What is cyber security. Types of cyber attacks. Web based attacks. System based attacks. Injection attack, Cross-site scripting attack, DNS spoofing, Denial-of-service attack, brute force attack, virus, worms, Trojan horse.
The document discusses cyber security, cyber crimes, threats, and vulnerabilities. It defines cyber crimes as illegal acts using technology and lists common types like illegal data interception and copyright infringement. Cyber security aims to protect networks and data from attacks or unauthorized access. Key principles of cyber security are confidentiality, integrity, availability, accountability, and auditability. The document also discusses cyber threats, attacks, and malicious code like viruses, worms, and ransomware. Vulnerabilities are flaws in systems that can be exploited by attackers.
The document discusses various cybersecurity attack vectors and how organizations can protect themselves. It outlines common attack methods like ransomware, malicious code delivery, social engineering, and phishing. It then recommends that organizations conduct regular security audits, establish governance policies, create an incident response plan, and provide cybersecurity education to employees. The document promotes cybersecurity services from Future Point of View including vulnerability testing, forensics, and training to help organizations enhance their protections.
This document discusses cyber security. It begins by defining cyber security as the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attacks, damage, or unauthorized access. It notes that cyber security is important because organizations collect, store, and process unprecedented amounts of data that needs protection. Some common cyber threats discussed include cyberterrorism, cyberwarfare, cyberspionage, and attacks targeting critical infrastructure, networks, applications, cloud systems, and internet of things devices. The document also examines cyber attack life cycles and common prevention methods.
This document summarizes different types of cyber attacks. It describes web-based attacks like SQL injection, cross-site scripting, and denial of service attacks. It also outlines system-based attacks such as viruses, worms, and trojan horses. Additionally, it covers methods that can assist attacks, including spoofing, sniffing, and port scanning. The goal of the document is to provide an overview of common cyber attacks and threats that exist in the cyber world.
This document discusses cyber security and the need for it. It defines cyber as relating to information technology, the internet, and virtual reality. Cyber security is necessary to protect data from theft or misuse and safeguard systems from viruses. Some major security problems include viruses, hackers, malware, Trojan horses, and password cracking. It provides examples of each problem and recommends solutions like using antivirus software, firewalls, strong and unique passwords, and security suites.
Cybercrime involves using computers or the internet to steal identities or import illegal programs. The first recorded cybercrime took place in 1820. There are different types of cybercrimes such as hacking, denial of service attacks, computer viruses, and software piracy. Cybercrimes also include using computers to attack other systems, commit real-world crimes, or steal proprietary information. Common cyber attacks include financial fraud, sabotage of networks, theft of data, and unauthorized access. Internet security aims to establish rules to protect against such attacks by using antivirus software, firewalls, and updating security settings regularly.
This document provides an introduction to cyber security. It defines cyber security as protecting cyberspace from attacks, and defines a cyber attack. It explains that cyberspace is where online communication occurs, via the internet. Cyber security is important because it affects everyone who uses computers and networks. Cyber security training is needed to establish human controls. Cyber attacks can target businesses, governments, institutions and individuals. Attackers include hackers, criminals, spies and nation-states who use methods like malware, social engineering, and network attacks. Defenders of cyber security include ICT teams, security vendors, manufacturers, and governments. Information systems and quality data are important assets to protect. Emerging cyber threats include cloud services, ransomware, spear ph
The document discusses cyber security, cyber crimes, threats, and vulnerabilities. It defines cyber crimes as illegal acts using technology and lists common types like illegal data interception and copyright infringement. Cyber security aims to protect networks and data from attacks or unauthorized access. Key principles of cyber security are confidentiality, integrity, availability, accountability, and auditability. The document also discusses cyber threats, attacks, and malicious code like viruses, worms, and ransomware. Vulnerabilities are flaws in systems that can be exploited by attackers.
The document discusses various cybersecurity attack vectors and how organizations can protect themselves. It outlines common attack methods like ransomware, malicious code delivery, social engineering, and phishing. It then recommends that organizations conduct regular security audits, establish governance policies, create an incident response plan, and provide cybersecurity education to employees. The document promotes cybersecurity services from Future Point of View including vulnerability testing, forensics, and training to help organizations enhance their protections.
This document discusses cyber security. It begins by defining cyber security as the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attacks, damage, or unauthorized access. It notes that cyber security is important because organizations collect, store, and process unprecedented amounts of data that needs protection. Some common cyber threats discussed include cyberterrorism, cyberwarfare, cyberspionage, and attacks targeting critical infrastructure, networks, applications, cloud systems, and internet of things devices. The document also examines cyber attack life cycles and common prevention methods.
This document summarizes different types of cyber attacks. It describes web-based attacks like SQL injection, cross-site scripting, and denial of service attacks. It also outlines system-based attacks such as viruses, worms, and trojan horses. Additionally, it covers methods that can assist attacks, including spoofing, sniffing, and port scanning. The goal of the document is to provide an overview of common cyber attacks and threats that exist in the cyber world.
