Manjushree Mashal, profile picture
Uploaded byManjushree Mashal
PPTX, PDF943 views

Cyber security

Cyber security is important to protect electronic data and online services from criminal or unauthorized use. There are various security problems in the cyber field like cyber attacks, viruses, hackers, malware, and trojan horses. Some major cyber attacks in India include the Cosmos Bank attack, Aadhaar software hack, ATM system hack, and personal data breaches at companies like JustDial. To prevent cyber attacks, organizations should educate employees, keep software updated, perform security testing, and limit employee access to sensitive data. Careers in cyber security include roles like cyber security engineers, penetration testers, and security analysts.

Embed presentation

Downloaded 21 times
CYBER SECURITY 1 CYBER ATTACK and
Outline Introduction to Cyber Security CIA in Cyber Security Major Security Problem - Cyber Attack Types of Cyber Attack Major Cyber attacks in INDIA Cyber Security as Profession 2
What is the meaning of the word CYBER What is the need of Cyber Security What are the security problems in Cyber field How to implement and maintain Security of a Cyber field around us.
It is acombining form relating to information technology, the Internet, and virtual reality. Meaning of the Word CYBER
Introduction to Cyber Security •The term Cyber Security is used to refer to the security offered through on-line services to protect your information. •Cyber Security is protection against the criminal or unauthorized use of electronic data 5
Why Cyber Security is important? 6 • Cyber Security is not a one-time process to achieve • It is an ever growing challenge encountered from time to time • When old problems are fixed and rectified, new targeted attacks challenge the Cyberspace • Cyber security is a process by itself and not the end
CIA in Cyber Security
CIA IN CYBER SECURITY https://youtu.be/rwigKjEsdTc
Top Five Risks- Global Instability • According to the World Economic Forum’s Global Risk Report 2018, Cyber-attacks are 3rd threat the World is facing today after natural disasters Top 5 Risks Natural disaster Extreme weather conditions Cyber-Attacks Data frauds Failure to address climate change 9
Definition of Cyber Attack 10 CIA of the Internet or • It refers to compromise in the resources or data stored in a Intranet connected computer • Deliberate exploitation of computer system resources, networks and technology connected through WWW • Compromises data by injecting malicious code into the actual code
First- Major Cyber Attack 11 • The Morris worm (1988) is the first known major cyber-attack • It was used as a weakness in the UNIX system and it replicated itself • The worm was developed by Robert T apan Morris • He was the first person ever to be convicted under the US computer fraud and abuse act
Purpose and Motivation for Cyber Attacks Money Curiosity Revenge Fun Praise Seekers 12
Major security problems Virus Hacker Malware Trojanhorses
Viruses and Worms A Virus is a “program that is loaded onto your computer without your knowledge and runs against your wishes
Solution Install a security suite that protects the computer against threats such as viruses and worms.
Hackers In common a hacker is a person who breaks into computers, usually by gaining access to administrative controls.
How To prevent hacking It may be impossible to prevent computer hacking, however effective security controls including strong passwords, and the use of firewalls can helps.
Malware The word "malware" comes from the term "MALicious softWARE." Malware is any software that infects and damages a computer system without the owner's knowledge or permission.
To Stop Malware Download anti-malware program that also helps prevent infections. Activate Network Threat Protection, Firewall, Antivirus.
Trojan Horses Trojan horses are email viruses that can duplicate themselves, steal information, or harm the computer system. These viruses are the most serious threats to computers
How to Avoid Trojans Security suites, such as Avast Internet Security, will prevent you from downloading Trojan Horses.
https://youtu.be/n8mbzU0X2nQ
Most Common types of Cyber-attacks CyberAttack types DoS and DDoS attack XSS attack SQL Injection attack Man-in-the-Middle attack Birthday attack Password attack Eavesdropping attack Phishing and spear phishing attack Drive-by download attack 23
DOS ATTACK
MAN IN THE MIDDEL ATTACK
IP SPOOFING
SQL INJECTION ATTACK
XSS ATTACK
DATA BREACH a data breach exposes confidential, sensitive, or protected information to an unauthorized person. The files in a data breach are viewed and/or shared without permission. Anyone can be at risk of a data breach — from individuals to high-level enterprises and governments. More importantly, anyone can put others at risk if they are not protected. data breaches happen due to weaknesses in: Technology User behavior https://youtu.be/0kK902-ZvNM
Major Cyber attacks in india Cosmos Bank Cyber Attack in Pune UIDAI Aadhaar Software Hacked ATM System Hacked Bib B Amitabh Bachchan ‘s Twitter Account Hacked! --Social media hack Facebook database leak data of 419 million users Personal Data Exposed from JustDial Database Data Breach in BIGBASKET
Cyber Security Measures for Organizations to Prevent Cyber Attacks 1)Educate employees on the emerging cyber attacks with security awareness training. 2) Keep all software and systems updated from time to time with the latest security patches. 3)Get regular Vulnerability Assessment and Penetration Testing to patch and remove the existing vulnerabilities in the network and web application . 4)Limit employee access to sensitive data or confidential information and limit their authority to install the software. 5)Use highly strong passwords for accounts and make sure to update them at long intervals.
Network Attackers Tool(Penetration Testing Tool) Metasploit Framework
WIRESHARK sqlmap Kali Linux Social Engineering Tool Kit Cain and Able NMAP
Network Attack Prevention Tips Install Software Updates Use Unique Password Use Two Factor AUTHENTICATION USE STRONG PASSSWORD and PASSWORD MANAGER Use a firewall for your Internet connection. Browse Safely Online and Clear Browser after Leaving Computer
Tools used for Cyber Security Common tools used to prevent Data Leakage Passwords Anti-Virus/ Anti-Malware Software Software Patches Firewalls Authentication Encryption 36
Social engineering tools VIRUSTOTAL PWNED Politifact Social searcher
CYBER SECURITY AS PROFESSION
JOB ROLES IN CYBER SECURITY
CYBER SECURITY ENGINEER SKILLS
Cyber Security Engineer career pathway
Cyber Security- Salary
Conclusion 44 •We are living in digital era and digital technology has transformed our lives promoting the need for Cyber Security • Cyber Attacks have started affecting most of the systems today because of the dependency on technology • It is very important to know what are Cyber Attacks and how the Cyber Attacks affect the system
Cyber Security Is Everyone’s Responsibility
Thank you 46

