Firewalls

Firewalls are the defense wall of the corporate network connected to the Internet.
The firewall is normally connected after edge router inside the local network. This device
protects the internal devices from the malicious intrusion of unauthorized users. The latest
series of Cisco firewalls include Firepower 9000 series . These firepower firewalls are very
powerful and fast, which can handle the traffic throughput up to 225 Gbps. Normally,
firewalls repel the cybercrime attacks if they are properly configured and installed to counter
the possible threats. There are basically two major categories of firewalls: hardware firewall
and software firewall. A hardware firewall is a physical device connected with the network,
while a software firewall could be installed on each of the computers, phones, or tablets in a
network.
cross site scripting ways of preventing it

• In it’s simplest form, it’s a process that can occur anywhere a web application uses input
from a malicious user to generate output without validating or encoding the input. • During a
Cross Site Scripting attack, a malicious source sends a script that is executed by the end
user’s browser. It allows attackers to embed code from one webpage into another webpage by
changing its HTML code. • It’s been used to deface web sites, conduct phishing attacks, or it
can take over a user’s browser and force them to execute commands they’re unaware of. •
Cross Site Scripting attacks usually come in the form of JavaScript however, any active
content poses a potential danger.
Ways of preventing Cross site scripting
• Validate the users input against what is expected
• Encode user supplied output
• After you believe you’ve done the right things during code development, inspect your code
with a scan
How SSL Encryption works

The domain name bound with the desired certificate will create a socket layer of
communication between the supported browsers and the website communication port number
443. The secure communication between a web browser and website through SSL
communication socket takes place in the following steps:
• Browser sends the HTTP request to prove the SSL/TLS certificate targeting 443 port on the
web server.
• The website server sends response with the certificate chain, which includes the primary,
intermediate, and root certificates of the CA.
• All browsers have public keys and related information of all CAs.
• Compares the information with the local SSL information to verify the certificate.
• When the public key of the server is verified in terms of validity and authority, it sends its
own public key to the server.
• On the basis of the public key received from the browser and the private key of the server,
an encrypted message will be created and sent out through port 443 to the browser.
• The browser decrypts the message with the help of public key.
• Thus, the communication over SSL link starts.
Two types of Windows of Vulnerability:

■ Unknown Window of Vulnerability The time from when a vulnerability is discovered to

when the system is patched.

■ Known Window of Vulnerability The time from when a vendor releases a patch to when
the system is patched.
Forms of modern-day passwords.

