Cyber Security Material
Cyber Security Material
Cyber Security Material
Cyber security is the practice of defending computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks. It's also known as information
technology security or electronic information security. The term applies in a variety of
contexts, from business to mobile computing, and can be divided into a few common
categories.
Network security is the practice of securing a computer network from intruders, whether
targeted attackers or opportunistic malware.
Application security focuses on keeping software and devices free of threats. A
compromised application could provide access to the data its designed to protect. Successful
security begins in the design stage, well before a program or device is deployed.
Information security protects the integrity and privacy of data, both in storage and in transit.
Operational security includes the processes and decisions for handling and protecting data
assets. The permissions users have when accessing a network and the procedures that
determine how and where data may be stored or shared all fall under this umbrella.
Disaster recovery and business continuity define how an organization responds to a cyber-
security incident or any other event that causes the loss of operations or data. Disaster
recovery policies dictate how the organization restores its operations and information to
return to the same operating capacity as before the event. Business continuity is the plan the
organization falls back on while trying to operate without certain resources.
End-user education addresses the most unpredictable cyber-security factor: people. Anyone
can accidentally introduce a virus to an otherwise secure system by failing to follow good
security practices. Teaching users to delete suspicious email attachments, not plug in
unidentified USB drives, and various other important lessons is vital for the security of any
organization.
1. Cybercrime includes single actors or groups targeting systems for financial gain or to
cause disruption.
2. Cyber-attack often involves politically motivated information gathering.
3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear.
So, how do malicious actors gain control of computer systems? Here are some common
methods used to threaten cyber-security:
Malware:Malware means malicious software. One of the most common cyber threats,
malware is software that a cybercriminal or hacker has created to disrupt or damage a
legitimate user’s computer. Often spread via an unsolicited email attachment or legitimate-
looking download, malware may be used by cybercriminals to make money or in politically
motivated cyber-attacks.
Virus: A self-replicating program that attaches itself to clean file and spreads throughout a
computer system, infecting files with malicious code.
Trojans: A type of malware that is disguised as legitimate software. Cybercriminals trick
users into uploading Trojans onto their computer where they cause damage or collect data.
Spyware: A program that secretly records what a user does, so that cybercriminals can make
use of this information. For example, spyware could capture credit card details.
Ransomware: Malware which locks down a user’s files and data, with the threat of erasing it
unless a ransom is paid.
Adware: Advertising software which can be used to spread malware.
Botnets: Networks of malware infected computers which cybercriminals use to perform tasks
online without the user’s permission.
SQL injection
An SQL (structured language query) injection is a type of cyber-attack used to take control of
and steal data from a database. Cybercriminals exploit vulnerabilities in data-driven
applications to insert malicious code into a databased via a malicious SQL statement. This
gives them access to the sensitive information contained in the database.
Phishing
Phishing is when cybercriminals target victims with emails that appear to be from a
legitimate company asking for sensitive information. Phishing attacks are often used to dupe
people into handing over credit card data and other personal information.
Man-in-the-middle attack
Denial-of-service attack
What are the latest cyber threats that individuals and organizations need to guard against?
Here are some of the most recent cyber threats that the U.K., U.S., and Australian
governments have reported on.
Dridex malware
In December 2019, the U.S. Department of Justice (DoJ) charged the leader of an organized
cyber-criminal group for their part in a global Dridex malware attack. This malicious
campaign affected the public, government, infrastructure and business worldwide.
Dridex is a financial trojan with a range of capabilities. Affecting victims since 2014, it
infects computers though phishing emails or existing malware. Capable of stealing
passwords, banking details and personal data which can be used in fraudulent transactions, it
has caused massive financial losses amounting to hundreds of millions.
In response to the Dridex attacks, the U.K.’s National Cyber Security Centre advises the
public to “ensure devices are patched, anti-virus is turned on and up to date and files are
backed up”.
Romance scams
In February 2020, the FBI warned U.S. citizens to be aware of confidence fraud that
cybercriminals commit using dating sites, chat rooms and apps. Perpetrators take advantage
of people seeking new partners, duping victims into giving away personal data.
The FBI reports that romance cyber threats affected 114 victims in New Mexico in 2019,
with financial losses amounting to $1.6 million.
Emotet malware
In late 2019, The Australian Cyber Security Centre warned national organizations about a
widespread global cyber threat from Emotet malware.
Emotet is a sophisticated trojan that can steal data and also load other malware. Emotet
thrives on unsophisticated password: a reminder of the importance of creating a secure
password to guard against cyber threats.
