SlideShare a Scribd company logo

Know Your Attacker and Cyber Security Best Practices

Arun Velayudhan
Arun Velayudhan

The document discusses cyber security threats such as malware, phishing, denial of service attacks, and weak security practices. It describes common attack methods like SQL injection, distributed denial of service attacks, and cross-site scripting. The document also covers hacking tools, the attack lifecycle, common defenses, safety tips, and security models to protect against cyber attacks.

Technology
1 of 14
Download to read offline
Know your Attacker Submitted by: Arun Velayudhan
What is cyber security ? Cyber security practice is to provide solution to protect any enterprise information systems to make it secure and hack free. To provide best practices which addresses secure interoperability, usability and privacy continues to be need of the hour. www.learnfact.in
Type of Attacks • Malware – A malicious code that damages/disables and steals information from the computer – Botnets, Viruses, Trojan horses, backdoor, spyware and adware are some examples of malwares • Phishing – Disclosing confidential information or downloading malware by clicking on a hyperlink in the message. • Spear Phishing – Same as phishing but more targeted where the attacker learns about the victim and impersonates someone he or she knows and trusts. • Man in the middle attack – Attacker establishes a position between the sender and recipient of electronic messages and interrupt them. • Denial of service attack • SQL injection • Zero day exploit – A zero-day vulnerability is a software security flaw but doesn’t have a patch in place to fix the flaw. • DNS tunneling www.learnfact.in
Type of Attacks • Non technical attacks – Physical attacks like entering your secured building etc. • Network attacks – Unsecured Wireless access point – Exploiting via ports – Installing network analyzer and capturing the packet • Operating System attacks – Missing patches – Cracking password and weak security implementation • Application attacks – Mobile App attacks – Web Application www.learnfact.in
Attack Carriers • File Transfer Apps • Instant messaging Apps • Webmail • Social Media platforms • Micro blogging • Collaboration Apps www.learnfact.in
Common Attack • SQL injection attack – SQL Injection is a type of cyber-attack that targets databases through SQL statements – executed via a website interface – Poorly coded are prone to SQL injection attacks • Distributed Denial-of-Service (DDoS) – Acts like a traffic jam – Flooding the network traffic • Cross-site scripting (XSS) attacks – Data enters a Web application through an untrusted source, most frequently a web request. • Weak security practices and undisclosed vulnerabilities www.learnfact.in
Hackers • Black hat hackers – External unauthorized users try to compromise your environment • White hat hackers – White-hat hackers are often referred to as ethical hackers • Grey hat hackers – Grey hats exploit networks and computer systems in the way that black hats do, but do so without any malicious intent, disclosing all loopholes and vulnerabilities to law enforcement agencies or intelligence agencies. www.learnfact.in
Common Hacking Tools • Rootkits – Rootkit is 2 different words. Root and Kit. – Rootkit is a set of tools that enables root- or administrator-level access on a computer system – Allows hackers to gain remote access via backdoor • Key loggers – records every key pressed on a system – key loggers arrive as malware that allows cybercriminals to steal sensitive data. – Key loggers can capture credit card numbers, personal messages, mobile numbers etc. www.learnfact.in
Attack lifecycle • Infection – Luring users to click on a bad link – Infect the target system with malware • Persistence – Rootkits and bootkits are installed on compromised systems • Communication – Communicating with other infected systems • Command and Control – Capture the infected systems and enable command and control over the infected systems to extract stolen data www.learnfact.in
Common Defense mechanism • Firewall • Intrusion prevention • Antivirus • Content Filtering • Web Application Firewall www.learnfact.in
Common safety tips • Keep updated your security patches regularly • Avoid easy and dictionary password. Use strong passwords. • Avoid opening attachments from unknown sender or recipient www.learnfact.in
Protection Strategy • Design best security policy • Application controls • User controls • Network controls • End Point controls • Enforce drive-by-download protection • Track unknown and unclassified URLs www.learnfact.in
Security Methods & Models • OWASP ( www.owasp.org) • SecureITree (https://www.amenaza.com) • OpenGroup (https://www.opengroup.org) www.learnfact.in
Mail: info@learnfact.in Mail: arun.velayudhan@tutelage.co.in Web: www.learnfact.in Web: www.cybkey.com Thank You Contact us for: Cyber security managed services Cyber Security Training

