Cyber Security
Secure Sockets Layer (SSL) is a technology creating encrypted connections between a web server and a web browser. It is used to protect the information in online transactions and digital payments to maintain data privacy. The SSL/TLS protocol runs on Port 443 and it is applied to the web server in the form of an SSL/TLS certificate. Secure Sockets Layer (SSL) is a security protocol which permits encrypted connections over the Internet. It is used for preserving the Confidentiality of data and protecting information within online transactions. The steps involved in creating an SSL connection are as follows: A browser attempts to connect to the SSL-protected web server. The browser transmits a copy of the SSL certificate into the browser. The browser verifies whether the SSL certificate can be trusted or not. If it is trusted, then the browser will send a message to the web server asking for the creation of an encrypted connection. The web server sends an acknowledgment of receipt to initiate an encrypted SSL connection.The SSL encrypted communication happens between the web server and browser. |
| SSL verifies the senderʼs identity, but it does not provide security once the data is transferred to the server. It is good to use server-side encryption and hashing to protect the server against a data breach. |
Secure Sockets Layer (SSL) is a secure technology which enables two or more parties to communicate in a secure manner on the Internet. To assure security, it operates on HTTP. It functions in the Presentation layer. The SSL/TLS protocol runs on Port 443 and it is applied to the web server in the form of an SSL/TLS certificate. HTTPS stands for Hypertext Transfer Protocol Secure. It is a combination of HTTP and SSL, which utilizes encryption to build a more secure browsing experience. The functioning of HTTPS involves the four upper layers of the OSI model – the transportation layer, session layer, presentation layer, and application layer. When it comes to security, SSL is more secure than HTTPS. |
| The main difference between these two is that SSL verifies the identity of the sender. SSL helps you to track the person you are communicating to. TLS offers a secure channel between two clients. |
Secure Socket Shell or Secure Shell (SSH) is a utility suite or network protocol that provides system administrators secure way to access data on a network. It is employed to ensure remote logins from one computer to another, i.e. for working remotely. – SSH Protocol runs on Port 22 and is used for executing commands remotely by interacting iwth another system’s operating shell. – It is a cryptographic network protocal for operating network services securely over an unsecured network. – It provides password or public-key authentication and encrypts connections between two network endpoints. It is a secure alternative to legacy login protocols (e.g. telnet, rlogin) and insecure file transfer methods such as FTP. |
| SQL injection attack is a type of cyberattack where a hacker will manipulate the data that is sent to the server to run malicious SQL code to monitor the database server of a web application, modifying, accessing, and deleting the authorized data. SQL injection attack is primarily used to take control of the database servers. We can avoid SQL injection attacks by using 1) Prepared Statements 2) Stored Procedures 3) Validating User Input. |
| Salting involves the addition of extra values to expand the password length and alter its hash value. It is responsible for protecting the password. It adds complexity to the password and prevents hackers from guessing simple passwords easily. |
| Steam cipher is a method of encryption in which plain digits are combined with the pseudo-random stream to generate ciphertext one bit at a time. It operates on small plaintext units. It requires less code. It is used only once. It is used for hardware implementation and it is used within the Secure Sockets Layer (SSL). A Block cipher is a method of encryption where a cryptographic key and algorithm are implemented to a block of data, like a group, in order to generate the ciphertext. It works on large data blocks. It is used to encrypt files and databases. It requires more code. Reuse of key is possible. It is used for file and database encryption. It is used to implement software. |
| Address Resolution Protocol (ARP) is a protocol used for finding MAC address associated with IPv4 address. This protocol work as an interface between the OSI network and OSI Data link layer. Address Resolution Protocol (ARP) is a protocol used to map an IP address to a recognized physical machine address on the LAN. When the incoming packet sent to a host machine on a given local network reaches a gateway, the gateway instructs the ARP program to locate a MAC address or a physical host which matches the IP address. The ARP program searches the ARP cache and, if the address is found, gives it so that the packet will be converted to the appropriate format and length and sent to the machine. If no IP address input is found, ARP will release a special format request packet to every machine on the LAN to identify whether a machine knows it has that associated IP address. |
| Limiting users’ access to a set of services in the Local Area Network is known as port blocking. Halting the source so that the destination node cannot be accessed through the ports. Since the app runs on ports, ports are therefore blocked to limit access filling security gaps in the network infrastructure. |
| Cross-site Request Forgery (CSRF) is an attack in which an attacker deceives a victim to act in his or her name. The following steps can be taken to prevent CSRF attacks: 1) Use of the latest antivirus program to block malicious scripts. 2) When you authenticate on your bank site or carry out financial transactions on another website, don’t navigate to other sites or don’t open emails, which makes you run malicious scripts while authenticating to a financial site. 3) Do not save your login or password in your browsers for financial transactions. 4) Turn off the script in your browsers. |