More Related Content

PPTX
Cyber security threats and trends
byHadeel Sadiq Obaid
 
PPTX
Cybersecurity
byVishwajeet Singh
 
PPTX
Ppt
byGeetu Khanna
 
PPTX
Cyber security
bySabir Raja
 
PPT
Cyber security for an organization
byTejas Wasule
 
PPTX
CyberSecurity
bydivyanshigarg4
 
PPTX
Introduction to Cyber Security
byPriyanshu Ratnakar
 
PPT
Security tools
byarfan shahzad
 
Cyber security threats and trends
byHadeel Sadiq Obaid
 
Cybersecurity
byVishwajeet Singh
 
Ppt
byGeetu Khanna
 
Cyber security
bySabir Raja
 
Cyber security for an organization
byTejas Wasule
 
CyberSecurity
bydivyanshigarg4
 
Introduction to Cyber Security
byPriyanshu Ratnakar
 
Security tools
byarfan shahzad
 

What's hot

PDF
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
byEdureka!
 
PPTX
Cybercrime and Security
byNoushad Hasan
 
PPTX
Mobile security
byTapan Khilar
 
PDF
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
byEdureka!
 
PPTX
Security Awareness Training.pptx
byMohammedYaseen638128
 
PPTX
Cyber security
bySamsil Arefin
 
PPTX
Cyber security
bymanoj duli
 
PPTX
Network Security
byManoj Singh
 
PPTX
CYBER SECURITY
byVaishak Chandran
 
PPTX
Cyber security
byAman Pradhan
 
PPTX
Social engineering hacking attack
byPankaj Dubey
 
PDF
Employee Security Awareness Program
bydavidcurriecia
 
PPTX
Information Security Awareness, Petronas Marketing Sudan
byAhmed Musaad
 
PPTX
CYBER SECURITY
byMohammad Shakirul islam
 
PPTX
Cyber Security Best Practices
byEvolve IP
 
PPTX
Cyber security(2018 updated)
byPrabhatChoudhary11
 
PPTX
Cybersecurity
byA. Shamel
 
PPTX
Cyber Security A Challenges For Mankind
bySaurabh Kheni
 
PPTX
Cybersecurity Awareness
byJoshuaWisniewski3
 
PPTX
Cybersecurity
byForam Gosai
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
byEdureka!
 
Cybercrime and Security
byNoushad Hasan
 
Mobile security
byTapan Khilar
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
byEdureka!
 