Recommended

What are various types of cyber attacks
What are various types of cyber attacksWhat are various types of cyber attacks
What are various types of cyber attackskanika sharma
 
Protection from hacking attacks
Protection from hacking attacksProtection from hacking attacks
Protection from hacking attacksSugirtha Jasmine M
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and TypesVikram Khanna
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 
Types of Cyber-Attacks
Types of Cyber-AttacksTypes of Cyber-Attacks
Types of Cyber-Attackstechexpert2345
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAlapan Banerjee
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 

Recommended

What are various types of cyber attacks
What are various types of cyber attacksWhat are various types of cyber attacks
What are various types of cyber attackskanika sharma
 
Protection from hacking attacks
Protection from hacking attacksProtection from hacking attacks
Protection from hacking attacksSugirtha Jasmine M
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and TypesVikram Khanna
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 
Types of Cyber-Attacks
Types of Cyber-AttacksTypes of Cyber-Attacks
Types of Cyber-Attackstechexpert2345
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAlapan Banerjee
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSourabh Badve
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityS.M. Towhidul Islam
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...Edureka!
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingDevendra Yadav
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingAditya Vikram Singhania
 
Presentation on Network Security
Presentation on Network SecurityPresentation on Network Security
Presentation on Network SecurityAditiPatni3
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Kabul Education University
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingAryan Saxena
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
Data protection and security
Data protection and securityData protection and security
Data protection and securitynazar60
 
1 security goals
1 security goals1 security goals
1 security goalsdrewz lin
 
Software Security
Software SecuritySoftware Security
Software SecurityAkNirojan
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking PowerpointRen Tuazon
 
Attack types
Attack typesAttack types
Attack typesS.M. Towhidul Islam
 
Computer Security
Computer SecurityComputer Security
Computer SecurityAkNirojan
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentationhamzakareem2
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingBugRaptors
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hackingVishal Kumar
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Hacking
HackingHacking
HackingLutfulM
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptxVSAM Technologies India Private Limited
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 

More Related Content

What's hot

Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityS.M. Towhidul Islam
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...Edureka!
 
Presentation on Network Security
Presentation on Network SecurityPresentation on Network Security
Presentation on Network SecurityAditiPatni3
 
Data protection and security
Data protection and securityData protection and security
Data protection and securitynazar60
 
1 security goals
1 security goals1 security goals
1 security goalsdrewz lin
 
Software Security
Software SecuritySoftware Security
Software SecurityAkNirojan
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking PowerpointRen Tuazon
 
Computer Security
Computer SecurityComputer Security
Computer SecurityAkNirojan
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentationhamzakareem2
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingBugRaptors
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hackingVishal Kumar
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 

What's hot (20)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Presentation on Network Security
Presentation on Network SecurityPresentation on Network Security
Presentation on Network Security
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
 
1 security goals
1 security goals1 security goals
1 security goals
 
Software Security
Software SecuritySoftware Security
Software Security
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
 
Attack types
Attack typesAttack types
Attack types
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentation
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hacking
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Hacking
HackingHacking
Hacking
 

Similar to Know Your Attacker and Cyber Security Best Practices

Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Lec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesLec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesBilalMehmood44
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security PresentationPraphullaShrestha1
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 

Similar to Know Your Attacker and Cyber Security Best Practices (20)

cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
Lec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesLec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devices
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
Chapter-2 (1).pptx
Chapter-2 (1).pptxChapter-2 (1).pptx
Chapter-2 (1).pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Computer security
Computer securityComputer security
Computer security
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Thur Venture
Thur VentureThur Venture
Thur Venture
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name Basics
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name Basics
 
Regression
RegressionRegression
Regression
 
Sangeetha Venture
Sangeetha VentureSangeetha Venture
Sangeetha Venture
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 

