Monday, 3 June 2019

AI in Cyber Security

Ai in cyber security

where do we stand today with artificial intelligence in cyber security? First of all, i will stop using the term artificial intelligence and revert back to using the term machine learning. We don’t have Ai yet, so lets not distract ourselves with these false concepts.

Where are we with machine learning in security? To answer that question, we first need to look at what our goal is for applying machine learning to cyber security problems. To make a broad statement, we are trying to use machine learning to find anomalies. More precisely we use it to identify malicious behaviour or malicious entities; call them hackers, attackers, malware, unwanted behaviour, etc. But beware! To find anomalies, one of the biggest challenges is to define what’s normal. For example, can you define what is normal behaviour for your laptop day in day out? Don’t forget all the exceptional scenarios when you are traveling; or think of the time that you downloaded some game from the internet. How do you differentiate that from a download triggered by some malware? Put in abstract terms, interesting security events are not statistical anomalies. Only a subset of those are interesting. An increase in network traffic might be statistically interesting, but from a security point of view, that rarely ever represents an attack.

Resources : 
1-https://www.information-age.com/role-ai-cyber-security-123465795/
2-https://medium.com/swlh/how-artificial-intelligence-is-changing-cyber-security-a243294ccdfe



Tuesday, 21 May 2019

what is hacking ? and who are hackers ?

                 What is hacking ? and who are hackers ? 


Hacking generally refers to unauthorized intrusion into a computer or a network. The person engaged in hacking activities is known as a hacker. This hacker may alter system or security features to accomplish a goal that differs from the original purpose of the system.

Hacking can also refer to non-malicious activities, usually involving unusual or improvised alterations to equipment or processes.

Hacking is identifying weakness in computer systems or networks to exploit its weaknesses to gain access. Example of Hacking: Using password cracking algorithm to gain access to a system
Computers have become mandatory to run a successful businesses. It is not enough to have isolated computers systems; they need to be networked to facilitate communication with external businesses. This exposes them to the outside world and hacking. Hacking means using computers to commit fraudulent acts such as fraud, privacy invasion, stealing corporate/personal data, etc. Cyber crimes cost many organizations millions of dollars every year. Businesses need to protect themselves against such attacks.


Who are hackers ? 

The basic definition of a hacker is someone who uses a computer system to gain unauthorized access to another system for data or who makes another system unavailable. These hackers will use their skills for a specific goal, such as stealing money, gaining fame by bringing down a computer system, or making a network unavailable -- even sometimes destroying them. However, there are three different types of hackers, each with a particular goal, and not all are the bad guys.
Types of Hackers
The three types of hackers are the white hat hacker, the grey hat hacker, and the black hat hacker. Each type of hacker hacks for a different reason, a cause, or both. All have the required skills needed to accomplish their mission. At one end of the spectrum is the black hat, who hacks for evil and malicious intent and without permission. On the other end of the spectrum is the white hat, who hacks against a black hat in order to protect computer and network access and has the company's permission to do so. In the middle is the grey hat, who hacks not for evil and not for good; they are neutral in their cause and usually try to sell their skills for monetary gain, like a mercenary.

Black Hat Hacker - Evil Doer

The black hat hacker is the one who hacks for malicious intent - he is the bad guy. This type of hacker uses his or her skills to steal money or data, knock a computer system offline, or even destroy them. Some of these hackers love to see their work and name in the news, so they would try to target big name organizations and companies. For instance, they might change the front page of a company website.
Black hats also try to break into computer systems to steal credit card information and possibly steal valuable information to sell on the black market. They may even lock out the computer and network system from the owners and then hold them for ransom.
The black hat works outside of the law. This is the hacker that we as a society are most familiar with. Some black hats have cost companies hundreds of millions of dollars in damages for credit card and social security information theft. They can work alone, in that case known as a lone wolf, or with a team. They work slowly and methodically, since the black hat knows it takes patience to compromise a computer or a network system in order to a hit a big payoff and not be caught.
White hat hackers
 Also known as ethical hackers, strive to operate in the public's best interest, rather than to create turmoil. Many white hat hackers work doing penetration testing, hired to attempt to break into the company's networks to find and report on security vulnerabilities. The security firms then help their customers mitigate security issues before criminal hackers can exploit them.
Gray hat hackers
They fall somewhere between white hat hackers and black hat hackers. While their motives may be similar to those of white hat hackers, gray hats are more likely than white hat hackers to access systems without authorization; at the same time, they are more likely than black hat hackers to avoid doing unnecessary damage to the systems they hack. Although they aren't typically -- or only -- motivated by money, gray hat hackers may offer to fix vulnerabilities they have discovered through their own, unauthorized, activities rather than using their knowledge to exploit vulnerabilities for illegal profit.

