Chapter-6

Protection & Security

Protection:
A mechanism that controls the access of programs, processes, or users to the resources
defined by a computer system is referred to as protection. You may utilize protection as a tool
for multi-programming operating systems, allowing multiple users to safely share a common
logical namespace, including a directory or files.
Goals of Protection:

1. The policies define how processes access the computer system's resources, such as the
CPU, memory, software, and even the operating system. It is the responsibility of
both the operating system designer and the app programmer. Although, these policies
are modified at any time.
2. Protection is a technique for protecting data and processes from harmful or intentional
infiltration. It contains protection policies either established by itself, set by
management or imposed individually by programmers to ensure that their programs
are protected to the greatest extent possible.
3. It also provides a multiprogramming OS with the security that its users expect when
sharing common space such as files or directories.

Principles of protection:
The role of protection in a computer system is to provide a mechanism for the enforcement of
the policies governing resource use.
Mechanism vs Policy - Mechanisms determine how something will be done; policies decide
what will be done
Guiding principle – principle of least privilege z Programs, users and systems should be
given just enough privileges to perform their tasks failure or compromise of an OS
component does the minimum damage and allows the minimal damage to be done
need-to-know principle: a process should be able to access only those resources that it
currently requires to complete its task useful in limiting the amount of damage a faulty
process can cause in the system.
Domain of Protection:
 The protection policies limit the access of each process with respect to their
resource handling. A process is bound to use only those resources which it
requires to complete its task, in the time limit that it requires and also the mode
in which it is required. That is the protected domain of a process.
 A computer system has processes and objects, which are treated as abstract data
types, and these objects have operations specific to them. A domain element is
described as <object, {set of operations on object}>.
  Each domain consists of a set of objects and the operations that can be
performed on them. A domain can consist of either only a process or a procedure
or a user. Then, if a domain corresponds to a procedure, then changing domain
would mean changing procedure ID. Objects may share a common operation or
two. Then the domains overlap.

Association between process and domain:

Processes switch from one domain to other when they have the access right to do so. It can be
of two types as follows.
1.Fixed or static –
In fixed association, all the access rights can be given to the processes at the very beginning
but that give rise to a lot of access rights for domain switching. So, a way of changing the
contents of the domain is found dynamically.
2.Changing or dynamic –
In dynamic association where a process can switch dynamically, creating a new domain in the
process, if need be.

Access Matrix:
Access Matrix is a security model of protection state in computer system. It is represented
as a matrix. Access matrix is used to define the rights of each process executing in the
domain with respect to each object. The rows of matrix represent domains and columns
represent objects. Each cell of matrix represents set of access rights which are given to the
processes of domain means each entry(i, j) defines the set of operations that a process
executing in domain Di can invoke on object Obj.

Different types of rights:

There are different types of rights the files can have. The most common ones are:
1. Read- This is a right given to a process in a domain, which allows it to read the
file.
2. Write- Process in domain can write into the file.
3. Execute- Process in domain can execute the file.
 4. Print- Process in domain only has access to printer.
F1 F2 F3 Printer

D1 read read

D2 print

D3 read execute

D4 read write read write

Observations of above matrix:

 There are four domains and four objects– three files(F1, F2, F3) and one
printer.
 A process executing in D1 can read files F1 and F3.
 A process executing in domain D4 has same rights as D1 but it can also write on
files.
 Printer can be accessed by only one process executing in domain D2.
 A process executing in domain D3 has the right to read file F2 and execute file
F3.

Mechanism of access matrix:

The mechanism of access matrix consists of many policies and semantic properties.
Specifically, we must ensure that a process executing in domain Di can access only those
objects that are specified in row i. Policies of access matrix concerning protection involve
which rights should be included in the (i, j)th entry. We must also decide the domain in
which each process executes. This policy is usually decided by the operating system. The
users decide the contents of the access-matrix entries. Association between the domain and
processes can be either static or dynamic. Access matrix provides a mechanism for defining
the control for this association between domain and processes.
Switch operation: When we switch a process from one domain to another, we execute a
switch operation on an object(the domain). We can control domain switching by including
domains among the objects of the access matrix. Processes should be able to switch from
one domain (Di) to another domain (Dj) if and only if a switch right is given to access(i, j).
This is explained using an example below:
F1 F2 F3 Printer D1 D2 D3 D4

D1 read read switch

D2 print switch switch

 F1 F2 F3 Printer D1 D2 D3 D4

D3 read execute

D4 read write read write switch

According to the above matrix, a process executing in domain D2 can switch to domain D3
and D4. A process executing in domain D4 can switch to domain D1 and process executing
in domain D1 can switch to domain D2

