UNIT V CYBER CRIMES AND CYBER SECURITY

Cyber Crime and Information Security – classifications of Cyber Crimes – Tools and
Methods – Password Cracking, Key loggers, Spywares, SQL Injection – Network Access
Control – Cloud Security – Web Security – Wireless Security

Cyber Crime and Information Security

Cybercrime is criminal activity that either targets or uses a computer, a computer network
or a networked device .Cybercrime is committed by cybercriminals or hackers who want to
make money. Cybercrime is carried out by individuals or organizations. Some
cybercriminals are organized, use advanced techniques and are highly technically skilled.
Others are novice hackers.

INTERNATIONAL LAW FOR CYBER CRIME

Cybercrime is "international" that there are ‘no cyber-borders between countries’ The
complexity in types and forms of cybercrime increases the difficulty to fight back fighting
cybercrime calls for international cooperation Various organizations and governments have
already made joint efforts in establishing global standards of legislation and law
enforcement both on a regional and on an international scale

● Some cybercriminals are organized, use advanced techniques and are highly
technically skilled. Others are novice hackers.
● Rarely, cybercrime aims to damage computers for reasons other than profit. These
could be political or personal.
● Most cybercrime falls under two main categories: Criminal activity that targets
Criminal activity that uses computers to commit other crimes.
● Cybercrime that targets computers often involves viruses and other types of
malware. Cybercriminals may infect computers with viruses and malware to damage
devices or stop them working.
● They may also use malware to delete or steal data. Cybercrime that stops users using
a machine or network, or prevents a business providing a software service to its
customers, is called a Denial-of-Service (DoS) attack. Cybercrime that uses
computers to commit other crimes may involve using computers or networks to
spread malware, illegal information or illegal images.
● Sometimes cybercriminals conduct both categories of cybercrime at once. They may
target computers with viruses first. Then, use them to spread malware to other
machines or throughout a network.
Cybercriminals may also carry out what is known as a Distributed-Denial-of-Service (DDos)
attack. This is similar to a DoS attack but cybercriminals use numerous compromised
computers to carry it out.

Nature and Scope of Cyber crime Nature

● Cyber crime is Transnational in nature. These crimes are committed without being
physically present at the crime location.
● These crimes are committed in the im-palpable world of computer networks. To
commit such crimes the only thing a person needs is a computer which is connected
with the internet. With the advent of lightening fast internet, the time needed for
committing the cybercrime is decreasing.
● The cyberspace, being a boundary-less world has become a playground of the
perpetrators where they commit crimes and remain conspicuously absent from the
site of crime. It is an Open challenge to the law which derives its lifeblood from
physical proofs and evidence.
● The cybercrime has spread to such proportion that a formal categorization of this
crime is no more possible. Every single day gives birth to a new kind of cybercrime
making every single effort to stop it almost a futile exercise.
● Identification possess major challenge for cybercrime. One thing which is common
it comes to identification part in cybercrime is Anonymous identity. It is quite an
easy task to create false identity and commit crime over internet using that identity.
Cybercrime being technology driven evolves continuously and ingeniously making it
difficult for cyber investigators in finding solution related to cyber law crimes.
Crimes committed over internet are very different in nature when compared to the
physical world. In crimes relating to cyber space there is nothing sort of physical
foot prints, tangible traces or objects to track cyber criminals down.
● Cybercrimes possess huge amount complications when it comes to investigation.
There can be scenario where crimes committed over internet involve two or more
different places in completely different direction of the world.
● This complicates the jurisdictional aspect of crimes relating to internet.

Information Security

Information security means to consider available countermeasures or controls stimulated

through uncovered vulnerabilities and identify an area where more work is needed. The
purpose of data security management is to make sure business continuity and scale back
business injury by preventing and minimising the impact of security incidents.

The basic principle of Information Security is:

● Confidentially
 ● Authentication
● Non-Repudiation
● Integrity

The need for Information security:

1. Protecting the functionality of the organisation:

The decision maker in organisations must set policy and operates their organisation in
compliance with the complex, shifting legislation, efficient and capable applications.

2. Enabling the safe operation of applications:

The organisation is under immense pressure to acquire and operates integrated, efficient
and capable applications. The modern organisation needs to create an environment that
safeguards application using the organisations IT systems, particularly those application
that serves as important elements of the infrastructure of the organisation.

3. Protecting the data that the organisation collects and use:

Data in the organisation can be in two forms that are either in rest or in motion, the motion
of data signifies that data is currently used or processed by the system. The values of the
data motivated the attackers to seal or corrupts the data. This is essential for the integrity
and the values of the organisation’s data. Information security ensures protection od both
data in motion as well as data in rest.

4. Safeguarding technology assets in organisations:

The organisation must add intrastate services based on the size and scope of the
organisation. Organisational growth could lead to the need for public key infrastructure,
PKI an integrated system of the software, encryption methodologies. The information
security mechanism used by the large organisation is complex in comparison to a small
organisation. The small organisation generally prefers symmetric key encryption of data.

Threats to Information Systems

● In Information Security threats can be many like Software attacks, theft of
intellectual property, identity theft, theft of equipment or information, sabotage, and
information extortion.
● Threat can be anything that can take advantage of a vulnerability to breach security
and negatively alter, erase, harm object or objects of interest. Software attacks
means attack by Viruses, Worms, Trojan Horses etc.
● Many users believe that malware, virus, worms, bots are all same things. But they
are not same, only similarity is that they all are malicious software that behave
differently. Malware is a combination of 2 terms-
Malicious and Software.
So Malware basically means malicious software that can be an intrusive program code or a
anything that is designed to perform malicious operations on system. Malware can be
divided in 2 categories:
1. Infection Methods
2. Malware Actions

Malware on the basis of Infection Method are following

1. Virus – They have the ability to replicate themselves by hooking them to the program on
the host computer like songs, videos etc and then they travel all over the Internet. Ther
Creeper Virus was first detected on ARPANET. Examples include File Virus, Macro Virus,
Boot Sector Virus, Stealth Virus etc.
2. Worms – Worms are also self replicating in nature but they don’t hook themselves to the
program on host c-omputer. Biggest difference between virus and worms is that worms are
network aware. They can easily travel from one computer to another if network is available
and on the target machine they will not do much harm, they will for example consume hard
disk space thus slowing down the computer.
3. Trojan – The Concept of Trojan is completely different from the viruses and worms. The
name Trojan derived from the ‘Trojan Horse’ tale in Greek mythology, which explains how
the Greeks were able to enter the fortified city of Troy by hiding their soldiers in a big
wooden horse given to the Trojans as a gift. The Trojans were very fond of horses and
trusted the gift blindly. In the night, the soldiers emerged and attacked the city from the
inside. Their purpose is to conceal themselves inside the software that seem legitimate and
when that software is executed they will do their task of either stealing information or any
other purpose for which they are designed. They often provide backdoor gateway for
malicious programs or malevolent users to enter your system and steal your valuable data
without your knowledge and permission. Examples include FTP Trojans, Proxy Trojans,
Remote Access Trojans etc
4. Bots –: can be seen as advanced form of worms. They are automated processes that are
designed to interact over the internet without the need of human interaction. They can be
good or bad. Malicious bot can infect one host and after infecting will create connection to
the central server which will provide commands to all infected hosts attached to that
network called Botnet.