Security Awareness Training.pptx
byMohammedYaseen638128
 
Cyber security
bySamsil Arefin
 
Cyber security
bymanoj duli
 
Network Security
byManoj Singh
 
CYBER SECURITY
byVaishak Chandran
 
Cyber security
byAman Pradhan
 
Social engineering hacking attack
byPankaj Dubey
 
Employee Security Awareness Program
bydavidcurriecia
 
Information Security Awareness, Petronas Marketing Sudan
byAhmed Musaad
 
CYBER SECURITY
byMohammad Shakirul islam
 
Cyber Security Best Practices
byEvolve IP
 
Cyber security(2018 updated)
byPrabhatChoudhary11
 
Cybersecurity
byA. Shamel
 
Cyber Security A Challenges For Mankind
bySaurabh Kheni
 
Cybersecurity Awareness
byJoshuaWisniewski3
 
Cybersecurity
byForam Gosai
 

Similar to Cyber security

PPTX
Cyber security
byManjushree Mashal
 
PPTX
Cyber security
byTonyYeung23
 
PPTX
CYBER SECURITY
byFatimaNoor643558
 
PPT
Cyber-Securityyyyyyyyyyyyyyyyyyyyyyyy.ppt
byhm5314581
 
PPT
Cyber security & Importance of Cyber Security
byMohammed Adam
 
PDF
cybersecurity-180303131014.pdf
byyashgupta810747
 
PDF
cyber security.pdf
byYashwanth Rm
 
PPTX
580520217-Presentation-PPT-on-Cybersecurity.pptx
byysvdhs18
 
PDF
580520217-Presentation-PPT-on-Cybersecurity.pdf
bynawabgul15604
 
PPTX
Cyber security by Anushka Jha
byAnushka Jha
 
PPTX
Cyber security
bySiblu28
 
PPTX
cybersecurity.pptx
by20ArnavKumar8F
 
PDF
Cyber Security
byTushar Nikam
 
PDF
cybersecurity-140713064844-phpapp01.pdf
bySejalDesai30
 
PDF
cybersecurity-140713064844-phpapp01.pdf
byRahulDasari12
 
PPTX
Cyber security system presentation
byA.S. Sabuj
 
PPTX
Lec 1- Intro to cyber security and recommendations
byBilalMehmood44
 
PPTX
Cyber security
byRavikantGautam8
 
PPTX
cybersec sumit (1).pptx
bysumitkumar917666
 
PPTX
Cyber crime and Information Security.pptx
bySAINATHYADAV11
 
Cyber security
byManjushree Mashal
 
Cyber security
byTonyYeung23
 
CYBER SECURITY
byFatimaNoor643558
 
Cyber-Securityyyyyyyyyyyyyyyyyyyyyyyy.ppt
byhm5314581
 
Cyber security & Importance of Cyber Security
byMohammed Adam
 
cybersecurity-180303131014.pdf
byyashgupta810747
 
cyber security.pdf
byYashwanth Rm
 
580520217-Presentation-PPT-on-Cybersecurity.pptx
byysvdhs18
 
580520217-Presentation-PPT-on-Cybersecurity.pdf
bynawabgul15604
 
Cyber security by Anushka Jha
byAnushka Jha
 
Cyber security
bySiblu28
 
cybersecurity.pptx
by20ArnavKumar8F
 
Cyber Security
byTushar Nikam
 
cybersecurity-140713064844-phpapp01.pdf
bySejalDesai30
 
cybersecurity-140713064844-phpapp01.pdf
byRahulDasari12
 
Cyber security system presentation
byA.S. Sabuj
 
Lec 1- Intro to cyber security and recommendations
byBilalMehmood44
 
Cyber security
byRavikantGautam8
 
cybersec sumit (1).pptx
bysumitkumar917666
 
Cyber crime and Information Security.pptx
bySAINATHYADAV11
 

More from Manjushree Mashal

PPTX
Career in cyber security
byManjushree Mashal
 
PPTX
Cyber attack
byManjushree Mashal
 
PPTX
Dos attack
byManjushree Mashal
 
PPTX
Sql injection
byManjushree Mashal
 
PPTX
Xss attack
byManjushree Mashal
 
PPTX
Network packet analysis -capture and Analysis
byManjushree Mashal
 
PPTX
Network attacks
byManjushree Mashal
 
PPTX
Network forensic
byManjushree Mashal
 
ODP
TCP/IP FRAME FORMAT
byManjushree Mashal
 
PPTX
Diabetic Retinopathy Analysis using Fundus Image
byManjushree Mashal
 
DOCX
Manjushree_EC_fresher_2016
byManjushree Mashal
 
PPTX
Tvws ppt 1
byManjushree Mashal
 
PPTX
Leaf chlorophyll concentration using random forest
byManjushree Mashal
 
PPT
Vlsi design and fabrication ppt
byManjushree Mashal
 
PPTX
underwater communication skills for the new way of devine(2)
byManjushree Mashal
 
Career in cyber security
byManjushree Mashal
 
Cyber attack
byManjushree Mashal
 
Dos attack
byManjushree Mashal
 
Sql injection
byManjushree Mashal
 
Xss attack
byManjushree Mashal
 
Network packet analysis -capture and Analysis
byManjushree Mashal
 
Network attacks
byManjushree Mashal
 
Network forensic
byManjushree Mashal
 
TCP/IP FRAME FORMAT
byManjushree Mashal
 
Diabetic Retinopathy Analysis using Fundus Image
byManjushree Mashal
 
Manjushree_EC_fresher_2016
byManjushree Mashal
 
Tvws ppt 1
byManjushree Mashal
 
Leaf chlorophyll concentration using random forest
byManjushree Mashal
 
Vlsi design and fabrication ppt
byManjushree Mashal
 
underwater communication skills for the new way of devine(2)
byManjushree Mashal
 

Recently uploaded

PDF
Applications of AI in Civil Engineering - Dr. Rohan Dasgupta
byRohan Dasgupta
 
PDF
Role of Training and Development in Enhancing Safety Performance in Opencast ...
byRathin Biswas
 