This document discusses cyber security and the need for it. It defines cyber as relating to information technology, the internet, and virtual reality. Cyber security is necessary to protect data from theft or misuse and safeguard systems from viruses. Some major security problems include viruses, hackers, malware, Trojan horses, and password cracking. It provides examples of each problem and recommends solutions like using antivirus software, firewalls, strong and unique passwords, and security suites.
Cybercrime involves using computers or the internet to steal identities or import illegal programs. The first recorded cybercrime took place in 1820. There are different types of cybercrimes such as hacking, denial of service attacks, computer viruses, and software piracy. Cybercrimes also include using computers to attack other systems, commit real-world crimes, or steal proprietary information. Common cyber attacks include financial fraud, sabotage of networks, theft of data, and unauthorized access. Internet security aims to establish rules to protect against such attacks by using antivirus software, firewalls, and updating security settings regularly.
This document provides an introduction to cyber security. It defines cyber security as protecting cyberspace from attacks, and defines a cyber attack. It explains that cyberspace is where online communication occurs, via the internet. Cyber security is important because it affects everyone who uses computers and networks. Cyber security training is needed to establish human controls. Cyber attacks can target businesses, governments, institutions and individuals. Attackers include hackers, criminals, spies and nation-states who use methods like malware, social engineering, and network attacks. Defenders of cyber security include ICT teams, security vendors, manufacturers, and governments. Information systems and quality data are important assets to protect. Emerging cyber threats include cloud services, ransomware, spear ph
Siblu Khan presents on cyber security. Cyber security refers to online security to protect information. With more people online, security threats are increasing. Cyber security is necessary to secure data from theft and safeguard systems from viruses. Major security problems include viruses, hackers, malware, Trojan horses, and password cracking. The presentation provides definitions of these terms and recommends solutions like installing security software and using strong, unique passwords. The conclusion stresses that cyber security is everyone's responsibility and hopes to increase awareness of threats and prevention methods.
In a world so connected, cyber security awareness is key to a safe online experience, because the weakest information security link to any organisation is the users of technology. This presentation speaks to basic cyber security awareness for everyday internet users
This document discusses cyber security and cyber crimes. It begins with an introduction that defines cyber security and notes the increasing security threats online. It then covers key topics like the meaning of cyber, the need for cyber security, major security problems like viruses and hackers, and solutions for implementing and maintaining security. Specific security issues are explained like viruses, worms, different types of hackers, malware, Trojan horses, and password cracking. The document concludes with sections on cyber security being a shared responsibility and overviews of cyber crime growth, India's cyber security strategy, and some of the biggest cyber attacks in 2020.
Cyber attacks can take several forms, including cyber fraud aimed at monetary gain, cyber spying to obtain private information, cyber stalking and bullying to frighten or intimidate individuals, cyber assault to cause damage through malware or denial of service attacks, and cyber warfare between nation states seeking to disrupt critical infrastructure through digital means.
Cybersecurity involves protecting computers, networks, programs, and data from digital attacks. It includes topics like hacking, denial of service attacks, cyber terrorism, and software piracy. Some key aspects of cybersecurity are using antivirus software, anti-spyware, firewalls, secure passwords, and maintaining regular backups to protect private information and systems from viruses, malware, and unauthorized access. Understanding different types of hackers like white hat, grey hat, and black hat is also important for cybersecurity.
Cyber security protects systems, networks, and data from cyber threats such as cybercrime, cyberattacks, and cyberterrorism. It involves technologies, processes, and controls to secure networks, applications, information, and operations. Common cyber threats include phishing scams, password attacks, distributed denial of service attacks, rogue security software, man-in-the-middle attacks, drive-by downloads, malvertising, and malware such as viruses, Trojans, spyware, and ransomware. While cyber security helps protect valuable information, privacy, and systems from risks, it can also slow systems and require expertise to properly configure and update protections.
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
This document provides an overview of topics related to cybercrime and security that will be covered. It lists the team members and topics to be discussed including the history of cybercrime, authenticity, security and privacy, database security, social engineering, cyber attacking methods, and security tips. Database security features like digital certificates, encryption, firewalls, and proxy servers will be explained. Responsibilities of database administrators and built-in database protections will also be covered. Specific cyber attacks such as Trojan horse attacks, backdoors, keyloggers, DDoS attacks, and man-in-the-middle attacks will be described. The document concludes with safety tips and references.
This document discusses cyber security and the need for it. It defines cyber security as protecting online information from threats. Major security problems discussed include viruses, hackers, malware, Trojan horses, and password cracking. It provides information on each of these threats and recommends solutions like installing security software, using strong passwords, firewalls, and being aware of social engineering. The conclusion emphasizes that cyber security is everyone's responsibility.
The document discusses cyber security. It introduces cyber security and the need for it to protect internet-connected systems, hardware, software and data from cyber attacks. It describes common cyber security threats like ransomware, malware, social engineering and phishing. It also discusses cyber security vendors, advantages of cyber security in defending against hacks and viruses, disadvantages like slowing systems down, and career opportunities in the field. The conclusion states that the only truly secure system is one that is turned off.
Introduction
What is Cyber Crime?
Computer crime, or cybercrime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target.
What is Cyber Security?