End-user protection
End-user protection or endpoint security is a crucial aspect of cyber security. After all, it is
often an individual (the end-user) who accidentally uploads malware or another form of cyber
threat to their desktop, laptop or mobile device.
So, how do cyber-security measures protect end users and systems? First, cyber-security
relies on cryptographic protocols to encrypt emails, files, and other critical data. This not only
protects information in transit, but also guards against loss or theft.
In addition, end-user security software scans computers for pieces of malicious code,
quarantines this code, and then removes it from the machine. Security programs can even
detect and remove malicious code hidden in primary boot record and are designed to encrypt
or wipe data from computer’s hard drive.
Electronic security protocols also focus on real-time malware detection. Many use heuristic
and behavioral analysis to monitor the behavior of a program and its code to defend against
viruses or Trojans that change their shape with each execution (polymorphic and
metamorphic malware). Security programs can confine potentially malicious programs to a
virtual bubble separate from a user's network to analyze their behavior and learn how to
better detect new infections.
Q3)Cyber Attacks:
We are living in a digital era. Now a day, most of the people use computer and internet. Due
to the dependency on digital things, the illegal computer activity is growing and changing
like any type of crime.
Web-based attacks
These are the attacks which occur on a website or web applications. Some of the important
web-based attacks are as follows-
1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting
traffic to the attacker?s computer or any other computer. The DNS spoofing attacks can go on
for a long period of time without being detected and can cause serious security issues.
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have
access to all of the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a
trustworthy entity in electronic communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large number
of guesses and validates them to obtain actual data like user password and personal
identification number. This attack may be used by criminals to crack encrypted data, or by
security, analysts to test an organization's network security.
6. Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a
crash. It uses the single system and single internet connection to attack a server. It can be
classified into the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in bit per second.
Application layer attacks- Its goal is to crash the web server and is measured in request per
second.
7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated them to get
original password.
8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a
web server to deliver web pages for which he is not authorized to browse.
It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of
the include functionality.
It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read, insert
and modify the data in the intercepted connection.
System-based attacks
These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows-
1. Virus
It is a type of malicious software program that spread throughout the computer files without
the knowledge of a user. It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed. It can also execute
instructions that cause harm to the system.
2. Worm
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It
appears to be a normal application but when opened/executed some malicious code will run
in the background.
4. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes.
5. Bots
A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they
receive specific input. Common examples of bots program are the crawler, chatroom bots,
and malicious bots.
1. Update your software and operating system: This means you benefit from the latest
security patches.
2. Use anti-virus software: Security solutions like Kaspersky Total Security will detect and
removes threats. Keep your software updated for the best level of protection.
3. Use strong passwords: Ensure your passwords are not easily guessable.
4. Do not open email attachments from unknown senders: These could be infected with
malware.
5. Do not click on links in emails from unknown senders or unfamiliar websites:This is a
common way that malware is spread.
6. Avoid using unsecure WiFi networks in public places: Unsecure networks leave you
vulnerable to man-in-the-middle attacks.
Kaspersky Endpoint Security received three AV-TEST awards for the best performance,
protection, and usability for a corporate endpoint security product in 2021. In all tests
Kaspersky Endpoint Security showed outstanding performance, protection, and usability for
businesses.
Mobile banking makes your life easier, but it can also pose a threat to your mobile security, if
you don’t use it carefully. Therefore, before you start using your smartphone as the preferred
banking tool, here are some security tips to keep in mind.
Keep the Banking App Updated: Updating the banking app whenever a new version is
available is a must-do. App developers keep adding various new security features and bug
fixes, which are released as updates periodically.
“The best way to ensure periodical updates is to give the application permission to install the
latest updates automatically as and when they are released. You can also switch on the ‘push
notifications’ feature to know whenever an updated version is available,”
Avoid Using Public Wi-Fi Networks: While banking apps have strong security
mechanisms, it is prudent to avoid using public Wi-Fi networks for banking transactions.
Wi-Fi networks can be infected with Trojans and hidden viruses that can potentially steal
information from smartphones. So, “always make sure that you are connected to a secure Wi-
Finetwork,
Avoid Automatic Logins: Don’t allow your browser or app to save your banking passwords
-- on the web or on a mobile app. “Automatic logins are convenient, but very dangerous if
they come in the wrong hands. Otherwise, if a phone is lost or stolen, someone may have
access to all your data, and your money,”
Don’t Save Your Login Credentials: Don’t share your passwords, pins, answers to secret
questions or store them anywhere on your handset. Saving your login credentials in your
address book is a bad idea.
