Countermeasures for os attack :

1) Use licence version of os.

2) do not install third party softwares.
3) Always use firewall
4) Keep update your system periodically.

ATTACK : GAINING THE ACCESS OF DATA BY UNAUTHORIZED USER.

GAINING : ACCESSING DATA \ MODIFYING DATA \ DELETEING DATA.

TYPES OF ATTACKS : PASSIVE & ACTIVE

PASSIVE : NO MODIFICATION
ACTIVE : CAN BE MODIFIED.

OS ATTACKS:
1) GAINING ACCESS ATTACK
2) MISCONFIGURATION ATTACK
3) APPLICATION LEVEL ATTACK

GAINING ACCESS ATTACK:

---------------------
PASSWORD CRACKING :
1) BRUTEFORCE ATTACK
2) DICTIONARY ATTACK
3) RAINBOW TABLE ATTACK:

MAN IN THE MIDDLE ATTACK

PASSWORD GUESSING
MAWARE ATTACK
PHISHING ATTACK

===============================================
OS LEVEL ATTACK :

also called as os commanding

attacking on web server through remote.
and then executing system commands through browser.

====================
Application level attack :

SQL INJECTION
PHISHING
CROSS- SITE- SCRIPTING
SESSON HIJACKING
DENIAL OF SERVICE ATTACK
SESSION HIJACKING

==================
Misconfiguration attack:

Code injection attack

command injection attack
bruteforce
buffer overflow
xss attack

===================================================
1) Computer security: to protect the computer system and the data which is stored
in the system.
2) Cyber security: It is a process of protecting data, system nd networks against
cyber attack.
3) Information security : It is a process to protect information and information
system from threats
through security control to reach C.I.A.
4) cyber forensics: extracting dat as a proof for crime.
recovery process of deleted files. emails. audio videos.

5) Public network: accessible for all users across the globe. It is used by anyone.
unsecured.
6) Private network: It is a private because it follows non routable network. for
private organization. secured.

7) [ vulnerability: the potential to harm or loss.

vulnerability = exposure + resistance + reselience18:15 16-12-2021

exposure: risk propertyexit

resistence: action taken to prevent

resilience: ability to recover prior state. ]

8) confidentiality : limits acess to information or restrictions on information

access.
Integrity : assurance that the information is accurate
Availibility : definite and reliable access by authorized people.
- guide policies within an organizaiton

9) AAA: USED FOR NETWORK MANAGEMENT & security

Authentication: it is used to identify users.
Authorization: it is a process to enforcing policies to determine what type of
services can be use by user.
Accounting: It manages user consumed resources during access. It includes amount
of data user used and sent. login session time.

10) Cryptanalisis: studying cryptographic system to find weakness of the

cryptographic alogrithm and decipher the cipher text without knowing secret key

11) framework: ramework works as a kind of support structure for something to be

built on top of.

=======================
Metasploit: It is a ruby based penetration tesing platform to perform an exploit
code. making payloads.
Post exploitation process is also an improtant part.
It is used to dicovering vulnerabilities.
It is a framework.
paylod: carrying capacity of a packet