PPTX
uADPF Topology_SFP requirements_locked slides.pptx
byMd Bellal Hossain
 
PDF
engineering management chapter 5 ppt presentation
byericaangelatoledo06
 
PPTX
Value engineering and cost analysis with case study
byhp9879098082
 
PDF
NS unit wise unit wise 1 -5 so prepare,.
bykumaransudhan1512
 
PDF
Soil Compressibility (Elastic Settlement).pdf
byMahmoodKhalid11
 
PDF
Computer Graphics Fundamentals (v0p1) - DannyJiang
byDanny Jiang
 
PDF
Unit-I Process Management 1.9 Scheduling Criteria, Scheduling Algorithms
bySanjay Gunjal
 
PDF
AWS Re:Invent 2025 Recap by FivexL - Guilherme, Vladimir, Andrey
byAndrey Devyatkin
 
PPTX
DIFFERENT TYPES OF SRTUCTURAL SYSTEM ANALYSIS
bynoshin231202
 
PDF
Shear Strength of Soil/Mohr Coulomb Failure Criteria-1.pdf
byMahmoodKhalid11
 
PPTX
Presentation-WPS Office.pptx afgouvhyhgfccf
byEndaleTimerga
 
PPTX
How Does LNG Regasification Work | INOXCVA
byINOXCVA
 
PDF
Weak Incentives (WINK): The Agent Definition Layer
byAndrei Savu
 
PDF
PROBLEM SLOVING AND PYTHON PROGRAMMING UNIT 3.pdf
byA R SIVANESH M.E., QIP-PG (Cyber Security)., (Ph.D)
 
PDF
Model QP 2025 scheme Q &A- Module 1 and 2.pdf
bySURESHA V
 
PDF
Ericsson 6230 Training Module Document.pdf
byMd Bellal Hossain
 
PDF
Shear Strength of Soil (Direct shear test).pdf
byMahmoodKhalid11
 
PPTX
A professional presentation on Cosmos Bank Heist
byssuser7f0075
 
Applications of AI in Civil Engineering - Dr. Rohan Dasgupta
byRohan Dasgupta
 
Role of Training and Development in Enhancing Safety Performance in Opencast ...
byRathin Biswas
 
uADPF Topology_SFP requirements_locked slides.pptx
byMd Bellal Hossain
 
engineering management chapter 5 ppt presentation
byericaangelatoledo06
 
Value engineering and cost analysis with case study
byhp9879098082
 
NS unit wise unit wise 1 -5 so prepare,.
bykumaransudhan1512
 
Soil Compressibility (Elastic Settlement).pdf
byMahmoodKhalid11
 
Computer Graphics Fundamentals (v0p1) - DannyJiang
byDanny Jiang
 
Unit-I Process Management 1.9 Scheduling Criteria, Scheduling Algorithms
bySanjay Gunjal
 
AWS Re:Invent 2025 Recap by FivexL - Guilherme, Vladimir, Andrey
byAndrey Devyatkin
 
DIFFERENT TYPES OF SRTUCTURAL SYSTEM ANALYSIS
bynoshin231202
 
Shear Strength of Soil/Mohr Coulomb Failure Criteria-1.pdf
byMahmoodKhalid11
 
Presentation-WPS Office.pptx afgouvhyhgfccf
byEndaleTimerga
 
How Does LNG Regasification Work | INOXCVA
byINOXCVA
 
Weak Incentives (WINK): The Agent Definition Layer
byAndrei Savu
 
PROBLEM SLOVING AND PYTHON PROGRAMMING UNIT 3.pdf
byA R SIVANESH M.E., QIP-PG (Cyber Security)., (Ph.D)
 
