This document discusses cyber security and tasks related to preventing cyber attacks. It covers different types of frauds and scams like malware, phishing attacks, and ransomware. It provides methods to prevent these attacks, such as avoiding unknown emails, using strong passwords, and keeping anti-virus software updated. Network monitoring tools like Wireshark are described that can detect malware by analyzing network traffic and ports. Laws related to cyber crimes in New Zealand are also summarized. Common denial of service attacks and methods to design protective systems are outlined, including using firewalls, intrusion detection, and anti-malware programs.
MLabs - Cyber Crime Tactics and Techniques Q2 2017Jermund Ottermo
Great collaboration and report on the latest cyber crime tactics and techniques. Gives a birds eye view of where the technologies and advancements utilized by cyber criminals are headed. A really good read, recommended.
The cyber attacks have become most prevalent in the past few years. During this time, attackers have discovered new vulnerabilities to carry out malicious activities on the internet. Both the clients and the servers have been victimized by the attackers. Clickjacking is one of the attacks that have been adopted by the attackers to deceive the innocuous internet users to initiate some action. Clickjacking attack exploits one of the vulnerabilities existing in the web applications. This attack uses a technique that allows cross domain attacks with the help of userinitiated clicks and performs unintended actions. This paper traces out the vulnerabilities that make a website vulnerable to clickjacking attack and proposes a solution for the same.
Web phish detection (an evolutionary approach)eSAT Journals
Abstract Phishing is nothing but one of the kinds of network crimes. This paper presents an efficient approach for detecting phishing web documents based on learning from a large number of phishing webs. Phishing means to make something fraud with someone, usually by using internet with the help of emails, to take our personal information, such as credentials. The finest way to protect ourselves and our credentials from phishing attack is to understand the concept of phishing as well as to understand that how to determine a phishing attack. Most of the phishing emails are sent from well-reputed organizations and they ask for your credentials such as credit card number, account number, social security number and passwords of bank account. Mostly the phishing attacks seen from the websites, services and organizations with which we do not even have an account. In this system we are using two classifiers to detect phishing. To recognize the phishing, the Uniform Resource Locator (URL) features of the website are firstly analyzed and then they are classified by using K-means classifier. If the answer is still suspicious then by using parsing of the webpage, its DOM tree is drawn and then the second classifier that is Naive Bayesian (NB) classifier classifies the web page. Key Words: phishing, phishing emails, classifier
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Social Engineering CSO Survival Guide, designing leading edge 21st Century Business Models go to www.esgjrconsultinginc.com to learn more about Software/Network Engineering Solutions.
MLabs - Cyber Crime Tactics and Techniques Q2 2017Jermund Ottermo
Great collaboration and report on the latest cyber crime tactics and techniques. Gives a birds eye view of where the technologies and advancements utilized by cyber criminals are headed. A really good read, recommended.
The cyber attacks have become most prevalent in the past few years. During this time, attackers have discovered new vulnerabilities to carry out malicious activities on the internet. Both the clients and the servers have been victimized by the attackers. Clickjacking is one of the attacks that have been adopted by the attackers to deceive the innocuous internet users to initiate some action. Clickjacking attack exploits one of the vulnerabilities existing in the web applications. This attack uses a technique that allows cross domain attacks with the help of userinitiated clicks and performs unintended actions. This paper traces out the vulnerabilities that make a website vulnerable to clickjacking attack and proposes a solution for the same.
Web phish detection (an evolutionary approach)eSAT Journals
Abstract Phishing is nothing but one of the kinds of network crimes. This paper presents an efficient approach for detecting phishing web documents based on learning from a large number of phishing webs. Phishing means to make something fraud with someone, usually by using internet with the help of emails, to take our personal information, such as credentials. The finest way to protect ourselves and our credentials from phishing attack is to understand the concept of phishing as well as to understand that how to determine a phishing attack. Most of the phishing emails are sent from well-reputed organizations and they ask for your credentials such as credit card number, account number, social security number and passwords of bank account. Mostly the phishing attacks seen from the websites, services and organizations with which we do not even have an account. In this system we are using two classifiers to detect phishing. To recognize the phishing, the Uniform Resource Locator (URL) features of the website are firstly analyzed and then they are classified by using K-means classifier. If the answer is still suspicious then by using parsing of the webpage, its DOM tree is drawn and then the second classifier that is Naive Bayesian (NB) classifier classifies the web page. Key Words: phishing, phishing emails, classifier
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Social Engineering CSO Survival Guide, designing leading edge 21st Century Business Models go to www.esgjrconsultinginc.com to learn more about Software/Network Engineering Solutions.
A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMYIJNSA Journal
Web spam refers to some techniques, which try to manipulate search engine ranking algorithms in order to raise web page position in search engine results. In the best case, spammers encourage viewers to visit their sites, and provide undeserved advertisement gains to the page owner. In the worst case, they use malicious contents in their pages and try to install malware on the victim’s machine. Spammers use three kinds of spamming techniques to get higher score in ranking. These techniques are Link based techniques, hiding techniques and Content-based techniques. Existing spam pages cause distrust to search engine results. This not only wastes the time of visitors, but also wastes lots of search engine resources. Hence spam detection methods have been proposed as a solution for web spam in order to reduce negative effects of spam pages. Experimental results show that some of these techniques are
working well and can find spam pages more accurate than the others. This paper classifies web spam techniques and the related detection methods.