Keep Track of Your Device: Take special care to make your phone traceable. Smartphone
manufacturers offer various features to track the phone or render it unusable in situations like
theft or misplacement. These include features like auto-locking, finger-print recognition, etc.
Clear Data Periodically: Banks send information for every financial transaction, including
text messages with one-time passwords to validate any transaction. “Make sure you clear all
such data periodically to avoid leakage of any sensitive information to any third party at any
point,”
6)Create Strong Password:
Cyber criminals know that most people create passwords that are easy to remember and will
often reuse the same password across multiple accounts. Because of this, all it takes is
hacking into one account to easily access the rest of the accounts.
Remember that cyber criminals can easily find this information by snooping into your social
media accounts.
change Password:
After A Security Breach: With massive breaches like the Capital One and Target breaches
in recent years, consumers have been put at risk from hackers halfway across the globe and
on domestic soil. When a company declares they’ve experienced a data breach, you’ll want to
change your password as soon as possible to protect your information. If your info has been
compromised, you’ll typically be alerted by the company.
If You Suspect Unauthorized Access: Don’t wait until there’s glaring evidence of
unauthorized access of your account(s). By that time, it’s usually too late. If you suspect
someone is attempting or has attempted to access one or more of your accounts, change your
passwords ASAP. It’s always better to take preventative measures than to wait until the
damage is done.
If You Discover Malware or Other Phishing Software: A virus can put your computer at
risk and leave your personal information exposed. If you discover such software on your
computer after a scan, change your passwords immediately; preferably from a different
device until you’re certain the virus has been removed.
Shared Access: Lots of people share access to accounts like Netflix and other media
services. Some even share access to a joint bank account and access the info via web or
mobile app. If you share access with someone you’re no longer in contact with, change your
password as soon as possible. It’s best to not trust anyone outside of your circle of trusted
people with your passwords. Ex-spouses or significant others, friends, and previous
colleagues shouldn’t have access to any of your accounts.
If You Haven’t Logged In: You should always change an old password that hasn’t been
used in over a year, but some experts recommend changing old passwords after just a few
months. The more often you change slightly-used passwords, the safer you’ll be; especially if
you’re not using multi-factor authentication.
Don’t make the mistake of thinking these guidelines only apply to individuals. Businesses
also must keep a close watch on their password practices
1. Phishing attacks
2. Spear phishing
3. Whaling
4. Smishing and Vishing
5. Baiting
6. Piggybacking/Tailgating
7. Pretexting
8. Business Email Compromise (BEC)
1. Phishing attacks
Phishing is the most common type of social engineering tactic and has increased more than
tenfold in the past three years, according to the FBI
2. Spear phishing
Normal phishing attacks have no specific target. But spear phishing attacks occur when
hackers target a specific individual or organization.
Nearly 60% of IT decision-makers believe targeted phishing attacks are their top security
threat
3. Whaling
Whaling is a term used to describe phishing attacks that target a specific, high-profile person.
Usually, an executive, government official, or celebrity.
The victims of whaling attacks are considered “big fish” to cybercriminals. These targets
offer great potential to scammers with either large financial payouts or access to valuable
data.
Smishing is the term used to describe phishing via the use of SMS text messages. Scammers
purchase spoofed phone numbers and blast out messages containing malicious links.
5. Baiting
Baiting is a type of social engineering attack in which scammers lure victims into providing
sensitive information by promising them something valuable in return.
For example, scammers will create pop-up ads that offer free games, music, or movie
downloads. If you click on the link, your device will be infected with malware.
6. Piggybacking / Tailgating
Piggybacking and tailgating both refer to a type of attack in which an authorized person
allows an unauthorized person access to a restricted area.
7. Pretexting
Pretexting occurs when someone creates a fake persona or misuses their actual role. It’s what
most often happens with data breaches from the inside.
1. Impersonation. This occurs when scammers use spoof emails to pose as employees or
trusted vendors and clients. They’ll ask their target to send fraudulent payments,
change payroll and direct deposit information, or share sensitive information.
2. Account compromise. This occurs when hackers gain access to a legitimate employee
email address. Scammers can reply to and send emails company-wide (to clients,
vendors, etc.), containing malicious code.
3. Thread hijacking. This is an advanced take on an account compromise attack. Thread
hijacking occurs when hackers scan compromised inboxes for subject lines containing
“Re:”. They then automatically reply with malware-laced messages. Recipients open
the hacked email, not thinking twice because they “know” the sender.
