Practices for Web Application Development.pdfBest Security Practices for Web Application Development.pdf
Best Security Practices for Web Application Development.pdf
Digital Auxilio Technologies
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
Jignesh Solanki
 
Module 4 Cyber Security Vulnerabilities& Safe Guards
Module 4 Cyber Security Vulnerabilities& Safe GuardsModule 4 Cyber Security Vulnerabilities& Safe Guards
Module 4 Cyber Security Vulnerabilities& Safe Guards
Sitamarhi Institute of Technology
 
Module 4.pdf
Module 4.pdfModule 4.pdf
Module 4.pdf
Sitamarhi Institute of Technology
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
Moon Technolabs Pvt. Ltd.
 
Cybersecurity In IoT Challenges And Effective Strategies.pdf
Cybersecurity In IoT Challenges And Effective Strategies.pdfCybersecurity In IoT Challenges And Effective Strategies.pdf
Cybersecurity In IoT Challenges And Effective Strategies.pdf
RahimMakhani2
 
Mobile App Security Protecting Your App from Cyber Threats.edited.docx
Mobile App Security Protecting Your App from Cyber Threats.edited.docxMobile App Security Protecting Your App from Cyber Threats.edited.docx
Mobile App Security Protecting Your App from Cyber Threats.edited.docx
madhuri871014
 
MBM Security Products Matrix
MBM Security Products MatrixMBM Security Products Matrix
MBM Security Products Matrix
MBMeHealthCareSolutions
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
ijtsrd
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
Divyank Jindal
 
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
online Marketing
 
GitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial ServicesGitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial Services
Debbie A. Everson
 
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
Belayet Hossain
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
MohanPandey31
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application Platform
Nugroho Gito
 
Mobile App Security How Bahrain Development Companies Ensure Protection.edite...
Mobile App Security How Bahrain Development Companies Ensure Protection.edite...Mobile App Security How Bahrain Development Companies Ensure Protection.edite...
Mobile App Security How Bahrain Development Companies Ensure Protection.edite...
madhuri871014
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
cuddietheresa
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
salmonpybus
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
Idexcel Technologies
 
386sum08ch8
386sum08ch8386sum08ch8
386sum08ch8
virtualmemory
 
Security Challenges in IoT Software Development and Possible Solutions.pdf
Security Challenges in IoT Software Development and Possible Solutions.pdfSecurity Challenges in IoT Software Development and Possible Solutions.pdf
Security Challenges in IoT Software Development and Possible Solutions.pdf
JPLoft Solutions
 
iot security standard.pdf
iot security standard.pdfiot security standard.pdf
iot security standard.pdf
Selromsoftwaresoluti
 
Cn35499502
Cn35499502Cn35499502
Cn35499502
IJERA Editor
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
NeilStark1
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdf
NeilStark1
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
NeilStark1
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
CitiusTech
 
Flutter App Development Best Practices: 10 Essential Security Measures
Flutter App Development Best Practices: 10 Essential Security MeasuresFlutter App Development Best Practices: 10 Essential Security Measures
Flutter App Development Best Practices: 10 Essential Security Measures
Shiv Technolabs Pvt. Ltd.
 
Project Front_Page.pdf
Project Front_Page.pdfProject Front_Page.pdf
Project Front_Page.pdf
Sitamarhi Institute of Technology
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdf
Sitamarhi Institute of Technology
 

More Related Content

Similar to Module 6.pdf

Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
ijtsrd
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
Divyank Jindal
 
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
online Marketing
 
GitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial ServicesGitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial Services
Debbie A. Everson
 
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
Belayet Hossain
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
MohanPandey31
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application Platform
Nugroho Gito
 
Mobile App Security How Bahrain Development Companies Ensure Protection.edite...
Mobile App Security How Bahrain Development Companies Ensure Protection.edite...Mobile App Security How Bahrain Development Companies Ensure Protection.edite...
Mobile App Security How Bahrain Development Companies Ensure Protection.edite...
madhuri871014
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
cuddietheresa
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
salmonpybus
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
Idexcel Technologies
 
386sum08ch8
386sum08ch8386sum08ch8
386sum08ch8
virtualmemory
 
Security Challenges in IoT Software Development and Possible Solutions.pdf
Security Challenges in IoT Software Development and Possible Solutions.pdfSecurity Challenges in IoT Software Development and Possible Solutions.pdf
Security Challenges in IoT Software Development and Possible Solutions.pdf
JPLoft Solutions
 
iot security standard.pdf
iot security standard.pdfiot security standard.pdf
iot security standard.pdf
Selromsoftwaresoluti
 
Cn35499502
Cn35499502Cn35499502
Cn35499502
IJERA Editor
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
NeilStark1
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdf
NeilStark1
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
NeilStark1
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
CitiusTech
 
Flutter App Development Best Practices: 10 Essential Security Measures
Flutter App Development Best Practices: 10 Essential Security MeasuresFlutter App Development Best Practices: 10 Essential Security Measures
Flutter App Development Best Practices: 10 Essential Security Measures
Shiv Technolabs Pvt. Ltd.
 