Phishing is an attack that deals with social engineering system to illegally get and utilize another person's information for the benefit of authentic site for possess advantage (e.g. Take of client's secret word and Visa precise elements during online correspondence). It is influencing all the significant areas of industry step by step with a considerable measure of abuse of client qualifications. To secure clients against phishing, different hostile to phishing procedures have been suggested that takes after various methodologies like customer side and server side insurance. In this paper we have considered phishing in detail (counting assault process and grouping of phishing assault) and investigated a portion of the current sites to phishing strategies alongside their points of interest and disadvantages.
A Guide to Internet Security For Businesses- Business.comBusiness.com
Recent revelations by National Security Agency (NSA) renegade contractor Edward Snowden have resulted in many businesses paying more attention to how secure their computer systems are. But even the most “cyber-savvy” businesses can have their computer networks hacked and compromised. Use this whitepaper to understand your threats, protective options, and trends in internet security for businesses.
Phishing Website Detection Using Particle Swarm OptimizationCSCJournals
Fake websites is the process of attracting people to visit fraudulent websites and making them to enter confidential data like credit-card numbers, usernames and passwords. We present a novel approach to overcome the difficulty and complexity in detecting and predicting fake website. There is an efficient model which is based on using Association and classification Data Mining algorithms combining with ACO algorithm. These algorithms were used to characterize and identify all the factors and rules in order to classify the phishing website and the relationship that correlate them with each other. It also used PART classification algorithm to extract the phishing training data sets criteria to classify their legitimacy. But, this work has limitations like Sequences of random decisions (not independent) and Time to convergence uncertain in the phishing classification. So to overcome this limitation we enhance Particle Swarm Optimization (PSO) which finds a solution to an optimization problem in a search space, or model and predict social behavior in the presence of phishing websites. This will improve the correctly classified phishing websites. The experimental results demonstrated the feasibility of using PSO technique in real applications and its better performance. This project employs the JAVA technology.
Anatomy of an Enterprise Social Cyber Attack ZeroFOX
By now, social media has clearly established itself as a dominant force in our lives: Nearly three-quarters of adults who go online use a social network of some kind. More than two of five use multiple social network sites. As a result, cyber criminals are flocking to these sites to trigger attacks, targeting users and organizations. In fact, one-third of data breaches originate via social networks, and companies suffer an average of $5.4 million per attack.
Read More: https://www.zerofox.com/blog/the-anatomy-enterprise-social-cyber-attack-infographic/
Improving Phishing URL Detection Using Fuzzy Association Miningtheijes
Phishing is the process to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity by the use of an electronic communication. Phishing attack continues to pose a solemn risk for web users and annoying threat within the field of electronic commerce. The Phishing detection using fuzzy and binary matrix construction method focuses on discerning the significant features that discriminate between legitimate and phishing URLs. The significant features are extracting the number of dots, length of the host etc., from each URL. These features are then subjected to associative rule mining-apriori and predictive apriori. The rules obtained are interpreted to emphasize the features that are more prevalent in phishing URLs. The key factors for the phished URLs are number of slashes in the URL, dot in the host portion of the URL and length of the URL. The pitfall of binary matrix method is the time complexity. So it impacts the overall speed of the system. The fuzzy based logic association rule mining algorithm was proposed to classify the legitimate and phishing URLs based on the features. The extracted features are converted to fuzzy membership values as “Low”,’ Medium’ and “High”. By applying association rule mining algorithm the rules are generated to detect the phishing URLs. The fuzzy based methodology provides efficient and high rate of phishing detection of URLs
How social media can be used as a social engineering tool to gather information and compromise information systems. Intercepting social media communications using connected service enumerations, and the Kill chain (presented in 2011)
In December 2012, Yahoo! Inc. suffered a high profile data breach at the hands of a lone hacker. Using SQL injection attacks, the hacker gained full access for the server of the affected domain. Alarmingly, the exploited vulnerability likely belonged to a third party application that was neither coded nor hosted by Yahoo!. Yahoo! was responsible for the third party application's security, yet it only had limited control of the code. This presentation will analyze the tools and methodology employed by the attacker to bypass security, explore the dangers of hosting third party code inherited from partners, vendors, or via acquisitions, and provide procedural and technical steps for securing third party code.
A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMYIJNSA Journal
Web spam refers to some techniques, which try to manipulate search engine ranking algorithms in order to raise web page position in search engine results. In the best case, spammers encourage viewers to visit their sites, and provide undeserved advertisement gains to the page owner. In the worst case, they use malicious contents in their pages and try to install malware on the victim’s machine. Spammers use three kinds of spamming techniques to get higher score in ranking. These techniques are Link based techniques, hiding techniques and Content-based techniques. Existing spam pages cause distrust to search engine results. This not only wastes the time of visitors, but also wastes lots of search engine resources. Hence spam detection methods have been proposed as a solution for web spam in order to reduce negative effects of spam pages. Experimental results show that some of these techniques are
working well and can find spam pages more accurate than the others. This paper classifies web spam techniques and the related detection methods.
