Prerequisite: Basic knowledge of computer skills, min programming, Operating System, Hardware, Networking.
Cyber Security: Providing security to electronic devices, softwares, networks, application(programs) from digital(cyber) attacks. We will provide the security for the following:
• Network
• System Security
• App security
• Data security
• Web Security
• Smart phone devices security.
Cyber attacks Types:
We can devide into two parts:
1. Web-based attacks
2. Standalone application attacks
Web-based Attacks:
1. Injection attacks:
It is the attack in which some data are to be injected into a web application to manipulate the application and get the required data.
Web sites and applications all they will interact with users must have some way to taking the data as a input. This kind of input data turns into sql query, that application/websites allow the input to malicious code. This process is known as injecting attacks.
Preventive attacks from sql injection:
1. Designing the data base to prevent sql injection.
2. Awareness of vulnerabilities
3. Some tools also available to protect the data base
2. DNS SPOOFING ATTACK:
Attacker sends ip address (false) by taking source request from the user. Diverting network to the attackers computer.
3. Session Hijacking:
It is a security attack on a user session over a protected network. We application creates cookies to store the information.
4. Phishing:
Phishing is one kind of cyber attack, steals the our credential information:credit card number, atm pin,..username….
5. Dictionary attack:
Users creates weak password in his/her account. The hacker used dictionary attack to get easily access of their account. The hacker create a file to their computer. The file will have the words of dictionary with different combination. The hacker used these words of dictionary tries to access their account.
6. URL interpretation: It is a type of attack where we can change the certain parts of a URL, and once can make a web server to deliver web pages. A url redirection attack is a kind of vulnerability that redirects to another url. This will integrated with a phishing attack
7. File inclusion attacks:
It is a type of attack that allows an attacker to access unauthorized files which is available on the web. A file inclusion vulnerability is a type of vulnerability commonly found in PHP Based applications.
Email hijacking, wifi risks,…these are belongs to web-based cyber attacks.
Standalone based attacks:
1. Virus 2. Trojan horse 3. Worm 4. Bots 5. Backdoor
Virus: It is one kind of vulnerable software program which spread thoughout the computer files without knowledge of the user. Which is harm to the computer.
2. Trojan Horse: which automatically changes to computer setting and unusual activities, this kind of software executes/run in the background.
3. Worm: It is one kind of malware software, it is just like a computer virus.
4. Backdoor: It is a method that by passes the normal authentication process.
8. Bots: (robot) it is an automated process that interacts with other networks services. These kind of programs run automatically, while others only execute commands when they receive specific input…example: chatroom bots,…
Some principles are there to protect from the digital attacks:
1. Economy of mechanism:
Which simplifies the design the application and implementation with security mechanisms. By testing the application properly. If the design and implementation are simple, small, very fewer possibilities exists for errors.
2. Fail-Safe defaults:
If we will add a new user to an operating system, the default group of the user should have fewer access right to files and services.
3. Least privilege: this is also one kind of principles that a user should only have least access. A user can be given only those privileges that need to complete this task.
Digital assets: personal data, photos,videos, audion files which are belongs to one individual person/organization.
0 Comments