C
yber security, also known as computer security or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection and due to malpractice by operators,whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
The field is of growing importance due to the increasing reliance on computer systems in most societies and the growth of "smart" devices,including smartphones, televisions and tiny devices as part of the Internet of Things – and of the Internet and wireless network such as Bluetooth and Wi-Fi.
Some organizations are turning to big data platforms, such as Apache Hadoop, to extend data accessibility and machine learning to detect advanced persistent threats.
Vulnerabilities and Attacks
Vulnerability is a system susceptibility or flaw, and much vulnerability are documented in the Common Vulnerabilities and Exposures (CVE) database and vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities as they are discovered.
An exploitable vulnerability is one for which at least one working attack or "exploit" exists.
To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified into one of the categories below.
The document provides an overview of information security concepts and threats. It discusses how security is difficult to implement due to costs, user resistance, and sophisticated criminals. The document then outlines various hacking techniques like information gathering, social engineering, sniffing, and denial of service attacks. It concludes by describing defensive security measures for organizations, including firewalls, intrusion detection, honeypots, antivirus software, user awareness training, and penetration testing.
Cyber crime, or computer related crime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. ... Cyber crime may threaten a person or a nation's security and financial health.
Social engineering and phishing attacks are the largest threats to companies, as attackers are increasingly relying on tricking users to gain access to systems. Mobile malware and internet-connected devices are also growing vulnerabilities, as more business is conducted and data is stored on mobile and cloud systems. Companies need to invest in protections against these emerging threats like social engineering, mobile malware, cloud vulnerabilities, and weaknesses in the growing Internet of Things. Staying ahead of changing attack types can help reduce vulnerabilities, but protecting against current and future risks is a ongoing challenge.
This document discusses cyber crime and security. It begins with an overview of topics to be covered, including the history and basics of cyber crimes, various categories of cyber crimes, and motivations for cyber attacks. It then discusses the history of cyber crimes and defines cyber attacks and cyber crimes. Various types of cyber crimes are outlined, including those against persons, property, and government. Common cyber crime techniques like social engineering, viruses, and ransomware are explained. The document notes that cyber crime groups are starting to operate more like organized crime rings. It concludes by discussing how opportunities provided by Web 2.0 technologies can be exploited for cyber crimes.
Cyber crime is a growing problem in India. Some common cyber crimes reported in India include phishing, hacking of government websites, and identity theft. India ranks 11th globally for reported cyber crimes, which are increasing due to factors like rapid growth of internet users. Common cyber crimes involve unauthorized access to systems, data theft and alteration, and using computers to enable other illicit activities. While laws like the IT Act 2000 have been enacted to tackle cyber crimes, enforcement remains a challenge as only a small percentage of crimes are reported. Techniques like antivirus software, firewalls, and educating users can help address the problem.
The document discusses the results of an expert survey about future cyber attacks and IT security challenges in 2025. Experts predict that (1) attacks on the Internet of Things will increase, (2) next generation malware will be more sophisticated and precise, and (3) social engineering attacks targeting users will rise. To combat these threats, IT security needs to offer advanced artificial intelligence for quick response and automated detection of targeted attacks, as well as new authentication methods. Experts say the biggest challenges are users' lack of security awareness, exploding data volumes, lack of coordination against cybercrime, and fast technological changes like the IoT. Companies must increase security training and continuously improve automated data analysis and secure cloud solutions to ensure IT security
This document discusses cyber security. It defines cyber security as technologies and processes designed to protect computers, networks, and data from unauthorized access and attacks over the internet. The three core principles of cyber security are confidentiality, integrity, and availability. Several types of cyber attacks are described such as malware, phishing, and denial of service attacks. Major historical cyber attacks are outlined including the Morris Worm in 1988 and the Anthem hack in 2015 that breached 80 million records. Common attack patterns and measures to prevent cyber attacks like using complex passwords and encryption are also summarized.
Network security protects networks and data from threats through hardware, software, and processes. It involves firewalls, network segmentation, remote access VPNs, email security, data loss prevention, intrusion prevention systems, and sandboxing to control network traffic and protect against cyber attacks like malware, phishing, and denial of service attacks. Cyber attacks can disable computers, steal data, or use compromised computers to launch additional attacks through various methods.
The document discusses common web application and website attacks. It begins by introducing the topic and explaining how hacked websites can be misused. It then lists some of the most popular attacks like SQL injection, path traversal, and cross-site scripting. Specific attack types are further explained, including how they work and their goals. In total, over 20 different attack categories are defined, from denial of service attacks to buffer overflows. The document aims to educate about common web threats so organizations can better prevent and defend against them.
Siblu Khan presents on cyber security. Cyber security refers to online security to protect information. With more people online, security threats are increasing. Cyber security is necessary to secure data from theft and safeguard systems from viruses. Major security problems include viruses, hackers, malware, Trojan horses, and password cracking. The presentation provides definitions of these terms and recommends solutions like installing security software and using strong, unique passwords. The conclusion stresses that cyber security is everyone's responsibility and hopes to increase awareness of threats and prevention methods.