Phishing is an attack that deals with social engineering system to illegally get and utilize another person's information for the benefit of authentic site for possess advantage (e.g. Take of client's secret word and Visa precise elements during online correspondence). It is influencing all the significant areas of industry step by step with a considerable measure of abuse of client qualifications. To secure clients against phishing, different hostile to phishing procedures have been suggested that takes after various methodologies like customer side and server side insurance. In this paper we have considered phishing in detail (counting assault process and grouping of phishing assault) and investigated a portion of the current sites to phishing strategies alongside their points of interest and disadvantages.
A Guide to Internet Security For Businesses- Business.comBusiness.com
Recent revelations by National Security Agency (NSA) renegade contractor Edward Snowden have resulted in many businesses paying more attention to how secure their computer systems are. But even the most “cyber-savvy” businesses can have their computer networks hacked and compromised. Use this whitepaper to understand your threats, protective options, and trends in internet security for businesses.
Phishing Website Detection Using Particle Swarm OptimizationCSCJournals
Fake websites is the process of attracting people to visit fraudulent websites and making them to enter confidential data like credit-card numbers, usernames and passwords. We present a novel approach to overcome the difficulty and complexity in detecting and predicting fake website. There is an efficient model which is based on using Association and classification Data Mining algorithms combining with ACO algorithm. These algorithms were used to characterize and identify all the factors and rules in order to classify the phishing website and the relationship that correlate them with each other. It also used PART classification algorithm to extract the phishing training data sets criteria to classify their legitimacy. But, this work has limitations like Sequences of random decisions (not independent) and Time to convergence uncertain in the phishing classification. So to overcome this limitation we enhance Particle Swarm Optimization (PSO) which finds a solution to an optimization problem in a search space, or model and predict social behavior in the presence of phishing websites. This will improve the correctly classified phishing websites. The experimental results demonstrated the feasibility of using PSO technique in real applications and its better performance. This project employs the JAVA technology.
Anatomy of an Enterprise Social Cyber Attack ZeroFOX
By now, social media has clearly established itself as a dominant force in our lives: Nearly three-quarters of adults who go online use a social network of some kind. More than two of five use multiple social network sites. As a result, cyber criminals are flocking to these sites to trigger attacks, targeting users and organizations. In fact, one-third of data breaches originate via social networks, and companies suffer an average of $5.4 million per attack.
Read More: https://www.zerofox.com/blog/the-anatomy-enterprise-social-cyber-attack-infographic/
Improving Phishing URL Detection Using Fuzzy Association Miningtheijes
Phishing is the process to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity by the use of an electronic communication. Phishing attack continues to pose a solemn risk for web users and annoying threat within the field of electronic commerce. The Phishing detection using fuzzy and binary matrix construction method focuses on discerning the significant features that discriminate between legitimate and phishing URLs. The significant features are extracting the number of dots, length of the host etc., from each URL. These features are then subjected to associative rule mining-apriori and predictive apriori. The rules obtained are interpreted to emphasize the features that are more prevalent in phishing URLs. The key factors for the phished URLs are number of slashes in the URL, dot in the host portion of the URL and length of the URL. The pitfall of binary matrix method is the time complexity. So it impacts the overall speed of the system. The fuzzy based logic association rule mining algorithm was proposed to classify the legitimate and phishing URLs based on the features. The extracted features are converted to fuzzy membership values as “Low”,’ Medium’ and “High”. By applying association rule mining algorithm the rules are generated to detect the phishing URLs. The fuzzy based methodology provides efficient and high rate of phishing detection of URLs
How social media can be used as a social engineering tool to gather information and compromise information systems. Intercepting social media communications using connected service enumerations, and the Kill chain (presented in 2011)
In December 2012, Yahoo! Inc. suffered a high profile data breach at the hands of a lone hacker. Using SQL injection attacks, the hacker gained full access for the server of the affected domain. Alarmingly, the exploited vulnerability likely belonged to a third party application that was neither coded nor hosted by Yahoo!. Yahoo! was responsible for the third party application's security, yet it only had limited control of the code. This presentation will analyze the tools and methodology employed by the attacker to bypass security, explore the dangers of hosting third party code inherited from partners, vendors, or via acquisitions, and provide procedural and technical steps for securing third party code.
Computer security is the process of preventing and detecting unauthorized use of our computer. Prevention measures help us to stop unauthorized users from accessing any part of your computer system. Detection helps us to determine whether or not someone attempted to break into the system, if they were successful, and what they may have done.
Abstract—Malware or malicious software are exist everywhere
internet or locally. This paper present a category of malware which cybercriminals (hacker, cracker) currently using for monetizing around the world via internet. Ransomware is the name of this category of malware and it has a variety of families inside it. There are two famous basic types crypto ransomware and locker ransomware. Crypto ransomware usually encrypt personal files of the victims with different cryptography algorithms according how crypto ransomware is designed. These cryptographic alogorithm might be symmetric (single key) or asymmetric (double key, public key). The second type of ransomware lock the victim device (personal computer, mobile device, etc) and prevent the user from accessing it. The countermeasures how to keep secure and safe our systems or
network against this dangerous type of malware will be discuss
also.
Ransomware is a PC or Mac-based malicious piece of software that encrypts a user or company’s files and forces them to pay a fee to the hacker in order to regain access to their own files.