Implementation of Access Matrix:

There are various methods of implementing the access matrix in the operating system. These
methods are as follows:

1. Global Table
2. Access Lists for Objects
3. Capability Lists for Domains
4. Lock-Key Mechanism

Global Table

It is the most basic access matrix implementation. A set of ordered triples <domain, object,
rights-set> is maintained in a file. When an operation M has been performed on an object Oj
within domain Di, the table is searched for a triple <Di, Oj, Rk>. The operation can proceed
if this triple is located; otherwise, an exception (or error) condition has arrived. This
implementation has various drawbacks. The table is generally large and cannot be stored in
the main memory, so additional input and output are required.

Lists for Objects

Every access matrix column may be used as a single object's access list. It is possible to
delete the blank entries. For each object, the resulting list contains ordered pairs <domain,
rights-set> that define all domains for that object and a nonempty set of access rights.

We may start by checking the default set and then find the access list. If the item is found, we
enable the action; if it isn't, we verify the default set. If M is in the default set, we grant
access. Access is denied if this is not the case, and an extraordinary scenario arises.

Capability Lists for Domains

A domain's capability list is a collection of objects and the actions that can be done on them.
A capacity is a name or address that is used to define an object. If you want to perform
operation M on object Oj, the process runs operation M, specifying the capability for
object Oj. The simple possession of the capability implies that access is allowed.

In most cases, capabilities are separated from other data in one of two ways. Every object has
a tag to indicate its type as capability data. Alternatively, a program's address space can be
divided into two portions. The programs may access one portion, including the program's
normal instructions and data. The other portion is a capability list that is only accessed by the
operating system.

Lock-Key Mechanism

It is a compromise between the access lists and the capability lists. Each object has a list of
locks, which are special bit patterns. On the other hand, each domain has a set of keys that are
special bit patterns. A domain-based process could only access an object if a domain has a
key that satisfies one of the locks on the object. The process is not allowed to modify its keys.

Now, let's take an example to understand the implementation of an access matrix in the
operating system.

Example:

In this example, there are 4 domains and objects in the above matrix, and also consider 3 files
(including F1, F2, and F3) and one printer. Files F1 and F3 can be read by a process running
in D1. A process running in domain D4 has the same rights as D1, but it may also write on
files. Only one process running in domain D2 has access to the printer. The access matrix
mechanism is made up of various policies and semantic features. Specifically, we should
ensure that a process running in domain Di may only access the objects listed in row i.

The protection policies in the access matrix determine which rights must be included in the (i
j) th entry. We should also choose the domain in which each process runs. The OS usually
decides this policy. The Users determine the data of the access-matrix entries.

The relationship between the domain and the processes might be static or dynamic. The
access matrix provides a way for defining the control for this domain-process association. We
perform a switch action on an object when we switch a process from one domain to another.
We may regulate domain switching by containing domains between the access matrix
objects. If they have access to switch rights, processes must be enabled to switch from one
domain (Di) to another domain (Dj).

According to the matrix, a process running in domain D2 can transition to

domains D3 and D4. A process in domain D4 may change to domain D1, and a process in
domain D1 may change to domain D2

Access Control:
access control has two fundamental parts: (1) Protection System and (2) Reference Monitor.
Protection System defines the specifications of the access rights which are enforced by the
reference monitor. Protection system is made up of protection state and protection state
operators.
Revocation of Access Rights:

In a dynamic protection system, we may sometimes need to revoke access rights to objects
shared by different users. Various questions about revocation may arise:

• Immediate versus delayed. Does revocation occur immediately/ or is it delayed? If

revocation is delayed, can we find out when it will take place?

• Selective versus general. When an access right to an object is revoked, does it affect all the
users who have an access right to that object, or can we specify a select group of users
whose access rights should be revoked?

Partial versus total. Can a subset of the rights associated with an object be revoked, or must
we revoke all access rights for this object?

• Temporary versus permanent. Can access be revoked permanently (that is, the revoked
access right will never again be available), or can access be revoked and later be obtained
again? With an access-list scheme, revocation is easy.
The access list is searched for any access rights to be revoked, and they are deleted from the
list. Revocation is immediate and can be general or selective, total or partial, and permanent
or temporary. Capabilities, however, present a much more difficult revocation problem.
Since the capabilities are distributed throughout the system, we must find them before we
can revoke them. Schemes that implement revocation for capabilities include the following:

• Reacquisition. Periodically, capabilities are deleted from each domain. If a process wants
to use a capability, it may find that that capability has been deleted. The process may then
try to reacquire the capability. If access has been revoked, the process will not be able to
reacquire the capability.