Similar to Module 6.pdf (20)

Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
 
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
 
GitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial ServicesGitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial Services
 
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application Platform
 
Mobile App Security How Bahrain Development Companies Ensure Protection.edite...
Mobile App Security How Bahrain Development Companies Ensure Protection.edite...Mobile App Security How Bahrain Development Companies Ensure Protection.edite...
Mobile App Security How Bahrain Development Companies Ensure Protection.edite...
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
 
386sum08ch8
386sum08ch8386sum08ch8
386sum08ch8
 
Security Challenges in IoT Software Development and Possible Solutions.pdf
Security Challenges in IoT Software Development and Possible Solutions.pdfSecurity Challenges in IoT Software Development and Possible Solutions.pdf
Security Challenges in IoT Software Development and Possible Solutions.pdf
 
iot security standard.pdf
iot security standard.pdfiot security standard.pdf
iot security standard.pdf
 
Cn35499502
Cn35499502Cn35499502
Cn35499502
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdf
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
 
Flutter App Development Best Practices: 10 Essential Security Measures
Flutter App Development Best Practices: 10 Essential Security MeasuresFlutter App Development Best Practices: 10 Essential Security Measures
Flutter App Development Best Practices: 10 Essential Security Measures
 

More from Sitamarhi Institute of Technology

Project Front_Page.pdf
Project Front_Page.pdfProject Front_Page.pdf
Project Front_Page.pdf
Sitamarhi Institute of Technology
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdf
Sitamarhi Institute of Technology
 
Module 5.pdf
Module 5.pdfModule 5.pdf
Module 5.pdf
Sitamarhi Institute of Technology
 
Module 7.pdf
Module 7.pdfModule 7.pdf
Module 7.pdf
Sitamarhi Institute of Technology
 
Module 2.pdf
Module 2.pdfModule 2.pdf
Module 2.pdf
Sitamarhi Institute of Technology
 
Module 3.pdf
Module 3.pdfModule 3.pdf
Module 3.pdf
Sitamarhi Institute of Technology
 
short notes bio
short notes bioshort notes bio
short notes bio
Sitamarhi Institute of Technology
 
Photosynthesis.pptx
Photosynthesis.pptxPhotosynthesis.pptx
Photosynthesis.pptx
Sitamarhi Institute of Technology
 
Concept of Allele.pptx
Concept of Allele.pptxConcept of Allele.pptx
Concept of Allele.pptx
Sitamarhi Institute of Technology
 
Genetics.pptx
Genetics.pptxGenetics.pptx
Genetics.pptx
Sitamarhi Institute of Technology
 
8m Biology.pdf
8m Biology.pdf8m Biology.pdf
8m Biology.pdf
Sitamarhi Institute of Technology
 
Module 5.pptx
Module 5.pptxModule 5.pptx
Module 5.pptx
Sitamarhi Institute of Technology
 
Mendel’s experiment.pptx
Mendel’s experiment.pptxMendel’s experiment.pptx
Mendel’s experiment.pptx
Sitamarhi Institute of Technology
 
microbiology.pptx
microbiology.pptxmicrobiology.pptx
microbiology.pptx
Sitamarhi Institute of Technology
 
BIOLOGY 7sem.pdf
BIOLOGY 7sem.pdfBIOLOGY 7sem.pdf
BIOLOGY 7sem.pdf
Sitamarhi Institute of Technology
 
Heirarchy of life forms and classification.pptx
Heirarchy of life forms and classification.pptxHeirarchy of life forms and classification.pptx
Heirarchy of life forms and classification.pptx
Sitamarhi Institute of Technology
 
Amino acids and proteins.pptx
Amino acids and proteins.pptxAmino acids and proteins.pptx
Amino acids and proteins.pptx
Sitamarhi Institute of Technology
 
BIO.docx
BIO.docxBIO.docx
BIO.docx
Sitamarhi Institute of Technology
 
clasification based on celluarity.pptx
clasification based on celluarity.pptxclasification based on celluarity.pptx
clasification based on celluarity.pptx
Sitamarhi Institute of Technology
 
Science vs engineering.pptx
Science vs engineering.pptxScience vs engineering.pptx
Science vs engineering.pptx
Sitamarhi Institute of Technology
 

More from Sitamarhi Institute of Technology (20)

Project Front_Page.pdf
Project Front_Page.pdfProject Front_Page.pdf
Project Front_Page.pdf
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdf
 
Module 5.pdf
Module 5.pdfModule 5.pdf
Module 5.pdf
 
Module 7.pdf
Module 7.pdfModule 7.pdf
Module 7.pdf
 
Module 2.pdf
Module 2.pdfModule 2.pdf
Module 2.pdf
 
Module 3.pdf
Module 3.pdfModule 3.pdf
Module 3.pdf
 
short notes bio
short notes bioshort notes bio
short notes bio
 
Photosynthesis.pptx
Photosynthesis.pptxPhotosynthesis.pptx
Photosynthesis.pptx
 
Concept of Allele.pptx
Concept of Allele.pptxConcept of Allele.pptx
Concept of Allele.pptx
 
Genetics.pptx
Genetics.pptxGenetics.pptx
Genetics.pptx
 
8m Biology.pdf
8m Biology.pdf8m Biology.pdf
8m Biology.pdf
 
Module 5.pptx
Module 5.pptxModule 5.pptx
Module 5.pptx
 
Mendel’s experiment.pptx
Mendel’s experiment.pptxMendel’s experiment.pptx
Mendel’s experiment.pptx
 
microbiology.pptx
microbiology.pptxmicrobiology.pptx
microbiology.pptx
 
BIOLOGY 7sem.pdf
BIOLOGY 7sem.pdfBIOLOGY 7sem.pdf
BIOLOGY 7sem.pdf
 
Heirarchy of life forms and classification.pptx
Heirarchy of life forms and classification.pptxHeirarchy of life forms and classification.pptx
Heirarchy of life forms and classification.pptx
 