Not only can ransomware encrypt the files on your computer; the software is smart enough to travel across your network and encrypt any files located on shared network drives. This can lead to a catastrophic situation whereby one infected user can bring an entire company to a halt.
Dyre: Emerging Threat on Financial Fraud LandscapeSymantec
A significant upsurge in activity over the past year has seen Dyre emerge as one of the most dangerous financial Trojans, capable of defrauding customers of a wide range of financial institutions across multiple countries.
Dyre is a highly developed piece of malware, capable of hijacking all three major web browsers and intercepting internet banking sessions in order to harvest the victim’s credentials and send them to the attackers.
Dyre is a multi-pronged threat and is often used to download additional malware on to the victim’s computer. In many cases, the victim is added to a botnet which is then used to send out thousands of spam emails in order to spread the threat further afield.
External threats to information system: Malicious software and computer crimesSouman Guha
Many organizations have become so dependent on computer-based and internet based intensive information systems that disruptions of either may cause outcomes ranging from inconvenience to catastrophe. Our reliance on information systems has redefined corporate risk. Management now recognizes that threats to continuing operations include technological issues seldom previously considered. Protecting the corporation's information system and data warrants management's attention. Management's concern with information systems security has changed over recent years. These threats may arise from internal and external sources. Viruses and computer crimes from external sources are two major concerns of management because management has to invest time and resources to face these issues and secure own information system from external sources. These attacks may result in slow network performance, non-availability of a particular website, inability to access any website and most importantly different types of financial fraudulent and forgery are being occurred in modern era. Securing information system, thus, becomes top notch priority of modern organization.
A comprehensive survey ransomware attacks prevention, monitoring and damage c...RSIS International
Ransomware is a type of malware that prevents or
restricts user from accessing their system, either by locking the
system's screen or by locking the users' files in the system unless
a ransom is paid. More modern ransomware families,
individually categorize as crypto-ransomware, encrypt certain
file types on infected systems and forces users to pay the ransom
through online payment methods to get a decrypt key. The
analysis shows that there has been a significant improvement in
encryption techniques used by ransomware. The careful analysis
of ransomware behavior can produce an effective detection
system that significantly reduces the amount of victim data loss.
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...AshishDPatel1
Ransomware is a type of malware that prevents or restricts user from accessing their system, either by locking the system's screen or by locking the users' files in the system unless a ransom is paid. More modern ransomware families, individually categorize as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through online payment methods to get a decrypt key. The analysis shows that there has been a significant improvement in encryption techniques used by ransomware. The careful analysis of ransomware behavior can produce an effective detection system that significantly reduces the amount of victim data loss.
A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...RSIS International
Ransomware is a type of malware that prevents or
restricts user from accessing their system, either by locking the
system's screen or by locking the users' files in the system unless
a ransom is paid. More modern ransomware families,
individually categorize as crypto-ransomware, encrypt certain
file types on infected systems and forces users to pay the ransom
through online payment methods to get a decrypt key. The
analysis shows that there has been a significant improvement in
encryption techniques used by ransomware. The careful analysis
of ransomware behavior can produce an effective detection
system that significantly reduces the amount of victim data loss.
What are the Botnets? Description of what are botnets and how they works. what are the known botnet attacks.and architecture of botnets. slides also describes some prevention steps from botnet attack.
Business communication is the process of communicating with the employees and the organisation. The implementation of the business communication strategies helps to build the communication skills in the employees. In this report the impact, barriers, and solutions to barriers are discussed which help to understand the overall concept of the business communication. For betterment of the organisations improvement of the communication skills is necessary. The effective communication is the management of the employees which help in the management of the employee’s behaviour. Analysis of business communication is essentially effective in determining the potential in professional aspects as well as evaluating personal skills for improvement.
Retail is the kind of market which is the last stop for the supply chain from where customers can access the good and services. Retail market generally purchases the goods from the manufacturer or the middlemen refer to as the Wholesalers. Wholesalers collect the products from the manufacturers worldwide and supply the goods and service to the retailers. So, retailers are the intermediate layer in the supply chain who connects the products from the manufacturer with the targeted customers. Retail market may be offline or online. However, for decades, the online retail market like Flipkart, Amazon etc are grooming faster compared to the offline retail market. The primary reason is the feasibility to the customer as they can view the product from the website by sitting at home and can choose for their purchase. Even they can order for their desired products without going to the physical market. It means such market required the intelligence to attract the customers so that they will buy the product from their market. Generally, customers use to buy their products from such a market where they can find good products, attractive offers and useful recommendations. On the other hand, retailers should keep their inventory management smarter by employing suitable technology so that the supply will be uniform. As this is the era of digital business, retail marketing uses the technology like Data Analytics with the Internet of Things to maintain the inventory, sophistical approach towards checkout system by emphasizing the visibility of the inventory system.