In a world so connected, cyber security awareness is key to a safe online experience, because the weakest information security link to any organisation is the users of technology. This presentation speaks to basic cyber security awareness for everyday internet users
This document discusses cyber security and cyber crimes. It begins with an introduction that defines cyber security and notes the increasing security threats online. It then covers key topics like the meaning of cyber, the need for cyber security, major security problems like viruses and hackers, and solutions for implementing and maintaining security. Specific security issues are explained like viruses, worms, different types of hackers, malware, Trojan horses, and password cracking. The document concludes with sections on cyber security being a shared responsibility and overviews of cyber crime growth, India's cyber security strategy, and some of the biggest cyber attacks in 2020.
Cyber attacks can take several forms, including cyber fraud aimed at monetary gain, cyber spying to obtain private information, cyber stalking and bullying to frighten or intimidate individuals, cyber assault to cause damage through malware or denial of service attacks, and cyber warfare between nation states seeking to disrupt critical infrastructure through digital means.
Cybersecurity involves protecting computers, networks, programs, and data from digital attacks. It includes topics like hacking, denial of service attacks, cyber terrorism, and software piracy. Some key aspects of cybersecurity are using antivirus software, anti-spyware, firewalls, secure passwords, and maintaining regular backups to protect private information and systems from viruses, malware, and unauthorized access. Understanding different types of hackers like white hat, grey hat, and black hat is also important for cybersecurity.
Cyber security protects systems, networks, and data from cyber threats such as cybercrime, cyberattacks, and cyberterrorism. It involves technologies, processes, and controls to secure networks, applications, information, and operations. Common cyber threats include phishing scams, password attacks, distributed denial of service attacks, rogue security software, man-in-the-middle attacks, drive-by downloads, malvertising, and malware such as viruses, Trojans, spyware, and ransomware. While cyber security helps protect valuable information, privacy, and systems from risks, it can also slow systems and require expertise to properly configure and update protections.
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
This document provides an overview of topics related to cybercrime and security that will be covered. It lists the team members and topics to be discussed including the history of cybercrime, authenticity, security and privacy, database security, social engineering, cyber attacking methods, and security tips. Database security features like digital certificates, encryption, firewalls, and proxy servers will be explained. Responsibilities of database administrators and built-in database protections will also be covered. Specific cyber attacks such as Trojan horse attacks, backdoors, keyloggers, DDoS attacks, and man-in-the-middle attacks will be described. The document concludes with safety tips and references.
This document discusses cyber security and the need for it. It defines cyber security as protecting online information from threats. Major security problems discussed include viruses, hackers, malware, Trojan horses, and password cracking. It provides information on each of these threats and recommends solutions like installing security software, using strong passwords, firewalls, and being aware of social engineering. The conclusion emphasizes that cyber security is everyone's responsibility.
The document discusses cyber security. It introduces cyber security and the need for it to protect internet-connected systems, hardware, software and data from cyber attacks. It describes common cyber security threats like ransomware, malware, social engineering and phishing. It also discusses cyber security vendors, advantages of cyber security in defending against hacks and viruses, disadvantages like slowing systems down, and career opportunities in the field. The conclusion states that the only truly secure system is one that is turned off.
Introduction
What is Cyber Crime?
Computer crime, or cybercrime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target.
What is Cyber Security?
C
yber security, also known as computer security or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection and due to malpractice by operators,whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
The field is of growing importance due to the increasing reliance on computer systems in most societies and the growth of "smart" devices,including smartphones, televisions and tiny devices as part of the Internet of Things – and of the Internet and wireless network such as Bluetooth and Wi-Fi.
Some organizations are turning to big data platforms, such as Apache Hadoop, to extend data accessibility and machine learning to detect advanced persistent threats.
Vulnerabilities and Attacks
Vulnerability is a system susceptibility or flaw, and much vulnerability are documented in the Common Vulnerabilities and Exposures (CVE) database and vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities as they are discovered.
An exploitable vulnerability is one for which at least one working attack or "exploit" exists.
To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified into one of the categories below.
The document provides an overview of information security concepts and threats. It discusses how security is difficult to implement due to costs, user resistance, and sophisticated criminals. The document then outlines various hacking techniques like information gathering, social engineering, sniffing, and denial of service attacks. It concludes by describing defensive security measures for organizations, including firewalls, intrusion detection, honeypots, antivirus software, user awareness training, and penetration testing.
Cyber crime, or computer related crime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. ... Cyber crime may threaten a person or a nation's security and financial health.
Social engineering and phishing attacks are the largest threats to companies, as attackers are increasingly relying on tricking users to gain access to systems. Mobile malware and internet-connected devices are also growing vulnerabilities, as more business is conducted and data is stored on mobile and cloud systems. Companies need to invest in protections against these emerging threats like social engineering, mobile malware, cloud vulnerabilities, and weaknesses in the growing Internet of Things. Staying ahead of changing attack types can help reduce vulnerabilities, but protecting against current and future risks is a ongoing challenge.