Scope – Cybercrime can be basically categorized into three parts:

Cybercrimes against persons.
Cybercrimes against property.
Cybercrimes against government.
Cybercrimes against persons - Cybercrimes committed against persons include various
crimes like transmission of child-pornography, harassment of any one with the use of a
computer such as e-mail. The trafficking, distribution, posting, and dissemination of
obscene material including pornography and indecent exposure, constitutes one of the
most important Cybercrimes known today. The potential harm of such a crime to humanity
can hardly be amplified.

Cybercrimes against property - The second category of Cyber-crimes is that of

Cybercrimes against all forms of property. These crimes include computer vandalism
(destruction of others' property), transmission of harmful programmes.

Cybercrimes against government - The third category of Cyber-crimes relate to

Cybercrimes against Government. Cyber terrorism is one distinct kind of crime in this
category. The growth of internet has shown that the medium of Cyberspace is being used by
individuals and groups to threaten the international governments as also to terrorize the
citizens of a country. This crime manifests itself into terrorism when an individual "cracks"
into a government or military maintained website.

Types of cybercrime

Here are some specific examples of the different types of cybercrime:

● Email and internet fraud - Email fraud (or email scam) is intentional deception for
either personal gain or to damage another individual by means of email. Internet
fraud is the use of Internet services or software with Internet access to defraud
victims or to otherwise take advantage of them.
● Identity fraud (where personal information is stolen and used) - is the use by one
person of another person's personal information, without authorization, to commit
a crime or to deceive or defraud that other person or a third person.
● Theft of financial or card payment data - The purpose may be to obtain goods or
services, or to make payment to another account which is controlled by a criminal.
● Theft and sale of corporate data - Data theft is the act of stealing information
stored on corporate databases, devices, and servers. This form of corporate theft is a
significant risk for businesses of all sizes and can originate both inside and outside
an organization.
● Cyberextortion (demanding money to prevent a threatened attack) -
Cyberextortion is a crime involving an attack or threat of an attack coupled with a
demand for money or some other response in return for stopping or remediating the
attack. Cyberextortion attacks start with a hacker gaining access to an organization's
systems and seeking points of weakness or targets of value. While ransomware
 attacks can be automated through malware spread by email, infected websites or ad
networks, these attacks tend to spread indiscriminately, and they may result in only
a small percentage of victims paying the extortionists. More targeted attacks can
produce less collateral damage while providing more lucrative targets for the
extortion attempt.
● Ransomware attacks (a type of cyberextortion) - Ransomware is a type of
malicious software (malware) that threatens to publish or blocks access to data or a
computer system, usually by encrypting it, until the victim pays a ransom fee to the
attacker. In many cases, the ransom demand comes with a deadline. If the victim
doesn’t pay in time, the data is gone forever.
● Cryptojacking (where hackers mine cryptocurrency using resources they do
not own) - Cryptojacking is the unauthorized use of someone else’s computer to
mine cryptocurrency. Hackers do this by either getting the victim to click on a
malicious link in an email that loads cryptomining code on the computer, or by
infecting a website or online ad with JavaScript code that auto-executes once loaded
in the victim’s browser.
● Cyberespionage (where hackers access government or company data) - Cyber
espionage is a form of cyber attack that steals classified, sensitive data or intellectual
property to gain an advantage over a competitive company or government entity.

Drug Trafficking
● Drug traffickers generally use encrypted messaging tools to build communications
with drug mules.
● There have been several instances of dark web site, such as the site ‘Silk Road’ was a
notorious online marketplace for drugs, before it was shut down by law
enforcement. It got reopened again under new management, but got shut down
again later on.
● Another site emerged later on with the same name just to use the brand value. A big
example of drug trafficking by way of cyber crime would be cyber attack on the port
Antwerp of Belgium by 2011 - 2013.
● It was reported that hackers were hired by drug traffickers with the objective of
breaching the IT systems which used to control the movements and location of the
containers. Even in a police raid earlier, large amount of drugs, cash, along with
several equipments for computer hacking were seized.
● Several persons were charged as well. It was reported by the prosecutors that a
Netherlands based trafficking group had hid drugs like cocaine and other in several
legitimate cargo containers.
● At the same time the hackers group was in function at the computer networks of
Antwerp port.
 ● They could access the secure data with regard to the location and security details of
the containers, and by a few methods stole their marked cargo before the legitimate
owner arrived.
● The suspicion first arose when the containers were found to be disappearing from
the port without any reasonable explanation.
● It was found that hackers had used malicious softwares to e-mail the staffs and
access data remotely. Even after the initial breach was discovered and a firewall was
created to prevent any attacks, the attackers were reported to have entered the
premises and installed key-loggers into the computers.
● To take any measure to prevent illegal drug trafficking is not that easy, and when at
the same time it happens by way of cyber crimes, it becomes more difficult, as
cyberspace has no limits.
● Drug trade is international in nature, and law enforcement agencies are not always
effective because of the wide and complex nature of cyber attackers. However, since
the profit of drug trafficking and cyber crimes are equally big, mere one or two
arrests here and there won’t bode any measure.
● International laws and partnerships across nations will have to be strong. One
nation should help another in case of investigation or e
● xtradition of a criminal to the other. Overall, to neutralise drug trafficking by cyber
crimes one nation’s law is never sufficient.
● These are the places where United Nations, or INTERPOL can come up with some
measures.

Cyber Terrorism
● Cyberterrorism is the use of the Internet to conduct violent acts that result in, or
threaten, loss of life or significant bodily harm, in order to achieve political or
ideological gains through threat or intimidation.
● It is also sometimes considered an act of Internet terrorism where terrorist
activities, including acts of deliberate, large-scale disruption of computer networks,
especially of personal computers attached to the Internet by means of tools such as
computer viruses, computer worms, phishing, and other malicious software and
hardware methods and programming scripts.
● Cyberterrorism is a controversial term. Some authors opt for a very narrow
definition, relating to deployment by known terrorist organizations of disruption
attacks against information systems for the primary purpose of creating alarm,
panic, or physical disruption.
● Other authors prefer a broader definition, which includes cybercrime.
● Participating in a cyberattack affects the terror threat perception, even if it isn't done
with a violent approach. By some definitions, it might be difficult to distinguish
which instances of online activities are cyberterrorism or cybercrime.
 ● Cyberterrorism can be also defined as the intentional use of computers, networks,
and public internet to cause destruction and harm for personal objectives.
● Experienced cyberterrorists, who are very skilled in terms of hacking can cause
massive damage to government systems, hospital records, and national security
programs, which might leave a country, community or organization in turmoil and in
fear of further attacks. The objectives of such terrorists may be political or
ideological since this can be considered a form of terror.
● There is much concern from government and media sources about potential
damage that could be caused by cyberterrorism, and this has prompted efforts by
government agencies such as the Federal Bureau of Investigations (FBI) and the
Central Intelligence Agency (CIA) to put an end to cyberattacks and cyberterrorism.
Conceptually, its use for this purpose falls into three categories:
(i) weapon of mass destruction;
(ii) weapon of mass distraction; and
(iii) weapon of mass disruption