Official profiles can receive numerous tags and messages by the day, hour or even minute
depending on their type. Check out how a profile engages with followers and be
suspicious of profiles that post spam or only showcase deals that seem too good to be
true.
On customer service profiles, you will likely find direct engagement with followers.
Remember to send a private message and not to post personal or particular details on a
message wall.
2. Number of followers
Even though the number of followers can vary greatly according to the popularity of
the brand, product or business, it can help you recognize if a channel is official or
not.
3. Account history
On Twitter and other social media platforms, you can see how long a profile has been
active. Be careful when interacting with profiles that haven’t been open for long,
since you can’t know their purpose. If a profile has been open for a long time but has
few posts or messages, it may no longer be in use.
Q8)Types of Backups and Recovery
There are three main backup types used to back up all digital assets:
Full backup: The most basic and comprehensive backup method, where all data is
sent to another location.
Incremental backup: Backs up all files that have changed since the last backup
occurred.
Differential backup: Backs up only copies of all files that have changed since the
last full backup.
Not all IT organizations can support all backup types since network capability may vary
from organization to organization. Choosing the right backup method requires a tactical
approach — one that can help organizations get the best level of data protection without
demanding too much from the network. However, before determining which backup
method best suits the needs of your business, you need to understand the ins and outs of the
three main backup types mentioned above.
Full Backup
you factor in recovery speed and simplicity. However, the time and expense required to
copy all the data (all the time) may make it an undesirable option for many IT
professionals.
Monday: You perform a full backup for 100 photos. You get an image file of 100
photos.
Tuesday: You add another 100 photos and perform a full backup. You get an image
file of 200 photos.
Wednesday: You delete 100 photos and then perform a full backup. You get an
image file of 100 photos.
Thursday: You make no changes to your photos and perform a full backup. You get
an image file of 100 photos.
Friday: You add 200 photos and perform a full backup. You get an image file of 300
photos.
You get five backup files containing 800 photos. Should a data loss incident occur and you
need to recover all the photos, simply restore the last version to get all 800 photos.
Here are the advantages and disadvantages of running a full backup method:
Pros
Cons
Small businesses that deal consistently with a small amount of data may find full backup a
good fit since it won’t eat up their storage space or take too much time to back up.
Incremental Backup
Incremental backup involves backing up all the files, folders, SaaS data and hard drives that
have changed since the last backup activity. This could be the most recent full backup in
the chain or the last incremental backup. Only the recent changes (increments) are backed
up, consuming less storage space and resulting in a speedy backup. However, the recovery
time is longer since more backup files will need to be accessed.
Monday: You add 100 photos and perform a full backup. You get an image file of
100 photos.
Tuesday: You add another 100 photos (now you have 200 photos) and perform an
incremental backup. You get an image file of 100 photos.
Wednesday: You make no changes and perform an incremental backup. You get an
empty image file.
Thursday: You delete 100 photos and edit the other 100 photos there and perform an
incremental backup. You get an image file of only the edited 100 photos.
You get three image files containing 300 photos in total. In case you need to recover all the
photos, restore all the image files since the last full backup, including the last full backup
and the later incremental backups, to get your 200 photos (including the deleted 100
photos).
Here are the advantages and disadvantages of running an incremental backup method:
Pros
Efficient use of storage space since files are not duplicated in their entirety
Lightning-fast backups
Can be run as often as desired, with each increment being an individual recovery
point
Cons
Businesses that deal with large volumes of data and cannot dedicate time to the backup
process will find incremental backup methods effective since they take up less storage
space and encourage fast backups.
Differential Backup
Differential backup falls between full backup and incremental backup. It involves backing
up files, folders and hard drives that were created or changed since the last full backup
(compared to just the changes since the last incremental backup). Only a small volume of
data is backed up between the time interval of the last backup and the current one,
consuming less storage space and requiring less time and investment.
Monday: You have 200 photos and perform a full backup. You get an image file of
200 photos.
Tuesday: You add another 200 photos (a total of 400 photos) and perform a
differential backup. You get an image file of the newly added 200 photos.
Wednesday: You make no changes and perform a differential backup on the existing
400 photos. You get an image file of the newly added 200 photos on Tuesday.
Thursday: You delete 100 photos and edit another 100 photos (total of 300 photos)
and perform a differential backup. You get image files of 100 photos, 200 photos and
300 photos.
Recovering 100 photos: Both deletion and editing happen to the added 200 photos. The
differential backup will back up the edited 100 photos.