This document discusses cyber crime and security. It begins with an overview of topics to be covered, including the history and basics of cyber crimes, various categories of cyber crimes, and motivations for cyber attacks. It then discusses the history of cyber crimes and defines cyber attacks and cyber crimes. Various types of cyber crimes are outlined, including those against persons, property, and government. Common cyber crime techniques like social engineering, viruses, and ransomware are explained. The document notes that cyber crime groups are starting to operate more like organized crime rings. It concludes by discussing how opportunities provided by Web 2.0 technologies can be exploited for cyber crimes.
Cyber crime is a growing problem in India. Some common cyber crimes reported in India include phishing, hacking of government websites, and identity theft. India ranks 11th globally for reported cyber crimes, which are increasing due to factors like rapid growth of internet users. Common cyber crimes involve unauthorized access to systems, data theft and alteration, and using computers to enable other illicit activities. While laws like the IT Act 2000 have been enacted to tackle cyber crimes, enforcement remains a challenge as only a small percentage of crimes are reported. Techniques like antivirus software, firewalls, and educating users can help address the problem.
The document discusses the results of an expert survey about future cyber attacks and IT security challenges in 2025. Experts predict that (1) attacks on the Internet of Things will increase, (2) next generation malware will be more sophisticated and precise, and (3) social engineering attacks targeting users will rise. To combat these threats, IT security needs to offer advanced artificial intelligence for quick response and automated detection of targeted attacks, as well as new authentication methods. Experts say the biggest challenges are users' lack of security awareness, exploding data volumes, lack of coordination against cybercrime, and fast technological changes like the IoT. Companies must increase security training and continuously improve automated data analysis and secure cloud solutions to ensure IT security
This document discusses cyber security. It defines cyber security as technologies and processes designed to protect computers, networks, and data from unauthorized access and attacks over the internet. The three core principles of cyber security are confidentiality, integrity, and availability. Several types of cyber attacks are described such as malware, phishing, and denial of service attacks. Major historical cyber attacks are outlined including the Morris Worm in 1988 and the Anthem hack in 2015 that breached 80 million records. Common attack patterns and measures to prevent cyber attacks like using complex passwords and encryption are also summarized.
Network security protects networks and data from threats through hardware, software, and processes. It involves firewalls, network segmentation, remote access VPNs, email security, data loss prevention, intrusion prevention systems, and sandboxing to control network traffic and protect against cyber attacks like malware, phishing, and denial of service attacks. Cyber attacks can disable computers, steal data, or use compromised computers to launch additional attacks through various methods.
The document discusses common web application and website attacks. It begins by introducing the topic and explaining how hacked websites can be misused. It then lists some of the most popular attacks like SQL injection, path traversal, and cross-site scripting. Specific attack types are further explained, including how they work and their goals. In total, over 20 different attack categories are defined, from denial of service attacks to buffer overflows. The document aims to educate about common web threats so organizations can better prevent and defend against them.
This document discusses types of cyber attacks, including web-based attacks like password guessing, man-in-the-middle attacks, and phishing. It also discusses system-based attacks such as spoofing, backdoors, viruses, worms, and Trojan horses. Password guessing attacks can include brute force or dictionary attacks. Man-in-the-middle attacks intercept communications. Phishing involves deception to steal personal information. Spoofing modifies packet headers to hide identity. Backdoors bypass security checks. Viruses and worms can self-replicate and spread. Trojan horses claim to do one thing but actually cause harm.
This document discusses information system security. It defines information system security as collecting activities to protect information systems and stored data. It outlines four components of an IT security policy framework: policies, standards, procedures, and guidelines. It also discusses vulnerabilities, threats, attacks, and trends in attacks. Vulnerabilities refer to weaknesses, while threats use tools and scripts to launch attacks like reconnaissance, access, denial of service, and viruses/Trojans. Common attacks trends include malware, phishing, ransomware, denial of service, man-in-the-middle, cryptojacking, SQL injection, and zero-day exploits.
This document discusses network security. It begins by defining network security and explaining the three main types: physical, technical, and administrative security controls. It then defines vulnerabilities as weaknesses that can be exploited by threats such as unauthorized access or data modification. Common network attacks are described as reconnaissance, access, denial of service, and worms/viruses. Emerging attack trends include malware, phishing, ransomware, denial of service attacks, man-in-the-middle attacks, cryptojacking, SQL injection, and zero-day exploits. The document aims to help students understand vulnerabilities, threats, attacks, and trends regarding network security.
A denial-of-service (DoS) attack aims to make a computer or network resource unavailable to its intended users. The goal is to consume the target's resources so it can no longer provide its intended service or force it to reset. Spoofing/masquerading techniques allow attackers to falsify data and masquerade as another user to gain an illegitimate advantage. Common spoofing methods include man-in-the-middle attacks, email spoofing, and login spoofing. Backdoors are malicious programs that provide unauthorized remote access to compromised systems and bypass normal authentication. They remain hidden and allow attackers to spy on users, manage files, install malware, and control entire systems. Network security is important for protecting computers and data
Web application attacks target web-based applications in order to access sensitive data or use the application to launch attacks against users. Major types of web attacks include denial-of-service attacks which overload servers, web defacement which replaces websites, SSH brute force attacks to gain access credentials, cross-site scripting which injects malicious code, directory traversal outside protected areas, DNS hijacking which redirects to malicious sites, man-in-the-middle attacks which intercept connections, HTTP response splitting using protocol manipulation, ransomware which encrypts systems for payment, and SQL injection which passes malicious code to databases.