• Back-pointers. A list of pointers is maintained with each object, pointing to all capabilities
associated with that object. When revocation is required, we can follow these pointers,
changing the capabilities as necessaryy. This scheme was adopted in the MULTICS system.
It is quite general, but its implementation is costly.

• Indirection. The capabilities point indirectly, not directly, to the objects. Each capability
points to a unique entry in a global table, which in turn points to the object. We implement
revocation by searching the global table for the desired entry and deleting it. Then, when an
access is attempted, the capability is found to point to an illegal table entry.

Table entries can be reused for other capabilities without difficulty, since both the capability
and the table entry contain the unique name of the object. The object for a 14.8 Capability-
Based Systems 547 capability and its table entry must match. This scheme was adopted in
the CAL system. It does not allow selective revocation. Keys. A key is a unique bit pattern
that can be associated with a capability. Tliis key is defined when the capability is created,
and it can be neither modified nor inspected by the process owning the capability.

A master key is associated with each object; it can be defined or replaced with the set-key
operation. When a capability is created, the current value of the master key is associated
with the capability. When the capability is exercised, its key is compared with the master
key. If the keys match, the operation is allowed to continue; otherwise, an exception
condition is raised.

Revocation replaces the master key with a new value via the set-key operation, invalidating
all previous capabilities for this object. This scheme does not allow selective revocation,
since only one master key is associated with each object. If we associate a list of keys with
each object, then selective revocation can be implemented.

Capability based System:

we survey two capability-based protection systems. These systems vary in their complexity
and in the types of policies that can be implemented on them. Neither system is widely used,
but they are interesting proving grounds for protection theories.

An Example: Hydra is a capability-based protection system that provides considerable

flexibility. A fixed set of possible access rights is known to and interpreted by the system.
These rights include such basic forms of access as the right to read, write, or execute a
memory segment. In addition, a user (of the protection system) can declare other rights.

The interpretation of user-defined rights is performed solely by the user's program, but the
system provides access protection for the use of these rights, as well as for the use of
system-defined rights. These facilities constitute a significant development in protection
technology. Operations on objects are defined procedurally.

The procedures that implement such operations are themselves a form of object, and they
are accessed indirectly by capabilities. The names of user-defined procedures must be
identified to the protection system if it is to deal with objects of the user defined type.

The Security Problem:

Program Threats:
A program threat is a program written to hijack the security or change the
behaviour of the process.
Types of program threats are as follows:
 Virus

A virus is a self-replicating and malicious thread that attaches itself to the system
file and then rapidly replicates itself changing the essential files leading to a system
breakdown.

Various types of computer viruses are as follows:

 file/parasitic: It attaches itself to a file.
 Macro: It affects the MS Office files and is written in a high-level language.
  Source code: It modifies the source code.
 Multipartite: It infects multiple parts of the system.
 boot/memory: It infects the boot sector,
 Polymorphic: It makes changes in copies every time.
 Encrypted: It is an encrypted virus and decrypts the code.
 Tunnelling: It installs itself in interrupt service routines and device drivers.
 Stealth: It modifies parts of the system so that they cannot be detected.

1. Logic Bomb
It is a program that initiates a security attack under certain specified conditions.

 Trap door

A trap door is a hole kept open by the designer of a program so that only he can use it.
It is very difficult to detect a trap door, as one will need to go through the entire
source code.

 Trojan Horse

A Trojan Horse is a code segment that misuses its environment. It appears as a

harmless cover program but has a harmful hidden program that is used to carry
viruses. It can fool the user to enter their confidential information which is then stolen
by a login emulator and causes information breaches.
Another type of trojan horse is Spyware. In Spyware, the user downloads a certain
program, it then downloads ads to pop up on the user’s window, certain ads are then
visited by the user, and the information entered there is then sent over to the remote
server. These attacks are also known as Covert Channels.

