IT
Monday, 3 June 2019
Tuesday, 21 May 2019
what is hacking ? and who are hackers ?
What is hacking ? and who are hackers ?
Black Hat Hacker - Evil Doer
Hacking generally refers
to unauthorized intrusion into a computer or a network. The person engaged in
hacking activities is known as a hacker. This hacker may alter system or
security features to accomplish a goal that differs from the original purpose
of the system.
Hacking can also refer to
non-malicious activities, usually involving unusual or improvised alterations
to equipment or processes.
Hacking is identifying
weakness in computer systems or networks to exploit its weaknesses to gain
access. Example of Hacking: Using password cracking algorithm to gain access
to a system
Computers have become mandatory to run a successful
businesses. It is not enough to have isolated computers systems; they need to
be networked to facilitate communication with external businesses. This exposes
them to the outside world and hacking. Hacking means using computers to commit
fraudulent acts such as fraud, privacy invasion, stealing corporate/personal
data, etc. Cyber crimes cost many organizations millions of dollars every year.
Businesses need to protect themselves against such attacks.
Who are hackers ?
The basic definition of a hacker is
someone who uses a computer system to gain unauthorized access to another
system for data or who makes another system unavailable. These hackers will use
their skills for a specific goal, such as stealing money, gaining fame by
bringing down a computer system, or making a network unavailable -- even
sometimes destroying them. However, there are three different types of hackers,
each with a particular goal, and not all are the bad guys.
Types of Hackers
The three types of hackers are the white hat hacker, the grey hat
hacker, and the black hat hacker. Each type of hacker hacks for a different
reason, a cause, or both. All have the required skills needed to accomplish their
mission. At one end of the spectrum is the black hat, who hacks for evil and
malicious intent and without permission. On the other end of the spectrum is
the white hat, who hacks against a black hat in order to protect computer and
network access and has the company's permission to do so. In the middle is the
grey hat, who hacks not for evil and not for good; they are neutral in their
cause and usually try to sell their skills for monetary gain, like a mercenary.
Black Hat Hacker - Evil Doer
The black hat hacker is the one who
hacks for malicious intent - he is the bad guy. This type of hacker uses his or
her skills to steal money or data, knock a computer system offline, or even
destroy them. Some of these hackers love to see their work and name in the
news, so they would try to target big name organizations and companies. For
instance, they might change the front page of a company website.
Black hats
also try to break into computer systems to steal credit card information and
possibly steal valuable information to sell on the black market. They may even
lock out the computer and network system from the owners and then hold them for
ransom.
The black
hat works outside of the law. This is the hacker that we as a society are most
familiar with. Some black hats have cost companies hundreds of millions of
dollars in damages for credit card and social security information theft. They
can work alone, in that case known as a lone wolf, or with a team. They work
slowly and methodically, since the black hat knows it takes patience to
compromise a computer or a network system in order to a hit a big payoff and
not be caught.
White hat hackers
Also known as ethical hackers,
strive to operate in the public's best interest, rather than to create turmoil.
Many white hat hackers work doing penetration testing, hired to attempt to
break into the company's networks to find and report on security
vulnerabilities. The security firms then help their customers mitigate security
issues before criminal hackers can exploit them.
Gray hat hackers
They fall somewhere between white hat hackers and black hat hackers.
While their motives may be similar to those of white hat hackers, gray hats are
more likely than white hat hackers to access systems without authorization; at
the same time, they are more likely than black hat hackers to avoid doing
unnecessary damage to the systems they hack. Although they aren't typically --
or only -- motivated by money, gray hat hackers may offer to fix
vulnerabilities they have discovered through their own, unauthorized,
activities rather than using their knowledge to exploit vulnerabilities for
illegal profit.
Personally, if I had a company I would not employ an ex black hat
hacker or a Gray hat hacker because they can get to know a lot about my systems
and probably be damaging to me if they get unemployed.
I would honestly employ a white hat hacker as he wouldn't hack my
systems as the nature of his work makes him unable to do so.
Resources :
1- https://www.webroot.com/gb/en/resources/tips-articles/computer-security-threats-hackers
2-https://economictimes.indiatimes.com/definition/hacking
3- https://www.malwarebytes.com/hacker/
how to set up a firewall ?
How to set up a firewall ?