This presentation focus on cybersecurity and mainly four parts 1) Introduction to cybersecurity tools and cyber attack 2) Cybersecurity roles, processes and operating system security 3) Cybersecurity compliance, Framework and system administration 4) Network security and Database
The document discusses various security threats and vulnerabilities related to mobile devices and wireless networks. It covers topics like mobile malware, attacks on authentication, services and protocols, and security issues with browsers, operating systems, software applications and network channels. Specific threats mentioned include cross-site scripting, injection flaws, buffer overflows, Trojan horses, denial-of-service attacks, and weaknesses in GSM network security. The document emphasizes that mobile device capabilities now far exceed security and that stolen or lost devices can reveal private user information.
In an active attack, the threat actor takes action to change or manipulate data on a target system or en route to the target. Common types of active attacks include masquerade attacks where the attacker pretends to be an authorized user, session hijacking attacks where the attacker steals a user's session information, message modification attacks where the attacker intercepts and alters messages, and denial-of-service (DoS) attacks which overwhelm system resources with traffic to cause disruption. Passive attacks involve monitoring networks without changing data in preparation for potential future active attacks.
This document discusses computer system security and various types of cyber attacks. It begins by defining computer security and explaining the components of a computer system that need protection, such as hardware, firmware and software. It then describes different types of cyber attacks including web-based attacks like SQL injection, session hijacking and phishing. It also discusses system-based attacks like viruses, worms and Trojans. The document explains control hijacking attacks, defenses against them using techniques like ASLR, and runtime defenses such as stack canaries. It provides examples of advanced attacks like return-oriented programming and heap spray attacks.
This document provides an overview of computer security. It discusses why security is needed due to increased reliance on information technology. It then covers the history of some major computer attacks. The document defines computer security and discusses its goals of confidentiality, integrity and availability. It describes common security attacks like network attacks, web attacks, and software attacks. Finally, it discusses types of security like information security and the components that make it up.
Network security involves defending computers, servers, and data from malicious attacks. There are many types of attacks, including web-based attacks like SQL injection, code injection, and DNS spoofing, as well as system-based attacks like viruses, worms, Trojan horses, backdoors, botnets, and malware. Web-based attacks take advantage of vulnerabilities in websites and databases, while system-based attacks spread malicious software that can replicate and infect other systems. Proper network security aims to protect against all of these various cyber threats.
Risk and Threat Assessment Report Anthony WolfBSA 5.docxjoellemurphey
Risk and Threat Assessment Report
Anthony Wolf
BSA/ 520
May 11th, 2020
Jeffery McDonough
Running head: RISK AND THREAT ASSESSMENT REPORT
1
RISK AND THREAT ASSESMENT REPORT
2
Risk and Threat Assessment Report
The rise of innovation and technological advancement has affected the aspects of technology in different ways. Improvement of software and operating systems gives hackers a reason to strive and develop more complex forms of overweighing security measures on those applications. Traditional application security best practices and secure coding are often recommended in protecting different applications against runtime attacks.
Runtime application self-protection is an emerging application in the protection of software applications, data, and databases. The increase in attacks has triggered the development of security technology that is linked or build into an application runtime environment. Besides, database deployment is safeguarded by run time application self-protection that can control the execution of applications, detecting, and preventing real-time attacks. The threats and risks associated with operating systems, networks, and software systems are significant concerns to users.
The internet has changed how people do their businesses. With the growth of e-commerce and other online transactions, there has been a subsequent increase in internet risk threats that are commonly occasioned by hacking and malware attacks. There are different types of e-commerce threats and might be accidental, deliberately done by perpetrators, or occur due to human error. The most prevalent threats are money theft, unprotected services, credit card fraud, hacking, data misuse, and phishing attacks. Heats associated with online transactions can be prevented or reduced by keeping the credit cards safe. Consumers/customers should be advised to avoid carrying their credit cards in their wallets since they increase the chances of misplacement. Each buyer should be cautious when using their you’re their online credit information.
The advancement in technology has seen an increase in online transactions. The practice of doing business transactions via the internet is called e-commerce. Their growth has subsequently lead to the rise in internet risk threats that are commonly occasioned by hacking and malware attacks. E-commerce is the activity of conducting transactions via the internet. Internet transactions can be drawn on various technologies, including internet marketing, electronic data exchanges, automated data collection systems, electronic fund transfer, and mobile commerce.
Online transaction threats occur by using the internet for unfair means with the aim of fraud, security breach, and stealing. The use of electronic payment systems has a substantial risk of fraud. It uses the identity of a customer to authorize a payment like security questions and passwords. If someone accesses a customer's password, he will gain access to his accounts and ...
Cyber security is important to protect networks, devices, systems and applications from digital attacks aimed at accessing, destroying or altering sensitive data. There are three pillars of security: confidentiality, integrity and availability. Fifteen common types of cyber attacks are described, including malware, phishing, man-in-the-middle attacks, and distributed denial-of-service attacks. Cyber security is increasingly important due to the growing sophistication of attacks, widespread availability of hacking tools, data compliance regulations, rising costs of data breaches, cyber security being a strategic concern for boards and management, and cyber crime being a large industry.