There are different types and forms of passwords used in the modern world. The following
are a few among them. • Conventional password • Biometric passwords • Two-factor
authentication • Multi-factor authentication • Social media logins • Email logins • One-time
password (OTP) • Smart keys and physical token
Vulnerability Management Consist of the following stages
Vulnerability management is comprised of six stages: Identification, Assessment,
Remediate, Report, Improve and Monitor.
1.Identification ■ Maintain an accurate asset inventory. ■ Include all IP connected devices to
your asset inventory ■ Identify and assign asset owners. ■ Ensure the classification of the
asset is recorded in the asset inventory database.
2. Assessment ■ Prioritize the scanning effort (assess the most important assets first). ■
Evaluate and develop assessment strategies in a lab environment first. ■ Leverage
configuration, remediation, and security tools to assess our environment. ■ Create a standard
operating procedure for conducting assessments.
3. Remediate
■ Automate the process of communicating vulnerability data to asset owners. ■ Create
remediation baselines so that remediation efforts are measurable. ■ Get the business units to
sign-off on remediation timeframes.
4. Report ■ Make sure reports identify what remains unfixed and who is accountable. ■
Create reports based on expected audience. ■ Focus reporting efforts on high risk
vulnerabilities and how they map to critical corporate assets.
5. Improve ■ Leverage enhancements in the asset, configuration, and assessment
management processes to improve your vulnerability management program ■ Modify your
security practices and procedures to improve the effectiveness of the program where
applicable.
6.Monitor ■ Understand, at a high level, all critical security vulnerabilities being discovered.
■ Don’t panic though only a fraction of new vulnerabilities will actually apply to our
organization. ■ Monitoring includes two key elements: the collation of new vulnerability
information and communicating applicable vulnerability data to the appropriate parties ■
Utilize tools to assist in the prioritization and alerting of vulnerabilities ■ Have a process in
place to ensure that urgent alerts are sent in a timely manner
Rootkit malware
The rootkit malware subverts the request sent to the operating system from reaching to the
desired API (application programming interface) and responds with fake responses.
Moreover, when someone requests the operating system to start the antivirus or anti-malware
application to scan the computer, the request is interrupted from reaching to the operating
system. The rootkit interrupts the request and sends the user a fake response that the
requested program is not working at that time. Rootkit is considered as one of the nastiest
forms of malware programs that is not easily detected and removed from a computer once it
has established the privileges to access and control the OS through available vulnerabilities in
the OS and other applications.
Computer risk components
When discussing computer risk components, we often refer to various elements that
contribute to the potential risks and vulnerabilities in the context of computer systems and
information technology. These components can be categorized into different areas, including
hardware, software, human factors, and external threats. Here are some key components:
1. Hardware Risks:
• Physical Damage: Damage to computer hardware due to accidents, disasters, or
malicious acts.
• Faulty Components: Risks associated with hardware failures, such as malfunctioning
hard drives, memory issues, or CPU failures.
• Obsolete Hardware: Outdated or unsupported hardware may have security
vulnerabilities that are no longer patched.
2. Software Risks:
• Software Bugs and Flaws: Programming errors and vulnerabilities in software that
can be exploited by attackers.
• Malware: Malicious software, including viruses, worms, trojans, and ransomware.
• Software Vulnerabilities: Security weaknesses in operating systems, applications, or
utilities that can be exploited.
3. Human Factors:
• User Error: Mistakes made by users, such as falling for phishing attacks, sharing
passwords, or misconfiguring security settings.
• Insider Threats: Intentional or unintentional threats from individuals within an
organization who may misuse their access.
• Lack of Awareness and Training: Inadequate knowledge about security practices
among users and employees.
4. External Threats:
• Malicious Attacks: Deliberate attempts by hackers to compromise the confidentiality,
integrity, or availability of computer systems.
• Denial of Service (DoS) Attacks: Overloading a system or network to make it
unavailable to users.
• Social Engineering: Manipulating individuals to disclose sensitive information or
perform actions that may compromise security.
5. Network Risks:
• Unauthorized Access: Gaining access to a network or system without permission.
• Network Interception: Eavesdropping on communications to obtain sensitive
information.
• Data Transmission Risks: Risks associated with the transmission of data, including
data interception or manipulation.
Spam email and Spamming are
Spamming is one of the major sources of spreading malware programs on the Internet. Many
spammers send malicious code, such as spyware, malware, and viruses, through different
kinds of unsolicited emails from different sources. The first spam email is considered to have
been delivered through digital communication system about 40 years ago, in 1978 or so.
Email spamming remedies date back to the middle of the 1990s when it became nastier for
the companies and email users to sort out the good and bad emails. A huge time was
consumed on reading those unsolicited emails, which caused a huge loss to the company
productivity. At that time, two IT engineers started working on this problem by sorting out
the IP addresses, servers, locations, company names, and other information from where the
spamming emails were originating. That list was later used on the routers to filter the
spamming emails through the Border Gateway Protocol (BGP) on the Internet. They named it
as the Mail Abuse Prevention System (MAPS). The name was a bit difficult, so they reversed
the order of the words to make it SPAM
Types of penetration tests

1.Black box testing assumes no prior knowledge of the environment to be tested and the
testers must first determine the location and extent of the assets before commencing their
analysis. At the other end of the spectrum.
2.white box testing provides the testers with complete knowledge of the environment to be
tested; often including network diagrams, source code and Internet Protocol (IP) addressing
information
over-the-shoulder technique of hacking password

This is a traditional way to steal any critical information like password. The bad guys try to
steal your password when you enter it into the system or online service. This technique is also
useful when you write your password on some diary or paper. The hackers try to peep over to
see your passwords in different forms in this method
cyberattack prevention

The approach of prevention of cyberattacks falls in the three major activities as listed below:
• Detection of cyberattacks • Prediction of cyberattacks • Prevention of cyberattacks