Cyber Security
Day 6: 7th
April,2020
Cyber Security
Prerequisite:
Basic
knowledge of computer skills, min programming, Operating System, Hardware,
Networking.
Cyber
Security: Providing
security to electronic devices, softwares, networks, application(programs) from
digital(cyber) attacks. We will provide the security for the following:
·
Network
·
System
Security
·
App
security
·
Data
security
·
Web
Security
·
Smart phone
devices security.
Cyber
attacks Types:
We can
devide into two parts:
1.
Web-based
attacks
2.
Standalone
application attacks
Web-based
Attacks:
1.
Injection
attacks:
It is the
attack in which some data are to be injected into a web application to
manipulate the application and get the required data.
Web sites
and applications all they will interact with users must have some way to taking
the data as a input. This kind of input data turns into sql query, that
application/websites allow the input to malicious code. This process is known
as injecting attacks.
Preventive
attacks from sql injection:
1.
Designing
the data base to prevent sql injection.
2.
Awareness of
vulnerabilities
3.
Some tools
also available to protect the data base
2.
DNS
SPOOFING ATTACK:
Attacker
sends ip address (false) by taking source request from the user. Diverting network
to the attackers computer.
3.
Session Hijacking:
It is a security attack on a user session over a
protected network. We application creates cookies to store the information.
4.
Phishing:
Phishing is one kind of cyber attack, steals the our
credential information:credit card number, atm pin,..username….
5.
Dictionary
attack:
Users creates weak password in
his/her account. The hacker used dictionary attack to get easily access of
their account. The hacker create a file to their computer. The file will have
the words of dictionary with different combination. The hacker used these words
of dictionary tries to access their account.
6.
URL
interpretation: It is a type of attack where we can change the certain parts of
a URL, and once can make a web server to deliver web pages. A url redirection
attack is a kind of vulnerability that redirects to another url. This will
integrated with a phishing attack
7.
File
inclusion attacks:
It is a
type of attack that allows an attacker to access unauthorized files which is
available on the web. A file inclusion vulnerability is a type of vulnerability
commonly found in PHP Based applications.
Email hijacking, wifi risks,…these are belongs to web-based cyber attacks.
Standalone
based attacks:
1.
Virus 2.
Trojan horse 3. Worm 4. Bots 5. Backdoor
Virus: It is one kind of vulnerable software program which
spread thoughout the computer files without knowledge of the user. Which is
harm to the computer.
2.
Trojan
Horse: which automatically changes to computer setting and unusual activities,
this kind of software executes/run in the background.
3.
Worm: It is
one kind of malware software, it is just like a computer virus.
4.
Backdoor: It
is a method that by passes the normal authentication process.
8.
Bots:
(robot) it is an automated process that interacts with other networks services.
These kind of programs run automatically, while others only execute commands
when they receive specific input…example: chatroom bots,…
Some principles are there to protect from the digital
attacks:
1.
Economy of mechanism:
Which simplifies the design the application and
implementation with security mechanisms. By testing the application properly.
If the design and implementation are simple, small, very fewer possibilities
exists for errors.
2.
Fail-Safe defaults:
If we will add a new user to an operating system, the
default group of the user should have fewer access right to files and services.
3.
Least privilege: this is also one kind of principles that
a user should only have least access. A user can be given only those privhttps://youtu.be/52VBeefySyIileges
that need to complete this task.
Digital assets: personal data, photos,videos,
audion files which are belongs to one individual person/organization.
Related Video: https://youtu.be/52VBeefySyI
Next:cyber security part2
https://youtu.be/DKoo8ufxNuE
Comments
Post a Comment