This document discusses computer and network security. It begins by noting how security awareness has grown in the past 12 years. It then discusses various security threats like identity theft, fraud, and data loss. The document outlines goals of security like integrity, confidentiality, and reliability. It also explains common attacks like packet sniffing, phishing, viruses, and social engineering. Throughout, it provides examples and definitions to illustrate computer security concepts and the importance of protecting systems and data.
What are the most common application level attacks? To find out, take a look at these slides! Click here to learn how CASE can help you create secure applications: http://ow.ly/rARK50BVi4b
The document discusses various types of computer attacks and malware including viruses, worms, Trojans, spyware and adware. It describes how viruses can replicate and infect other systems, and the importance of anti-virus software. Network attacks like denial of service attacks and distributed denial of service attacks are covered. Methods of protecting systems through firewalls, user education, and physical security measures are also summarized.
Internet security involves establishing rules and measures to protect against attacks over the Internet. It relates to securing browsers and network security across operating systems. The objective is to secure the exchange of information because the Internet represents an insecure channel with risks like phishing. Common signs of a compromised system include slow connections, popups, strange behavior, and inability to download updates. Malicious software, denial-of-service attacks, and phishing are major security threats. Defenses include antivirus software, encryption, secure connections, and multi-factor authentication.
-Definition of Information Security
-Evolution of Information Security
-Basics Principles of Information Security
-Critical Concepts of Information Security
-Components of the Information System
-Balancing Information Security and Access
-Implementing IT Security
-The system Development Life cycle
-Security professional in the organization
Cloud and Virtualization (Using Virtualization to form Clouds)Rubal Sagwal
-Cloud
-Underlying technology pieces from which cloud computing -Infrastructure is built
-Characteristics of Cloud
-Types of cloud services (SaaS, IaaS and PaaS)
-Cloud deployment models
-Virtualization
-Using Virtualization to form Clouds
Entity type
Entity sets
Attributes and keys
Relationship model
Mapping Constraints
The ER Model
Cardinality Constraints
Generalization, Specialization and Aggregation
ER Diagram & Database design with the ER Model
Introduction
Relational Model
Concepts
Characteristics
Database Models, Client-Server Architecture, Distributed Database and Classif...Rubal Sagwal
Introduction to Data Models
-Hierarchical Model
-Network Model
-Relational Model
-Client/Server Architecture
Introduction to Distributed Database
Classification of DBMS
Overview of Data Base Systems Concepts and ArchitectureRubal Sagwal
Data
Data Hierarchy
Introduction of Database
DBMS
Characteristics of database approach
Advantages of DBMS
Data models
Schemas, Three schema architecture:
-The external level
-The conceptual level and
-The internal level.
Data Independence
Database languages and Interfaces
Roles of Database Administrator
Principles of Virtualization - Introduction to Virtualization Software Rubal Sagwal
Introduction to virtualization Software:
-Introduction to Vsphere
-ESXi
- Types of Hyper-visor
-VCenter Server
-Vsphere client
-Introduction to HYPER-V.
Prepare and Manage Remote Applications through Virtualization Rubal Sagwal
Prepare and manage remote applications:
-Configuring application sharing
-Package applications for deployment by using RemoteApp
-Installing and configuring the RD Session Host Role Service on the server
Managing Virtual Hard Disk and Virtual Machine ResourcesRubal Sagwal
This document discusses principles of virtualization, including managing virtual hard disks and configuring virtual machine resources. It begins by explaining how to create and manage virtual hard disks in different file formats. It then discusses how to configure virtual machine resources like processors, memory, disks, and network adapters. Finally, it outlines requirements for preparing host machines to create, deploy, and maintain virtual machine images, such as installing VMware server software and meeting minimum hardware specifications.
Configure and Manage Virtualization on different Platforms Rubal Sagwal
Configure and Manage Virtualization on different Platforms:
-Configure the BIOS to support hardware virtualization
-Install and configure Windows Virtual PC
-Installing Windows Virtual PC on various platforms (32-bit, 64-bit)
Virtualization Uses - Server Consolidation Rubal Sagwal
Server Consolidation.
Why do we need Server Consolidation and what are the outcomes?
Benefits of Server consolidation
How to do server consolidation?
Server product architecture:
1. Virtual Machine
2. Guest OS
3. Host OS
What are server consolidation consideration?
Types of server consolidation.
Benefits of VMware over Server Consolidation.
VMware infrastructure.
Disaster recovery and backup plan.
Basics of Virtualization:
What is Virtual and Virtualization?
Why do we need Virtualization?
Benefits of Virtualization.
Before and after Virtualization.
How Virtualization works?
Virtual Machines.
