Vulnerability control is a key mechanism in cybersecurity best practices. There are some standard strategies that are followed to protect such vulnerabilities: first, to secure the network, second to secure the host, and third, to secure the web application. It is not possible to plan and erect a secure web application until the designer knows of the possible attacks in the application.
What are the types of Computer Security?
There are different types of security available. They include network, database and web-based securities. Network security involves the requirements and policies accepted by a network person to monitor, prevent the misuse of this critical resource, and control the access to data in a network. It secures the network as well as oversees the activities that are being performed using the network.
Database security includes all the control measures to protect the databases, and the complete database systems against threats, in order to safeguard the confidentiality and integrity of data. This also includes the broader perspective of data security and risk management. Some of the controls are physical control, procedural control and technical control.
Web security works on the principles of application security but applies them specifically to the Internet and Web systems. Web security is also known as “Cybersecurity” and it involves protecting the information by detecting and preventing attacks.
What is Cybersecurity?
Cybersecurity is the practice of protecting Systems (Laptop, Desktop, Mobile, Tablet, any Electronic based gadgets connected with Internet), Networks and Programs from digital attacks. Cybersecurity is also called Information Technology Security.
These Cyber attacks target user’s credential data (Passwords, SSN, Bank Account Number, Pin, CVV etc), changing or destroying sensitive information, extorting money from people and destroying their business process.
Cybersecurity is a challenging measure today, because devices are more compared to the number of people. At the same time, attackers are getting more Innovative.
Cybersecurity is more important because families, medical organizations, Educational Institutions, Corporate, Military, and Governments manage, collect, process and store an unprecedented amount of data on computers and other electronic devices. Every Individual and organization transmits huge amounts of data through the networks. Hence, some disciplined security measures are needed.
Ultimately, for anyone who has the Internet at home/organization, security measures are very important. For example, in a home with a wireless connection, almost everyone from the family gets the Internet through PCs, PDAs, Mobiles, Laptops and tablets.
With the Internet of Things, there is an extent of different components in the home that accesses the Wi-Fi. A little weakness in the home Wi-Fi organization can give a criminal admittance to practically all the gadgets that access that Wi-Fi. This could mean something bad for child safety, SSN, credit card details, bank accounts and a ton of different concerns.
It is safe to say that the Internet is for everybody and doesn’t restrict itself to the technically knowledgeable. Unfortunately, when not protected, the Internet can be a play area for detestable activities brought about by people with malicious goals.
What are the Types of Cyber Attackers?
Cyber attackers / Cyber Criminals are individuals or groups of people who use different techniques to commit malicious activities on digital devices or networks with the aim of stealing confidential organizational information or personal data to generate profit.
There are different types of Cyber attackers available.
Not all hackers are intentionally bad. Hackers can be anyone who utilizes the knowledge of hardware as well as software to break up the security measures on a Computer device. Hacking itself isn’t a criminal behavior except if the programmer is compromising a framework without the proprietor’s consent. Numerous organizations and government offices really employ hackers to secure their systems.
- White hat Hackers
- Gray hat Hackers
- Black hat Hackers
White hat Hackers
White hat hackers are security experts and researchers who use their expertise in security and protect people, organizations, the military, Government and systems.
These types of hackers are always alert and cautious on the criminals. Some of the many roles the white hat hackers can play include,
(i) Developing and testing security patches.
(ii) Monitoring the traffic which comes in and out, to find out any sign of hacking.
(iii) Continuously exposing the vulnerabilities, that help out finding the attacks which go out of control.
Gray hat hackers
Gray hat hackers are also spelled Grey hat hackers. Gray hat hackers combine the good and bad. These hackers act as the middle ground between the black hat hackers and the white hat hackers. They do exploit networks and computer systems in the way that black hats do, but do so without any malicious intent, revealing the loopholes to the Intelligence.
Black hat Hackers
Black hat hackers usually have much knowledge about breaking up the security of the systems. They are the malware writers who inject and destroy the systems. These hackers work as individuals or in teams. Their main targets are financial gain and destroying the process. To achieve that, they steal financial data, personal data and login credentials. So, black hat hackers not only steal the data but also seek to modify or destroy the data
What are the Advantages and Disadvantages of Internet Connection at Home?