Information Assurance
Information Assurance concerns implementation of methods that focused on protecting
and safeguarding critical information and relevant information systems by assuring
confidentiality, integrity, availability, and non-repudiation.
It is strategic approach focused which focuses more on deployment of policies rather than
building infrastructures. Information Assurance Model:
The security model is multidimensional model based on four dimensions :
1. Information States – Information is referred to as interpretation of data which can be
found in three states stored, processed, or transmitted.
2. Security Services – It is fundamental pillar of the model which provides security to
system and consists of five services namely availability, integrity, confidentiality,
authentication, and nonrepudiation.
3. Security Countermeasures – This dimension has functionalities to save system from
immediate vulnerability by accounting for technology, policy & practice, and people.
4. Time – This dimension can be viewed in many ways. At any given time, data may be
available offline or online, information and system might be in flux thus, introducing risk of
unauthorized access. Therefore, in every phase of System Development Cycle, every

aspect of Information Assurance model must be well defined and well implemented in
order to minimize risk of unauthorized access.
Information States:
1. Transmission – It defines time wherein data is between processing steps. Example: In
transit over networks when user sends email to reader, including memory and storage
encountered during delivery.
2. Storage –It defines time during which data is saved on medium such as hard drive.
Example: Saving document on file server’s disk by user.
3. Processing – It defines time during which data is in processing state. Example: Data is
processed in random access memory (RAM) of workstation.
Security Services:
1. Confidentiality – It assures that information of system is not disclosed to unauthorized
access and is read and interpreted only by persons authorized to do so. Protection of
confidentiality prevents malicious access and accidental disclosure of information.
Information that is considered to be confidential is called as sensitive information. To
ensure confidentiality data is categorized into different categories according to damage
severity and then accordingly strict measures are taken. Example: Protecting email content
to read by only desired set of users. This can be insured by data encryption. Two-factor
authentication, strong passwords, security tokens, and biometric verification are some
popular norms for authentication users to access sensitive data
2. Integrity – It ensures that sensitive data is accurate and trustworthy and can not be
created, changed, or deleted without proper authorization. Maintaining integrity involves
modification or destruction of information by unauthorized access. To ensure integrity
backups should be planned and implemented in order to restore any affected data in case of
security breach. Besides this cryptographic checksum can also be used for verification of
data. Example: Implementation of measures to verify that e-mail content was not modified
in transit. This can be achieved by using cryptography which will ensure that intended user
receives correct and accurate information.
3. Availability – It guarantees reliable and constant access to sensitive data only by
authorized users. It involves measures to sustain access to data in spite of system failures
and sources of interference. To ensure availability of corrupted data must be eliminated,
recovery time must be sped up and physical infrastructure must be improved. Example:
Accessing and throughput of e-mail service.
4. Authentication – It is security service that is designed to establish validity of
transmission of message by verification of individual’s identity to receive specific category
of information. To ensure availability of various single factors and multi-factor
authentication methods are used. A single factor authentication method uses single
parameter to verify users’ identity whereas two-factor authentication uses multiple factors
to verify user’s identity. Example: Entering username and password when we log in to
website is example of authentication. Entering correct login information lets website verify
our identity and ensures that only we access sensitive information.
5. Non-Repudiation – It is mechanism to ensure sender or receiver cannot deny fact that
they are part of data transmission. When sender sends data to receiver, it receives delivery
confirmation. When receiver receives message, it has all information attached within
message regarding sender. Example: A common example is sending SMS from one mobile
phone to another. After message is received confirmation message is displayed that receiver
has received message. In return, message received by receiver contains all information
about sender.

Security Counter measures:

1. People – People are heart of information system. Administrators and users of
information systems must follow policies and practice for designing good system. They
must be informed regularly regarding information system and ready to act appropriately to
safeguard system.
2. Policy & Practice – Every organization has some set of rules defined in form of policies
that must be followed by every individual working in organization. These policies must be
practiced in order to properly handle sensitive information whenever system gets
compromised.
3. Technology – Appropriate technology such as firewalls, routers, and intrusion detection
must be used in order to defend system from vulnerabilities, threats. The technology used
must facilitate quick response whenever information security gets compromised.

Cyber Security
 ● Cyber security is the practice of defending computers, servers, mobile devices,
electronic systems, networks, and data from malicious attacks. It's also known as
information technology security or electronic information security.
● The term applies in a variety of contexts, from business to mobile computing, and
can be divided into a few common categories.
● Network security is the practice of securing a computer network from intruders,
whether targeted attackers or opportunistic malware.
● Application security focuses on keeping software and devices free of threats. A
compromised application could provide access to the data its designed to protect.
Successful security begins in the design stage, well before a program or device is
deployed.
● Information security protects the integrity and privacy of data, both in storage and
in transit.
● Operational security includes the processes and decisions for handling and
protecting data assets.
● The permissions users have when accessing a network and the procedures that
determine how and where data may be stored or shared all fall under this umbrella.
● Disaster recovery and business continuity define how an organization responds to a
cyber-security incident or any other event that causes the loss of operations or data.
● Disaster recovery policies dictate how the organization restores its operations and
information to return to the same operating capacity as before the event.
● Business continuity is the plan the organization falls back on while trying to operate
without certain resources.
● End-user education addresses the most unpredictable cyber-security factor: people.
Anyone can accidentally introduce a virus to an otherwise secure system by failing
to follow good security practices.
● Teaching users to delete suspicious email attachments, not plug-in unidentified USB
drives, and various other important lessons is vital for the security of any
organization.

Tools and methods

The basic stages of an attack are described under the following section to understand how
an attacker can compromise a network here:
1. Initial uncovering: Two steps are involved here-In the firststep called as reconnaissance,
the attacker gathers information, as much as possible, about the targetby legitimate means
— searching the information about the target on the Internet by Googling socialnetworking
websites and people finder websites. In thesecond step, the attacker uncovers as much
information as possible on the company’s internal network,such as, Internet domain,
machine names and the company’s Internet Protocol (IP) address ranges.
2.Network probe: At the network probe stage, the attacker uses more invasive techniques
to scan the information. Usually, a “ping sweep” of the network IP addresses is performed to
seek out potential targets, and then a “port scanning” tool is used to discover exactly which
services are running on the target system. At this point, the attacker has still not done
anything that would be considered as an abnormal activity on the network or anything that
can be classified as an intrusion.

3.Crossing the line toward electronic crime (E-crime): Now the attacker is toward
committing what is technically a “computer crime.” He/she does this by exploiting possible
holes on the target system. The attacker usually goes through several stages of exploits to
gain access to the system. Once the attackers are able to access a user account without
many privi-leges, they will attempt further exploits to get an administrator or “root” access.
Root access is a Unix term and is associated with the system privileges required to run all
services and acces all files on the system

4. Capturing the network: At this stage, the attacker attempts to “own” the network. The
attacker gains a foothold in the internal network quickly and easily, by compromising
low-priority target systems.the next step is to remove any evidence of the attack. The
attacker will usually install a set of tools that replace existing files and services with Trojan
files and services that have a backdoor password.