VMware
Types of Virtualization:
1. Server Virtualization
2. Storage virtualization
3. I/O virtualization
4. Network virtualization
5. Client virtualization
6. Desktop virtualization
7. Application Virtualization
Basics of Network Layer and Transport LayerRubal Sagwal
This document provides an overview of computer networks, focusing on the network, transport, and application layers. It discusses IPv4 and IPv6 packet structure, addressing, and protocols like ICMP, IGMP, TCP, and UDP. Specifically, it examines IPv4 and IPv6 addressing schemes, packet headers, classes of addresses, subnetting, and IPv6 advantages over IPv4. It also describes functions of protocols like ICMP for error reporting and queries, and IGMP for multicast group management.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
2. Contents
What is cyber security?
Types of cyber attacks
Web-based attacks
System-based attacks
Methods of assistance
Prevention
3. What is cyber security?
Cyber security is a practice which intends to protect computers,
networks, programs and data from unintended or unauthorized access,
change or destruction
Why Cyber Security?
Now-a-days everything is going on web
Major proportion of systems connected to internet (i.e, large inventory for intruders to
attack)
That’s why cyber security became major concern in the world of computers over the
past decade
4. Types of cyber attacks
Cyber attack is an illegal attempt to gain something from a computer
system
These can be classified into
Web-based attacks
These are the attacks on a website or web application
System-based attacks
Attacks that are intended to compromise a computer or a computer network
5. Web-based attacks
Injection attacks
In this type of attacks, some data will be injected into a web applications to
manipulate the application and get required information
Ex: SQL Injection, Code Injection, Log Injection, XML Injection etc.,
SQL injection (SQLi) is most common type of injection attack
In SQLi, customized string will be passed to web application further manipulating
query interpreter and gaining access to unauthorized information
SQLi can be prevented upto some extent by proper validation of data and by enforcing
least privilege principle
6. Web-based attacks
File inclusion attack
A file inclusion vulnerability allows an attacker to access unauthorized or sensitive
files available on the web server or to execute malicious files on the web server by
making use of the include functionality
It can be further classified into
Local file inclusion
Including local files available on the server
Remote file inclusion
Includes and executes malicious code on a remotely hosted file
7. Web-based attacks
Cross-Site Scripting (XSS)
This can be done by editing javascript in a webpage such that it will be executed in client
browser
It can be classified into
Reflected XSS attack
Stored XSS attack
DOM-based XSS attack
DNS Spoofing
DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is
introduced into a Domain Name System (DNS) resolver's cache, causing the name server to
return an incorrect IP address, diverting traffic to the attacker's computer (or any other
computer).
8. Web-based attacks
Denial of Service (DoS)
DoS attack is an attempt to make a server or network resource unavailable to users
This is generally done by flooding the server with communication requests
DoS uses single system and single internet connection to attack a server
Distributed Dos (DDoS) uses multiple systems and internet connections to flood a
server with requests, making it harder to counteract
DoS can be classified into
Volume based attacks
goal is to saturate the bandwidth of the attacked site, and is measured in bits per second
Protocal attacks
consumes actual server resources, and is measured in packets per second
Application layer attacks
goal of these attacks is to crash the web server, and is measured in requests per second
9. Web-based attacks
Brute force
It is a trial and error method
Generates large number of guesses and validate them to obtain actual data (passwords
in general)
Dictionary attack
Contains a list of commonly used passwords and validate them to get original password
Buffer overflow
occurs when a program or process tries to store more data in a buffer (temporary data
storage area) than it was intended to hold
10. Web-based attacks
Session hijacking
Web applications uses cookies to store state and details of user sessions
By stealing the cookies, and attacker can have access to all of user data
URL interpretation
By changing certain parts of a URL, one can make a web server to deliver web pages
for which he is not authorized to browse
Social engineering
It is a non-technical method that relies heavily on human interaction and often
involves tricking people into breaking normal security procedures
11. Web-based attacks
Man-in-the-middle attack
Attacker intercepts the connection between
client and server and acts as a bridge between
them
Attacker will be able to read, insert and modify
the data in the intercepted communication
Phishing
Phishing is the attempt to acquire sensitive information, often for malicious reasons, by
masquerading as a trustworthy entity in an electronic communication
Spear phishing
It is a form of phishing, which targets specific organizations for confidential data
Whaling
In whaling, the targets are high-ranking bankers, executives or others in powerful positions or job titles
12. System-based attacks
Virus
A computer virus is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed
It can also execute instructions that cause harm to system
Worm
It works same as a computer virus
but it can spread into other systems in the network by exploiting the vulnerabilities
automatically
13. System-based attacks
Trojan horse
It appears to be a normal application, but when opened/executed some malicious code
will run in background
These are generally spread by some form of social engineering
Backdoors
Backdoor is a method of bypassing normal authentication process
The backdoor is written by the programmer who creates the code for the program
It is often only known by the programmer
14. System-based attacks
Bots
Bot is an automated process that interacts with other network services
Can be classified into
Spyware
Used to gather information of user without their knowledge
Ex: Keyloggers
Adware
Mainly used for promotions of products
Not so harmful
15. Methods to assist in cyberattacks
Spoofing
In spoofing, one person successfully impersonates as another by falsifying the data
Ex: IP spoofing, email spoofing etc.,
Sniffing
Sniffing a process of capturing and analyzing the traffic in a network
Port scanning
It is a method to probe a system for open ports
Intruder can exploit the vulnerabilities of open ports