Computers and the Internet are available in almost all houses nowadays. But the Internet has its own advantages and disadvantages.
Its major advantages are,
(i) Source of variety of Information
Nowadays, students of Schools and Colleges depend on the Internet thoroughly to prepare their assignments and to upgrade their knowledge. Up-to-date information is available on the Internet. It has become the source of all kinds of Information as well. A huge volume of technical as well as nontechnical information can be seen in one place. For the News lovers, who like to read news in different languages on sports, weather, politics or any other topic, the Internet gives instant information.
(ii) Source of Entertainment / Relaxation
Chatting, Music, Movies, TV Show, Online games, Surfing have become the common entertainment these days. Online Movies, TV Shows, free of cost games, chatting room for discussion are easily accessible on the Internet.
(iii) Online Shopping
Today, virtual shops have grown like mushrooms all over. You can do online shopping just by downloading an App from the Internet. A survey records that women seemed to make more purchase online compared to men. Purchase of groceries, medicines, electronic devices, etc. can be done online, without the hustle and buzzle of the market places.
(iv) Online Banking
One can log into his/her online accounts to pay bills, transfer funds, or just to check his/her balance. But for the online banking facility, you would have to go to your local bank and wait in queues to have your transactions completed. But in online banking, all your transactions can be completed just by remotely logging into your account on your computer. You can do this at any time no matter day or night. But, with physical banking, you need to adhere to the set timings.
The major Disadvantages of having the Internet are,
(i) Online Frauds
Online fraud is a type of Cybercrime fraud. It may steal your personal data including, user name, password, SSN, credit card number etc. This results in identity theft and financial loss. Viruses can also spread by infecting computers and replicating information.
(ii) Not so safe for children
Children who use the Internet are prone to becoming addicted to it, which may be very dangerous for their life and health. Pornography, unethical and unhealthy communities that are available on the Internet can easily attract kids. Hence, it makes parents worry much, when children spend a lot of time on the Internet. But, dear parents, you can be relieved! There are different parenting control software tools available to bypass all these things.
(iii) Privacy Vulnerability
Hackers try to access our chat, and Email messages to reframe and forward them to the receiver. So, our private communication might be in jeopardy.
(iv) Online Threatening and Harassment
If anyone hacked the personal ID or Email address of someone, then it becomes easier for them to harass that person in chats, Email and Online messages.
Very often, our systems face virus issues which lead to the damage of important data. Once our data is caught by these malwares, the damaged data can’t be easily recovered. Alas, our systems go out of control.
Common Cyber Attacks
Denial of Service (DoS) Attack
A denial-of-service attack (DoS attack) can be defined as an attack on the Server or Network to make it unavailable to its intended users, by blocking or crippling the resources. The attack generally aims to indefinitely interrupt or suspend the services of the host, thereby denying access to that resource for the genuine users.
This attack can take place even in the absence of the software vulnerabilities of a system. It is really challenging to avoid or prevent such attacks since it is extremely hard to precisely differentiate the requests of genuine users from those of the attackers.
Thus, solutions that rely on detecting and filtering the attacker’s requests have limited effectiveness. There are a variety of other technical and non-technical tests that need to be understood well, in order to design solutions that fundamentally address the problem.
Buffer overflow is caused by a program, which overruns the buffer’s boundary and overwrites the adjacent memory, while entering data into a buffer memory. This situation is triggered by malicious inputs that are designed specifically to alter the normal program’s behavior, or to execute a specific code to cause buffer malfunction including memory access errors, system crash, and breach of system security.
Man in the Middle Attack
In the Man in the middle attack, there are three players available. One side is the sender and the other side is the receiver and there is a hacker, who sits in between the sender and the receiver. But nobody knows that there is a hacker available in between.
Cybercriminals typically run a man-in-the-middle attack in two phases: Interception and Decryption.
With a traditional Man in the Middle attack, the cybercriminal needs to gain access to an unsecured or poorly secured Wi-Fi router. These types of connections are generally found in public areas with free Wi-Fi hotspots, and even in some homes, which are without any protection. Attackers can scan the router looking for specific vulnerabilities such as a weak password.