Amino acids and proteins.pptx
Amino acids and proteins.pptxAmino acids and proteins.pptx
Amino acids and proteins.pptx
 
BIO.docx
BIO.docxBIO.docx
BIO.docx
 
clasification based on celluarity.pptx
clasification based on celluarity.pptxclasification based on celluarity.pptx
clasification based on celluarity.pptx
 
Science vs engineering.pptx
Science vs engineering.pptxScience vs engineering.pptx
Science vs engineering.pptx
 

Recently uploaded

Social media management system project report.pdf
Social media management system project report.pdfSocial media management system project report.pdf
Social media management system project report.pdf
Kamal Acharya
 
OCS Training - Rig Equipment Inspection - Advanced 5 Days_IADC.pdf
OCS Training - Rig Equipment Inspection - Advanced 5 Days_IADC.pdfOCS Training - Rig Equipment Inspection - Advanced 5 Days_IADC.pdf
OCS Training - Rig Equipment Inspection - Advanced 5 Days_IADC.pdf
Muanisa Waras
 
Lecture 3 Biomass energy...............ppt
Lecture 3 Biomass energy...............pptLecture 3 Biomass energy...............ppt
Lecture 3 Biomass energy...............ppt
RujanTimsina1
 
Analysis and Design of Algorithm Lab Manual (BCSL404)
Analysis and Design of Algorithm Lab Manual (BCSL404)Analysis and Design of Algorithm Lab Manual (BCSL404)
Analysis and Design of Algorithm Lab Manual (BCSL404)
VishalMore197390
 
Advances in Detect and Avoid for Unmanned Aircraft Systems and Advanced Air M...
Advances in Detect and Avoid for Unmanned Aircraft Systems and Advanced Air M...Advances in Detect and Avoid for Unmanned Aircraft Systems and Advanced Air M...
Advances in Detect and Avoid for Unmanned Aircraft Systems and Advanced Air M...
VICTOR MAESTRE RAMIREZ
 
Coroutines Flow & Channels Workshop Slides
Coroutines Flow & Channels Workshop SlidesCoroutines Flow & Channels Workshop Slides
Coroutines Flow & Channels Workshop Slides
Morteza Nedaei
 
Development of Chatbot Using AI/ML Technologies
Development of Chatbot Using AI/ML TechnologiesDevelopment of Chatbot Using AI/ML Technologies
Development of Chatbot Using AI/ML Technologies
maisnampibarel
 
CS8651- Unit 2 - JS.internet programming paper anna university -2017 regulation
CS8651- Unit 2 - JS.internet programming paper anna university -2017 regulationCS8651- Unit 2 - JS.internet programming paper anna university -2017 regulation
CS8651- Unit 2 - JS.internet programming paper anna university -2017 regulation
amrashbhanuabdul
 
How to Manage Internal Notes in Odoo 17 POS
How to Manage Internal Notes in Odoo 17 POSHow to Manage Internal Notes in Odoo 17 POS
How to Manage Internal Notes in Odoo 17 POS
Celine George
 
Understanding Cybersecurity Breaches: Causes, Consequences, and Prevention
Understanding Cybersecurity Breaches: Causes, Consequences, and PreventionUnderstanding Cybersecurity Breaches: Causes, Consequences, and Prevention
Understanding Cybersecurity Breaches: Causes, Consequences, and Prevention
Bert Blevins
 
Lecture Notes for computer networks subject
Lecture Notes for computer networks subjectLecture Notes for computer networks subject
Lecture Notes for computer networks subject
ssuseree48e0
 
Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...
Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...
Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...
IJAEMSJORNAL
 
Introduction to neural network (Module 1).pptx
Introduction to neural network (Module 1).pptxIntroduction to neural network (Module 1).pptx
Introduction to neural network (Module 1).pptx
archanac21
 
South Mumbai @Call @Girls Whatsapp 9930687706 With High Profile Service
South Mumbai @Call @Girls Whatsapp 9930687706 With High Profile ServiceSouth Mumbai @Call @Girls Whatsapp 9930687706 With High Profile Service
South Mumbai @Call @Girls Whatsapp 9930687706 With High Profile Service
kolkata dolls
 
Research Experience during my undergraduate study.pptx
Research Experience during my undergraduate study.pptxResearch Experience during my undergraduate study.pptx
Research Experience during my undergraduate study.pptx
gxz1691543945
 
Citrix Workspace - Diagrams and Icons.pptx
Citrix Workspace - Diagrams and Icons.pptxCitrix Workspace - Diagrams and Icons.pptx
Citrix Workspace - Diagrams and Icons.pptx
kriangkb1
 
PMSM-Motor-Control : A research about FOC
PMSM-Motor-Control : A research about FOCPMSM-Motor-Control : A research about FOC
PMSM-Motor-Control : A research about FOC
itssurajthakur06
 
13 tricks to get the most out of the S Pen
13 tricks to get the most out of the S Pen13 tricks to get the most out of the S Pen
13 tricks to get the most out of the S Pen
aashuverma204
 
Bangalore @ℂall @Girls ꧁❤ 0000000000 ❤꧂@ℂall @Girls Service Vip Top Model Safe
Bangalore @ℂall @Girls ꧁❤ 0000000000 ❤꧂@ℂall @Girls Service Vip Top Model SafeBangalore @ℂall @Girls ꧁❤ 0000000000 ❤꧂@ℂall @Girls Service Vip Top Model Safe
Bangalore @ℂall @Girls ꧁❤ 0000000000 ❤꧂@ℂall @Girls Service Vip Top Model Safe
bookhotbebes1
 