Resources:
1-https://www.securitymetrics.com/blog/how-configure-firewall-5-steps
2-https://blink.ucsd.edu/technology/security/user-guides/firewall/windows7.html
3-http://help.comodo.com/topic-72-1-522-6343-.html
4-https://blink.ucsd.edu/technology/security/user-guides/firewall/windows7.html
5-https://computer.howstuffworks.com/firewall2.htm
Main functions of a firewall
Personal firewall software prevents connections amid your system and the
network, except for the programs, which the firewall software consider
trustworthy. The main functions of a firewall include:
- It filters information coming via an internet
connection to your system
- It stops the incoming packet if the filters
flag it
- Firewalls also put forward proxy service
- Some firewalls apply a new method in which
they do not examine the contents of every packet, instead they compare
some of the key parts of a packet
- It also monitors information that travels from
within the firewall to outside to look for specific characteristics and if
a reasonable match is found after comparison, then it is allowed to pass
through.
Setting up firewall for home system
If you surf the net all the time, then you should know the way to set up
firewall for home use. All you have to do is:
- If you use a router, then first of all you
will have to install a firewall in your system
- If you use Mac, then you will have to open
“System Preferences” and then select “Security” under “Personal” tab.
- Then go to Firewall pane and click on “Start”
button
- For Windows, you will have to go to the
Control Panel and then select the “Security Center” which you will find
under the section of “Manage Security Settings…,”
- Then Select Windows Firewall and then turn it
on
Choosing the right firewall for work
While setting up firewall for work, you will have to decide whether you
will go with hardware firewall or software firewall. You can set up a hardware
firewall, if you want added security for your work. For work or corporate use,
a host-based firewall can be more useful, as it prevents the host from being
infected and also stops other infected hosts to spread a malware.
Configuring firewall for work
A firewall for work has to be configured for each machine depending on
the operating system. Apart from Mac and Windows, you can also setup firewall
with a Linux box, which can be affordable. For this you have to:
- Make sure that your system fulfills
minimum hardware requirements
- Install Linux and then turn off the services
that are not necessary
- You will need a way for getting your firewall
connected to your ISP other than IP filtering tools
- Those, who use a cable modem will have to
install Dynamic Host Control Protocol client for handling IP address
assignments
Instead of manually setting up a Linux firewall, you can use
a firewall configuration tool for this purpose.
I would personally advice anyone who didn’t set up a firewall
on his device to install it as it will protect his device from a lot of harmful
and damaging effect that can be very crucial for you , and you don’t want this
to happen to you and losing very important information .
what is firewall? and how does it work ?
What is firewall? and how does it work ?
What Is a Firewall?
A firewall is the first
line of defense for your network. The basic purpose of a firewall is to keep
uninvited guests from browsing your network. A firewall can be a hardware
device or a software application that is usually positioned at the perimeter of
the network to act as the gatekeeper for all incoming and outgoing traffic.
A firewall allows you to
establish certain rules to identify the traffic that should be allowed in or
out of your private network. Depending on the type of firewall that is
implemented, you can restrict access to only certain IP addresses and domain
names or you can block certain types of traffic by blocking the TCP/IP ports
they use.
How Does a Firewall Work?
There are basically four
mechanisms used by firewalls to restrict traffic. One device or application may
use more than one of these to provide in-depth protection. The four mechanisms
are packet filtering, circuit-level gateway, proxy server, and application
gateway.
Packet Filtering
A packet filter
intercepts all traffic to and from the network and evaluates it against the
rules you provide. Typically the packet filter can assess the source IP
address, source port, destination IP address, and destination port. It is these
criteria that you can filter to allow or disallow traffic from certain IP
addresses or on certain ports.
Circuit-Level Gateway
A circuit-level gateway
blocks all incoming traffic to any host but itself. Internally, the client
machines run software to allow them to establish a connection with the
circuit-level gateway machine. To the outside world, it appears that all
communication from your internal network is originating from the circuit-level
gateway.
Proxy Server
A proxy server is
generally put in place to boost the performance of the network, but it can act
as a sort of firewall as well. Proxy servers hide your internal addresses so
that all communications appear to originate from the proxy server itself. A
proxy server caches pages that have been requested. If User A goes to
Yahoo.com, the proxy server sends the request to Yahoo.com and retrieves the
webpage. If User B then connects to Yahoo.com, the proxy server just sends the
information it already retrieved for User A so it is returned much faster than
having to get it from Yahoo.com again. You can configure a proxy server to
block access to certain websites and filter certain port traffic to protect
your internal network.
Application Gateway
An application gateway is
essentially another sort of proxy server. The internal client first establishes
a connection with the application gateway. The application gateway determines
if the connection should be allowed or not and then establishes a connection with
the destination computer. All communications go through two connections —
client to application gateway and application gateway to the destination. The
application gateway monitors all traffic against its rules before deciding
whether to forward it. As with the other proxy server types, the application
gateway is the only address seen by the outside world, so the internal network
is protected.