Once attackers find a vulnerable router, they can deploy tools to intercept and read the victim’s transmitted data. The attacker can then insert their tools between the victim’s computer and the websites the user visits to capture login credentials, banking information, and other personal information.
A successful man-in-the-middle attack does not stop at interception. The victim’s encrypted data must then be unencrypted, so that the attacker can read and act upon it.
Zero – Day Attack
Zero-Day attack is attacking the hardware or software. It creates complex problems before spotting the vulnerability. Before fixing the vulnerability, the attackers damage the system. Why is this called Zero-Day? There is no time gap between the time it is detected and the first attack.
Credential Reuse Attack
Almost all the user accounts ask to register UserID and Password. Human tendency is to give the same ID and Password of other accounts. Many people think if they use the same ID and Password, it will be helpful to remember easily.
But, there is a big “NO” for that. If cybercriminals steal the password of one account, then they can try that password to all your accounts. Then all your credentials such as bank account number, credit card number, etc. can be stolen. If they got your account details, it may result in financial loss.
Hence, don’t use the Same ID and password for all your user accounts.
Password attacks are a serious issue in the Cyberworld. If hackers hack your password, all your personal and confidential data will be stolen. They can even sniff into the network and gain access to the unencrypted passwords.
Cybercriminals use two approaches to hack passwords.
(i) Bruteforce Attack
Bruteforce attack means the attacker constantly tries different combinations of passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks the different possibilities of passwords and expects that their trial to work.
(ii) Dictionary Attack
Dictionary attack is a method of breaking into a password protected system by systematically trying every word in a dictionary as a password.
Dictionary attacks work for the computer users and business who use words and phrases to set passwords. It does not work for those who use passwords with mixing of upper and lowercase letters and numerals.
The birthday attack is a statistical phenomenon that simplifies the brute-forcing of one-way hashes. It is based on the birthday paradox that states, for a 50 percent chance that someone shares your birthday in any room, you need 253 individuals in the room. However, for a chance higher than 50 percent, you only require 23 people.
This probability works because these matches depend on pairs. If you choose yourself as one of the pairs, you only need 253 people to get the required number of 253 pairs. However, if you just need matches that doesn’t include you, you only need 23 people to create 253 pairs when cross-matching with each other. Thus, 253 is the number you need to acquire a 50 percent probability of a birthday match in a room.
IP Spoofing or IP address spoofing is the creation of Internet Protocol packets with a fake source IP address for the purpose of impersonating another computer system. Sending and receiving IP packets is a common way in which networked computers and other systems communicate.
All IP packets contain the header which precedes the body of the packet and the routing information including the source address. Source IP address is the address of the sender. If an attacker attacks and spoofs the packet, the source address will be obtained by the attacker. So, ultimately he can target the sender.
Malware is a code that is made to stealthily damage a computer system without being known by the user. It injects malicious software including spyware, Trojan, Ransomware etc. Malware is different from other software in that it spreads across the network and affects all the systems within the network. It changes and damages the infected system. Many times we can’t recover the files even.
Eavesdropping attacks hacks the user’s credential information such as passwords, credit card information, and other credential information that the user might be sending through the network. It intercepts the network traffic and collects the data.
Eavesdropping can be in two ways: Active eavesdropping and Passive eavesdropping.
Hackers actively grab the information by probing, scanning or tampering. Here, the attacker acts friendly and throws the queries to the transmitter and collects the data.
Hacker gets the information by listening the message transmits over the network.
Phishing is a technique of tricking people into giving sensitive information like usernames and passwords, credit card details, sensitive bank information, etc., by way of email spoofing, instant messaging, or using fake websites whose look and feel give the appearance of a legitimate website .
The legitimate or true web page imitated by the fake web page is known as the phishing target, and the fake webpage as the phishing page. Most of the phishing activities happen by compromising web servers or websites.
Different types of Online scams are available. Some of the Online scams are given below.
Here we have discussed the cybersecurity best practices and what are all the cyber attacks available. It is necessary to be more careful and secure our data.