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
3. Page3
Task-1
Task-1a
There are different types of scams and frauds are there in the computer network. They mostly
attacks the user while online transaction of data, online purchase or any other works that is
related with the internet and native device. Basically the attackers read the port that is in use and
steals the information and private credentials (Bryan Monk, 2018). The types of fraud and the
scams performed by them are discussed below:
A. Frauds:
Malware: This is a type of malicious software which harms the computers as well as the digital
device. This includes the Worms, Trojans or any kind of the Spywares. Those individually or
collectively harm the computer when connected to the internet. Basically, the user allows those
kinds of malware unconsciously through any file download (Lu, 2018). That actually looks in to
the log in fields of the portal and snatches the useful resource like the credit or debit card
number, bank account details or any other things. Mostly those are represented in a coded
version. The malware can be obstructed using anti-malware. But, in the very present days, the
malware are represented as the polymorphic version which continuously changes its base code so
every time it can change its behavior and so it is hard to obstruct as for the regular data structure
update. So, in that case only those anti malware tool will be applicable which include the
signature based sandbox (Mansfield-Devine, 2009).
Phishing Attack: This is a specified attack by some kind of malware and virus. In this case, the
hackers use the victim’s mail to send their mails and if the user will click on any link that is
placed in the mail body, all the secured information of the mail are hacked as those are now
visible to the hacker and this will cause the interruption of the privacy. Those phishes or the
hackers are generally do this to spread the scams over the internet (Bouchard, 2016). The main
intention of the operation is to steal the user identity and the password so that the hackers can use
the accounts of the victims without prior knowledge of the user. In another case, the hackers use
to make fraud website which looks similar to one of their known website and that is the trap
when the user enters into it and perform the login (Guitton, 2013). But if the user will be cautious
enough to properly read the Unified Resource Location or URL properly, they can find that all
the true websites now contains the secured version of Hyper Text Transfer Protocol or HTTPS
rather having HTTP only. But the hacker’s website does not include HTTPS. So, if such websites
will be avoided, the probable attack can be obstructed but for most of the cases, the user does not
follow this and thus they will be under attack (Lan Liu, 2017).
Ransomware Attack: This another type of fraud in computer network which attack the world
most recently. The attackers send the malicious program to the victim which locks down the
computer and the attackers demand the money in exchange of make the system as previous (J.
4. Page4
François, 2014). This one had been done for most probably the raising of crypto currency and
often the attackers demand the amount in bitcoin. Meanwhile all the private document and
credential will be steal by the hackers (T. Lu, 2012). This one was the most ferocious attacks
ever by the computer frauds. After providing the amount the computer gets recovered though all
the other files in the device gets affected and thus it is spread over the computer and make severe
harm (Romdhane, 2016).
B. Scams:
The types of frauds discussed in the previous section, can cause the massive damage to the user
system by creating online scam. There are different types of scams in computer network and they
are shown below:
Online Market Scam: Now a days, most of the people prefers the online marketing rather by
going to the physical market. The online market portal is logged in by the user itself. If the
network contains any malicious component, the credential of the user will be theft (Christin,
2012). It is dangerous because most of the user prefers to purchase the product by using debit
card. Those malicious agent will theft those data and the card will be misused (Rid, 2016).
Job Portal Scam: Most of the job portal uses to send the promotional and update mails to the
registered user. The hacker follows the same as they send fake job mails to the user and ask them
to open the link in the mail body to apply. When the user click on the mail link, they get
victimized and their and details may be hacked (Bryan Monk, 2018).
Advertisement Scam: While surfing on the internet, the user can see different advertisement and
some of those may contain the malicious content and can affect the system if those were clicked
(Bouchard, 2016). Actually those advertisements are the gateway of entering into the system and
thus the hacker shows the advertisement in a very attractive way (Rid, 2016).
Relief Fund Scam: When some disaster occurs, different group of people start campaigning for
the relief fund and even they start campaigning through building some website where the well
wishers can deposit money. But unfortunately, some hackers also do this where the fake websites
which attracts the user to deposit money which actually don’t goes to the fund rather those
amount will be redirected to the hacker’s account (G. Moura, 2014).
Software Download Scam: Most of the time, the computer users download their preferred
software from the internet may be from known or unknown sites. While downloading software
from unknown sites, the hackers invokes the malicious program into the software which affect
the files and folder of computer device (J. François, 2014).
5. Page5
Task-1b
The types of theft are already discussed in the previous section. This type of fraud can prevented
if the proper measure can be applied. Below some of the measure are discussed (Lu, 2018) (G.
Moura, 2014).
1. Avoiding E-Mail from unknown source: To ensure the system will be secure, try to
avoid to open the emails from un source or those mails that are dropped in the spam
folder.
2. Updated Password: To ensure the security in the email account or social media, the
password should be updated periodically to avoid the snatching the password by the
hackers.
3. High Strength Password: To protect the account in a better way, the password should be
strong enough and will be the combination of number, alphabet and characters.
4. Revealing Privacy Policy: To ensure the security, try to reveal the personal identity from
the websites which ask for it.
5. Updated Anti-Virus and Firewalls: To prevent the system to be attacked by the
malwares and virus, the anti-virus and the firewalls to be updated periodically so that that
can attain the updated virus database.