Resources:
1-https://www.digitalocean.com/community/tutorials/what-is-a-firewall-and-how-does-it-work
2-https://www.comodo.com/resources/home/how-firewalls-work.php
3-https://www.bullguard.com/bullguard-security-center/pc-security/computer-security-resources/how-does-a-firewall-work.aspx
4-https://www.alienvault.com/blogs/security-essentials/explain-how-firewalls-work-to-me
What is the difference between cyber security and information security?
What is the difference between cyber security and information
security?
Information Security
Information security (or
“InfoSec”) is another way of saying “data security.” So if you are an
information security specialist, your concern is for the confidentiality,
integrity, and availability of your data. (This is often referred to as the
“CIA.”) Most modern business data resides electronically on servers, desktops,
laptops, or somewhere on the internet—but a decade ago, before all confidential
information migrated online, it was sitting in a filing cabinet. And some
confidential information still is! InfoSec is concerned with making sure data
in any form is kept secure and is a bit broader than cyber-security. So, someone
could likely be an information security expert without being a cyber-security
expert.
Cyber-security
Cyber-security is all
about protecting data that is found in electronic form. Part of that is
identifying what the critical data is, where it resides, and the technology you
have to implement in order to protect it.
Overlap Between Information Security & Cyber-security
There is a physical security component to both cyber-security and
information security.
If you have a warehouse full of confidential paper documents, you
clearly need some physical security in place to prevent anyone from rummaging
through the information. And as more data becomes digital, the process to
protect that data requires more advanced IT security tools. So, while you can’t
put a physical padlock on a desktop computer, you can put a padlock on your
server room door. In other words, if your data is stored physically or
digitally, you need to be sure you have all the right physical access controls
in place to prevent unauthorised individuals from gaining access.
They both take the value of the data
into consideration.
If you’re in information
security, your main concern is protecting your company's data from unauthorised
access of any sort—and if you’re in cyber-security, your main concern is
protecting your company’s data from unauthorised electronic access. But in both
scenarios, the value of the data is of utmost importance. Both individuals need
to know what data is most critical to the organisation so they can focus on
placing the right controls on that data. In some scenarios, an information
security professional would help a cyber-security professional prioritise data
protection—and then the cyber-security professional would determine the best
course of action for the data protection. But with the changing security
landscape over the past decade, things aren’t always this black and white.
Resources:
1-https://www.valpo.edu/onlinecybersecurity/2019/01/16/cyber-security-vs-information-security-is-there-a-difference/
1-https://www.valpo.edu/onlinecybersecurity/2019/01/16/cyber-security-vs-information-security-is-there-a-difference/
2-https://www.computersciencedegreehub.com/faq/what-is-the-difference-between-cyber-security-and-information-security/
3-https://www.ifsecglobal.com/cyber-security/understanding-the-difference-between-it-security-and-cybersecurity/
data protection law
Data protection law
Data exists everywhere in 2015. It has evolved from a necessary procedural function into a fundamental component of modern society. Such progress requires adequate legislative development in order to safeguard democratic rights. Moreover, this transformative importance now places an expectation of responsibility on data controllers, data processors and data subjects who must respect the values inherent in data protection law. Such law is more than a mere safeguard against potential infringement. Rather, it serves to balance privacy and data use without sacrificing one for the benefit of the other.
The right to privacy was first outlined in European law in Article 8 of the 1950 European Convention on Human Rights (the Convention); 'Right to respect for private and family life'. Although not containing any explicit mention of data protection, privacy law deriving from the Convention has developed to include the right to the protection of personal data. The Charter of Fundamental Rights of the European Union (the Charter) which was proclaimed in 2000 went further than the Convention, echoing the earlier proclamation concerning privacy in Article 7 and making specific reference to personal data via Article 8:
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority.
In Ireland, the right to privacy is widely viewed and understood as a fundamental human right, and is recognised by Bunreacht na hÉireann, the Charter and the Convention. However, the right is not absolute which thus permits an element of flexibility to be afforded when balancing priorities. Moreover, it could be argued that if privacy is a concept with no common core it may be difficult to find a definitive right to privacy across changeable social arrangements. This would make the right to data protection quite different to classical civil rights such as life or freedom, which are regarded as beyond interpretation or discussion.
Nevertheless, in the present age the relative importance and influence of information privacy to cultural utility cannot be understated. As of now, almost 20 years after its introduction, the governing EU legislation on data protection remains Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the Directive). The implementation of the Directive in 1995 was enabled to harmonize standards pertaining to data protection across member states; an objective which will be replicated with the enactment of the General Data Protection Regulation (the Regulation) which is currently being finalised.