5.Grab the data: Now that the attacker has “captured the network,” he/she takes advantage
of his/her position to steal confidential data,customer credit card information, deface
webpages, alter processesand even launch attacks at other sites from your network,
causing a potentially expensive and embarrassing situation for an individual and/or for an
organization.

6. Covering tracks: This is the last step in any cyberattack, which refers to the activities
undertaken by the attacker to extend misuse of the system without being detected. The
attacker can remainds or use this phase either to start a fresh reconnaissance to a related
target system of resources, removing evidence of hacking, avoiding legal action, etc.

Tools used to cover attacks

l.ELSave: It is a tool to save and/or clear an NT event log. ELSave is written by Jesper
Lauritsen. The executable is available on theweblink, but source code is not available.
2 .WinZapper: This tool enables to erase event records selectivelyfrom the security log in
Windows NT 4.0 and Windows 2000
3.Evidence eliminator: It is simple and one of the top-quality professional PC cleaning
program that is capable of defeating allknown investigative Forensic analysis becomes
impossible. 4.Traceless: It is a privacy cleaner for Internet explorer that can delere common
Internet tracks, including history, cache, typedURLs, cookies, etc.
4. Tracks Eraser Pro: It deletes following history data:
* Delete address bar history of IE, Netscape, AOL, Opera.
* Delete cookies of IE, Netscape, AOL, Opera.
* Delete Internet cache (temporary Internet files),
* Delete Internet history files.

Password Cracking

Password is like a key to get an entry into computerized systems recovering passwords
from data thatlike a lock. Password cracking is a process ofhave been stored in or
transmitted by a computer system. The purpose of password cracking is as follows:
1. To recover a forgotten password.
2. As a preventive measure by system administrators to check for easily crackable
passwords.
3. To gain unauthorized access to a system,

Manual password cracking is to attempt to logon with different passwords. The attacker
follows the following steps.

1. Find a valid user account such as an Administrator or Guest

2. create a list of possible passwords;
3. rank the passwords from high to low probability;
4 key-in each password;
5. try again untila successful password is found.

Examples of guessable passwords include:

1.Blank (none)
2.the words like “password,” “passcode” and “admin”
3.series of letters from the “QWERTY” keyboard, for example, qwerty, asdf or qwertyuiop
4.user's name or login name;
5.name of user's friend/relative/ pet;
6.user’s birthplace or date of birth, or a relative’s or a friend's;
7.user’s vehicle number, office number, residence number or mobile number;
8.name of a celebrity who is considered to be an idol (e.g. actors, actress, spiritual gurus) by
the user;
9.simple modification of one of the preceding, such as suffixing a digit, particularly 1, or
reversing the

Password cracking tools

1.Default password(s):

Network devices such as switches, hubs and routersare equipped with “default passwords”
and usually these passwords are not changed after commissioning these devices into the
network (i.c., into LAN)

2. Cain & Abel:

This password recovery tool is typically used for Microsoft Operating Systems (OSs). It
allows to crack the passwords by sniffing the network, cracking encrypted passwords using
dictionary, brute force attacks, decoding scrambled passwords and recovering wireless
network keys.

3. John the Ripper:

‘This is a free and open-source software — fast password cracker, compatible with many
OSs like different favors of Unix, Windows, DOS, BeOS and OpenVMS. Its primary purpose is
to detect weak Unix passwords.

4.THC-Hydra:

It is a very fast network logon cracker which supports manydifferent services.

5.Aircrack-ng:

It is a set of tools used for wireless networks. This tool is used for 802.1 1a/b/g wired
equivalent privacy (WEP) and Wi-Fi Protected Access (WPA) cracking.

6.Solar Winds:

It is a plethora of network discovery/monitoring/attack tools andhas created dozens of

special-purpose tools targeted at systems administrators

7. Pwdump:
It is a Window password recovery tool, Pwdump is able to extractpwdump NTLM and
LanMan hashes from a Windows target, regardless of whetherSyskey is enabled. It is also
capable of displaying password histories if they are available.

8. RainbowCrack:

It is a hash cracker that makes use of a large-scale time-memory trade-off, A traditional

brute force cracker tries all possible plain texts one by one, which can be time-consuming
for complex passwords.

9. Brutus:

It is one of the fastest, most flexible remote password crackers available for free. It is
available for Windows 9x, NT and 2000.

Password cracking attacks can be classified under three categories as follows:

1. Online attacks
2. Offline attacks
3. Non-electronic attacks (e.g., social engineering, shoulder surfing and dumpster diving)

Online Attacks

The most popular online attack is man-in-the middle (MITM) attack, also termed as
“bucket-brigade attack” or sometimes “Janus attack.”. When a victim client connects to the
fraudulent server,the MITM server intercepts the call, hashes the password and passes the
connection to the victim server.This type of attack is used to obtain the passwords for
E-Mail accounts on public websites such as Yahoo, Hotmail and Gmail and can also used to
get the passwords for financial websites that would like to gain the access to banking
websites.

Offline Attacks

Mostly offline attacks are performed from a location other than the target (i.e., either a
computer system or while on the network) where these passwords reside or are used.
Offline attacks usually require physical access to the computer and copying the password
file from the system onto removable media.

Different types of password Cracking attacks:

Dictionary attack : Attempts to match all the words from the dictionary to get the password
Hybrid attack : Substitutes numbers and symbols to get the password
Brute force attack : Attempts all possible permutation-combinations of letters,numbers and
special characters

Strong, Weak and Random Passwords

A weak password is one, which could be easily guessed, short, common and a system
default password that could be easily found by executing a brute force attack .Passwords
that can be easily guessed by acquaintances of the netizens (such as date of birth, pet’s
name and spouses’ name) are considered to be very weak.

Here are some of the examples of “weakpasswords”:

1. Susan: Common personal name;
2. aaaa: repeated letters, can be guessed;
3. rover: common name for a pet, also a dictionary word;
4. abc123: can be easily guessed;
5. admin: can be easily guessed;
6. 1234; can be easily guessed;
7. QWERTY: a sequence of adjacent letters on many keyboards;
8. 12/3/75: date, possibly of personal importance;
9. nbusr123: probably a username, and if so, can be very easily guessed;
10. p@$$\/\/Ord: simple letter substitutions are preprogrammed into password cracking
tools;
11, _ password: used very often — trivially guessed;
12. December12: using the date of a forced password change is very common.

A strong password is long enough, random or otherwise difficult to guess — producible

only by the user who chooses it. Here are some examples of strong passwords:
1. Convert_£100 to Euros!: Such phrases are long, memorable and contain an extended
symbol to increase the strength of the password.
2. 382465304H: It is mix of numbers and a letter at the end, usually used on mass user
accounts and such passwords can be generated randomly, for example, in schools and
business.
3. 4pReelai@3: Ir is not a dictionary word; however it has cases of alpha along with
numeric andpunctuation characters.
4. MoOo0fin245679: It is long with both alphabets and numerals.
5. t3wahSetyeT4: It is not a dictionary word; however, it has both alphabets and numerals.

