Cyber Secuirty Unit-2
Cyber Secuirty Unit-2
What is a software?
“software is like a big collection of all sorts of computer programs, while an application is just one of
those programs, designed for a specific purpose’’.
What is an Application?
An application, commonly referred to as an "app," is a software program designed to perform a specific
task on a computer or mobile device.
Email (short for electronic mail) is a digital method by using it we exchange messages
between people over the internet or other computer networks
we can send and receive text-based messages, often an attachment such as documents, images,
or videos, from one person or organization to another.
Email security
Email security can be defined as the use of various techniques to secure sensitive
information in email communication and accounts against unauthorized access, loss, or
compromise.
1. Phishing:.
Phishing got its name from “phish” meaning fish; Phishing is when someone creates a fake website or
sends fake emails that look real, like they're from a bank or a company you trust. They do this to trick you
into giving them your personal information
The main motive of the attacker behind phishing is to gain confidential information like
Password
Credit card details
Social security numbers
Date of birth
Example- The original logo of the email is used to make the user believe that it is indeed the original email.
But if we carefully look into the details, we will find that the URL or web address is not authentic.
2. Malware Attachments:
Malware attachments are like sneaky viruses hiding in emails or downloads. They're files that seem
harmless, like documents or photos, but when you open them, they infect your device.
For example, you might get an email with a file attached that looks like an invoice or a job offer. But
if you open it, it could secretly install malware on your computer, stealing your data or causing
damage
3. Spoofing:
Faking the sender's email address to make it look like the email is from someone
trustworthy, aiming to deceive you. Example: You receive an email that appears to be from a
friend, but upon closer inspection, you notice that the sender's email address has been
spoofed to look like your friend's address. The email asks for personal information or money.
4. Ransomworm:
Definition: A ransomworm is a type of malware that spreads across computer networks by
exploiting vulnerabilities and encrypts files on infected computers. It then demands a
ransom payment in exchange for decrypting the files.
Simple Explanation: Ransomworm is a type of malware that sneaks into computers, locks up
files, and demands money to unlock them.
Example: Imagine you click on an email attachment that looks innocent, but it secretly
installs a virus on your computer. This virus encrypts all your files, making them unreadable,
and then demands you pay money to get the decryption key.
6. Email Bombing:
Definition: Email bombing is a form of cyber attack where a victim's email inbox is flooded
with a large volume of emails, overwhelming the email server and disrupting normal
communication.
Example: An attacker send thousands of emails to a victim's email address within a short
period of time, causing their inbox to become overloaded and rendering it unusable for
legitimate communication.
7. Whaling:
Definition: Whaling is a type of phishing attack that specifically targets high-profile
individuals within an organization, such as executives or senior management, with the goal
of stealing sensitive information or financial resources.
Simple Explanation: Whaling is a sneaky trick where scammers go after the big fish, like
CEOs or important people in a company, to steal valuable information.
Example: An attacker might send a personalized email to the CEO of a company, posing as a
trusted colleague or business partner, and requesting urgent access to confidential company
data or financial transactions. If the CEO falls for the scam and provides the requested
information, the attacker gains unauthorized access to sensitive resources.
8. Spam
Spam (also known as junk mail) is an unsolicited email. In most cases, spam is a method of
advertising. However, spam can send harmful links, malware, or deceptive content. The end goal is
to obtain sensitive information such as a social security number or bank account information.
9. Scareware
Scareware persuades the user to take a specific action based on fear.. These windows convey forged
messages stating that the system is at risk or needs the execution of a specific program to return to
normal operation.
In reality, no problems exist, and if the user agrees and allows the mentioned program to execute,
malware infects his or her system.
Simple Explanation: Scareware is like a fake warning that tries to scare you into doing something,
like buying useless software or giving away personal information.
10. Adware
Adware typically displays annoying pop-ups to generate revenue for its authors.
It can then send pop-up advertising relevant to those sites. Some versions of software
automatically install Adware.
Simple Explanation: Adware is like a persistent salesman that bombards you with annoying ads, often
without your permission.
Create strong, unique passwords for your email accounts and consider enabling multi-factor
authentication (MFA) for extra security.
4. Watch Out for Phishing:
Be wary of emails asking for personal information or urgent actions, especially if they seem
unexpected or too good to be true.
5. Enable Spam Filters:
Use email spam filters provided by your email service or install reputable anti-spam software
to filter out malicious emails.
6. Update Software Regularly:
Keep your email software, operating system, and antivirus programs up to date to patch
security vulnerabilities.
7. Educate Yourself:
Learn about common email scams and tactics used by attackers to trick you into revealing
sensitive information.
8. Report Suspicious Emails:
If you receive a suspicious email, report it to your email provider or IT department to help
protect others from similar attacks.
9. Encrypt Sensitive Emails:
Use encrypted email protocols or services when sending sensitive information to ensure it
stays private.
10. Trust Your Instincts:
If an email seems fishy or too good to be true, it probably is. When in doubt, don't click, and
verify the email's legitimacy through other means.