System & Network Threats:

1. Worm:
An infection program that spreads through networks. Unlike a virus, they target mainly
LANs. A computer affected by a worm attacks the target system and writes a small
program “hook” on it. This hook is further used to copy the worm to the target computer.
This process repeats recursively, and soon enough all the systems of the LAN are affected.
It uses the spawn mechanism to duplicate itself. The worm spawns copies of itself, using up
a majority of system resources and also locking out all other processes.
The basic functionality of the worm can be represented as:

2. Port Scanning:
It is a means by which the cracker identifies the vulnerabilities of the system to attack. It is
an automated process that involves creating a TCP/IP connection to a specific port. To
protect the identity of the attacker, port scanning attacks are launched from Zombie
Systems, that is systems that were previously independent systems that are also serving
their owners while being used for such notorious purposes.
3. Denial of Service:
Such attacks aren’t aimed for the purpose of collecting information or destroying system
files. Rather, they are used for disrupting the legitimate use of a system or facility.
These attacks are generally network-based. They fall into two categories:
– Attacks in this first category use so many system resources that no useful work can be
performed.
For example, downloading a file from a website that proceeds to use all available CPU
time.
– Attacks in the second category involve disrupting the network of the facility. These
attacks are a result of the abuse of some fundamental TCP/IP principles.
the fundamental functionality of TCP/IP.
Security Measures Taken –
To protect the system, Security measures can be taken at the following levels:
 Physical:
The sites containing computer systems must be physically secured against armed
and malicious intruders. The workstations must be carefully protected.
 Human:
Only appropriate users must have the authorization to access the system.
Phishing(collecting confidential information) and Dumpster Diving(collecting
basic information so as to gain unauthorized access) must be avoided.
 Operating system:
The system must protect itself from accidental or purposeful security breaches.
 Networking System:
Almost all of the information is shared between different systems via a network.
Intercepting these data could be just as harmful as breaking into a computer.
Henceforth, Network should be properly secured against such attacks.

Cryptography as a security tool:

within a given computer the transmittal of messages is safe, reliable and secure, because the
OS knows exactly where each one is coming from and where it is going.
  On a network, however, things aren't so straightforward - A rogue computer ( or e-
mail sender ) may spoof their identity, and outgoing packets are delivered to a lot
of other computers besides their ( intended ) final destination, which brings up two
big questions of security:
 Trust - How can the system be sure that the messages received are really from the
source that they say they are, and can that source be trusted?
 Confidentiality - How can one ensure that the messages one is sending are received
only by the intended recipient?
 Cryptography can help with both of these problems, through a system of secrets and
keys. In the former case, the key is held by the sender, so that the recipient knows
that only the authentic author could have sent the message; In the latter, the key is
held by the recipient, so that only the intended recipient can receive the message
accurately.
 Keys are designed so that they cannot be divined from any public information, and
must be guarded carefully. (Asymmetric encryption involves both a public and a
private key.)

Encryption

The basic idea of encryption is to encode a message so that only the desired recipient can
decode and read it. Encryption has been around since before the days of Caesar, and is an
entire field of study in itself. Only some of the more significant computer encryption schemes
will be covered here.

The steps in the procedure and some of the key terminology are as follows:

The sender first creates a message, m in plaintext.

The message is then entered into an encryption algorithm, E, along with the encryption key,
Ke.

The encryption algorithm generates the cipher text, c, = E(Ke)(m). For any key k, E(k) is an
algorithm for generating ciphertext from a message, and both E and E(k) should be efficiently
computable functions.

The ciphertext can then be sent over an unsecure network, where it may be received by
attackers.

The recipient enters the ciphertext into a decryption algorithm, D, along with the decryption
key, Kd.

The decryption algorithm re-generates the plaintext message, m, = D(Kd)(c). For any key k,
D(k) is an algorithm for generating a clear text message from a cipher text, and both D and
D(k) should be efficiently computable functions.

The algorithms described here must have this important property: Given a ciphertext c, a
computer can only compute a message m such that c = E(k)(m) if it possesses D(k).

Symmetric Encryption

With symmetric encryption, the same key is used for both encryption and decryption, and
must be safely guarded. There are a number of well-known symmetric encryption algorithms
that have been used for computer security:

The Data-Encryption Standard, DES, developed by the National Institute of Standards, NIST,
has been a standard civilian encryption standard for over 20 years. Messages are broken
down into 64-bit chunks, each of which are encrypted using a 56-bit key through a series of
substitutions and transformations. Some of the transformations are hidden ( black boxes ),
and are classified by the U.S. government.

DES is known as a block cipher, because it works on blocks of data at a time. Unfortunately,
this is vulnerability if the same key is used for an extended amount of data. Therefore an
enhancement is to not only encrypt each block, but also to XOR it with the previous block, in
a technique known as cipher-block chaining.