Random Passwords
 Forcing users to use system-created random passwords ensures that the password will
have no connection with that user and should not be found in any dictionary. Several OSs
have included such a feature. Almost all the OSs also include password aging; the users are
required to choose new passwords regularly, usually after 30 or 45 days. Many users dislike
these measures, particularly when they have not been taken through security awareness
training. The imposition of strong randompasswords may encourage the users to write
down passwords, store them in personal digital assistants (PDAs) or cell phones and share
them with others against memory failure, increasing the risk of disclosure.

The general guidelines applicable to the password policies, which can be implemented
organization-wide,are as follows:

1. Passwords and user logon identities (IDs) should be unique to each authorized user.
2. Passwords should consist of a minimum of eight alphanumeric characters (no common
names or phrases).
3. There should be computer-controlled lists of prescribed password rules and periodic
testing (e.g., letterand number sequences, character repetition, initials, common words and
standard names) to identify any password weaknesses.
4. Passwords should be kept private, that is, not shared with friends, colleagues, etc. They
shall not be coded into programs or noted down anywhere.
5. Passwords shall be changed every 30/45 days or less. Most operating systems (OSs) can
enforce a password with an automatic expiration and prevent repeated or reused
passwords.
6. User accounts should be frozen after five failed logon attempts. All erroneous password
entries should be recorded in an audit log for later inspection and action, as necessary.
7. Sessions should be suspended after 15 minutes (or other specified period) of inactivity
and require the passwords to be re-entered.

8. Successful logons should display the date and time of the last logon and logoff.
9. Logon IDs and passwords should be suspended after a specified period of non-use.
10. For high-risk systems, after excessive violations, the system should generate an alarm
and be able to simulate a continuing session (with dummy data) for the failed user (to keep
this user connected while personnel attempt to investigate the incoming connection).

Netizens should practice password guidelines to avoid being victim of getting their
personal EMailaccounts hacked/attacked by the attackers.
1. Passwords used for business E-Mail accounts, personal E-Mail accounts
(Yahoo/Hotmail/Gmail) and banking/financial user accounts (e.g., online
banking/securities trading accounts) should bekept separate.
2. Passwords should be of minimum eight alphanumeric characters (common names or
phrases should be phrased).
3. Passwords should be changed every 30/45 days.
4. Passwords should not be shared with relatives and/or friends.
5. Password used previously should not be used while renewing the password.
6. Passwords of personal E-Mail accounts (Yahoo/Hotmail/Gmail) and banking/financial
user accounts(e.g., online banking/securities trading accounts) should be changed from a
secured system, withincouple of days, if these E-Mail accounts has been accessed from
public Internet facilities such ascybercafes/hotels/libraries.
7. Passwords should not be stored under mobile phones/PDAs, as these devices are also
prone to cyber attacks.
8. In the case of receipt of an E-Mail from banking/financial institutions, instructing to
change thepasswords, before clicking the weblinks displayed in the E-Mail, legitimacy of the
E-Mail should be ensured to avoid being a victim of Phishing attacks.
9, Similarly, in case of receipt of SMS from banking/financial institutions, instructing to
change thepasswords, legitimacy of the E-Mail should be ensured to avoid being a victim of
Smishing attacks
10. In case E-Mail accounts/user accounts have been hacked, respective agencies/institutes
should becontacted immediately.

Keyloggers and Spywares

Keystroke logging, often called keylogging, is the practice of noting (or logging) the keys
struck on a keyboard, typically in a covert manner so that the person using the keyboard is
unaware that such actionsare being monitored. It can be classified as software keylogger
and hardware keylogger.

Software Keyloggers

Software keyloggers are software programs installed on the computer systems which
usuallyare located between the OS and the keyboard hardware, and every keystroke is
recorded. Software keyloggers are installed on a computer system by Trojans or
viruseswithout the knowledge of the user. Cybercriminals always install such tools on the
insecure computer systems available in public placesand can obtain the required
information about the victim very easily. A keylogger usually consists of two files that get
installed in the same directory: a dynamic link library (DLL) file and anEXEcutable (EXE)
file that installs che DLL file and triggers it to work. DLL does all the recording of
keystrokes.

Software keyloggers
1.SC-KeyLog PRO: It allows to secretly record computer user activities such asE-Mails, chat
conversations, visited websites, clipboard usage, etc. in a protected logfile. SC-KeyLog PRO
also captures Windows user logon Passwords.
2.Spytech SpyAgent Stealth: It provides a large variety of essential computer monitoring
features as well as website and application filtering, chat blocking and remote delivery of
logs via E-Mail or FTP.
3.All In One Keylogger: It is an invisible keystrokes recorder and a spy software tool that
registers every activity on the PC to encrypted logs. This keylogger allows secretly tracking
of all activities from all computer users and automatically receiving logs to a desired
E-Mail/FTP accounting.
Stealth Keylogger: It is a computer monitoring software that enables activity log report
where the entire PC keyboard activities are registered either at specific time or hourly on
daily basis. “The entire log reports are generated either in text or HTML file format as
defined by the user.
Perfect Keylogger: It has its advanced keyword detection and notification. User can create a
list of “on alert” words or phrases and keylogger will continually monitor keyboard typing,
URLs and webpages for these words or phrases .When a keyword is detected, perfect
keylogger makes screenshot and sends EMail notification to the user.

Hardware Keyloggers

Hardware keyloggers are small hardware devices. These are connected to the PC and/or to
the keyboard and save every keystroke intoa file or in the memory of the hardware device.
Cybercriminals install such devices on ATM machines to capture ATM Cards’ PINs. Each
keypress on the keyboard of the ATM gets registered by these keyloggers. Listed are few
websites where more information about hardware keyloggers can be found:

http://www.keyghost.com
http://www.keelog.com
http://www.keydevil.com
http://www.keykatcher.com

Antikeylogger

Antikeylogger is a tool that can detect the keylogger installed on the computer system and
also can remove the tool. Advantages of using antikeylogger are as follows:
1.Firewalls cannot detect the installations of keyloggers on the systems; hence,
antikeyloggers can detect installations of keylogger.
2.This software does not require regular updates of signature bases to work effectively such
as other antivirus and antispy programs; if not updated, it does not serve the purpose,
which makes the users at risk.
3.It Prevents Internet banking frauds. Passwords can be easily gained with the help of
installing keyloggers.
4.It prevents ID theft.
5.It secures E-Mail and instant messaging/chatting.

Spywares

Spyware is a type of malware that is installed on computers which collects information

about users without their knowledge. It is clearly understood from the term Spyware that it
secretly monitors the user. The features and functions of such Spywares are beyond simple
monitoring. Spyware programs collect personal information about the victim, such as the
Internet surfing habits/patterns and websites visited The Spyware can also redirect
Internet surfing activities by installing another stealth utility on the users’ computer
system. Spyware may also have an ability to change computer settings, which may result in
slowing of the Internet connection speeds and slowing of response time that may result
into user complaining about the Internet speed connection with Internet Service Provider
(ISP).
To overcome the emergence of Spywares that proved to be troublesome for the normal
user, anti-Spyware are available in the market. Installation of anti-Spyware software has
become a common element nowadays from computer security practices perspective.

1.Spyware Tools 1.007 Spy:

It has following key features:
* Capability of overriding “antispy” programs like “Ad-aware”
* record all websites URL visited in Internet; * powerful keylogger engine to capture all
passwords;
* view logs remotely from anywhere at anytime;
* export log report in HTML format to view it in the browser;
* automatically clean-up on outdated logs; * password protection.