Threats to Database
1. Insider Threats:
Simple Explanation: Insider threats come from people within the organization who have access to the
database, whether intentionally or unintentionally.
Example: An employee who has access to sensitive customer data downloads it onto a USB drive and sells it
to a competitor. This is a case of a malicious insider threat.
2. Human Error:
Simple Explanation: Human error refers to mistakes made by people, such as using weak passwords or
accidentally deleting important data.
Example: A database administrator accidentally deletes a crucial database table while performing routine
maintenance, leading to data loss and potential disruptions to business operations.
Example: A hacker discovers a vulnerability in a popular database management system and exploits it to
gain access to sensitive customer information stored in the database.
Simple Explanation: Attackers inject malicious code into database queries, typically through web
application forms, to manipulate or extract data.
Example: A hacker enters SQL code into a website's login form to bypass authentication and gain access to
the database, allowing them to steal usernames and passwords.
DoS DDoS
DoS (Denial of Service) Attack: This is when a DDoS (Distributed Denial of Service) Attack:
single attacker uses one computer to flood a This is when multiple attackers or a network
server or network with excessive traffic, of compromised computers flood a server or
making it unavailable to legitimate users. network with traffic, making it even more
challenging to mitigate due to the
distributed nature of the attack.
DoS: Can be easier to mitigate because the DDoS: Harder to defend against due to the
attack comes from a single source. distributed nature, making it challenging to
block the traffic without affecting legitimate
users.
Example- Imagine you have a single person Example- Now, imagine instead of one
calling a pizza restaurant repeatedly. They person, there is an organized group of
call so often that the phone line is always thousands of people from all over the world
busy, and legitimate customers can’t place who continuously call the pizza restaurant
their orders. This single caller represents a simultaneously. The phone lines are not just
DoS attack. The restaurant's phone line busy; they are completely overwhelmed, and
(server) is overwhelmed by one person no legitimate customers can get through at
(attacker). all. This represents a DDoS attack. The
restaurant's phone lines (server) are
overwhelmed by a large number of people
(botnet) attacking simultaneously.
Key Points:
Direct Interaction: The attacker actively interacts with the target system or network.
Modification or Disruption: The goal is to change or disrupt how the system or network works.
Threats to Integrity and Availability: Such attacks can damage the accuracy of data (integrity) and
make the system or network unavailable to users (availability).
Significant Damage: The consequences can include major harm and financial losses for the targeted
organization.
2. Repudiation
Repudiation refers to the ability to deny the authenticity of a transaction or communication.
Non-repudiation ensures that a party in a communication cannot deny the authenticity of their
signature on a document or the sending of a message they originated.
Example: A person makes an online purchase and then falsely claims they did not authorize the
transaction to avoid paying for the goods.
Passive Attack
Definition: A passive attack is a cyber attack in which a hacker attacks a system and copies or reads the
contents of the message or the information available but does not modify the information.
No Alteration: The attacker does not change or disrupt the data or system operations.
Goal: The main aim is to access sensitive or confidential information without being detected.
Modification of information occurs Modifying the information does not happen during a
during an active attack. passive attack.
Active attack poses a threat to integrity Confidentiality is at risk from passive attacks.
and availability.
During an active attack, the focus is on During a passive attack, the focus is on avoiding harm.
detection.
System resources can be modified System resources do not alter when in the passive
during an active attack. attack.
1) Backup:
Regular backups should be performed to ensure that data can be recovered in the event of
loss, corruption, or cyber attacks.
Utilize encryption for backup data to protect it from unauthorized access during
transmission and storage.
Implement a backup strategy that includes both onsite and offsite backups to mitigate risks
such as natural disasters or physical theft.
Test Your Backups: Check your backups regularly to make sure they actually work and you
can restore your data if needed.
Automate if Possible: Set up your backups to happen automatically so you don't forget to do.
Example- A small business implements a backup strategy for its customer database, financial
records, and employee information. They schedule daily backups of these critical data to an
onsite server and replicate these backups to a cloud storage provider.
2. Archive Storage:
Differentiate between backup and archive data. Backup data is typically more recent and
actively used, while archive data is older and less frequently accessed but still important for
compliance or historical purposes.
Old but Important: Archive storage is for old data that you still need but don't use very often.
Secure Your Archives: Keep archive data safe with strong security measures like encryption
and limited access.
Keep Track: Keep a record of what you've archived and where it's stored so you can find it if
you need it later.
3. Disposal of Data:
Get Rid of Unneeded Data: Delete data you don't need anymore to reduce the risk of it being stolen
or causing problems.
Delete Securely: Make sure to delete data securely so it can't be recovered by anyone else.
Destroy Physical Copies: If data is on physical things like hard drives or papers, destroy them
properly so nobody can get the information.
For example: A financial institution regularly upgrades its IT infrastructure and needs to dispose of
decommissioned hardware, including hard drives containing sensitive customer information.
What is a Firewall?
A firewall can be defined as a special type of network security device or a software program that
monitors and filters incoming and outgoing network traffic based on a defined set of security rules.