Recently uploaded (20)

Social media management system project report.pdf
Social media management system project report.pdfSocial media management system project report.pdf
Social media management system project report.pdf
 
OCS Training - Rig Equipment Inspection - Advanced 5 Days_IADC.pdf
OCS Training - Rig Equipment Inspection - Advanced 5 Days_IADC.pdfOCS Training - Rig Equipment Inspection - Advanced 5 Days_IADC.pdf
OCS Training - Rig Equipment Inspection - Advanced 5 Days_IADC.pdf
 
Lecture 3 Biomass energy...............ppt
Lecture 3 Biomass energy...............pptLecture 3 Biomass energy...............ppt
Lecture 3 Biomass energy...............ppt
 
Analysis and Design of Algorithm Lab Manual (BCSL404)
Analysis and Design of Algorithm Lab Manual (BCSL404)Analysis and Design of Algorithm Lab Manual (BCSL404)
Analysis and Design of Algorithm Lab Manual (BCSL404)
 
Advances in Detect and Avoid for Unmanned Aircraft Systems and Advanced Air M...
Advances in Detect and Avoid for Unmanned Aircraft Systems and Advanced Air M...Advances in Detect and Avoid for Unmanned Aircraft Systems and Advanced Air M...
Advances in Detect and Avoid for Unmanned Aircraft Systems and Advanced Air M...
 
Coroutines Flow & Channels Workshop Slides
Coroutines Flow & Channels Workshop SlidesCoroutines Flow & Channels Workshop Slides
Coroutines Flow & Channels Workshop Slides
 
Development of Chatbot Using AI/ML Technologies
Development of Chatbot Using AI/ML TechnologiesDevelopment of Chatbot Using AI/ML Technologies
Development of Chatbot Using AI/ML Technologies
 
CS8651- Unit 2 - JS.internet programming paper anna university -2017 regulation
CS8651- Unit 2 - JS.internet programming paper anna university -2017 regulationCS8651- Unit 2 - JS.internet programming paper anna university -2017 regulation
CS8651- Unit 2 - JS.internet programming paper anna university -2017 regulation
 
How to Manage Internal Notes in Odoo 17 POS
How to Manage Internal Notes in Odoo 17 POSHow to Manage Internal Notes in Odoo 17 POS
How to Manage Internal Notes in Odoo 17 POS
 
Understanding Cybersecurity Breaches: Causes, Consequences, and Prevention
Understanding Cybersecurity Breaches: Causes, Consequences, and PreventionUnderstanding Cybersecurity Breaches: Causes, Consequences, and Prevention
Understanding Cybersecurity Breaches: Causes, Consequences, and Prevention
 
Lecture Notes for computer networks subject
Lecture Notes for computer networks subjectLecture Notes for computer networks subject
Lecture Notes for computer networks subject
 
Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...
Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...
Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...
 
Introduction to neural network (Module 1).pptx
Introduction to neural network (Module 1).pptxIntroduction to neural network (Module 1).pptx
Introduction to neural network (Module 1).pptx
 
catalyst-1200-1300-series-switchesbdm.pptx
catalyst-1200-1300-series-switchesbdm.pptxcatalyst-1200-1300-series-switchesbdm.pptx
catalyst-1200-1300-series-switchesbdm.pptx
 
South Mumbai @Call @Girls Whatsapp 9930687706 With High Profile Service
South Mumbai @Call @Girls Whatsapp 9930687706 With High Profile ServiceSouth Mumbai @Call @Girls Whatsapp 9930687706 With High Profile Service
South Mumbai @Call @Girls Whatsapp 9930687706 With High Profile Service
 
Research Experience during my undergraduate study.pptx
Research Experience during my undergraduate study.pptxResearch Experience during my undergraduate study.pptx
Research Experience during my undergraduate study.pptx
 
Citrix Workspace - Diagrams and Icons.pptx
Citrix Workspace - Diagrams and Icons.pptxCitrix Workspace - Diagrams and Icons.pptx
Citrix Workspace - Diagrams and Icons.pptx
 
PMSM-Motor-Control : A research about FOC
PMSM-Motor-Control : A research about FOCPMSM-Motor-Control : A research about FOC
PMSM-Motor-Control : A research about FOC
 
13 tricks to get the most out of the S Pen
13 tricks to get the most out of the S Pen13 tricks to get the most out of the S Pen
13 tricks to get the most out of the S Pen
 
Bangalore @ℂall @Girls ꧁❤ 0000000000 ❤꧂@ℂall @Girls Service Vip Top Model Safe
Bangalore @ℂall @Girls ꧁❤ 0000000000 ❤꧂@ℂall @Girls Service Vip Top Model SafeBangalore @ℂall @Girls ꧁❤ 0000000000 ❤꧂@ℂall @Girls Service Vip Top Model Safe
Bangalore @ℂall @Girls ꧁❤ 0000000000 ❤꧂@ℂall @Girls Service Vip Top Model Safe
 