Model QP 2025 scheme Q &A- Module 1 and 2.pdf
bySURESHA V
 
Ericsson 6230 Training Module Document.pdf
byMd Bellal Hossain
 
Shear Strength of Soil (Direct shear test).pdf
byMahmoodKhalid11
 
A professional presentation on Cosmos Bank Heist
byssuser7f0075
 

Cyber security

  • 1.
  • 2.
    Outline Introduction to CyberSecurity CIA in Cyber Security Major Security Problem - Cyber Attack Types of Cyber Attack Major Cyber attacks in INDIA Cyber Security as Profession 2
  • 3.
    What is the meaningof the word CYBER What is the need of Cyber Security What are the security problems in Cyber field How to implement and maintain Security of a Cyber field around us.
  • 4.
    It is acombiningform relating to information technology, the Internet, and virtual reality. Meaning of the Word CYBER
  • 5.
    Introduction to CyberSecurity •The term Cyber Security is used to refer to the security offered through on-line services to protect your information. •Cyber Security is protection against the criminal or unauthorized use of electronic data 5
  • 6.
    Why Cyber Securityis important? 6 • Cyber Security is not a one-time process to achieve • It is an ever growing challenge encountered from time to time • When old problems are fixed and rectified, new targeted attacks challenge the Cyberspace • Cyber security is a process by itself and not the end
  • 7.
    CIA in CyberSecurity
  • 8.
    CIA IN CYBERSECURITY https://youtu.be/rwigKjEsdTc
  • 9.
    Top Five Risks-Global Instability • According to the World Economic Forum’s Global Risk Report 2018, Cyber-attacks are 3rd threat the World is facing today after natural disasters Top 5 Risks Natural disaster Extreme weather conditions Cyber-Attacks Data frauds Failure to address climate change 9
  • 10.
    Definition of CyberAttack 10 CIA of the Internet or • It refers to compromise in the resources or data stored in a Intranet connected computer • Deliberate exploitation of computer system resources, networks and technology connected through WWW • Compromises data by injecting malicious code into the actual code
  • 11.
    First- Major CyberAttack 11 • The Morris worm (1988) is the first known major cyber-attack • It was used as a weakness in the UNIX system and it replicated itself • The worm was developed by Robert T apan Morris • He was the first person ever to be convicted under the US computer fraud and abuse act
  • 12.
    Purpose and Motivationfor Cyber Attacks Money Curiosity Revenge Fun Praise Seekers 12
  • 13.
  • 14.
    Viruses and Worms AVirus is a “program that is loaded onto your computer without your knowledge and runs against your wishes
  • 15.
    Solution Install a securitysuite that protects the computer against threats such as viruses and worms.
  • 16.
    Hackers In common ahacker is a person who breaks into computers, usually by gaining access to administrative controls.
  • 17.
    How To preventhacking It may be impossible to prevent computer hacking, however effective security controls including strong passwords, and the use of firewalls can helps.
  • 18.
    Malware The word "malware"comes from the term "MALicious softWARE." Malware is any software that infects and damages a computer system without the owner's knowledge or permission.
  • 19.
    To Stop Malware Downloadanti-malware program that also helps prevent infections. Activate Network Threat Protection, Firewall, Antivirus.
  • 20.
    Trojan Horses Trojan horsesare email viruses that can duplicate themselves, steal information, or harm the computer system. These viruses are the most serious threats to computers
  • 21.
    How to AvoidTrojans Security suites, such as Avast Internet Security, will prevent you from downloading Trojan Horses.
  • 22.
  • 23.
    Most Common typesof Cyber-attacks CyberAttack types DoS and DDoS attack XSS attack SQL Injection attack Man-in-the-Middle attack Birthday attack Password attack Eavesdropping attack Phishing and spear phishing attack Drive-by download attack 23
  • 24.
  • 25.
    MAN IN THEMIDDEL ATTACK
  • 26.
  • 27.
  • 28.
  • 29.
    DATA BREACH a databreach exposes confidential, sensitive, or protected information to an unauthorized person. The files in a data breach are viewed and/or shared without permission. Anyone can be at risk of a data breach — from individuals to high-level enterprises and governments. More importantly, anyone can put others at risk if they are not protected. data breaches happen due to weaknesses in: Technology User behavior https://youtu.be/0kK902-ZvNM
  • 31.
    Major Cyber attacksin india Cosmos Bank Cyber Attack in Pune UIDAI Aadhaar Software Hacked ATM System Hacked Bib B Amitabh Bachchan ‘s Twitter Account Hacked! --Social media hack Facebook database leak data of 419 million users Personal Data Exposed from JustDial Database Data Breach in BIGBASKET
  • 32.
    Cyber Security Measuresfor Organizations to Prevent Cyber Attacks 1)Educate employees on the emerging cyber attacks with security awareness training. 2) Keep all software and systems updated from time to time with the latest security patches. 3)Get regular Vulnerability Assessment and Penetration Testing to patch and remove the existing vulnerabilities in the network and web application . 4)Limit employee access to sensitive data or confidential information and limit their authority to install the software. 5)Use highly strong passwords for accounts and make sure to update them at long intervals.
  • 33.
  • 34.
  • 35.
    Network Attack PreventionTips Install Software Updates Use Unique Password Use Two Factor AUTHENTICATION USE STRONG PASSSWORD and PASSWORD MANAGER Use a firewall for your Internet connection. Browse Safely Online and Clear Browser after Leaving Computer
  • 36.
    Tools used forCyber Security Common tools used to prevent Data Leakage Passwords Anti-Virus/ Anti-Malware Software Software Patches Firewalls Authentication Encryption 36
  • 37.
  • 38.
  • 39.
    JOB ROLES INCYBER SECURITY
  • 41.
  • 42.
  • 43.
  • 44.
    Conclusion 44 •We are livingin digital era and digital technology has transformed our lives promoting the need for Cyber Security • Cyber Attacks have started affecting most of the systems today because of the dependency on technology • It is very important to know what are Cyber Attacks and how the Cyber Attacks affect the system
  • 45.
    Cyber Security IsEveryone’s Responsibility
  • 46.