Data exists everywhere in 2015. It has evolved from a necessary procedural function into a fundamental component of modern society. Such progress requires adequate legislative development in order to safeguard democratic rights. Moreover, this transformative importance now places an expectation of responsibility on data controllers, data processors and data subjects who must respect the values inherent in data protection law. Such law is more than a mere safeguard against potential infringement. Rather, it serves to balance privacy and data use without sacrificing one for the benefit of the other.
The right to privacy was first outlined in European law in Article 8 of the 1950 European Convention on Human Rights (the Convention); 'Right to respect for private and family life'. Although not containing any explicit mention of data protection, privacy law deriving from the Convention has developed to include the right to the protection of personal data. The Charter of Fundamental Rights of the European Union (the Charter) which was proclaimed in 2000 went further than the Convention, echoing the earlier proclamation concerning privacy in Article 7 and making specific reference to personal data via Article 8:
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority.
In Ireland, the right to privacy is widely viewed and understood as a fundamental human right, and is recognised by Bunreacht na hÉireann, the Charter and the Convention. However, the right is not absolute which thus permits an element of flexibility to be afforded when balancing priorities. Moreover, it could be argued that if privacy is a concept with no common core it may be difficult to find a definitive right to privacy across changeable social arrangements. This would make the right to data protection quite different to classical civil rights such as life or freedom, which are regarded as beyond interpretation or discussion.
Nevertheless, in the present age the relative importance and influence of information privacy to cultural utility cannot be understated. As of now, almost 20 years after its introduction, the governing EU legislation on data protection remains Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the Directive). The implementation of the Directive in 1995 was enabled to harmonize standards pertaining to data protection across member states; an objective which will be replicated with the enactment of the General Data Protection Regulation (the Regulation) which is currently being finalised.
What are different programs of cyber security ?
What are different programs of cyber security ?
Malware
Malware has been around
for a long time, and continues to plague computers to this day. Malware is
catch-all word for any software designed to damage a computer or computer
system. The first widely spread malware, known as the Melissa Virus, was
unleased in 1999. Eighteen years later, malware remains a dangerous weapon,
used by cyber criminals to harvest information, commit fraud, or just cause
mayhem.
Cyber security strategies for malware
For both homes and
businesses, a good anti-malware software is essential. Anti-malware programs
can both find and remove malware that has been installed on a computer, and
prevent malware from installing itself in the first place. Also essential is
instructing users to practice common sense when using the internet: never open
unexpected email or chat attachments, and be careful when clicking links on the
internet if you can't be certain where they'll lead.
DoS (Denial of Service) attacks
One of the simplest forms
of cyber attack, DoS attacks shut down a target's servers, making it impossible
to access their websites or use their online services. This is most commonly
done by flooding a target's servers with traffic until they overload and crash.
One of the most common forms DoS attack involves getting large numbers of attackers
to flood their target's servers at once, making it almost impossible to block
the incoming traffic.
Strategies for DoS attacks
The simplest method for
thwarting DoS attacks is having extra bandwidth. If you fear your business
might be targeted for DoS attacks, simply having enough server space to handle
the increased traffic can render the attacks moot. There are also third-party
services who can help your company stay online during a DoS attack
Phishing
In a phishing attack, a
cyber criminal attempts to extract personal information out of you by tricking
you into giving it to them. Bolder scam artists might attempt to acquire a
victim's social security number or bank account information. However, many
phishing scams involve tricking a victim into giving away their password for a
single website or app. A recent phishing scam used Google Docs to trick users
into entering their Google login information.
Strategies for Phishing attacks
Phishing attacks are
particularly worrisome because they involve tricking users through the
appearance of legitimacy; the Google Docs scam spread by tricking users into
opening a shared document sent to them by someone they knew and submitting
their login info. Their attackers could then steal that information and send the
document to everyone on the victim's contact list, causing the scam to spread
rapidly.
Resources:
1-https://one.comodo.com/blog/cyber-security/what-is-cyber-security.php
2-https://us.norton.com/internetsecurity-malware-what-is-cybersecurity-what-you-need-to-know.html
3-
Subscribe to:
Posts (Atom)
AI in Cyber Security
Ai in cyber security where do we stand today with artificial intelligence in cyber security? First of all, i will stop using the term ...
-
what is cyber security ? Cyber-security is the practice of defending computers, servers, mobile device...
-
What is hacking ? and who are hackers ? Hacking generally refers to unauthorized intrusion into a computer or a networ...
-
what is the difference between statistical AI and Classical AI ? Statistical AI, arising from machine learning, tends t...