2. Spector Pro: Ir has following key features:

* Captures and reviews all chats and instant messages
* captures E-Mails (read, sent and received)
* captures websites visited
* captures activities performed on social networking sites such as MySpaceand Facebook

3. eBlaster:
Besides keylogger and website watcher, it also records E-Mails sent and received, files
uploaded/downloaded, logging users’ activities, record online searches, recording MySpace
and Facebook activities and any other program activity.

4.Remotespy:
Besides remote computer monitoring, silently and invisibly, italso monitors and records
users’ PC without any need for physical access, Moreover, it records keystrokes (keylogger),
screenshots, E-Mail, passwords, chats, instant messenger conversations and websites
visited.

5. Stealth Recorder Pro:

It is a new type of utility that enables to recorda variety of sounds and transfer them
automatically through Internet without being notified by original location or source. It has
following features:
* Real-time MP3 recording via microphone, CD, line-in and stereo mixeras MP3, WMA or
WAV formatted files
* transferring via E-Mail or FTP, the recorded files to a user-defined E-Mail address or FTP
automatically
* controlling from a remote location
* voice mail, records and sends the voice messages.

6. Stealth Website Logger: It records all accessed websites and a detailed report can be
available on a specified E-Mail address. It has following key features:
* Monitor visited websites * reports sent to an E-Mail address
* daily log
* global log for a specified period * log deletion after a specified period
* hotkey and password protection * not visible in add/remove programs or task manager.

7. Flexispy:
It is a tool that can be installed on a cell/mobile phone. After installation, Flexispy secretly
records coversation that happens on the phone and sends this information to a specified
E-Mail address.

8..Wiretap Professional: It is an application for monitoring and capturingall activities on the

system. It can capture the entire Internet activity. This spy software can monitor and record
E-Mail, chat messages and websites visited. In addition, it helps in monitoring and
recording of keystrokes, passwords entered and all documents, picturesand folders viewed.

9. PC PhoneHome: It is a software that tracks and locates lost or stolen laptop and desktop
computers, Every time a computer system on which PC PhoneHome has been installed,
conneced to the Internet, a stealth E-Mail is sent to a specified E-Mail address of the user's
choice and to PC PhoneHome Product Company.

10. SpyArsenal Print Monitor Pro: It has following features:

* Keep track on a printer/plotter usage
* record every document printed
* find out who and when certain paper printed with your hardware.

SQL Injection

● SQL injection, also known as SQLI, is a common attack vector that uses malicious
SQL code for backend database manipulation to access information that was not
intended to be displayed. This information may include any number of items,
including sensitive company data, user lists or private customer details.
● The impact SQL injection can have on a business is far-reaching.
● A successful attack may result in the unauthorized viewing of user lists, the deletion
of entire tables and, in certain cases, the attacker gaining administrative rights to a
database, all of which are highly detrimental to a business.
● When calculating the potential cost of an SQLi, it’s important to consider the loss of
customer trust should personal information such as phone numbers, addresses, and
credit card details be stolen.
● While this vector can be used to attack any SQL database, websites are the most
frequent targets.

Types of SQL Injections

SQL injections typically fall under three categories: In-band SQLi (Classic), Inferential SQLi
(Blind) and Outof-band SQLi. You can classify SQL injections types based on the methods
they use to access backend data and their damage potential.

In-band SQLi - The attacker uses the same channel of communication to launch their
attacks and to gather their results. In-band SQLi’s simplicity and efficiency make it one of
the most common types of SQLi attack. There are two sub-variations of this method:
Error-based SQLi—the attacker performs actions that cause the database to produce error
messages. The attacker can potentially use the data provided by these error messages to
gather information about the structure of the database.
Union-based SQLi—this technique takes advantage of the UNION SQL operator, which fuses
multiple select statements generated by the database to get a single HTTP response. This
response may contain data that can be leveraged by the attacker.
Inferential (Blind) SQLi - The attacker sends data payloads to the server and observes the
response and behavior of the server to learn more about its structure. This method is called
blind SQLi because the data is not transferred from the website database to the attacker,
thus the attacker cannot see information about the attack in-band. Blind SQL injections rely
on the response and behavioral patterns of the server so they are typically slower to
execute but may be just as harmful. Blind SQL injections can be classified as follows:
Boolean—that attacker sends a SQL query to the database prompting the application to
return a result. The result will vary depending on whether the query is true or false.
Based on the result, the information within the HTTP response will modify or stay
unchanged. The attacker can then work out if the message generated a true or false result.
Time-based—attacker sends a SQL query to the database, which makes the database wait
(for a period in seconds) before it can react. The attacker can see from the time the
database takes to respond, whether a query is true or false. Based on the result, an HTTP
response will be generated instantly or after a waiting period. The attacker can thus work
out if the message they used returned true or false, without relying on data from the
database. Out-of-band SQLi - The attacker can only carry out this form of attack when
certain features are enabled on the database server used by the web application. This form
of attack is primarily used as an alternative to the in-band and inferential SQLi techniques.

Out-of-band SQLi is performed when the attacker can’t use the same channel to launch the
attack and gather information, or when a server is too slow or unstable for these actions to
be performed. These techniques count on the capacity of the server to create DNS or HTTP
requests to transfer data to an attacker.

SQL Injection Prevention Techniques

Input validation - The validation process is aimed at verifying whether or not the type of
input submitted by a user is allowed. Input validation makes sure it is the accepted type,
length, format, and so on. Only the value which passes the validation can be processed. It
helps counteract any commands inserted in the input string.

Parametrized queries - are a means of pre-compiling an SQL statement so that you can then
supply the parameters in order for the statement to be executed. This method makes it
possible for the database to recognize the code and distinguish it from input data.

Stored procedures - require the developer to group one or more SQL statements into a
logical unit to create an execution plan. Subsequent executions allow statements to be
automatically parameterized. Simply put, it is a type of code that can be stored for later and
used many times.
Escaping - Always use character-escaping functions for user-supplied input provided by
each database management system (DBMS). This is done to make sure the DBMS never
confuses it with the SQL statement provided by the developer.

Avoiding administrative privileges - Don't connect your application to the database using an
account with root access. This should be done only if absolutely needed since the attackers
could gain access to the whole system.

Web application firewall - A WAF operating in front of the web servers monitors the traffic
which goes in and out of the web servers and identifies patterns that constitute a threat.
Essentially, it is a barrier put between the web application and the Internet.

Network Access Control

Network access control (NAC), also known as network admission control, is the process of
restricting unauthorized users and devices from gaining access to a corporate or private
network. NAC ensures that only users who are authenticated and devices that are
authorized and compliant with security policies can enter the network.

As endpoints proliferate across an organization—typically driven by

bring-your-own-device (BYOD) policies and an expansion in the use of Internet-of-Things
(IoT) devices—more control is needed. Even the largest IT organizations do not have the
resources to manually configure all the devices in use. The automated features of a NAC
solution are a sizable benefit, reducing the time and associated costs with authenticating
and authorizing users and determining that their devices are compliant.