Editor's Notes

  • #5 Cyber came from cybernetics Cybernetics influences game, system, and organizational theory. cybernetics arose as the study of control systems and communications between people and machines. If I say today we live in cyber age mean age of computer ,INFORMATION technology ,virtual reality A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules
  • #8 Cyber security Fundamentals – Confidentiality: Confidentiality is about preventing the disclosure of data to unauthorized parties. It also means trying to keep the identity of authorized parties involved in sharing and holding data private and anonymous. Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle (MITM) attacks, disclosing sensitive data. Standard measures to establish confidentiality include: • Data encryption • Two-factor authentication • Biometric verification • Security tokens Integrity Integrity refers to protecting information from being modified by unauthorized parties. Standard measures to guarantee integrity include: • Cryptographic checksums • Using file permissions • Uninterrupted power supplies • Data backups Availability Availability is making sure that authorized parties are able to access the information when needed. Standard measures to guarantee availability include: • Backing up data to external drives • Implementing firewalls • Having backup power supplies • Data redundancy Confidentiality is roughly equivalent to Confidentiality measures are designed to prevent sensitive information from unauthorized access attempts. It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands. More or less stringent measures can then be implemented according to those categories. Integrity involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people (for example, in a breach of confidentiality). Availability means information should be consistently and readily accessible for authorized parties. This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information.
  • #9 https://youtu.be/rwigKjEsdTc https://youtu.be/rwigKjEsdTc?t=1
  • #25  The attacker can do any of the following after gaining access to your network: • Block the traffic, resulting in a loss of access to the network by authorized users. • Send invalid data to applications or network services causing unexpected behavior of the applications or services. • Flood a computer or the entire network with traffic until an overload happens causing shutdown. DOS ATTACK TYPES (S)SYN flood A SYN flood is a type of DOS attack in which an attacker sends a series of SYN requests to a target’s system in an attempt to use vast amounts of server resources to make the system unresponsive to legitimate traffic. 2. Teardrop attacks A teardrop attack involves the hacker sending broken and disorganized IP fragments with overlapping, over-sized payloads to the victims machine. The intention is to obviously crash operating systems and servers due to a bug in the way TCP/IP fragmentation is re-assembled. All operating systems many types of servers are vulnerable to this type of DOS attack, including Linux. 3. Low-rate Denial-of-Service attacks Don’t be fooled by the title, this is still a deadly DoS attack! The Low-rate DoS (LDoS) attack is designed to exploit TCP’s slow-time-scale dynamics of being able to execute the retransmission time-out (RTO) mechanism to reduce TCP throughput. In short, a hacker can create a TCP overflow by repeatedly entering a RTO state through sending high-rate and intensive bursts – whilst at slow RTO time-scales. The TCP throughput at the victim node will be drastically reduced while the hacker will have low average rate thus making it difficult to be detected. 4. Internet Control Message Protocol (ICMP) flood Internet Control Message Protocol (ICMP) is a connectionless protocol used for IP operations, diagnostics, and errors. An ICMP Flood – the sending of an abnormally large number of ICMP packets of any type (especially network latency testing “ping” packets) – can overwhelm a target server that attempts to process every incoming ICMP request, and this can result in a denial-of-service condition for the target server. 5. Peer-to-peer attacks A peer-to-peer (P2P) network is a distributed network in which individual nodes in the network (called “peers”) act as both suppliers (seeds) and consumers (leeches) of resources, in contrast to the centralized client–server model where the client server or operating system nodes request access to resources provided by central servers Security Solutions Monitoring the packets to save your server from the entrance of the counterfeit packets. Timely upgrading of the security patches on your host’s operating system. Beware of running of your server very close to the last level of the capacity.
  • #26 Attacker is monitoring, capturing and controlling data sent between you and the person whom you are communicating with transparently At low levels of communication on the network layer, computers might not be able to determine with whom they are exchanging data. Attacker assumes your identity and attempts to gather as much information as possible, while the person you’re communicating with thinks it is you. Man-In-The-Middle (MITM) attack is the type of attack where attackers intrude into an existing communication between two computers and then monitor, capture, and control the communication. In Man-in-the-middle attack, an intruder assumes a legitimate users identity to gain control of the network communication. The other end of the communication path might believe it is you and keep on exchanging the data. Man-in-the-Middle (MITM) attacks are also known as "session hijacking attacks", which means that the attacker hijacks a legitimate user's session to control the communication. A man-in-the-middle attack occurs when someone between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently. When computers are communicating at low levels of the network layer, the computers might not be able to determine with whom they are exchanging data exactly. For example, the attacker can re-route a data exchange. Man-in-the-middle attacks are like someone assuming your identity in order to read your communications. The person on the other end may believe it is you because the attacker might be actively replying as you to keep the exchange going and get the desired information. This attack is capable of