It acts as a barrier between internal private networks and external sources (such as the public
Internet).
The primary purpose of a firewall is to allow non-threatening traffic and prevent malicious or unwanted
data traffic for protecting the computer from viruses and attacks.
Firewall working
A firewall operates like a security checkpoint, monitoring and filtering incoming and outgoing traffic based
on a set of rules. Here's a simplified breakdown of its process:
* Packet Inspection: The firewall examines each data packet traveling across the network. This packet
contains information like sender, receiver, and the type of data being transferred.
* Rule Matching: The firewall compares the packet against its predefined security rules. These rules
specify which traffic is allowed and which is blocked.
* Action Taken: Based on the rule match, the firewall takes action. It might allow the traffic to pass
through, reject it, or drop it silently.
Types of Firewall
Difference
Stateful Firewalls
Track the state of active connections and make decisions based on the context of the traffic.
These firewalls remember and track the details of ongoing connections.
Stateless Firewalls
Make decisions based on individual packets without considering the state of connections.
These firewalls check each data packet individually without remembering past interactions.
3) Application Layer Firewalls
Examines data at the application layer (e.g., HTTP requests) and blocks harmful applications.
Example: Blocks a suspicious website trying to access your network.
4) Circuit-Level Gateways
Function: Provides security for TCP and UDP connections by working at the session layer.
Example: Ensures a secure session between a client and a server, like when accessing a secure
website.
Firewall Anti-Virus
Purpose: Acts like a security guard at the entrance Purpose: Acts like a doctor for your computer.
of your network.
Function: Blocks or allows data traffic based on set Function: Scans and removes viruses and other
rules. malicious software.
Focus: Protects your network from unauthorized Focus: Protects individual devices from malware
access and harmful traffic. infections.
Examples of Use: Preventing hackers from entering Examples of Use: Detecting and removing viruses,
your network, blocking unwanted connections. spyware, and ransomware on your computer.
2. Prevention of Malware and Other Threats: Firewalls can identify and block traffic associated with
known malware and other security threats, helping to protect your network from attacks.
3. Control of Network Access: Firewalls allow you to restrict access to specific servers or applications
to authorized individuals or groups, ensuring that only the right people can use certain network
resources.
4. Monitoring of Network Activity: Firewalls can track and log all network activity, making it easier to
spot unusual or suspicious behavior.
5. Regulation Compliance: Many industries require the use of firewalls to meet legal or regulatory
standards, ensuring your network security practices comply with necessary rules.
Summary
Firewall: Guards the network's entrance, controlling what comes in and goes out.
Antivirus: Protects the inside of a device, scanning for and removing harmful software.
The advantages of using a VPN include:
Enhanced Security: VPNs encrypt your internet connection, making it difficult for hackers or
unauthorized parties to intercept your data.
Privacy Protection: By masking your IP address and encrypting your internet traffic, VPNs help
maintain your online privacy and anonymity.
Access to Restricted Content: VPNs allow you to bypass geographical restrictions and access
content or services that may be blocked in your location.
Secure Remote Access: VPNs enable secure remote access to corporate networks, allowing
employees to work from home or while traveling without compromising security.
Safe Public Wi-Fi Usage: When connected to public Wi-Fi networks, VPNs ensure that your data
remains protected from potential threats and cyber attacks.
VPN stands for Virtual Private Network. It allows you to connect your computer to a private network,
creating an encrypted connection that masks your IP address to securely share data and surf the web,
protecting your identity online.
Advantages
Unlimited Streaming:
VPNs help unlock streaming services so you can watch your favorite shows and sports games from
anywhere.
VPNs add security and convenience to gaming, protecting you from competitors trying to disrupt
your gameplay and improving your connection for smoother gaming sessions.
They also let you access exclusive games not available in your region.
Anonymous Torrenting:
VPNs hide your IP address, keeping your identity private while downloading copyrighted content
through torrents.
VPNs prevent your Internet Service Provider (ISP) from slowing down your connection by keeping
your online activities anonymous, leading to faster download speeds, especially for large files.
VPNs encrypt your internet connection, protecting your data from hackers and eavesdroppers when
using public Wi-Fi networks like those in coffee shops or airports.
Intrusion Detection System (IDS)
An Intrusion Detection System (IDS) is like a security guard for your computer network.
It watches over the network traffic and looks for any suspicious or harmful activities.
When it detects something fishy, it immediately alerts the system administrator. Essentially, it's software that
keeps an eye on your network to protect it from unauthorized access and potential attacks by identifying and
flagging any unusual behavior or violations of security policies.
Advantages
1. Detects Malicious Activity:
IDS can catch suspicious activities on your network and alert administrators before they cause harm.
By identifying issues, IDS helps optimize network performance, ensuring smoother operations.
IDS aids in meeting regulatory standards by monitoring network activity and generating compliance
reports.
4. Provides Insights:
IDS offers valuable insights into network traffic, helping identify weaknesses and enhance overall
security.