Further, cyber criminals are well aware of this increase in endpoint usage and continue to
design and launch sophisticated campaigns that exploit any vulnerabilities in corporate
networks. With more endpoints, the attack surface increases, which means more
opportunities for fraudsters to gain access. NAC solutions can be configured to detect any
unusual or suspicious network activity and respond with immediate action, such as
isolating the device from the network to prevent the potential spread of the attack.

Although IoT and BYOD have changed NAC solutions, NAC also serves as a perpetual
inventory of users, devices, and their level of access. It serves as an active discovery tool to
uncover previously unknown devices that may have gained access to all or parts of the
network, requiring IT administrators to adjust security policies.
Further, organizations can choose how NAC will authenticate users who attempt to gain
access to the network. IT admins can choose multi-factor authentication (MFA), which
provides an additional layer of security to username and password combinations.

Restricting network access also means control of the applications and data within the
network, which is normally the target of cyber criminals. The stronger the network
controls, the more difficult it will be for any cyberattack to infiltrate the network.

What Are the Advantages of Network Access Control?

Network access control comes with a number of benefits for organizations:

1. Control the users entering the corporate network

2. Control access to the applications and resources users aim to access
3. Allow contractors, partners, and guests to enter the network as needed but restrict
their access
4. Segment employees into groups based on their job function and build role-based
access policies
5. Protect against cyberattacks by putting in place systems and controls that detect
unusual or suspicious activity
6. Automate incident response
7. Generate reports and insights on attempted access across the organization

Cloud Security

Cloud security is a responsibility that is shared between the cloud provider and the
customer. There are basically three categories of responsibilities in the Shared
Responsibility Model: responsibilities that are always the provider’s, responsibilities that
are always the customer’s, and responsibilities that vary depending on the service model:
Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service
(SaaS), such as cloud email.

The security responsibilities that are always the provider’s are related to the safeguarding
of the infrastructure itself, as well as access to, patching, and configuration of the physical
hosts and the physical network on which the compute instances run and the storage and
other resources reside.

The security responsibilities that are always the customer’s include managing users and
their access privileges (identity and access management), the safeguarding of cloud
accounts from unauthorized access, the encryption and protection of cloud-based data
assets, and managing its security posture (compliance).

The Top 7 Advanced Cloud Security Challenges

Because the public cloud does not have clear perimeters, it presents a fundamentally
different security reality. This becomes even more challenging when adopting modern
cloud approaches such as automated Continuous Integration and Continuous Deployment
(CI/CD) methods, distributed serverless architectures, and ephemeral assets like Functions
as a Service and containers.

Some of the advanced cloud-native security challenges and the multiple layers of risk faced
by today’s cloud-oriented organizations include:

1. Increased Attack Surface

The public cloud environment has become a large and highly attractive attack
surface for hackers who exploit poorly secured cloud ingress ports in order to access
and disrupt workloads and data in the cloud. Malware, Zero-Day, Account Takeover
and many other malicious threats have become a day-to-day reality.
2. Lack of Visibility and Tracking
In the IaaS model, the cloud providers have full control over the infrastructure layer
and do not expose it to their customers. The lack of visibility and control is further
extended in the PaaS and SaaS cloud models. Cloud customers often cannot
effectively identify and quantify their cloud assets or visualize their cloud
environments.
3. Ever-Changing Workloads
Cloud assets are provisioned and decommissioned dynamically—at scale and at
velocity. Traditional security tools are simply incapable of enforcing protection
 policies in such a flexible and dynamic environment with its ever-changing and
ephemeral workloads.
4. DevOps, DevSecOps and Automation
Organizations that have embraced the highly automated DevOps CI/CD culture must
ensure that appropriate security controls are identified and embedded in code and
templates early in the development cycle. Security-related changes implemented
after a workload has been deployed in production can undermine the organization’s
security posture as well as lengthen time to market.
5. Granular Privilege and Key Management
Often cloud user roles are configured very loosely, granting extensive privileges
beyond what is intended or required. One common example is giving database
delete or write permissions to untrained users or users who have no business need
to delete or add database assets. At the application level, improperly configured keys
and privileges expose sessions to security risks.
6. Complex Environments
Managing security in a consistent way in the hybrid and multicloud environments
favored by enterprises these days requires methods and tools that work seamlessly
across public cloud providers, private cloud providers, and on-premise
deployments—including branch office edge protection for geographically
distributed organizations.
7. Cloud Compliance and Governance
All the leading cloud providers have aligned themselves with most of the
well-known accreditation programs such as PCI 3.2, NIST 800-53, HIPAA and GDPR.
However, customers are responsible for ensuring that their workload and data
processes are compliant. Given the poor visibility as well as the dynamics of the
cloud environment, the compliance audit process becomes close to mission
impossible unless tools are used to achieve continuous compliance checks and issue
real-time alerts about misconfigurations.

Zero Trust and Why You Should Embrace It

The term Zero Trust was first introduced in 2010 by John Kindervag who, at that time, was
a senior Forrester Research analyst. The basic principle of Zero Trust in cloud security is
not to automatically trust anyone or anything within or outside of the network—and verify
(i.e., authorize, inspect and secure) everything.

Zero Trust, for example, promotes a least privilege governance strategy whereby users are
only given access to the resources they need to perform their duties. Similarly, it calls upon
developers to ensure that web-facing applications are properly secured. For example, if the
developer has not blocked ports consistently or has not implemented permissions on an “as
needed” basis, a hacker who takes over the application will have privileges to retrieve and
modify data from the database.

In addition, Zero Trust networks utilize micro-segmentation to make cloud network

security far more granular. Micro-segmentation creates secure zones in data centers and
cloud deployments thereby segmenting workloads from each other, securing everything
inside the zone, and applying policies to secure traffic between zones.

The 6 Pillars of Robust Cloud Security

While cloud providers such as Amazon Web Services (AWS), Microsoft Azure (Azure), and
Google Cloud Platform (GCP) offer many cloud native security features and services,
supplementary third-party solutions are essential to achieve enterprise-grade cloud
workload protection from breaches, data leaks, and targeted attacks in the cloud
environment. Only an integrated cloud-native/third-party security stack provides the
centralized visibility and policy-based granular control necessary to deliver the following
industry best practices:

