Skip to main content

Cyber Security

What is Cyber Security?
Cyber security refers to a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorized access.

According to Forbes, the global cyber security market is expected to reach 170 billion by 2020. This rapid market growth is being fueled by an array of technology trends, including the onslaught of initiatives with ever-evolving security requirements, like “bring your own device” (BYOD) and the internet of things (IoT); the rapid adoption of cloud-based applications and workloads, extending security needs beyond the traditional data center; and stringent data protection mandates, such as the European Union’s General Data Protection Regulation and the National Institute of Security Technology (NIST) Cybersecurity Framework.

Cyber security or IT security, is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.

Cyber security includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection. Also, due to malpractice by operators, whether intentional, accidental, IT security is susceptible to being tricked into deviating from secure procedures through various methods.

The field is of growing importance due to the increasing reliance on computer systems and the Internet, wireless networks such as Bluetooth and Wi-Fi, the growth of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things.

Why Cyber Security Is Required?


The core functionality of cybersecurity involves protecting information and systems from major cyberthreats. These cyberthreats take many forms (e.g., application attacks, malware, ransomware, phishing, exploit kits). Unfortunately, cyber adversaries have learned to launch automated and sophisticated attacks using these tactics – at lower and lower costs. As a result, keeping pace with cybersecurity strategy and operations can be a challenge, particularly in government and enterprise networks where, in their most disruptive form, cyberthreats often take aim at secret, political, military or infrastructural assets of a nation, or its people. Some of the common threats are outlined below in more detail.

 Vulnerabilities and attacks

A vulnerability is a weakness in design, implementation, operation or internal control. Most of the vulnerabilities that have been discovered are documented in the Common Vulnerabilities and Exposures (CVE) database.

An exploitable vulnerability is one for which at least one working attack or "exploit" exists. Vulnerabilities are often hunted or exploited with the aid of automated tools.

To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified into one of the categories below:

Backdoor
A backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of bypassing normal authentication or security controls. They may exist for a number of reasons, including by original design or from poor configuration. They may have been added by an authorized party to allow some legitimate access, or by an attacker for malicious reasons; but regardless of the motives for their existence, they create a vulnerability.

 Denial-of-service attack
Denial of service attacks (DoS) are designed to make a machine or network resource unavailable to its intended users. Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once. While a network attack from a single IP address can be blocked by adding a new firewall rule, many forms of Distributed denial of service (DDoS) attacks are possible, where the attack comes from a large number of points – and defending is much more difficult. Such attacks can originate from the zombie computers of a botnet, but a range of other techniques are possible including reflection and amplification attacks, where innocent systems are fooled into sending traffic to the victim.

 Direct-access attacks
An unauthorized user gaining physical access to a computer is most likely able to directly copy data from it. They may also compromise security by making operating system modifications, installing software worms, keyloggers, covert listening devices or using wireless mice.[6] Even when the system is protected by standard security measures, these may be able to be by-passed by booting another operating system or tool from a CD-ROM or other bootable media. Disk encryption and Trusted Platform Module are designed to prevent these attacks.

 Eavesdropping
Eavesdropping is the act of surreptitiously listening to a private conversation, typically between hosts on a network. For instance, programs such as Carnivore and NarusInSight have been used by the FBI and NSA to eavesdrop on the systems of internet service providers. Even machines that operate as a closed system (i.e., with no contact to the outside world) can be eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware; TEMPEST is a specification by the NSA referring to these attacks.

 Spoofing
Main article: Spoofing attack
Spoofing is the act of masquerading as a valid entity through falsification of data (such as an IP address or username), in order to gain access to information or resources that one is otherwise unauthorized to obtain. There are several types of spoofing, including:

Email spoofing, where an attacker forges the sending (From, or source) address of an email.
IP address spoofing, where an attacker alters the source IP address in a network packet to hide their identity or impersonate another computing system.
MAC spoofing, where an attacker modifies the Media Access Control (MAC) address of their network interface to pose as a valid user on a network.
Biometric spoofing, where an attacker produces a fake biometric sample to pose as another user.

Tampering
Tampering describes a malicious modification of products. So-called "Evil Maid" attacks and security services planting of surveillance capability into routers are examples.

Privilege escalation
Privilege escalation describes a situation where an attacker with some level of restricted access is able to, without authorization, elevate their privileges or access level. For example, a standard computer user may be able to fool the system into giving them access to restricted data; or even to "become root" and have full unrestricted access to a system.