| – Itʼs a number of internet-connected devices like servers, mobile devices, IoT devices, and PCs that are infected and controlled by malware. – A Robot Network (botnet) is a malicious program that infects computer networks and puts them under the control of only one attacker, referred to as bot herder. A bot is a single machine which is controlled by bot herders. The attacker acts like a central party that can command each bot to carry out coordinated and criminal actions. The botnet is a massive attack as a bot herder will be able to control millions of bots parallelly. Every botnet can be updated by the attacker to change how they behave quickly. |
| If two users have the same password, it results in the same password hashes being created. In this situation, an attacker can easily decode the password by running a dictionary or a brute force attack. In order to prevent this, a salted hash is used. It is used to Randomize hashes by adding a random string to the password prior to hashing. As a result, two different hashes are created, which may be used to protect users’ passwords available in the database from the attacker. Salting is that process to extend the length of passwords by using special characters. To use salting, it is very important to know the entire mechanism of salting. The use of salting is to safeguard passwords. It also prevents attackers testing known words across the system. For example, Hash(“QxLUF1bgIAdeQX”) is added to each and every password to protect your password. It is called a salt. |
| Cognitive cyber-security is a means of using human-like thinking mechanisms and turning them into artificial intelligence technologies to identify security threats. The aim is to transfer human knowledge to the cognitive system that can serve as a self-learning system. It enables us to identify threats, assess their impact, and implement reactive strategies. |
| Cross-Site Scripting (XSS) is also called a client-side injection attack. Its purpose is to run malicious scripts on the web browser of a victim by malicious code injection. Cross-Site Scripting may not be possible using the following practices: 1) Encryption of special characters. 2) With the help of XSS HTML Filter 3) Validation of user inputs. 4) With the help of Anti-XSS services or tools |
| Diffie Hellman is a key exchange protocol in which two parties share a common key that can be used for encrypting/decrypting messages among themselves. RSA is asymmetric encryption in which there are two different keys. The public key will be shared with everyone and decrypted with a different one, which is kept private. Dixie-Hellman is a protocol used while exchanging key between two parties while RSA is an algorithm that works on the basis two keys called private and public key. |
| Benefits of cyber security are as follows: – It protects the business against ransomware, malware, social engineering, and phishing. – It protects end-users. – It gives good protection for both data as well as networks. – Increase recovery time ayer a breach. – Cybersecurity prevents unauthorized users. |
| Data leakage is an unauthorized transfer of data to the outside world. Data leakage occurs via email, optical media, laptops, and USB keys. |
| Two Factor Authentication (2FA) is a security process to identify the person who is accessing an online account. The user is granted access only after presenting evidence to the authentication device |
| Network sniffing is the use of a Network Sniffing Tool to analyzing data packets sent over a network. This can be done by the specialized software program or hardware equipment. Sniffing can be used to: – Capture sensitive data such as password. – Eavesdrop on chat messages – Monitor data package over a network |
Black box testing: It is a software testing method in which the internal structure or program code is hidden. White box testing: A software testing method in which internal structure or program is known by tester. |
| Vulnerabilities refer to the weak point in software code which can be exploited by a threat actor. They are most commonly found in an application like SaaS (Software as a service) software. |
| Data exfiltration refers to the unauthorized transfer of data from a computer system. This transmission may be manual and carried out by anyone having physical access to a computer. Data exfiltration, a.k.a data extrusion, data exportation, or data theft. All of these terms are used to describe the unauthorized transfer of data from a computer or other device. |
| An exploit is a method utilized by hackers to access data in an unauthorized way. It is incorporated into malware. |
| It is the process of checking exploitable vulnerabilities on the target. In web security, it is used to augment the web application firewall. |
| In order to authenticate users, they have to provide their identity. The ID and Key can be used to confirm the userʼs identity. This is an ideal way how the system should authorize the user. |
Cross-site scripting refers to a network security vulnerability in which malicious scripts are injected into websites. This attack occurs when attackers allow an untrusted source to inject code into a web application. Cross-site scripting is a security vulnerability usually found in websites and/or web applications that accept user input. Examples of these include search engines, login forms, message boards and comment boxes. Cross-site scripting are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. |
Internet Group Management Protocol or IGMP is a communication protocol that is used in game or video streaming. It facilitates routers and other communication devices to send packets. This is a transport layer protocol. Since this protocol lacks a port number, many people consider it to be a the network layer |
| Use cipher algorithm to protect email, credit card information, and corporate data. |
| Public Wi-Fi has many security issues. Wi-Fi attacks include karma attack, snixing, war-driving, brute force attack, etc. Threat actors may be able to exploit public Wi-Fi to intercept and obtain data that is passed through a network device like emails, browsing history, passwords, and credit card data. |