1. Granular, policy-based IAM and authentication controls across complex

infrastructures
Work with groups and roles rather than at the individual IAM level to make it easier
to update IAM definitions as business requirements change. Grant only the minimal
access privileges to assets and APIs that are essential for a group or role to carry out
its tasks. The more extensive privileges, the higher the levels of authentication. And
 don’t neglect good IAM hygiene, enforcing strong password policies, permission
time-outs, and so on.
2. Zero-trust cloud network security controls across logically isolated networks and
micro-segments
Deploy business-critical resources and apps in logically isolated sections of the
provider’s cloud network, such as Virtual Private Clouds (AWS and Google) or vNET
(Azure). Use subnets to micro-segment workloads from each other, with granular
security policies at subnet gateways. Use dedicated WAN links in hybrid
architectures, and use static user-defined routing configurations to customize access
to virtual devices, virtual networks and their gateways, and public IP addresses.
3. Enforcement of virtual server protection policies and processes such as change
management and software updates:
Cloud security vendors provide robust Cloud Security Posture Management,
consistently applying governance and compliance rules and templates when
provisioning virtual servers, auditing for configuration deviations, and remediating
automatically where possible.
4. Safeguarding all applications (and especially cloud-native distributed apps) with a
next-generation web application firewall
This will granularly inspect and control traffic to and from web application servers,
automatically updates WAF rules in response to traffic behavior changes, and is
deployed closer to microservices that are running workloads.
5. Enhanced data protection
Enhanced data protection with encryption at all transport layers, secure file shares
and communications, continuous compliance risk management, and maintaining
good data storage resource hygiene such as detecting misconfigured buckets and
terminating orphan resources.
6. Threat intelligence that detects and remediates known and unknown threats in
real-time
Third-party cloud security vendors add context to the large and diverse streams of
cloud-native logs by intelligently cross-referencing aggregated log data with internal
data such as asset and configuration management systems, vulnerability scanners,
etc. and external data such as public threat intelligence feeds, geolocation databases,
etc. They also provide tools that help visualize and query the threat landscape and
promote quicker incident response times. AI-based anomaly detection algorithms
are applied to catch unknown threats, which then undergo forensics analysis to
 determine their risk profile. Real-time alerts on intrusions and policy violations
shorten times to remediation, sometimes even triggering auto-remediation
workflows.

Web Security

Web Security is very important nowadays. Websites are always prone to security
threats/risks. Web Security deals with the security of data over the internet/network or
web or while it is being transferred to the internet. For e.g. when you are transferring data
between client and server and you have to protect that data that security of data is your
web security.
Hacking a Website may result in the theft of Important Customer Data, it may be the credit
card information or the login details of a customer or it can be the destruction of one’s
business and propagation of illegal content to the users while somebody hacks your
website they can either steal the important information of the customers or they can even
propagate the illegal content to your users through your website so, therefore, security
considerations are needed in the context of web security.

Security Threats:

A Threat is nothing but a possible event that can damage and harm an information system.
Security Threat is defined as a risk that which, can potentially harm Computer systems &
organizations. Whenever an Individual or an Organization creates a website, they are
vulnerable to security attacks.
Security attacks are mainly aimed at stealing altering or destroying a piece of personal and
confidential information, stealing the hard drive space, and illegally accessing passwords.
So whenever the website you created is vulnerable to security attacks then the attacks are
going to steal your data alter your data destroy your personal information see your
confidential information and also it accessing your password.

Top Web Security Threats :

Web security threats are constantly emerging and evolving, but many threats consistently
appear at the top of the list of web security threats. These include:
● Cross-site scripting (XSS)
● SQL Injection
● Phishing
● Ransomware
● Code Injection
 ● Viruses and worms
● Spyware
● Denial of Service

Security Consideration:

● Updated Software: You need to always update your software. Hackers may be
aware of vulnerabilities in certain software, which are sometimes caused by bugs
and can be used to damage your computer system and steal personal data. Older
versions of software can become a gateway for hackers to enter your network.
Software makers soon become aware of these vulnerabilities and will fix
vulnerable or exposed areas. That’s why It is mandatory to keep your software
updated, It plays an important role in keeping your personal data secure.
● Beware of SQL Injection: SQL Injection is an attempt to manipulate your data or
your database by inserting a rough code into your query. For e.g. somebody can
send a query to your website and this query can be a rough code while it gets
executed it can be used to manipulate your database such as change tables,
modify or delete data or it can retrieve important information also so, one should
be aware of the SQL injection attack.
● Cross-Site Scripting (XSS): XSS allows the attackers to insert client-side script
into web pages. E.g. Submission of forms. It is a term used to describe a class of
attacks that allow an attacker to inject client-side scripts into other users’
browsers through a website. As the injected code enters the browser from the
site, the code is reliable and can do things like sending the user’s site
authorization cookie to the attacker.
● Error Messages: You need to be very careful about error messages which are
generated to give the information to the users while users access the website and
some error messages are generated due to one or another reason and you should
be very careful while providing the information to the users. For e.g. login
 attempt – If the user fails to login the error message should not let the user know
which field is incorrect: Username or Password.
● Data Validation: Data validation is the proper testing of any input supplied by the
user or application. It prevents improperly created data from entering the
information system. Validation of data should be performed on both server-side
and client-side. If we perform data validation on both sides that will give us the
authentication. Data validation should occur when data is received from an
outside party, especially if the data is from untrusted sources.
● Password: Password provides the first line of defense against unauthorized
access to your device and personal information. It is necessary to use a strong
password. Hackers in many cases use sophisticated software that uses brute
force to crack passwords. Passwords must be complex to protect against brute
force. It is good to enforce password requirements such as a minimum of eight
characters long must including uppercase letters, lowercase letters, special
characters, and numerals.

Wireless Security

Wireless security is the prevention of unauthorized access or damage to computers or data

using wireless networks, which include Wi-Fi networks. The term may also refer to the
protection of the wireless network itself from adversaries seeking to damage the
confidentiality, integrity, or availability of the network. The most common type is Wi-Fi
security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access
(WPA). WEP is an old IEEE 802.11 standard from 1997.
It is a notoriously weak security standard: the password it uses can often be cracked in a
few minutes with a basic laptop computer and widely available software tools.WEP was
superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP.
The current standard is WPA2;some hardware cannot support WPA2 without firmware
upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a
256-bit key; the longer key length improves security over WEP. Enterprises often enforce
security using a certificate-based system to authenticate the connecting device, following
the standard 802.11X.
In January 2018, the Wi-Fi Alliance announced WPA3 as a replacement to WPA2.
Certification began in June 2018, and WPA3 support has been mandatory for devices which
bear the "Wi-Fi CERTIFIED™" logo since July 2020.
Many laptop computers have wireless cards pre-installed. The ability to enter a network
while mobile has great benefits. However, wireless networking is prone to some security
issues. Hackers have found wireless networks relatively easy to break into, and even use
wireless technology to hack into wired networks.

As a result, it is very important that enterprises define effective wireless security policies
that guard against unauthorized access to important resources.] Wireless Intrusion
Prevention Systems (WIPS) or Wireless Intrusion Detection Systems (WIDS) are commonly
used to enforce wireless security policies.

The risks to users of wireless technology have increased as the service has become more
popular. There were relatively few dangers when wireless technology was first introduced.
Hackers had not yet had time to latch on to the new technology, and wireless networks
were not commonly found in the work place. However, there are many security risks
associated with the current wireless protocols and encryption methods, and in the
carelessness and ignorance that exists at the user and corporate IT level.

Hacking methods have become much more sophisticated and innovative with wireless
access. Hacking has also become much easier and more accessible with easy-to-use
Windows- or Linux-based tools being made available on the web at no charge.
Some organizations that have no wireless access points installed do not feel that they need
to address wireless security concerns.
In-Stat MDR and META Group have estimated that 95% of all corporate laptop computers
that were planned to be purchased in 2005 were equipped with wireless cards. Issues can
arise in a supposedly non-wireless organization when a wireless laptop is plugged into the
corporate network. A hacker could sit out in the parking lot and gather information from it
through laptops and/or other devices, or even break in through this wireless
card–equipped laptop and gain access to the wired network.