As modern computers become faster and faster, the security of DES has decreased, to where
it is now considered insecure because its keys can be exhaustively searched within a
reasonable amount of computer time. An enhancement called triple DES encrypts the data
three times using three separate keys ( actually two encryptions and one decryption ) for an
effective key length of 168 bits. Triple DES is in widespread use today.

The Advanced Encryption Standard, AES, developed by NIST in 2001 to replace DES uses
key lengths of 128, 192, or 256 bits, and encrypts in blocks of 128 bits using 10 to 14 rounds
of transformations on a matrix formed from the block.

The two fish algorithm uses variable key lengths up to 256 bits and works on 128-bit blocks.

RC5 can vary in key length, block size, and the number of transformations, and runs on a
wide variety of CPUs using only basic computations.
RC4 is a stream cipher, meaning it acts on a stream of data rather than blocks. The key is
used to seed a pseudo-random number generator, which generates a key stream of keys. RC4
is used in WEP, but has been found to be breakable in a reasonable amount of computer time.

User Authentication:
User authentication is the process of verifying a person’s identity before allowing access to a
system, application, or network. It requires the user to provide credentials, like username and
password, before allowing it access to sensitive data. Credentials are compared to a stored
database of authorized users. If the entry is correct, access is granted.

Around 33 billion account breaches are predicted to occur in 2023. Cyberattacks are
becoming increasingly sophisticated, causing devastating consequences: financial and
personal data loss, lost revenue, litigation, loss of reputation, and even business closure.
Users need protection on the Internet, and user authentication is one of the most important
cybersecurity bastions. It protects sensitive information and prevents unauthorized access to
systems and data. This article explains everything you need to know about user
authentication: what it is, why it is important, how it functions, and the types available.

What Is User Authentication?

User authentication is the process of verifying a person’s identity before allowing access to a
system, application, or network. It requires the user to provide credentials, like username and
password, before allowing it access to sensitive data. Credentials are compared to a stored
database of authorized users. If the entry is correct, access is granted.

The security policies determine the number of sign-in attempts allowed using user
authentication. Some policies may not impose limits, while others restrict users to three or
five tries. Once the maximum number of attempts has been reached, the user is either locked
out of their account or prompted to complete additional verification steps to prove their
identity before they can try signing in again.

There are various types of user authentication methods, including password-based, biometric-
based, and multi-factor authentication, each with strengths and weaknesses.

How Does User Authentication Work?

User authentication is typically achieved through passcodes, identification cards, or other

means of verification. It typically occurs the following way:

 The user enters the login credentials on the login page to verify their identity.

 The server decrypts the personalized information it has received and compares it to
the stored credentials in its database.

 If the information matches, the user is granted access. If not, the request is declined.

 Depending on the security settings, the user may be allowed to initiate another request
or be blocked from accessing the web application altogether.

Why Is User Authentication Important?

When the authentication process is not secure, cybercriminals can hack systems and misuse
all the available data. Once a data breach occurs, there is a huge loss for an organization in
terms of costs, damaged reputation, and reduced user trust. Several well-known and popular
websites have been victims of data breaches, pointing out what happens when organizations
cannot secure their websites.

Enterprises must invest in high-quality authentication tools to secure and protect their website
from potential breaches. User authentication is, therefore, a way to prevent your organization
from being the next one on the list of victims.

Here are some of the most prominent benefits of user authentication:

  Increases security. User authentication helps secure systems, applications, and
networks by identifying user identities and ensuring that only authorized users can
access sensitive data.

 Helps meet compliance regulations. Many industries, such as finance and healthcare,
must comply with data protection laws and regulations that mandate robust user
authentication methods to protect confidential information.

 Improves accountability. User authentication allows organizations to track and

monitor user activity, providing an audit trail that can be used to investigate
suspicious behavior or resolve disputes.

 Protects against identity theft. By requiring users to prove their identity before
accessing sensitive information, user authentication can help prevent identity theft.

 Enhances trust. By providing a secure and reliable way of accessing information, user
authentication enhances the trust between users and organizations and builds
confidence in the system's security.

Firewalling to protect Systems & Networks:

A firewall can be defined as a special type of network security device or a software

program that monitors and filters incoming and outgoing network traffic based on a
defined set of security rules. It acts as a barrier between internal private networks and
external sources (such as the public Internet).