the same damage as an application-layer attack. Security Solutions Many preventive methods are available for Man-In-The-Middle (MITM) attack and some are listed below. • Public Key Infrastructure (PKI) technologies, • Verifying delay in communication • Stronger mutual authentication Using Public Key Infrastructures based authentications. It not only protects the applications from eavesdropping and other attacks but also validates the applications as a trusted one. Both the ends are authenticated hence preventing (MITM) Man-in-the-middle-attack. Setting up passwords and other high level secret keys in order to strengthen the mutual authentication. Time testing techniques such as Latency examination with long cryptographic hash functions confirming the time taken in receiving a message by both the ends. Suppose if the time taken by a message to be delivered at one end is 20 seconds and if the total time taken exceeds up to 60 seconds then it proves the existence of an attacker.
  • #27 The ability to inject packets into the Internet with a false source address is known as IP spoofing, IP spoofing is used by an attacker to convince a system that it is communicating with a known, trusted entity and provide the attacker with access to the system. The attacker sends a packet with the IP source address of a known, trusted host instead of its own IP source address to a target host. The target host might accept the packet and act upon it. IP Address Spoofing Attacks IP address spoofing is one of the most frequently used spoofing attack methods. In an IP address spoofing attack, an attacker sends IP packets from a false (or “spoofed”) source address in order to disguise itself. Denial-of-service attacks often use IP spoofing to overload networks and devices with packets that appear to be from legitimate source IP addresses. There are two ways that IP spoofing attacks can be used to overload targets with traffic. One method is to simply flood a selected target with packets from multiple spoofed addresses. This method works by directly sending a victim more data than it can handle. The other method is to spoof the target’s IP address and send packets from that address to many different recipients on the network. When another machine receives a packet, it will automatically transmit a packet to the sender in response. Since the spoofed packets appear to be sent from the target’s IP address, all responses to the spoofed packets will be sent to (and flood) the target’s IP address. IP spoofing attacks can also be used to bypass IP address-based authentication. This process can be very difficult and is primarily used when trust relationships are in place between machines on a network and internal systems. Trust relationships use IP addresses (rather than user logins) to verify machines’ identities when attempting to access systems. This enables malicious parties to use spoofing attacks to impersonate machines with access permissions and bypass trust-based network security measures. Security Solutions Filtering of packets entering into the network is one of the methods of preventing Spoofing. In other hand, filtering of incoming and outgoing traffic should also be implemented. ACLs helps prevent Spoofing by not allowing falsified IP addresses to enter. Accreditation to encryption should be provided in order to allow only trusted hosts to communicate with. SSL certificates should be used to reduce the risk of spoofing at a greater extent.
  • #28 SQL (pronounced “sequel”) stands for structured query language; it’s a programming language used to communicate with databases. Many of the servers that store critical data for websites and services use SQL to manage the data in their databases. A SQL injection attack specifically targets this kind of server, using malicious code to get the server to divulge information it normally wouldn’t. This is especially problematic if the server stores private customer information from the website, such as credit card numbers, usernames and passwords (credentials), or other personally identifiable information, which are tempting and lucrative targets for an attacker. An SQL injection attack works by exploiting any one of the known SQL vulnerabilities that allow the SQL server to run malicious code. For example, if a SQL server is vulnerable to an injection attack, it may be possible for an attacker to go to a website's search box and type in code that would force the site's SQL server to dump all of its stored usernames and passwords for the site.  SQL injection attack is another type of attack to exploit applications that use client-supplied data in SQL statements. Here malicious code is inserted into strings that are later passed to database application for parsing and execution. The common method of SQL injection attack is direct insertion of malicious code into user-input variables that are concatenated with SQL commands and executed. Another type of SQL injection attack injects malicious code into strings and are stored in tables. An SQL injection attack is made later by the attacker. Following example shows the simplest form of SQL injection. var UserID; UserID = Request.form ("UserID"); var InfoUser = "select * from UserInfo where UserID = '" + UserID + "'"; If the user fills the field with correct information of his UserID (F827781), after the script execution the above SQL query will look like SELECT * FROM UserInfo WHERE UserID = 'F827781' Consider a case when a user fills the field with the below entry. F827781; drop table UserInfo-- After the execution of the script, the SQL code will look like SELECT * FROM UserInfo WHERE UserID = ' F827781';drop table UserInfo-- This will ultimately result in deletion of table UserInfo
  • #29 XSS attacks use third-party web resources to run scripts in the victim’s web browser or scriptable application. Specifically, the attacker injects a payload with malicious JavaScript into a website’s database. When the victim requests a page from the website, the website transmits the page, with the attacker’s payload as part of the HTML body, to the victim’s browser, which executes the malicious script. For example, it might send the victim’s cookie to the attacker’s server, and the attacker can extract it and use it for session hijacking. The most dangerous consequences occur when XSS is used to exploit additional vulnerabilities. These vulnerabilities can enable an attacker to not only steal cookies, but also log key strokes, capture screenshots, discover and collect network information, and remotely access and control the victim’s machine.