Module 6.pdf

  • 1. Cyber Security [105713] – Notes Module 6 Security in Evolving Technology: Biometrics, Mobile Computing and Hardening on android and ios, IOT Security, Web server configuration and Security. Introduction, Basic security for HTTP Applications and Services, Basic Security for Web Services like SOAP, REST etc., Identity Management and Web Services, Authorization Patterns, Security Considerations, Challenges. Open Source/ Free/ Trial Tools: adb for android, xcode for ios, Implementation of REST/ SOAP web services and Security implementations. Security in Evolving Technology Security is a critical concern in all areas of technology, and this is particularly true in rapidly evolving fields. As new technologies are developed and implemented, there are always new security risks and vulnerabilities that must be addressed. Here are some key considerations for security in evolving technology: Stay up-to-date: It's crucial to stay informed about the latest security threats and trends in your industry. This includes reading industry publications, attending conferences, and networking with other professionals. This will help you stay on top of emerging security risks and technologies. Adopta proactiveapproach:Ratherthanwaiting forsecurity breaches tooccur,adopt a proactive approach by implementing regular security audits and assessments. This will help you identify potential vulnerabilities and implement the necessary security measures to prevent attacks. Choose the right technology: When selecting new technology, be sure to carefully consider its security implications. Choose technologies that have a strong track record of security, or work with vendors who can provide robust security features and support. Train your employees: Employees can be the weakest link in any security program. Make sure that all employees are trained on best practices for security, including password hygiene, phishing scams, and other security risks. Implement robust security protocols: Finally, be sure to implement robust security protocols across all systems and applications. This may include multi-factor authentication, encryption, access controls, and monitoring and logging of all system activity. Biometrics- This can include fingerprints, facial recognition, iris scans, voice recognition, and more. Biometric authentication is becoming increasingly popular in many areas, including mobile devices,banking and finance, and government identification. One of the key advantages of biometric authentication is its ability to provide strong, convenient, and secure authentication. Biometric data is unique to each individual and difficult to replicate, making it a powerful tool for authentication purposes. Biometric authentication can also eliminate the need for passwords, which are often the weak link in traditional authentication systems. However, there are also some concerns around the use of biometrics, particularly around privacy
  • 2. and security. Biometric data can be sensitive, and if it falls into the wrong hands, it can be used for identity theft or other malicious purposes. There is also the risk of false positives and false negatives in biometric authentication systems, which can result in denied access or unauthorized access. To address these concerns, it's important to implement robust security measures around biometricdata.Thismay include encryption,accesscontrols,andmonitoring ofall system activity. It's also important to have clear policies around the use and storage of biometric data, and to obtain consent from individuals before collecting and using their biometric data. Mobile Computing and Hardening on android and ios Mobile computing has become an integral part of our lives, with smartphones and tablets becoming the primary computing devices for many people. However, these devices are also vulnerable to a range of security threats, including malware, phishing attacks, and unauthorized access. To mitigate these risks, it's important to harden mobile devices, particularly on the Android and iOS platforms. Android:  Keep the operating system and all applications up-to-date to ensure the latest security patches are installed.  Install apps only from trusted sources such as Google Play Store.  Use antivirus software to scan for malware and protect against other security threats.  Enable the device encryption feature to protect the device data in case of loss or theft.  Disable developer mode and USB debugging when not in use to prevent unauthorized access. iOS:  Keep the operating system and all applications up-to-date to ensure the latest security patches are installed.  Use strong passwords, Face ID, or Touch ID for device authentication.  Use two-factor authentication for Apple ID and other important accounts.  Enable the device encryption feature to protect the device data in case of loss or theft. Limit app permissions and avoid jailbreaking the device, as these canincrease security risks. IOT Security- The Internet of Things (IoT) the network of devices that are connected to the internet and can communicate with each other. This includes devices such as smart home appliances, medical
  • 3. devices, and industrial control systems. While IoT has the potential to bring many benefits, it also presents significant security challenges. Here are some key considerations for IoT security: Device authentication: It's important to ensure that only authorized devices are able to communicate with the network. This can be achieved through device authentication, which verifies the identity of the device before allowing it to connect. Encryption: All communication between devices should be encrypted to prevent unauthorized access to sensitive data. Firmware updates: It's important to keep all IoT devices up-to-date with the latest firmware updates, which often include security patches to address vulnerabilities. Access controls: Access to IoT devices and networks should be restricted to authorized users only. This may include the use of passwords, two-factor authentication, and other access controls. Monitoring: It's important to monitor all IoT devices and networks for signs of unauthorized access or unusual activity. This can be achieved through network monitoring and device logs. Vendor support: When selecting IoT devices, it's important to choose vendors that provide robust security features and support. This may include regular firmware updates, security patches, and technical support. We server configuration and security- Web servers are critical components of web-based applications, and their configuration and security are essential to the performance and security of these applications. Here are some key considerations for web server configuration and security: Secure protocols: Use secure protocols such as HTTPS to encrypt communication between the web server and clients. Access controls: Restrict access to the web server to authorized users only, and use strong authentication mechanisms such as passwords, two-factor authentication, and public key infrastructure (PKI). Firewall: Use a firewall to restrict access to the web server from the internet, and configure it to block traffic from unauthorized sources. Server hardening: Configure the server to only run necessary services and software, and disable unnecessary services and ports to minimize the attack surface. File permissions: Set file permissions to restrict access to files and directories to only authorized users, and configure permissions to limit the actions that can be performed on files. Regular updates: Keep the web server software and operating system up-to-date with the latest security patches and updates to minimize vulnerabilities. Monitoring: Regularly monitor the web server logs and other security-related events to detect and respond to security incidents. Backups:Regularly backup the web server and its data to ensure that it can be restored in case ofa security incident or other disaster. IoT security presents significant challenges, but by following best practices such as device authentication, encryption, firmware updates, access controls, monitoring, and vendor support, organizations can help mitigate these risks and ensure the security of their IoT networks and devices. Introduction, Basic security for HTTP Applications and services- HTTP (Hypertext TransferProtocol) is the protocolusedby webbrowsers and web servers to communicate