Task-1c
The privacy setting of the browser to be set in order to protect the browser from any kind of
external attack (Rid, 2016). The settings for the Firefox Browser are shown below:
1. Open the Firefox browser and select the option
Fig-1: Selecting Option of Firefox Browser
6. Page6
2. Select the Privacy Settings
Fig-2: Privacy setting and Security
3. Select the content Blocking option
Fig-3: Select Content Blocking
7. Page7
4. Select the Cookie Option
Fig-4: Select Delete Cookie Option
5. Select “Ask to save Login Password: Option
Fig-5: Ask to save Login Password
9. Page9
Task-2
Task-2a
Malware and the spyware may attack the system for the poor or irrelevant anti threat software
like anti-malware and anti-virus. Most of the user uses the anti-virus in demo or trial mode which
is actually not le to detect the updated virus because of lack of database of the virus (Hong Zhao,
2019). To get the updated database of the most recent virus, the database of the anti-virus or the
anti-malware will have o updated periodically and automatically . But the anti-virus or the anti-
malware itself not sufficient to detect all the external attacks (S. L. Toral, 2010). Some attacks
may come through the network injecting, like the SQL injection which is not detectable using
anti-virus or the anti-malware. To detect such type of attack, typical tools like Wire shark is
required which can detect the network activity (Dholakia, 2002).
If the computer is regularly threatened by the Malware or the Spywares, some changes in the
computer can be seen which can be checked after some days of operation as the Malware or the
Spywares takes their time to spread and when their objective will be fulfilled, they start attacking
and then that be late to detect because there will be no meaning of detection and the system files
may be captured by the Malware or the Spywares (Hong Zhao, 2019). The malware infects the
system files so the system gets down and the speed of operation is reduced. Spyware, if injected
into the system, steals the persona data and redirects to the hackers (Bryan Monk, 2018).
So, to protect the system, the network capture tool is essential through which the network
activity can be observed. The network capture tool like Wire Shark check the network activity h
instance of time for the incoming and outgoing packet and check the severity of the remote port
address and can detect if the remote host is trusted or not (S. Yadav, 2012). The trust of the port
depends upon the health of the network activity means if the port is told to be healthy it means it
does not contain any malfunctioned programs like Malware or the Spywares. The color scheme
of the Wire Shark helps to understand the port and packet severity. If it is observed that the post
is not healthy, then the proper action can be taken by properly blocking the ports (J. Narayan,
2015).
The demonstration steps of the operation of Wire Shark tools id briefed below:
1. After opening Wire Shark, it starts capturing the network activity. It can be seen that the
files are being transferred using different protocols as follows:
10. Page10
Fig-8: Wire shark Scanning page
2. It can be seen that different transaction has different color. The color actually shown for
the severity of the port transfer. To determine the severity of different protocol, the
Protocol Hierarchy will be selected.
Fig-9 Selecting Protocol Hierarchy
3. After the selection, the protocols can be selected individually and check the health of the
ports. Like here the in the Fig-8, the port checking is shown. Some of the ports are
marked in black which means those ports contains Malware. So, the action can be taken
against those ports for example the port with IP 192.168. 97.101 or 192.168. 97.42 etc.
can be blocked to obstruct the port to access the native device to be affected with the
malware injection.
So, in this technique, the malware can be detected perfectly using Wire Shark and the malware
can be detected and hence can be blocked.
Task-2b
In New Zealand, two acts are there of the cyber crime namely, Crime Act 1961 and Privacy Act
1993 which works as the backbone to prevent the cyber crime there. These two acts make any
kind of misuse of cyber use and to use the internet with wrong intention, will be punishable
under law. The section of the laws are described below (CrimesAct, 1961):
11. Page11
Section 249: It states that, if anyone use the computer and internet for any dishonest purpose,
the following actions will be taken against the person:
1. Imprisonment up to 7 years who directly or indirectly related to the dishonest work and
cause for the damage of the property of others.
2. Imprisonment up to 5 years who have been caught with an intention to damage others
property by cyber issue.
Section 250: It states that, if anyone use the computer with wrong intention and do unlawful
works, the following actions will be taken against the person:
1. Imprisonment up to 10 years if found to do unethical work and intentionally damages
other cyber property.
2. Imprisonment up to 7 years if anyone found to do such that the others computer fails to
work properly and does not provide any administrative privilege to work any more.
Section 251: It states that, if anyone found to do fraud selling of the computer software and
integral parts, they falls under the category of cyber crime and the following actions will be
taken:
1. If anyone takes any unpublished software from others and try sell to other without prior
intimation and permission, they will be got imprisonment up to 2 years.
2. Imprisonment up to 2 years if found to lean any information related to the unpublished
software.
Section 252: It states that, if anyone is found to use others computer in unauthorized manner and
without prior information, may be physically or logically, the person will got imprisonment for 2
years.
Task-3
Task-3a
Denial-of-Service or DoS IS the technique of attack by the hackers where the hackers send
unauthorized message and mails which has invalid return address. User go the message or mail
and revert on it, the network will try to find the destination address for which it fails and for that
time being, the server will be busy in that operation. As the hackers sends this type of message
continuously, so the server will be busy and it cause the flooding of the network and in the
meantime the hackers will steal the data from the computer. The effect of the DoS attack are as
follows:
1. It floods the network and server will be made busy unnecessarily.
2. Prevent the current operation of the user by interruption of service.
12. Page12
3. It prevent the individual to access the internet service ans so that the user cannot have
much aware of what happening.
4. It act as the administrative operation and reset the TCP setting and so the user has no
control over the network service.
Different types of DoS attacks are as follows:
Volumetric Attack: In this type of attack, the entire bandwidth of the network is captured and so
the internet connection get hanged.