 Phishing
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details directly from users. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Preying on a victim's trust, phishing can be classified as a form of social engineering.

Click jacking
Click jacking, also known as "UI redress attack" or "User Interface redress attack", is a malicious technique in which an attacker tricks a user into clicking on a button or link on another webpage while the user intended to click on the top level page. This is done using multiple transparent or opaque layers. The attacker is basically "hijacking" the clicks meant for the top level page and routing them to some other irrelevant page, most likely owned by someone else. A similar technique can be used to hijack keystrokes. Carefully drafting a combination of stylesheets, iframes, buttons and text boxes, a user can be led into believing that they are typing the password or other information on some authentic webpage while it is being channeled into an invisible frame controlled by the attacker.

Social engineering
Main article: Social engineering (security)
See also: Category:Cryptographic attacks
Social engineering aims to convince a user to disclose secrets such as passwords, card numbers, etc. by, for example, impersonating a bank, a contractor, or a customer.

A common scam involves fake CEO emails sent to accounting and finance departments. In early 2016, the FBI reported that the scam has cost US businesses more than $2bn in about two years.

In May 2016, the Milwaukee Bucks NBA team was the victim of this type of cyber scam with a perpetrator impersonating the team's president Peter Feigin, resulting in the handover of all the team's employees' 2015 W-2 tax forms.

Comments

  1. ICS Cyber SecurityMay 25, 2018 at 12:28 AM

    This blog share complete information on cyber security and its importance. Security automation help to improve cyber security.

    ReplyDelete

Post a Comment

Popular posts from this blog

Top 10 Programming Languages to Learn in 2017

We are almost halfway through 2017, and it’s always exciting for web developers to know which programming languages have been the best picks lately in the programming world. In this blog, I am unveiling 10 most preferred languages in 2017 so far. Please note that the top 10 languages I am going to list below are strictly based on GitHub’s recent data and TIOBE Index for June 2017 - the most credible sources to track the popularity of programming languages. Let’s Begin!!! Java Java , an open-source language that’s been around since the 1990’s, allows developers to “write once, run anywhere”. So, you can run compiled Java code on all platforms without having to recompile. Java is the product of Oracle corporation and is widely used for creating server-side applications, video games, mobile applications and smart TV applications. Since both large and small businesses use applications written in Java, this language is high in demand and ranked among the top ones by Tiobe In...
34 comments
Read more

7 Top Python GUI Frameworks for 2017

As a Python developer, sooner or later you’ll want to write an application with a graphical user interface. Fortunately, there are a lot of Python GUI options: The Python wiki on GUI programming lists over 30 cross-platform frameworks, as well as Pyjamas, a tool for cross-browser Web development based on a port of the Google Web Toolkit. How to choose between all these options for Python GUI? I started by narrowing it down to those that included all three platforms (Windows, Mac, and Linux) and, where possible, Python 3. After that filtering, I found four toolkits (Gtk, Qt, Tk, and wxWidgets) and seven frameworks (Kivy, PyQt, gui2Py, libavg, wxPython, Pyforms, and PyGOBjects). Here’s why I like them. Kivy One of the more interesting projects, the liberal MIT-licensed Kivy is based on OpenGL ES 2 and includes native multi-touch for each platform and Android/iOS. It’s an event-driven framework based around a main loop, and is thus very suitable for game development. Your appli...
6 comments
Read more

Google’s lightweight OS Android Go launches as Android Oreo (Go Edition)

 What is Android?  A Software platform and operating system for mobile.  Based on the Linux kernel.  Android was found way back in 2003. It was developed in Palo Alto, California.  Android was developed by the Andy Rubin, Rich Miner, Nick Sears and Chris White.  Android was purchased by the GOOGLE in AUGUST,2005 for 50 million $. Android Oreo  It is the 8th major version of the Android OS.   It was officially released on August 21,2017  There are lot of new features of Oreo 8.0 is integrated. Oreo Features It easier and faster for hardware makers to deliverAndroid updates. Restructured Settings by regrouping in sections similar entries Redesigned Quick Settings and Settings with background. Picture-in-picture support Adaptive icons and Notification improvements. Multi-display support and 30% times faster boot time. Google Play Protect & Downloadable fonts  It is installed in Sm...
2 comments
Read more