Recovering 200 photos: If you delete 100 photos from the added photos and edit 100
photos from the original photos, the differential backup will back up the edited 100 photos
and the 100 added photos (left after deletion).
Recovering 300 photos: The differential backup will back up the edited 100 photos and the
added 200 photos.
Here are the advantages and disadvantages of running a differential backup method:
Pros
Cons
Potential for failed recovery if any of the backup sets are incomplete
Compared to incremental backups, the backup takes longer and requires more storage
space
Compared to full backups, restoration is slow and complex
Small and medium-sized organizations that want to process large volumes of valuable data
but cannot perform constant backups will find the differential backup method useful.
Choosing the right backup method depends on your situation. You can determine your
situation by asking yourself some primary questions.
The Roles and job titles in the security sector often leads to overlapping of several
responsibilities and are customized according to the size and needs of the organization.
Different job roles like security analyst, security administration, security engineer, security
architect and other consultant specialist are the typical job titles. As the cybersecurity
domain keeps on expanding and developing all over the place further, new roles and titles
are likely to emerge an d the roles attributed to the current titles will likely crystallize or
evolve.
Cyber security is a vital area in this advanced world. With a surge of cyber attacks
nowadays, ensuring the safety of your and your clients data has become a must-have for all
companies. There are many different types of cyber security jobs available, some more
technical than others. Often, you will need to have a few years of specialized education or
training under your belt before you can apply for these positions, but even entry level jobs
in the cyber security industry are still very lucrative.
There are many job titles and which are discussed below:
1. Security Specialist –
Security specialist are the people who are responsible for their organizations security.
They check the systems and the connections for any security vulnerability. The onset of
cloud trend has boosted this role as a security specialist is required to assess the cloud
systems regularly.
2. Incident Responder –
Incident responders are people who not only detect the threats but also respond to them.
These people help the organization and its employees to stay prepared and act when the
security is breached.
3. Security Administrator –
Security administrators are the most essential personnel. Their tasks include roles of
multiple titles. They set up proper security guidelines for the flow of data and also are
responsible for installing firewalls and malware blockers.
4. Vulnerability Assessor –
Vulnerability assessor or vulnerable assessment analyst are people who run multiple
tests on the systems. Their main aim is to find the critical flaws in the security system
while also prioritizing things that affect the organization the most.
5. Cryptographer –
Cryptographers are the people who use cryptography techniques to encrypt and decrypt
the data keeping it hidden from irrelevant parties. They are very essential and are more
in demand.
6. Security Manager –
Security managers supervise the rest of the team. They take important decisions and
oversee the whole team’s work.
7. Security Architect –
As the name suggests security architect are people who design the security structure.
They also test out the security and respond to threats.
8. Security Analyst –
Security analysts analyze the systems and patch the loop holes. They often work
together with the rest of the team of IT specialist and developers.
9. Security Auditor –
Security auditor are the people who are tasked with finding the breach in the system
first before anyone else does. They check whether the currently installed firewalls and
other security measures are working properly or not.
banking), or other services that rely on the affected computer or network. A denial-of-service
condition is accomplished by flooding the targeted host or network with traffic until the target
cannot respond or simply crashes, preventing access for legitimate users. DoS attacks can
cost an organization both time and money while their resources and services are inaccessible.
In a Smurf Attack, the attacker sends Internet Control Message Protocol broadcast
packets to a number of hosts with a spoofed source Internet Protocol (IP) address that
belongs to the target machine. The recipients of these spoofed packets will then
respond, and the targeted host will be flooded with those responses.
A SYN flood occurs when an attacker sends a request to connect to the target server
but does not complete the connection through what is known as a three-way
handshake—a method used in a Transmission Control Protocol (TCP)/IP network to
create a connection between a local host/client and server. The incomplete handshake
leaves the connected port in an occupied status and unavailable for further requests.
An attacker will continue to send requests, saturating all open ports, so that legitimate
users cannot connect.
Individual networks may be affected by DoS attacks without being directly targeted. If the
network’s internet service provider (ISP) or cloud service provider has been targeted and
attacked, the network will also experience a loss of service.
distributed denial-of-service attack
A distributed denial-of-service (DDoS) attack occurs when multiple machines are operating
together to attack one target. DDoS attackers often leverage the use of a botnet—a group of
hijacked internet-connected devices to carry out large scale attacks. Attackers take advantage
of security vulnerabilities or device weaknesses to control numerous devices using command
and control software. Once in control, an attacker can command their botnet to conduct
DDoS on a target. In this case, the infected devices are also victims of the attack.