Sync Flooding: In this attack, the hackers send multiple packets which make the system flooded
with the network packet and get the system down. Syns flooding is shown below (OpenCampus,
2017):
Fig-10: Sync Flooding
Fragmentation attack: In this type of attack, the hackers send multiple fragmented packet for
which the system fails to reassemble the actual situation as it cannot recognize those packets.
Application layer Attack: In this type of attack, the hackers program for which the application
error can be found in the user machine. If causes overflow the network as the memory allocation
size of the variable differs from its actual expectation. Application flooding is shown below
(OpenCampus, 2017).
13. Page13
Fig-11: Application Flooding
Task-3b
To design a system which is protective to the DoS attack, different components are required like
Server, Firewalls, network scanners etc. The following figure shows the network that can prevent
the DoS attack (Karnel, 2017).
Fig-12: DoS Protection
14. Page14
In this design, several components are used and they are discussed below:
Firewall: It helps the system to protect from any external attacks. This is basically a network
scanner which scan for the vulnerability of the network port and if found any issue that is coming
from any port, it immediately block that port (J. François, 2014).
Intrusion Detection: This is another toll that is used in network protection which collects the
information of the ports that are being used for file transaction and if found any port to be
malicious, it informs the firewall (J. Narayan, 2015).
Anti-Malware and Anti-Spyware: This is the third and important component of the software
network which is actually a program code outcome which detects and prevents any kind of
malware or spyware injection to the system (Romdhane, 2016).
SDN Controller: It is the controller for Software Defined Network which actually collect and
protect the system form any unknown file injection (Lan Liu, 2017).
15. Page15
Task-4
Task-4a
There are different tools are available to protect the network by preventing the suspicious items
coming from internet and network flow. The top five those are discussed below:
Wire Shark: This is the network observer and detects for any kind of faulty transaction of data.
The term faulty means that the data from that particular port is suspicious. If so, wire shark will
detect it by suspicious activity and thus it can be blocked. So, the network will be kept secured
by this action (ActiveTips, 2018).
Fig-12: Wire Shark
Solar Winds Log Manager: This tools helps to find critical activity find the ports by continuous
scanning. It has in-build network monitor ugh which it can monitor the traffic activity and has
also the traffic analyzer through which the detected traffic can be analyzed. So, it can identify the
suspicious activity of the network and file transaction (ActiveTips, 2018).
16. Page16
Fig-14: Solar Winds
Nessus Professional Tool: It is one of the most widely used network analyzer in industry as well
as personal purposes. It checks for the vulnerability, issues of configuration and detects the
malware. And so, it is able to prevent such activity to keep the system secure (ActiveTips, 2018).
Fig-15: Nessas
17. Page17
Snort: It is one of the best known and open source Intrusion detection tool through which the
unwanted traffic and packets can be identified and hence prevented (ActiveTips, 2018).
Fig-16: Snort
TCPDump: It is actually the Packet Sniffer. It checks the network activity and shown each event
on the screen. The network monitor thus can detect the malware and so it can be prevented
(ActiveTips, 2018).
Fig-17: TCPDump
18. Page18
Task-4b
There are another way to protect the data from the hackers by sing the cryptographic method.
There are generally two types of cryptography is available namely, Symmetric Key
Cryptography and Asymmetric Key Cryptography. In both cases, the cryptographic key is used
which enables the security system (Christin, 2012).
Symmetric Key Cryptography: In this cryptography method, the encryption and decryption key
are same. When the file is transferred over internet, the key is send along that and so at the
receiving end, the file will be decrypted (S. L. Toral, 2010). When the file is transferred, it will
be transferred by encryption with that key (Rid, 2016). In that case, the person who transfer the
file and the one who receives the file are aware of the key and so it is easy to deploy (ssl2buy,
2015).
Fig-17: Symmetric Key Cryptography
Asymmetric Key Cryptography: In this type of cryptography, there are separate key for
encryption and decryption. In this case, there are two keys, one in knows as the public key which
is transferred with the file or it may be stored at the end device through which the encrypted file
will be decrypted and another key is called private key which is not shared (T. Lu, 2012). In this
technique the end device may not know the decryption process until it gets both two keys
because the execution of encryption and decryption depends upon both two keys (Romdhane,
2016). The figure is shown below (ssl2buy, 2015):
19. Page19
Fig-18: Asymmetric Key Cryptography
Task-4c
In view to protect the computer network, the Asymmetric key Cryptography will work better.
The reason behind that is the security. When the Asymmetric key Cryptography works, the
private key is always hidden and will not be displayed. So, if the hacker will achieve the public
key, they will still unable to decrypt the encrypted file and they has no private key and so the
system gets the security.
Asymmetric key encryption process applies a logical pair of keys for decryption an encryption.
One of it is the public key and another one is private key. Encryption uses one of that key ans
other keys will be used as the decryption. So, these two are logically related and the decryption
process will not be done without missing of any of the keys.
So, this kind of algorithmic approach will help to secure the encryption and decryption process
better.