Personally, if I had a company I would not employ an ex black hat hacker or a Gray hat hacker because they can get to know a lot about my systems and probably be damaging to me if they get unemployed. 

I would honestly employ a white hat hacker as he wouldn't hack my systems as the nature of his work makes him unable to do so. 






Resources : 
1- https://www.webroot.com/gb/en/resources/tips-articles/computer-security-threats-hackers
2-https://economictimes.indiatimes.com/definition/hacking
3- https://www.malwarebytes.com/hacker/

how to set up a firewall ?

                          How to set up a firewall ?


Main functions of a firewall
Personal firewall software prevents connections amid your system and the network, except for the programs, which the firewall software consider trustworthy. The main functions of a firewall include:
  • It filters information coming via an internet connection to your system
  • It stops the incoming packet if the filters flag it
  • Firewalls also put forward proxy service
  • Some firewalls apply a new method in which they do not examine the contents of every packet, instead they compare some of the key parts of a packet
  • It also monitors information that travels from within the firewall to outside to look for specific characteristics and if a reasonable match is found after comparison, then it is allowed to pass through.
Setting up firewall for home system
If you surf the net all the time, then you should know the way to set up firewall for home use. All you have to do is:
  • If you use a router, then first of all you will have to install a firewall in your system
  • If you use Mac, then you will have to open “System Preferences” and then select “Security” under “Personal” tab.
  • Then go to Firewall pane and click on “Start” button
  • For Windows, you will have to go to the Control Panel and then select the “Security Center” which you will find under the section of “Manage Security Settings…,”
  • Then Select Windows Firewall and then turn it on
Choosing the right firewall for work
While setting up firewall for work, you will have to decide whether you will go with hardware firewall or software firewall. You can set up a hardware firewall, if you want added security for your work. For work or corporate use, a host-based firewall can be more useful, as it prevents the host from being infected and also stops other infected hosts to spread a malware.
Configuring firewall for work
A firewall for work has to be configured for each machine depending on the operating system. Apart from Mac and Windows, you can also setup firewall with a Linux box, which can be affordable. For this you have to:
  • Make sure that your system fulfills minimum hardware requirements
  • Install Linux and then turn off the services that are not necessary
  • You will need a way for getting your firewall connected to your ISP other than  IP filtering tools
  • Those, who use a cable modem will have to install Dynamic Host Control Protocol client for handling IP address assignments
Instead of manually setting up a Linux firewall, you can use a firewall configuration tool for this purpose.


I would personally advice anyone who didn’t set up a firewall on his device to install it as it will protect his device from a lot of harmful and damaging effect that can be very crucial for you , and you don’t want this to happen to you and losing very important information .

 Resources:
1-https://www.securitymetrics.com/blog/how-configure-firewall-5-steps
2-https://blink.ucsd.edu/technology/security/user-guides/firewall/windows7.html
3-http://help.comodo.com/topic-72-1-522-6343-.html
4-https://blink.ucsd.edu/technology/security/user-guides/firewall/windows7.html
5-https://computer.howstuffworks.com/firewall2.htm

what is firewall? and how does it work ?

                  What is firewall? and how does it work ?



What Is a Firewall?
A firewall is the first line of defense for your network. The basic purpose of a firewall is to keep uninvited guests from browsing your network. A firewall can be a hardware device or a software application that is usually positioned at the perimeter of the network to act as the gatekeeper for all incoming and outgoing traffic.
Image result for firewallA firewall allows you to establish certain rules to identify the traffic that should be allowed in or out of your private network. Depending on the type of firewall that is implemented, you can restrict access to only certain IP addresses and domain names or you can block certain types of traffic by blocking the TCP/IP ports they use.