Botnets—made up of compromised devices—may also be rented out to other potential
attackers. Often the botnet is made available to “attack-for-hire” services, which allow
unskilled users to launch DDoS attacks.
DDoS allows for exponentially more requests to be sent to the target, therefore increasing the
attack power. It also increases the difficulty of attribution, as the true source of the attack is
harder to identify.
DDoS attacks have increased in magnitude as more and more devices come online through
the Internet of Things (IoT) (see Securing the Internet of Things). IoT devices often use
default passwords and do not have sound security postures, making them vulnerable to
compromise and exploitation. Infection of IoT devices often goes unnoticed by users, and an
attacker could easily compromise hundreds of thousands of these devices to conduct a high-
scale attack without the device owners’ knowledge.
While there is no way to completely avoid becoming a target of a DoS or DDoS attack, there
are proactive steps administrators can take to reduce the effects of an attack on their network.
Enroll in a DoS protection service that detects abnormal traffic flows and redirects
traffic away from your network. The DoS traffic is filtered out, and clean traffic is
passed on to your network.
Create a disaster recovery plan to ensure successful and efficient communication,
mitigation, and recovery in the event of an attack.
It is also important to take steps to strengthen the security posture of all of your internet-
connected devices in order to prevent them from being compromised.
The best way to detect and identify a DoS attack would be via network traffic monitoring and
analysis. Network traffic can be monitored via a firewall or intrusion detection system. An
administrator may even set up rules that create an alert upon the detection of an
anomalous traffic load and identify the source of the traffic or drops network packets that
meet a certain criteria.
Q11)Data breaches recovery plan:
The moments after a data breach are the most crucial to a company. That is why it is so
important to have an established data breach recovery plan that clearly details the actions that
need to be taken at the first sign of a breach.
When it comes time to act, it’s imperative everyone is able to remain focused, react quickly,
and follow these five steps:
If any one of those systems has been breached, it will be necessary to repeat the process with
systems further along the network. This should be repeated until all affected machines have
been identified. After all systems have been isolated, create forensic copies and ensure all
activity has been documented.
At the server level, the same steps should be taken in a virtual and physical environment. If
rebuilding is not possible, bring in experts who are capable of cleaning the system.
Attempting to have untrained personnel perform this activity could lead to further breaches
down the road.
After your system has been rebuilt, ensure that all systems are up to date with patches. It will
take time, but data analysis will be required if any data repositories were breached. It will
also be necessary to ensure the database is clean — this may require going back to a backup,
analyzing the data and working with transaction logs to rebuild your server.
3) Increase Monitoring
There are three main reasons for this, the first of which is that the compromised server might
not have been the original server. It’s possible your investigation missed the location of the
initial breach, and increased monitoring can help you determine if that is the case.
The second reason is attackers may attempt to enter your system a second time—and if they
do, you’ll want to be ready for them. Lastly, there’s a good chance your system has a greater
asset value than you originally thought. Increased monitoring is always a good option,
helping you keep an eye on things no matter where you are in terms of security.
5) Communicate
After a breach, communication is important, not only within your organization and your
incident response team, but also with customers and any other users who may have been
impacted. It is imperative to make sure these communications go through your organization’s
legal department and/or outside counsel
Q12)Data Destruction:
Data destruction is the process of destroying data stored on tapes, hard disks and other forms
of electronic media so that it is completely unreadable and cannot be accessed or used for
unauthorized purposes.
Data can also be destroyed through degaussing, which destroys data on magnetic storage
tapes and disk drives by changing the magnetic field. One caveat with this method is that the
person who wishes to destroy data will need to know the exact strength of degaussing needed
for each tape type and drive. Storage media can also be destroyed by using a mechanical
device called a shredder to physically mangle tape, optical media and hard disk drives.
What is CyberSecurity?
Cybersecurity is the practice of protecting networks and systems, programs and sensitive
information from digital attacks.
The cyberattacks are done to access, change, or destroy sensitive data, extort money from
users, or interrupt normal business processes.
Cybersecurity is of prime importance for businesses of all sizes and across all industries to
keep the data of companies and their customers safe.
Implementing effective cybersecurity measures is challenging today because there are more
devices than people, and as attackers become more innovative.
Increasing global connectivity, outsourcing and usage of cloud services means a much larger
attack than in the past. In addition, third-party and fourth-party risks are on the rise, making.
The roles and responsibilities of cybersecurity professionals are even more critical for
reducing the risk of data breaches.