  • 4. and transfer data over the internet. HTTP applications and services, such as web servers and web applications, are critical components of modern internet-based services. However, they are also frequent targets of cyberattacks due to their accessibility and popularity. Basic security measures can help protect these applications and services from attacks. Basic security for HTTP Applications and Services: Use HTTPS: Use HTTPS instead of HTTP to encrypt communication between the web server and clients. HTTPS helps protect against man-in-the-middle attacks and ensures data privacy and integrity. Input validation: Validate all user input to prevent input-based attacks such as SQL injection and cross- site scripting (XSS). Authentication and Authorization: Use strong authentication mechanisms such as passwords, two-factor authentication, and PKI, to verify the identity of users accessing the application or service. Use authorization mechanisms to limit the actions that authorized users can perform. Server hardening: Configure the server to only run necessary services and software, and disable unnecessary services and ports to minimize the attack surface. Regular updates: Keep the application or service software and operating system up-to-date with the latest security patches and updates to minimize vulnerabilities. Error handling: Implement proper error handling to avoid the exposure of sensitive information, such as file paths and database schema, to attackers. Access controls: Restrict access to the application or service to authorized users only, and use access controls to limit the actions that authorized users can perform. Monitoring: Regularly monitor the application or service logs and other security-related events to detect and respond to security incidents. Basic security measures for HTTP applications and services include using HTTPS, input validation, authentication and authorization, server hardening, regular updates, error handling, access controls, and monitoring. By following these practices, organizations can help ensure the security of their HTTP applications and services and protect against cyberattacks. Basic Security for Web Services like SOAP, REST Web services such as SOAP (Simple Object Access Protocol) and REST (Representational State Transfer) are widely used for exchanging data between applications and services. They use the HTTP protocol to transfer data, making them vulnerable to various attacks such as injection attacks, session hijacking, and denial of service (DoS) attacks. Basic security measures can help protect these web services from attacks. Basic Security for SOAP and REST:  Use HTTPS: Use HTTPS instead of HTTP to encrypt communication between the web service and clients. HTTPS helps protect against man-in-the-middle attacks and ensures data privacy and integrity.  Authentication and Authorization: Use strong authentication mechanisms such as passwords, two-factor authentication, and PKI, to verify the identity of users accessing the web service. Use authorization mechanisms to limit the actions that authorized users can perform.  Input validation: Validate all user input to prevent input-based attacks such as SQL injection and cross-site scripting (XSS).  Server hardening: Configure the server to only run necessary services and software, and disable unnecessary services and ports to minimize the attack surface.
  • 5.  Regular updates: Keep the web service software and operating system up-to-date with the latest security patches and updates to minimize vulnerabilities.  Error handling: Implement proper error handling to avoid the exposure of sensitive information, such as file paths and database schema, to attackers.  Access controls: Restrict access to the web service to authorized users only, and use access controls to limit the actions that authorized users can perform.  Rate limiting: Implement rate limiting to prevent DoS attacks and limit the amount of traffic that can be sent to the web service.  Monitoring: Regularly monitor the web service logs and other security-related events to detect and respond to security incidents. Basic security measures for web services like SOAP and REST include using HTTPS, authentication and authorization, input validation, server hardening, regular updates, error handling, access controls, rate limiting, and monitoring. By following these practices, organizations can help ensure the security of their web services and protect against cyberattacks. Identity Management and Web services- Identity management is the process of managing user identities and access to resources within an organization. With the increasing use of web services, identity management has become a critical component in ensuring the security of these services. Web services use various protocols such as SOAP and REST to communicate and transfer data between applications and services. Identity management can be used in conjunction with these protocols to ensure secure access to web services. Here are some best practices for identity management in web services: Authentication: Use strong authentication mechanisms to verify the identity of users accessing the web service. This can include passwords, two-factor authentication, and PKI. Authorization: Use authorization mechanisms to limit the actions that authorized users can perform. This can include role-based access control (RBAC) and attribute-based access control (ABAC). Single Sign-On (SSO): Implement SSO to allow users to access multiple web services with a single set of credentials. This can improve user experience and reduce the risk of credential- based attacks. Federated Identity: Implement federated identity to enable users to access web services across different organizations and domains using their own identities. Identity and Access Management (IAM) Solutions: Implement IAM solutions to automate the management of user identities and access to web services. This can include solutions such as identity provisioning, access request and approval workflows, and policy-based access control. Security Standards: Use security standards such as OAuth and OpenID Connect to ensure secure access to web services. Encryption: Use encryption to protect sensitive data transmitted between applications and services, and to prevent unauthorized access to web services. Identity management is crucial for ensuring the security of web services. Best practices for identity management in web services include using strong authentication and authorization mechanisms, implementing SSO and federated identity, using IAM solutions, adhering to security standards, and using encryption.