How Does a Firewall Work?
There are basically four mechanisms used by firewalls to restrict traffic. One device or application may use more than one of these to provide in-depth protection. The four mechanisms are packet filtering, circuit-level gateway, proxy server, and application gateway.

Packet Filtering
A packet filter intercepts all traffic to and from the network and evaluates it against the rules you provide. Typically the packet filter can assess the source IP address, source port, destination IP address, and destination port. It is these criteria that you can filter to allow or disallow traffic from certain IP addresses or on certain ports.

Circuit-Level Gateway
A circuit-level gateway blocks all incoming traffic to any host but itself. Internally, the client machines run software to allow them to establish a connection with the circuit-level gateway machine. To the outside world, it appears that all communication from your internal network is originating from the circuit-level gateway.

Proxy Server
A proxy server is generally put in place to boost the performance of the network, but it can act as a sort of firewall as well. Proxy servers hide your internal addresses so that all communications appear to originate from the proxy server itself. A proxy server caches pages that have been requested. If User A goes to Yahoo.com, the proxy server sends the request to Yahoo.com and retrieves the webpage. If User B then connects to Yahoo.com, the proxy server just sends the information it already retrieved for User A so it is returned much faster than having to get it from Yahoo.com again. You can configure a proxy server to block access to certain websites and filter certain port traffic to protect your internal network.

Application Gateway
An application gateway is essentially another sort of proxy server. The internal client first establishes a connection with the application gateway. The application gateway determines if the connection should be allowed or not and then establishes a connection with the destination computer. All communications go through two connections — client to application gateway and application gateway to the destination. The application gateway monitors all traffic against its rules before deciding whether to forward it. As with the other proxy server types, the application gateway is the only address seen by the outside world, so the internal network is protected.


Resources:
1-https://www.digitalocean.com/community/tutorials/what-is-a-firewall-and-how-does-it-work
2-https://www.comodo.com/resources/home/how-firewalls-work.php
3-https://www.bullguard.com/bullguard-security-center/pc-security/computer-security-resources/how-does-a-firewall-work.aspx
4-https://www.alienvault.com/blogs/security-essentials/explain-how-firewalls-work-to-me

What is the difference between cyber security and information security?

           What is the difference between cyber security and information security?



Information Security

Information security (or “InfoSec”) is another way of saying “data security.” So if you are an information security specialist, your concern is for the confidentiality, integrity, and availability of your data. (This is often referred to as the “CIA.”) Most modern business data resides electronically on servers, desktops, laptops, or somewhere on the internet—but a decade ago, before all confidential information migrated online, it was sitting in a filing cabinet. And some confidential information still is! InfoSec is concerned with making sure data in any form is kept secure and is a bit broader than cyber-security. So, someone could likely be an information security expert without being a cyber-security expert.

Cyber-security

Cyber-security is all about protecting data that is found in electronic form. Part of that is identifying what the critical data is, where it resides, and the technology you have to implement in order to protect it.



Overlap Between Information Security & Cyber-security

There is a physical security component to both cyber-security and information security.
If you have a warehouse full of confidential paper documents, you clearly need some physical security in place to prevent anyone from rummaging through the information. And as more data becomes digital, the process to protect that data requires more advanced IT security tools. So, while you can’t put a physical padlock on a desktop computer, you can put a padlock on your server room door. In other words, if your data is stored physically or digitally, you need to be sure you have all the right physical access controls in place to prevent unauthorised individuals from gaining access.


They both take the value of the data into consideration.
If you’re in information security, your main concern is protecting your company's data from unauthorised access of any sort—and if you’re in cyber-security, your main concern is protecting your company’s data from unauthorised electronic access. But in both scenarios, the value of the data is of utmost importance. Both individuals need to know what data is most critical to the organisation so they can focus on placing the right controls on that data. In some scenarios, an information security professional would help a cyber-security professional prioritise data protection—and then the cyber-security professional would determine the best course of action for the data protection. But with the changing security landscape over the past decade, things aren’t always this black and white.