20. Page20
Task-5
Task-5a
The ten tools of the network vulnerability assessments are:
Wireshark
Intruder
Microsoft Baseline Security Analyzer
Nikto
Probely
Tripwire IP360
Nessus Professional
OpenVAS
Retina CS Community
Secunia Personal Software Inspector
The selected tolls for the analysis should be:
Wire Shark: It is open source and easy to use and hence the security analysis is done better using
this tools by automatic scanning and hence it supports a wide range of capture file.
Nessus Professional: It is one of the good and demanding tools I the industry and for personal
use through which the network issues can be checked thoroughly.
Intruder: Using this tool, the network issues can be checked properly and hence the trace log
will store all the issues related to the intrusion. So, it makes the detection easier.
Task-5b
The system under test is with the IP address 192.168.92.34 and it is under attack by the DoS
using a remote tool with name X4U Doser which is actually a hacking tool as follows:
21. Page21
Fig-19: X4U Doser
Now this attack in the host device is being analyzed using the Wire shark tool. The analysis is
shown below:
Fig-20: Analysis using Wire Shark
Wire Shark is displaying the red result to those TCP protocol from where the suspicious activity
is generated. The list of such IPs are shown below:
Start
frame
IP address of
host
IP address of
destination
Host
Port
Destination
Port
93 192.168.97.42 192.168.97.101 33086 22
11365 192.168.97.42 192.168.97.4 17007 57734
11460 192.168.97.101 192.168.97.4 17007 57734
11922 192.168.97.41 192.168.97.4 17007 57734
12427 192.168.97.41 192.168.97.4 16959 57734
12510 192.168.97.250 192.168.97.4 16959 57734
22. Page22
As soon as the vulnerability is checked, the tool will block the port an no packet will ne in the
transaction in that case.
Task-5c
As the analysis is shown for the vulnerability check for the ports, the recommendation is given
below to make the ports secured and thus the external attack will not be entertained (Guitton,
2013).
Use of Firewall: Updated firewall should be used for the protection of the website to deny the
unauthorized packet.
Updating Anti-Virus Service: Updated anti-virus service should be used to reject any kind of
unknown file to be injected.
Secure Mail Service: Securing the mail service by caution so not to open the mail coming from
unauthorized address.
Use of cloud service: To get more security, cloud service is the good option where the protection
is high.
Use of DDoS attack detectors: By using this service, the DDoS attack can be identify which
helps the system will be working as earlier and not get affected.
23. Page23
Bibliography
ActiveTips.(2018). ActiveTips.RetrievedfromActiveTips: https://www.addictivetips.com/net-
admin/best-network-security-tools/
Bouchard,B. G. (2016). Likingandhyperlinking:Communitydetectioninonlinechildsexual exploitation
networks. SocialScience Research .
Bryan Monk,J. M. (2018). UncoveringTor: An Examinationof the NetworkStructure. Security and
Communication Networks .
Christin,N.(2012). Travelingthe SilkRoad:A Measurementof a Large AnonymousOnlineMarketplace.
DefenseTechnical Information Center .
CrimesAct.(1961).CrimesAct 1961. New Zealand Legislation .
Dholakia,R.P. (2002). Intentional social actioninvirtual communities. Journalof InteractiveMarketing .
G. Moura, R. S. (2014). Bad neighborhoodsonthe internet. IEEECommunicationsMagazine .
Guitton,C.(2013). A reviewof the availablecontentonTorhiddenservices:The case againstfurther
development. Computersin Human Behavior .
Hong Zhao,Z. C. (2019). MaliciousDomainNamesDetectionAlgorithmBasedonN-Gram. Journalof
ComputerNetworksand Communications .
J. François,L. D. (2014). Networksecuritythroughsoftware definednetworking:asurvey. Proceedingsof
the Conferenceon Principles,Systemsand Applicationsof IPTelecommunications .
J. Narayan,S.K. (2015). A surveyof automaticprotocol reverse engineeringtools. ACMComputing
Surveys.
Karnel.(2017). DoSPotection.RetrievedfromDoSPotection:https://thekernel.com/dos-protection/
Lan Liu,R. K. (2017). Malware PropagationandPreventionModel forTime-VaryingCommunity
NetworkswithinSoftware DefinedNetworks. Security and Communication Networks .
Lu, S. (2018). What is the dark webandwho usesit?The Globe and Mail. Security and Communication
Networks .
Mansfield-Devine,S.(2009).Darknets. omputerFraud & Security .
OpenCampus.(2017). greycampus.Retrievedfromgreycampus:
https://www.greycampus.com/opencampus/ethical-hacking/denial-of-service-attacks-and-its-types
Rid,D. M. (2016). Cryptopolitikandthe darknet,. Survival.
24. Page24
Romdhane,A.H. (2016). Minimal contrastfrequentpatternminingformalware detection. Computers&
Security .
S. L. Toral,M. R.-T.(2010). Analysisof virtual communitiessupportingOSSprojectsusingsocial network
analysis. Information and SoftwareTechnology .
S. Yadav,A. K.(2012). Detectingalgorithmicallygenerateddomain-flux attackswithDNStrafficanalysis.
IEEE/ACMTransactionson Networking .
ssl2buy.(2015). ssl2buy.Retrievedfromssl2buy:SSL2BUY.com
T. Lu, K. Z. (2012). A dangertheory basedmobile virusdetectionmodel anditsapplicationininhibiting
virus. Journalof Networks .