Recently uploaded

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Know Your Attacker and Cyber Security Best Practices

  • 1. Know your Attacker Submitted by: Arun Velayudhan
  • 2. What is cyber security ? Cyber security practice is to provide solution to protect any enterprise information systems to make it secure and hack free. To provide best practices which addresses secure interoperability, usability and privacy continues to be need of the hour. www.learnfact.in
  • 3. Type of Attacks • Malware – A malicious code that damages/disables and steals information from the computer – Botnets, Viruses, Trojan horses, backdoor, spyware and adware are some examples of malwares • Phishing – Disclosing confidential information or downloading malware by clicking on a hyperlink in the message. • Spear Phishing – Same as phishing but more targeted where the attacker learns about the victim and impersonates someone he or she knows and trusts. • Man in the middle attack – Attacker establishes a position between the sender and recipient of electronic messages and interrupt them. • Denial of service attack • SQL injection • Zero day exploit – A zero-day vulnerability is a software security flaw but doesn’t have a patch in place to fix the flaw. • DNS tunneling www.learnfact.in
  • 4. Type of Attacks • Non technical attacks – Physical attacks like entering your secured building etc. • Network attacks – Unsecured Wireless access point – Exploiting via ports – Installing network analyzer and capturing the packet • Operating System attacks – Missing patches – Cracking password and weak security implementation • Application attacks – Mobile App attacks – Web Application www.learnfact.in
  • 5. Attack Carriers • File Transfer Apps • Instant messaging Apps • Webmail • Social Media platforms • Micro blogging • Collaboration Apps www.learnfact.in
  • 6. Common Attack • SQL injection attack – SQL Injection is a type of cyber-attack that targets databases through SQL statements – executed via a website interface – Poorly coded are prone to SQL injection attacks • Distributed Denial-of-Service (DDoS) – Acts like a traffic jam – Flooding the network traffic • Cross-site scripting (XSS) attacks – Data enters a Web application through an untrusted source, most frequently a web request. • Weak security practices and undisclosed vulnerabilities www.learnfact.in
  • 7. Hackers • Black hat hackers – External unauthorized users try to compromise your environment • White hat hackers – White-hat hackers are often referred to as ethical hackers • Grey hat hackers – Grey hats exploit networks and computer systems in the way that black hats do, but do so without any malicious intent, disclosing all loopholes and vulnerabilities to law enforcement agencies or intelligence agencies. www.learnfact.in
  • 8. Common Hacking Tools • Rootkits – Rootkit is 2 different words. Root and Kit. – Rootkit is a set of tools that enables root- or administrator-level access on a computer system – Allows hackers to gain remote access via backdoor • Key loggers – records every key pressed on a system – key loggers arrive as malware that allows cybercriminals to steal sensitive data. – Key loggers can capture credit card numbers, personal messages, mobile numbers etc. www.learnfact.in
  • 9. Attack lifecycle • Infection – Luring users to click on a bad link – Infect the target system with malware • Persistence – Rootkits and bootkits are installed on compromised systems • Communication – Communicating with other infected systems • Command and Control – Capture the infected systems and enable command and control over the infected systems to extract stolen data www.learnfact.in
  • 10. Common Defense mechanism • Firewall • Intrusion prevention • Antivirus • Content Filtering • Web Application Firewall www.learnfact.in
  • 11. Common safety tips • Keep updated your security patches regularly • Avoid easy and dictionary password. Use strong passwords. • Avoid opening attachments from unknown sender or recipient www.learnfact.in
  • 12. Protection Strategy • Design best security policy • Application controls • User controls • Network controls • End Point controls • Enforce drive-by-download protection • Track unknown and unclassified URLs www.learnfact.in
  • 13. Security Methods & Models • OWASP ( www.owasp.org) • SecureITree (https://www.amenaza.com) • OpenGroup (https://www.opengroup.org) www.learnfact.in
  • 14. Mail: info@learnfact.in Mail: arun.velayudhan@tutelage.co.in Web: www.learnfact.in Web: www.cybkey.com Thank You Contact us for: Cyber security managed services Cyber Security Training