Resources:
1-https://www.valpo.edu/onlinecybersecurity/2019/01/16/cyber-security-vs-information-security-is-there-a-difference/
2-https://www.computersciencedegreehub.com/faq/what-is-the-difference-between-cyber-security-and-information-security/
3-https://www.ifsecglobal.com/cyber-security/understanding-the-difference-between-it-security-and-cybersecurity/



data protection law

                            Data protection law 


Data exists everywhere in 2015. It has evolved from a necessary procedural function into a fundamental component of modern society. Such progress requires adequate legislative development in order to safeguard democratic rights. Moreover, this transformative importance now places an expectation of responsibility on data controllers, data processors and data subjects who must respect the values inherent in data protection law. Such law is more than a mere safeguard against potential infringement. Rather, it serves to balance privacy and data use without sacrificing one for the benefit of the other.

The right to privacy was first outlined in European law in Article 8 of the 1950 European Convention on Human Rights (the Convention); 'Right to respect for private and family life'. Although not containing any explicit mention of data protection, privacy law deriving from the Convention has developed to include the right to the protection of personal data. The Charter of Fundamental Rights of the European Union (the Charter) which was proclaimed in 2000 went further than the Convention, echoing the earlier proclamation concerning privacy in Article 7 and making specific reference to personal data via Article 8:
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority.

In Ireland, the right to privacy is widely viewed and understood as a fundamental human right, and is recognised by Bunreacht na hÉireann, the Charter and the Convention. However, the right is not absolute which thus permits an element of flexibility to be afforded when balancing priorities. Moreover, it could be argued that if privacy is a concept with no common core it may be difficult to find a definitive right to privacy across changeable social arrangements. This would make the right to data protection quite different to classical civil rights such as life or freedom, which are regarded as beyond interpretation or discussion. 


Nevertheless, in the present age the relative importance and influence of information privacy to cultural utility cannot be understated. As of now, almost 20 years after its introduction, the governing EU legislation on data protection remains Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the Directive). The implementation of the Directive in 1995 was enabled to harmonize standards pertaining to data protection across member states; an objective which will be replicated with the enactment of the General Data Protection Regulation (the Regulation) which is currently being finalised.


                            




What are different programs of cyber security ?

       What are different programs of cyber security ?


Malware
Malware has been around for a long time, and continues to plague computers to this day. Malware is catch-all word for any software designed to damage a computer or computer system. The first widely spread malware, known as the Melissa Virus, was unleased in 1999. Eighteen years later, malware remains a dangerous weapon, used by cyber criminals to harvest information, commit fraud, or just cause mayhem.

Cyber security strategies for malware
For both homes and businesses, a good anti-malware software is essential. Anti-malware programs can both find and remove malware that has been installed on a computer, and prevent malware from installing itself in the first place. Also essential is instructing users to practice common sense when using the internet: never open unexpected email or chat attachments, and be careful when clicking links on the internet if you can't be certain where they'll lead.

DoS (Denial of Service) attacks
One of the simplest forms of cyber attack, DoS attacks shut down a target's servers, making it impossible to access their websites or use their online services. This is most commonly done by flooding a target's servers with traffic until they overload and crash. One of the most common forms DoS attack involves getting large numbers of attackers to flood their target's servers at once, making it almost impossible to block the incoming traffic.

Image result for cyber security

Strategies for DoS attacks

The simplest method for thwarting DoS attacks is having extra bandwidth. If you fear your business might be targeted for DoS attacks, simply having enough server space to handle the increased traffic can render the attacks moot. There are also third-party services who can help your company stay online during a DoS attack

Phishing
In a phishing attack, a cyber criminal attempts to extract personal information out of you by tricking you into giving it to them. Bolder scam artists might attempt to acquire a victim's social security number or bank account information. However, many phishing scams involve tricking a victim into giving away their password for a single website or app. A recent phishing scam used Google Docs to trick users into entering their Google login information.

Strategies for Phishing attacks
Phishing attacks are particularly worrisome because they involve tricking users through the appearance of legitimacy; the Google Docs scam spread by tricking users into opening a shared document sent to them by someone they knew and submitting their login info. Their attackers could then steal that information and send the document to everyone on the victim's contact list, causing the scam to spread rapidly.



Resources:
1-https://one.comodo.com/blog/cyber-security/what-is-cyber-security.php
2-https://us.norton.com/internetsecurity-malware-what-is-cybersecurity-what-you-need-to-know.html
3- 

AI in Cyber Security

Ai in cyber security where do we stand today with artificial intelligence in cyber security? First of all, i will stop using the term ...