Table of Contents Ch. No. Title Page No 1. What is cyber security? 1 1.1Why do we need cyber security? 1 1.2Cyber Law India. 1 2. Internet Threats 2-15 2.1 E-mail Threats. 2-4 2.2 Website Threats. 5-8 2.3 Network Threats. 9-11 2.4 Phone Threats 12 2.5 Debit and credit card threats. 13-14 2.6 Trojans, spywares and viruses. 15-16 2.7 Wi-Fi Security. 17 3. Some common methods used in attacks. 18-19 3.1 Phishing. 18 3.2 Password Cracking. 19 4. Security on Internet. 20 5. Career in Cyber Security. 21
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Table of Contents
Ch. No. Title Page No
1. What is cyber security? 1
1.1Why do we need cyber security? 1
1.2Cyber Law India. 1
2. Internet Threats 2-15
2.1 E-mail Threats. 2-4
2.2 Website Threats. 5-8
2.3 Network Threats. 9-11
2.4 Phone Threats 12
2.5 Debit and credit card threats. 13-14
2.6 Trojans, spywares and viruses. 15-16
2.7 Wi-Fi Security. 17
3. Some common methods used in attacks. 18-19
3.1 Phishing. 18
3.2 Password Cracking. 19
4. Security on Internet. 20
5. Career in Cyber Security. 21
What is Cyber Security?
Cyber security is information security as applied to computers and networks. The field covers all
the processes and mechanisms by which computer-based equipment, information and services
are protected from unintended or unauthorized access, change or destruction. Computer security
also includes protection from unplanned events and natural disasters.
Why do we need cyber security?
There are many numbers of reasons. The cyber community changes in an unbelievable pace.
The nature of the Internet as a tool for communication and education has been used and misused
for personal gain, which resulted in cyber-attacks and unprecedented rise in cyber-crime rates.
These rates are expected to increase more rapidly in the coming years if cyber security is not put
in place.
1-Hackers are everywhere, they find loopholes and vulnerabilities in our system and thus they
can read or manipulate our private data or confidential information. Moreover, they can create
backdoors so that they could access our system whenever they want.
2- Internet scams and frauds are rampant. These include phishing, a very organized cyber-crime,
which deceives people into giving their banking details.
3- Viruses, worms and malwares are very harmful for our computers and systems. They can slow
down our systems and even damage it. Malwares could send our logs to other person (hacker).
4- Spyware, as the name hints, can spy on you. A computer program automatically installed on
your computer, spyware tracks personal information you entered and sends it to its creator.
Cyber Law India: With anonymously growing of internet, it has become necessary to
make a body that has controls over the internet. Because one can miss use it and can commit
crimes. India also has a cyber-law. It covers these areas:-
1. The basic of Internet Security.
2. Basic information on Indian Cyber Law.
3. Impact of technology aided crime.
4. Indian IT act on covering the legal aspect of all online activities.
5. Types of Internet policies required for an organization.
6. Minimum Hardware and software, security measures required for an organization to
protect data.
Internet Threats:-
E-Mail Threats
Electronic mail (email) is a widely used communication mechanism that can be categorized into
two basic types of web-based service: an open web-based email service and a closed web-based
service. The first category provides web-based email accounts to anyone for free or at a fee. The
second category provides email accounts that are managed by organizations for employees,
students, and members only. Commercial and social websites rely on the security of email
accounts. Large amounts of email exchanges are occurring daily, some of which contain personal
information, company secrets, and sensitive information. This makes email accounts very
valuable and becomes one of the main causes of email hacking.
Email spam
As rules that govern unsolicited emails tighten, spammers attempt to find new ways around
them. Attackers often send massive email broadcasts with a hidden or misleading incoming IP
address and email address. Some users may open the spam, read it, and possibly be tempted by
whatever wares or schemes are offered. If the spammer were to get a hold of a company‘s
sending email and IP address, the impact on the company's business would be devastating. The
company‘s Internet connection would be terminated by its Internet Service Provider (ISP) if its
email and IP address are added to the black list of known spamming addresses. Effectively, this
would shut down the company‘s online business because none of the emails would reach their
destination.
Virus
Some emails incorporate a virus as a means of transportation. The Sobig virus is an example of
such technology, creating a spamming infrastructure by taking over unwilling participants‘ PC.
This was a major threat to email security as spam will continue to spread and trigger dangerous
viruses for malicious intent.
Phishing
This type of attack uses email messages from legitimate businesses that the user may be
associated with. Although the messages look authentic with all the corporate logos and similar
format as the official emails, they ask for verification of personal information such as the account
number, password, and date of birth. 20% of unsuspecting victims respond to them, which may
result in stolen accounts, financial loss, and even worse, identity theft.
Email Privacy
To maintain privacy of your Email and to Protect our Email ID from being hacked
we must follow some basic steps as follows,
1. Enable two step verification in your Email accounts.
2. Enable Login-notification for your email and get notification in your mobile whenever
you login.
3. Set a strong password with a mix of alphabets, numbers and special characters.
4. Enable login- notification for you Facebook accounts to prevent unauthorized
access.