Remote Desktop Protocol (RDP) is developed by Microsoft, which provides GUI to connect two devices over a network. The user uses RDP client software to serve this purpose while other device must run RDP server software. This protocol is specifically designed for remote management and to access virtual PCs, applications, and terminal server. |
Forward Secrecy (FS) or Perfect Forward Secrecy (PFS) is a security measure that ensures the integrity of unique session key in event that long term key is compromised. In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised. For HTTPS, the long-term secret is typically the private key of the server. Forward secrecy protects past sessions against future compromises of keys or passwords. By generating a unique session key for every session a user initiates, the compromise of a single session key will not affect any data other than that exchanged in the specific session protected by that particular key. This by itself is not sufficient for forward secrecy which additionally requires that a long-term secret compromise does not affect the security of past session keys. |
Initial Vector (IV) or Initialization Vector (IV) is an arbitrary number that is used to ensures that identical text encrypted to different ciphertexts Encryption program uses this number only once per session. An Initialization Vector (IV) is a random number used in combination with a secret key as a means to encrypt data. This number is sometimes referred to as a nonce, or “number occuring once,” as an encryption program uses it only once per session. |
| – Electronic Codebook (ECB) – Cipher Block Chaining (CBC). |
Buffer overflow attack is an attack that takes advantage of a process that attempts to write more data to a fixed-length memory block. Buffers are memory storage regions that temporarily hold data while it is being transferred from one location to another. A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations. Attackers exploit buffer overflow issues by overwriting the memory of an application. This changes the execution path of the program, triggering a response that damages files or exposes private information. For example, an attacker may introduce extra code, sending new instructions to the application to gain access to IT systems. If attackers know the memory layout of a program, they can intentionally feed input that the buffer cannot store, and overwrite areas that hold executable code, replacing it with their own code. For example, an attacker can overwrite a pointer (an object that points to another area in memory) and point it to an exploit payload, to gain control over the program. Examples: |
| Malicious software that is designed enter your computer and enable one user to obtain covert information about another’s computer activities by transmitting data covertly from their hard drive. |
| This is a mechanism of assigning a user account to an unknown user. |
| – Security Reference Monitor (SRM) provides routines for computer drivers to grant access rights to object. – Security Reference Monitor is a component of the Microsoft Windows NT executive running in kernel mode that acts like a security watchdog, enforcing security when applications try to access system resources. – The Security Reference Monitor decides whether a given process should be granted access rights to an object. It does this by comparing the access token attached to the process to the discretionary access control list (DACL) attached to the object that the process is trying to access. |
| – A virus is a malicious soyware that is executed without the userʼs consent. Viruses can consume computer resources, such as CPU time and memory. Sometimes, the virus makes changes in other computer programs and insert its own code to harm the computer system. A computer virus may be used to: *Access private data like user id and passwords *Display annoying messages to the user *Corrupt data in your computer *Log the userʼs keystrokes |
Authenticode is a technology that identifies the publisher of Authenticode sign software. It allows users to ensure that the software is genuine and not contain any malicious program. Authenticode is a Microsoft code-signing technology that identifies the publisher of Authenticode-signed software. Authenticode also verifies that the software has not been tampered with since it was signed and published. Authenticode uses cryptographic techniques to verify publisher identity and code integrity. |
CryptoAPI is a collection of encryption APIs which allows developers to create a project on a secure network. CryptoAPI is a core component of the latest versions of Microsoft Windows that provides application programming interfaces (APIs) for cryptographic security services that provide secure channels and code signing for communication between applications. |
|
| Microsoft Baseline Security Analyzer (MBSA) is a graphical and command-line interface that provides a method to find missing security updates and misconfigurations. |
| Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers but without malicious intent. Instead it involves having the intent to fx the vulnerabilities found and improve the overall security of the network, computer system, application or data. |
| – IP Address is the acronym for Internet Protocol address. An internet protocol address is used to uniquely identify a computer or device such as printers, storage disks on a computer network. – MAC Address is the acronym for Media Access Control address. MAC addresses are used to uniquely identify network interfaces for communication at the physical layer of the network. |
A Worm is a type of malware which replicates from one computer to another. A computer worm is malware that reproduces itself and spreads over network connections, relying on security failures on the target computer to access it. E.g. Internet worms, email worms, file sharing worms, instant messaging worms |