  • 6. Authorization Patterns- Authorization patterns are used to implement access control for resources in an application or system. They are used to determine whether a user or entity has the necessary permissions to perform a specific action or access a specific resource. Authorization patterns can be implemented in various ways depending on the application or system requirements. Here are some common authorization patterns: Role-Based Access Control (RBAC): RBAC is a popular authorization pattern that grants permissions based on user roles. Users are assigned to roles, and roles are granted permissions to perform specific actions or access specific resources. This simplifies the management of permissions as roles can be easily added or removed. Attribute-Based Access Control (ABAC): ABAC is an authorization pattern that grants permissions based on attributes associated with the user or entity requesting access. For example, access may be granted based on the user's location, job title, or department. Rule-Based Access Control (RBAC): RBAC is an authorization pattern that grants permissions based on predefined rules. Rules can be defined based on various criteria such as user roles, attributes, and resource types. Discretionary Access Control (DAC): DAC is an authorization pattern that grants permissions to the owner of a resource to decide who can access it. This is commonly used in file systems, where file owners can set permissions for other users or groups to access the file. Mandatory Access Control (MAC): MAC is an authorization pattern that grants permissions based on security labels assigned to resources and users. The security labels define the level of security clearance required to access a resource. Role-Based Access Control with Hierarchies (RBACH): RBACH is an extension of RBAC that includes hierarchies within the roles. This allows for more granular control over permissions and can be useful in organizations with complex structures. Attribute-Based Access Control with Context (ABAC-CTX): ABAC-CTX is an extension of ABAC that includes contextual information such as time of day, location, and device used. This allows for more fine- grained control over permissions and can be useful in applications where access needs to be restricted based on contextual information. Authorization patterns are used to implement access control for resources in an application or system. Common authorization patterns include RBAC, ABAC, RBAC with hierarchies, ABAC with context, DAC, and MAC. The choice of authorization pattern will depend on the application or system requirements and the level of granularity required for access control. Security Considerations- Security considerations are an essentialpart of developing any software or system. They involve identifying potential security threats and vulnerabilities, and implementing measures to mitigate those risks. Here are some important security considerations to keep in mind: Authentication and Authorization: Implement strong authentication and authorization mechanisms to ensure that only authorized users can access the system or data. This may include multi-factor authentication, role-based access control, and encryption of sensitive data. Input Validation: Validate all inputs to the system, including user inputs and data from external sources, to prevent injection attacks such as SQL injection and cross-site scripting (XSS).
  • 7. Secure Communication: Use secure communication protocols such as HTTPS, SSL/TLS, and SSH to protect data transmitted over networks and prevent eavesdropping, tampering, and other attacks. Data Protection: Implement appropriate data protection mechanisms such as encryption, hashing, and obfuscation to protect sensitive data at rest and in transit. Security Testing: Conduct regular security testing, including penetration testing and vulnerability scanning, to identify and address potential security issues. Updates and Patches: Keep the software and system up-to-date with the latest security patches and updates to address known vulnerabilities and bugs. Access Control: Implement strong access controls to restrict access to sensitive resources and data to authorized personnel only. Logging and Monitoring: Implement logging and monitoring mechanisms to track user activities and detect potential security incidents. Disaster Recovery and Business Continuity: Implement disaster recovery and business continuity plans to ensure that the system can recover from security incidents and maintain operations in the event of a disaster. Security considerations are crucial in developing and maintaining secure software and systems. Best practices include implementing strong authentication and authorization, input validation, secure communication, data protection, security testing, updates and patches, access control, logging and monitoring, and disaster recovery and business continuity plans. Challenges- There are several challenges associated with implementing and maintaining security in software and systems. Here are some of the most common challenges: Complexity:As systems become more complex, it becomes more difficult to identify and mitigatepotential security risks. Complex systems may have multiple layers of hardware and software, and interactions between these layers can create vulnerabilities that are difficult to detect and address. Rapid Development: The pressure to develop software quickly can lead to security being overlooked or deprioritized. Developers may not have the time or resources to thoroughly test forsecurity issues, leaving the system vulnerable to attacks. Lack of Awareness: Many developers and users may not be fully aware of the security risks associated with their software or systems. This can lead to poor security practices and increased vulnerability to attacks. Constantly Evolving Threats: Security threats are constantly evolving, and attackers are constantly developing new techniques to exploit vulnerabilities. This means that software and systems must be constantly updated and maintained to keep up with the latest threats. User Behavior: User behavior can also create security challenges, as users may inadvertently introduce vulnerabilities through their actions. For example, users may click on phishing links, use weak passwords, or share sensitive information via insecure channels. Legacy Systems: Legacy systems can also present security challenges, as they may be built on outdated technology and lack the latest security features. Upgrading or replacing these systems can be difficult and costly, but leaving them in place can create security risks. Compliance: Many industries and regulatory bodies have strict security compliance requirements that