5. Enable HTTPS in your email settings and your Facebook account settings.
6. Never share your password with anyone. Even to your closest person.
7. Setup a recovery question which is difficult to answer and never setup an easy &
guessable answer to your security question.
8. Never click on any links sent through mail or chat. It may be a link which can steal
your cookie or inject any viruses.
9. Always check your address bar for proper website address before logging in.
10. Whenever you Need to Forward an Email to More than One Person use the BCC
Option to Write Addresses.
11. If you are Unable to Access Your Email Account Immediately Report it to the
Service
Provider. They Give You a Option of Forgot Password/Account Hacked etc.
12. Avoid Using FREE WIFI Access At Public Places.
Website Threats:-
Website is set of related webpages hosted by a webserver, accessible via a network such as the
Internet or a private local area network through an Internet address known as a Uniform resource
locator. All publicly accessible websites collectively constitute the World Wide Web. A website
is scripted or written in languages like HTML, PHP, .net, XHTML, CSS, java script, J query etc.
Most used webservers are:-
Apache
IIS
Google
NGINX
Authentication Process of websites:
Most of the websites today requires the user to sign up for their services. And then we have to
sign-in each time when we need the service. Some common examples are Facebook, Gmail,
twitter, forums, shopping websites, internet banking, online storage, etc. Each website gets the
username and password from the user and sends it to the server, where it is verified by
comparing it with the details in its database and then the user is allowed to use the specific
service offered by the website. All these things happen in few seconds over the internet.
Attacks on Websites & Web Applications
There are several Attacks performed on websites and web-based applications every minute, and
most of the attacks are due to improper coding and poor programming skills.
Some of the common attacks performed on website / web-
applications are as follows
1. SQL Injection
2. XSS
3. RFI & LFI Attacks
SQL Injection Attacks- An SQL injection is probably the most abundant programming
flaw that exists on the internet at present. It is the vulnerability through which an unauthorized
person can access various critical and private data. The SQL injection is not a flaw in the web or
DB server, but is a result of the poor and inexperienced programming practices. And it is one of
the deadliest as well as easiest attacks to execute from a remote location.
Let's see an example, where the username ‗admin‘ with the password ‗i3indya‘ can log into the
site. Suppose the SQL query for this is carried out as below:
SELECT USER from database WHERE username=' admin' AND password='amity'
If the above SELECT command evaluates true, the user will be given access to the site otherwise
disallowed. Think what we could do if the script is not sanitized.. This opens a door for the
hackers to gain illegal access to the site.
In this example, the attacker can enter the following user data in the login form:
Username: a or 1=1—
Password: blank
So, this would make our query as:
SELECT USER from database WHERE username=' a' or 1=1-- ' AND password=''
Cross Site Scripting Attack ( XSS )
Cross Site Scripting or XSS is an attack which allows a hacker to insert malicious codes into the
webpage either temporarily or permanently. These codes which are inserted mostly run on client
side ( The end-user or victim ) and some on the server side ( Affecting all users of that website ).
It is a common vulnerability found in several web applications , Due to breaches of browser
security, XSS enables attackers to inject client-side script into Web pages viewed by other users.
There are two types of XSS,
1. Persistent XSS ( Stored XSS )
2. Non-Persistent XSS ( Reflected XSS )
Stored XSS
Stored XSS vulnerability is a more devastating variant of a cross-site scripting flaw, it occurs
when the data provided by the attacker is saved by the server, and then permanently displayed on
"normal" pages returned to other users who normally visit that page. A classic example of this is
with online message boards where users are allowed to post HTML formatted messages for other
users to read. This is a severe threat to the users of that website.
Reflected XSS
Reflected XSS vulnerability is the most common type of XSS. These vulnerabilities show up
when the data provided by a web client, most commonly in HTTP query parameters or in HTML
form submissions, is used immediately by server-side scripts to parse and display a page of
results for and to that user, without properly sanitizing the request.
It is most commonly found in the search box of several websites which doesn‘t sanitize the input
given by the users. Which means it accepts special characters and other variables and allow
script to be run using the search box or other holes.
RFI & LFI Attacks
Remote File Inclusion ( RFI )
Remote File Inclusion (RFI) is a type of vulnerability of website which allows an attacker to
include a remote file, usually through a script on the web server. The vulnerability occurs due to
the use of user-supplied input without proper validation. This can be used just to display contents
of a file and can also be used for the following attacks-
A. Code execution on the web server
B. Code execution on the client-side such as JavaScript which can lead to other attacks such
as cross site scripting (XSS).
C. Denial of Service (DoS)
D. Data Theft/Manipulation
Local File Inclusion ( LFI )
Local File Inclusion ( LFI ) is a vulnerability where the local files of the webserver can be
accessed by anybody by using their website in a browser. The attacker can traverse the entire
directory of the webserver therefore allowing access to sensitive data and password files.
The LFI can be exploited by using ―../‖ to traverse one directory up in a webserver. Therefore if
multiple ―../‖ is used then the attacker can access the root directory of the webserver and view
sensitive files such as the passwords. Usually in Unix servers the folder containing the passwords
is in ―etc/passwords‖ file.Suppose if a site is vulnerable to LFI , then the example below will
display the contents of the password file of a Unix server.