  • #31 Beware! Cyber security attacks in India grew 194% in 2020 375 cyberattacks 'India sees 375 cyberattacks everyday'17-Nov-2020 Government data shows that in 2019 alone, India witnessed 3.94 lakh instances of cybersecurity breaches. In terms of hacking of state and central government websites, Indian Computer Emergency Response Team (CERT-In) data shows that a total of 336 websites belonging to central ministries, departments and state governments were hacked between 2017 and 2019
  • #32 Recently, grocery delivery platform Bigbasket faced a data breach where over 2 Cr users data was compromised 375 cyberattacks 'India sees 375 cyberattacks everyday'17-Nov-2020 Government data shows that in 2019 alone, India witnessed 3.94 lakh instances of cybersecurity breaches. In terms of hacking of state and central government websites, Indian Computer Emergency Response Team (CERT-In) data shows that a total of 336 websites belonging to central ministries, departments and state governments were hacked between 2017 and 2019 2018 started with a massive data breach of personal records of 1.1 Billion Indian Aadhaar cardholders. UIDAI revealed that around 210 Indian Government websites had leaked  Aadhaar details of people online. Data leaked included Aadhaar, PAN and mobile numbers, bank account numbers, IFSC codes and mostly every personal information of all individual cardholders. If it wasn’t enough shocking, anonymous sellers were selling Aadhaar information of any person for Rs. 500 over Whatsapp. Also, one could get any person’s Aadhaar car printout by paying an extra amount of Rs.300.    Around mid-2018, Canara bank ATM servers were targeted in a cyber attack. Almost 20 lakh rupees were wiped off from various bank accounts. here can be a question that social media profiles are subjected to hacking all the time. But with Amitabh Bachan’s statitude the hack became controversial and was announced as one  of the Cyber Attacks on IndiaLately, Amitabh Bachchan’s twitter handle got hacked and the perpetrators posted hateful messages putting everybody in shock. An unprotected API end was the issue in this incident. Justdial one of India’s leading local search platform let a loose end which exposed all of their user data who accessed their services through the web, mobile, and their phone number. Leaked data includes name, email, number, address gender, etc. the shocking part according to reports is that since 2015 the API has been exposed like this.
  • #34 1.Metasploit Framework – an open source tool for exploit development and penetration testing Metasploit is well known in the security community. Metasploit has exploits for both server and client based attacks; with feature packed communication modules (meterpreter) that make pwning systems fun! The framework now includes Armitage for point and click network exploitation. This is the go to tool if you want to break into a network or computer system. Defending against Metasploit: Keep all software updated with the latest security patches. Use strong passwords on all systems. Deploy network services with secure configurations.
  • #35 2.Ettercap – a suite of tools for man in the middle attacks (MITM). Once you have initiated a man in the middle attack with Ettercap use the modules and scripting capabilities to manipulate or inject traffic on the fly. Sniffing data and passwords are just the beginning; inject to exploit FTW! Defending against Ettercap: Understand that ARP poisoning is not difficult in a typical switched network. Lock down network ports. Use secure switch configurations and NAC if risk is sufficient. 3.sslstrip – using HTTPS makes people feel warm, fuzzy and secure. Using sslstrip this security can be attacked, reducing the connection to an unencrypted HTTP session, whereby all the traffic is readable. Banking details, passwords and emails from your boss all in the clear. Even includes a nifty feature where the favicon on the unencrypted connection is replaced with a padlock just to make the user keep that warm and fuzzy feeling. Defending against sslstrip: Be aware of the possibility of MITM attacks (arp, proxies / gateway, wireless). Look for sudden protocol changes in browser bar. Not really a technical mitigation! 4.evilgrade – another man in the middle attack. Everyone knows that keeping software updated is the way to stay secure. This little utility fakes the upgrade and provides the user with a not so good update. Can exploit the upgrade functionality on around 63 pieces of software including Opera, Notepad++, VMware, Virtualbox, itunes, quicktime and winamp! It really whips the llamas ass! Defending against evilgrade: Be aware of the possibility of MITM attacks (arp attacks, proxy / gateway, wireless). Only perform updates to your system or applications on a trusted network. 5. 5.Social Engineer Toolkit – makes creating a social engineered client side attack way too easy. Creates the spear phish, sends the email and serves the malicious exploit. SET is the open source client side attack weapon of choice. Defending against SET: User awareness training around spear phishing attacks. Strong Email and Web filtering controls. 6.sqlmap – SQL Injection is an attack vector that has been around for over 10 years. Yet it is still the easiest way to get dumps of entire databases of information. Sqlmap is not only a highly accurate tool for detecting sql injection; but also has the capability to dump information from the database and to even launch attacks that can result in operating system shell access on the vulnerable system. Defending against sqlmap: Filter all input on dynamic websites (secure the web applications). Use mod_proxy or other web based filtering controls to help block malicious injection attacks (not ideal as often able to bypass these web application firewalls (WAF). 7. Cain and Abel – Cracking passwords, sniffing VOIP and Man in the Middle (MITM) attacks against RDP are just a few examples of the many features of this Windows only tool. Defending against Cain and Abel: Be aware of the possibility of MITM attacks (arp attacks, untrusted proxy / gateway, wireless). Use strong passwords everywhere.