  • 8. must be met. Ensuring compliance can be challenging, as it may require significant resources and may be subject to changing regulations. In implementing and maintaining security in software and systems can be challenging due to the complexity of systems, the pressure to develop software quickly, a lack of awareness of security risks, evolving threats, user behavior, legacy systems, and compliance requirements. It is important to address these challenges proactively and implement best practices for security to mitigate potential risks. Open Source/Free/Trial Tools: Adb for android- ADB (Android Debug Bridge) is a command-line tool that is part of the Android SDK (Software Development Kit). ADB allows developers to interact with an Android device over a USB connection, enabling them to install, debug, and test applications directly on the device. Here are some common uses of ADB for Android: Installing Applications: Developers can use ADB to install applications on an Android device directly from their computer. Debugging Applications: Developers can use ADB to debug applications running on an Android device, allowing them to identify and fix bugs. Accessing theAndroidShell: ADB provides access tothe Androidshell,which allows developers to execute commands on the device. Copying Files: ADB can be used to copy files between a computer and an Android device, making it easy to transfer data between the two. Taking Screenshots: ADB can be used to take screenshots of an Android device, which can be helpful for debugging and testing. It's important to note that ADB can also be a security risk if not used properly. By default, ADB is enabled on Android devices, which means that anyone with physical access to the device can use ADB to access its data and control its functions. Therefore, it's important to disable ADB when not in use and only enable it for authorized users. Additionally, it's important to only use ADB commands from trusted sources to avoid installing malware or other malicious software on the device. xcode for ios- Xcode is an integrated development environment (IDE) for iOS and macOS app development. It is developed by Apple and includes a suite of tools for building, testing, and deploying iOS apps. Here are some key features of Xcode for iOS: Interface Builder: Xcode includes a graphical interface builder that allows developers to visually design user interfaces for their iOS apps. Code Editor: Xcode's code editor includes features such as syntax highlighting, code completion, and code folding to help developers write code more efficiently. Simulator: Xcode includes a simulator that allows developers to test their iOS apps on a virtual device without needing an actual iPhone or iPad. Debugger: Xcode includes a powerful debugger that allows developers to identify and fix bugs in their
  • 9. iOS apps. Instruments: Xcode includes a suite of performance analysis tools called Instruments that help developers identify performance issues in their iOS apps. Source Control: Xcode includes built-in support for source control, making it easy for developers to manage versions of their code and collaborate with others. App Distribution: Xcode includes tools for deploying iOS apps to the App Store or to devices for testing and development purposes. Overall, Xcode is a powerful tool for iOS app development that includes a wide range of features to help developers build, test, and deploy high-quality iOS apps. Implementation of REST/ SOAP web services and Security Implementation. To implement RESTful web services, developers typically follow a set of best practices that include the following steps: Define resources: Identify the resources that the API will expose, such as users, products, or orders. Define HTTP methods: For each resource, define the HTTP methods that will be used to perform operations on the resource, such as GET, POST, PUT, and DELETE. Define resource URIs: Define the URI for each resource, which is the URL that clients will use to access the resource. The URI should follow a consistent and meaningful structure. Implement endpoints: Implement the endpoints for each resource and HTTP method. These endpoints should perform the appropriate actions on the resource and return the appropriate response codes and content. Use HTTP status codes: Use HTTP status codes to indicate the outcome of each API request. This includes 200 OK for successful requests, 400 Bad Request for malformed requests, and 404 Not Found for requests for nonexistent resources. Use standard response formats: Use standard response formats, such as JSON or XML, to make the API consistent and easy to use. Document the API: Document the API to make it easy for developers to use and understand. This documentation should include information on how to use the API, the available resources and methods, and any authentication or security requirements. In addition to these steps, developers should also consider security measures such as authentication and encryption to protect the API and its users. Overall, by following these best practices, developers can create RESTful web services that are scalable, reliable, and easy to use. SOAP web services SOAP (Simple Object Access Protocol) web services are a type of web service that uses the SOAP protocol to exchange structured data between applications over the internet. SOAP is an XML-based protocol that uses HTTP or other transport protocols to transmit messages between applications. SOAP web services have the following characteristics: Standardized protocol: SOAP is a standardized protocol, which means that it can be used by any application that supports it.
  • 10. Supports different data formats: SOAP supports different data formats, including XML, JSON, and binary data. Language- and platform-independent: SOAP is language- and platform-independent, which means that applications written in different languages and running on different platforms can communicate with each other using SOAP. Supports message-level security: SOAP supports message-level security mechanisms such as XML Encryption and XML Signature to ensure the integrity and confidentiality of messages. Supports RPC-style and document-style messages: SOAP supports two message styles: RPC (Remote Procedure Call) and document-style messages. Requires a WSDL file: SOAP web services require a WSDL (Web Services Description Language) file that describes the interface of the web service. Can be used with other web service standards: SOAP can be used with other web service standards such as WS-Addressing and WS-Security. SOAP web services are widely used in enterprise environments because of their standardized protocol and support for message-level security mechanisms. However, they can be more complex to implement and use than other types of web services such as RESTful web services. Security Implementation- To implement security for SOAP web services, developers can follow these best practices: Use secure transport: SOAP messages should be transmitted over a secure transport layer such as SSL/TLS to prevent eavesdropping and tampering. Use message-level security: Developers should use message-level security mechanisms such as XML Encryption and XML Signature to ensure the integrity and confidentiality of SOAP messages. Implement authentication: Developers should implement authentication mechanisms to ensure that only authorized users can access the web service. This can be done using basic authentication, token- based authentication, or SAML (Security Assertion Markup Language). Implement authorization: Developers should implement authorization mechanisms to ensure that users can only access the resources they are authorized to access. This can be done using role-based access control or attribute-based access control. Validate input: Developers should validate all input parameters to prevent attacks such as SQL injection or cross-site scripting (XSS). Implement auditing and logging: Developers should implement auditing and logging mechanisms to track web service usage and identify any suspicious activity. Use a WSDL-first approach: Developers should use a WSDL-first approach when implementing SOAP web services. This involves designing the WSDL file before writing any code, which can help ensure that the web service is properly secured and that the interface is well-defined. These best practices, developers can ensure that their SOAP web services are secure, reliable, and can be used to build robust and scalable applications.