The primary purpose of a firewall is to allow non-threatening traffic and prevent

malicious or unwanted data traffic for protecting the computer from viruses and
attacks. A firewall is a cybersecurity tool that filters network traffic and helps users
block malicious software from accessing the Internet in infected computers

Firewall: Hardware or Software

This is one of the most problematic questions whether a firewall is a hardware or

software. As stated above, a firewall can be a network security device or a software
program on a computer. This means that the firewall comes at both levels,
i.e., hardware and software, though it's best to have both.

Each format (a firewall implemented as hardware or software) has different

functionality but the same purpose. A hardware firewall is a physical device that
attaches between a computer network and a gateway. For example, a broadband
router. On the other hand, a software firewall is a simple program installed on a
computer that works through port numbers and other installed software.

Apart from that, there are cloud-based firewalls. They are commonly referred to as
FaaS (firewall as a service). A primary advantage of using cloud-based firewalls is that
they can be managed centrally. Like hardware firewalls, cloud-based firewalls are best
known for providing perimeter security.

Computer Security Classification:

Computer security refers to protecting and securing computers and their related data,
networks, software, hardware from unauthorized access, misuse, theft, information
loss, and other security issues. The Internet has made our lives easier and has
provided us with lots of advantages but it has also put our system’s security at risk of
being infected by a virus, of being hacked, information theft, damage to the system,
and much more.

1.Cyber Security: Cyber security means securing our computers, electronic devices,
networks , programs, systems from cyber attacks. Cyber attacks are those attacks
that happen when our system is connected to the Internet.
2. Information Security: Information security means protecting our system’s
information from theft, illegal use and piracy from unauthorized use. Information
security has mainly three objectives: confidentiality, integrity, and availability of
information.
3. Application Security: Application security means securing our applications and
data so that they don’t get hacked and also the databases of the applications remain
safe and private to the owner itself so that user’s data remains confidential.
4. Network Security: Network security means securing a network and protecting
the user’s information about who is connected through that network. Over the
network hackers steal, the packets of data through sniffing and spoofing attacks, man
in the middle attack, war driving, etc, and misuse the data for their benefits.

Types of cyber attack

1. Denial of service attack or DOS: A denial of service attack is a kind of cyber

attack in which the attackers disrupt the services of the particular network by
sending infinite requests and temporary or permanently making the network or
machine resources unavailable to the intended audience.
2. Backdoor: In a backdoor attack, malware, trojan horse or virus gets installed in
our system and start affecting it’s security along with the main file. Consider an
example: suppose you are installing free software from a certain website on the
Internet. Now, unknowingly, along with this software, a malicious file also gets
installed, and as soon as you execute the installed software that file’s malware gets
affected and starts affecting your computer security. This is known as a backdoor.
3.Eavesdropping: Eavesdropping refers to secretly listening to someone’s talk
without their permission or knowledge. Attackers try to steal, manipulate, modify,
hack information or systems by passively listening to network communication,
knowing passwords etc. A physical example would be, suppose if you are talking to
another person of your organization and if a third person listens to your private talks
then he/ she is said to eavesdrop on your conversation. Similarly, your conversation
on the internet maybe eavesdropped by attackers listening to your private
conversation by connecting to your network if it is insecure.
4. Phishing: Phishing is pronounced as “fishing” and working functioning is also
similar. While fishing, we catch fish by luring them with bait. Similarly, in phishing,
a user is tricked by the attacker who gains the trust of the user or acts as if he is a
genuine person and then steals the information by ditching. Not only attackers but
some certain websites that seem to be genuine, but actually they are fraud sites.
These sites trick the users and they end up giving their personal information such as
login details or bank details or card number etc. Phishing is of many types: Voice
phishing, text phishing etc.
5. Spoofing: Spoofing is the act of masquerading as a valid entity through
falsification of data(such as an IP address or username), in order to gain access to
information or resources that one is otherwise unauthorized to obtain. Spoofing is of
several types- email spoofing, IP address spoofing, MAC spoofing , biometric
spoofing etc.
6. Malware: Malware is made up of two terms: Malicious + Software = Malware.
Malware intrudes into the system and is designed to damage our computers.
Different types of malware are adware, spyware, ransomware, Trojan horse, etc.
7. Social engineering: Social engineering attack involves manipulating users
psychologically and extracting confidential or sensitive data from them by gaining
their trust. The attacker generally exploits the trust of people or users by relying on
their cognitive basis.
8. Polymorphic Attacks: Poly means “many” and morph means “form”,
polymorphic attacks are those in which attacker adopts multiple forms and changes
them so that they are not recognized easily. These kinds of attacks are difficult to
detect due to their changing forms.